BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Now that Windows 7 is an established enterprise operating system, we have the proper perspective to judge whether it has lived up to expectations.
Windows 7 improvements, such as faster performance and a cleaner user interface, got a lot of attention when the operating system was released almost three years ago. Microsoft touted DirectAccess, BitLocker, BranchCache, AppLocker and RemoteFX as reasons to migrate from Windows XP and Vista. Microsoft even sponsored "house parties" -- TV and other media ads to convince consumers that these Windows 7 improvements were worth investing in. With Windows 8 on the horizon and Windows 7 being a mature product, now is an appropriate time to see if this was all hype or if these Windows 7 improvements really work as advertised.
Windows 7 performance improvements
Claim: Microsoft made many claims in blogs and media advertisements about superior performance as one of the top Windows 7 improvements.
More on Windows 7 improvements:
Using Windows 7's built-in features to keep your desktops secure
New Windows 7 features bring UI considerations for developers
Windows 7 features include management tools for admins
Reality: Everyone with a Windows desktop or laptop has horror stories about Vista's performance. Even with a high-end computer, it was often laborious to do simple tasks such as booting and logging in and working with applications (especially working with many applications at once). Part of the reason may have been that Vista had advanced features that many computers were not capable of performing at the time, resulting in many individuals and companies staying with or returning to XP.
Whatever the reason, Microsoft got a huge black eye from Vista, and competitors tried to convince customers that Windows 7 was just another Vista. But it was not another Vista in terms of performance. I recall putting Windows 7 beta on a fairly old Hewlett-Packard laptop for the first time, and I was blown away by its speed when compared with XP or Vista. Even Internet connections via Internet Explorer were much faster. It was just crisp.
User interface improvements
Claim: A lot of Microsoft's advertising depicted new user-interface features as cool and flashy to entice customer to buy Windows 7.
Reality: Windows 7 improvements included changes to the user interface (UI), such as auto resizing of windows, and refined Aero functionality over Vista, such as thumbnails in the taskbar and menus -- even video thumbnails.
There are also customizable Aero translucent glass and themes. Shake a current window, and all the active windows disappear. Shake it again, and they come back. The Aero features depend on the machine's video performance. If the video capability is too poor, Aero won't work, but most systems now have no problem with it. This is shown in the System properties in Control Panel as shown in Figure 1. A message will appear if performance will not support Aero.
While Aero is quite splashy and fun, it's not a real productivity tool. Moving a window to the top or side of the screen and having it expand automatically to full-screen or half-screen size seemed like something useful for doing side-by-side document work, but I rarely use it. In fact, it can be annoying when you just want to slide a window a little and hit the edge of the display, accidentally expanding the window.
One of the Windows 7 improvements that I do like is the thumbnail preview in the taskbar. Over a period of several hours, I'll open and minimize a number of windows: email, Word and Excel documents, etc. The taskbar preview lets me see a thumbnail of each of the minimized documents, and I can click to restore them or even move the cursor over a preview and hit the red X in the corner to close it. This is very handy for moving between documents and emails that you don't want to close.
Windows 7 features a location called Libraries, which is very convenient for finding files. The Documents, Pictures, Videos and Movies default libraries save all of a certain type of file in each library, no matter where it is on the machine. For instance, all Word documents can be found in the Documents library. Users can even define their own custom libraries. There is also Favorites that are customizable. I use Favorites almost exclusively as opposed to sorting thru the directory structure.
BitLocker To Go
Claim: BitLocker To Go will be popular and necessary to ensure security for data on USB drives for students and corporations alike
Reality: BitLocker, introduced in Vista, is a drive encryption feature that prevents a hard drive from being mounted in another machine and having its data removed. The Windows 7 release introduced BitLocker To Go, which allows encryption of external USB drives and hard disks with recovery keys. I know of a number of companies that use BitLocker for their hard drives, and many are implementing BitLocker To Go to protect the contents of USB removable drives.
These removable drives represent a potential security hole for company data, as well as for anyone else who puts data and information on them. These tiny storage components are easily lost -- they dangle from key chains, are buried in pockets and purses, and are easily left in computer USB slots in labs and Internet cafés. BitLocker To Go is a great feature to secure data on these drives and works very well.
Claim: AppLocker will provide a simple, easy-to-use method of locking software access by users, increasing security. It is easier to use than software restriction policies.
Reality: One of my favorite Windows 7 features is AppLocker, a new version of the troublesome software restriction policies. Both restrict software access to the computer or the user. For example, IT can prohibit VBS files from being stored in a certain directory or prevent users from executing certain file types.
The old software restriction policies, introduced in Windows 2003, were complicated and hard to unravel if you were not the one who created them, and it was easy to shoot yourself in the foot. AppLocker, also implemented through Group Policy (Figure 2), is better organized.
Note that, once enabled, AppLocker turns off access to all files that are not in the "allowed" list. This is good for administrative control, but it will create a lot of help desk calls. The negative side to AppLocker is that it does not work with pre-Windows 7 clients and must be on a Windows 2008 R2 server Group Policy in a domain.
Claim: DirectAccess, one of the crown jewels in Windows 2008 R2 and Windows 7, will allow administrators to permit secure access to the corporate intranet and provide powerful administrative features such as pushing patches and policies without the user having a VPN connection.
Reality: DirectAccess is just now starting to be implemented on a wide scale. Illustrated in Figure 3, DirectAccess is a networking feature that addresses poor virtual private network (VPN) performance. Call it "VPN Lite." It provides the ability to access intranet sites without manually establishing a VPN link.
DirectAccess is a persistent link -- so once established, it remembers how to find the server, as well as the credentials. When a connection breaks, it will automatically reconnect when the network is available, without user interaction. This is a huge user-satisfaction feature.
In addition, DirectAccess automatically allows a "split tunnel" connection, allowing users to be connected to the company intranet from remote locations -- such as home or a hotel -- and still have access to local network devices, such as printers and backup drives.
DirectAccess is also a great Windows 7 improvement for administrators because they can manage remote laptops as soon as they connect to the Internet. They don't have to wait for a VPN connection to push down patches, virus updates, etc.
One drawback of DirectAccess is that it requires an IPv6 network. However, clients can be configured to use one of the IPv6 translation protocols to satisfy the requirement. DirectAccess is continuing to grow in popularity.
BranchCache is among the Windows 7 improvements
Claim: BranchCache is the other crown jewel of Windows 7 and Windows Server 2008 R2. BranchCache provides remote workers access to files at the corporate host site in a way that's very similar to how local users access files, improving the user experience.
Reality: BranchCache, like DirectAccess, is still gaining traction. Of course, Microsoft employs both in their corporate environment, but many companies depended on the refresh cycle to get Windows 7 and Windows Server 2008 R2 in their environment to allow these features to be implemented.
A typical configuration for BranchCache is shown in Figure 4. When a user downloads a document from the Main Office, the content will be cached at the user's computer (Distributed Cache mode) or on a local server (Hosted Cache mode).
When other users at the remote site want access to that document, they can obtain it from the cache. If the cached copy is unavailable, the users will go to the Main Office server to get the document. To keep all the versions in sync, each time a user saves a document, it is saved to the Main Office server as well as the cache.
BranchCache is a feature in the Server Manager and works only on Windows 7 clients and Windows 2008 R2 servers. It has to be configured on both client and server and requires a BranchCache Group Policy Object to be defined and configured.
Other than Microsoft, I have not found a lot of organizations that have implemented BranchCache. The feature would be good for a sharing system that's "lighter" than Distributed File System.
Additional Windows 7 features, such as RemoteFX, Boot from VHD and Media Center improvements, have proven to be solid performers. Major hardware manufacturers are advertising RemoteFX-capable devices.
Overall, the Windows 7 improvements are monumental changes over Vista and are closely paired with Windows Server 2008 R2. Windows 7 features, performance and general user experience are superior to those of Windows Vista or XP.
Windows 7 is in a very steady state now and is a standard desktop operating system. While advanced features like BranchCache and DirectAccess have been slow to catch on, enterprises are adopting them. It will be interesting to see if they are implemented more frequently and if Windows 8 adds any fixes or enhancements to these features.
ABOUT THE AUTHOR:
Gary Olsen is a solution architect in Hewlett-Packard's Technology Services organization and lives in Roswell, Ga. He has worked in the IT industry since 1981 and holds an M.S. in computer-aided manufacturing from Brigham Young University. Olsen has authored numerous technical articles for TechTarget, and he has presented numerous times at the HP Technology Forum. He is a Microsoft MVP for Directory Services and is the founder and president of the Atlanta Active Directory Users Group.