Systems MigrationEnvironment Upgrade and Consolidation
Windows Support Lifecycle
In January 2015, Microsoft ended mainstream support for Windows 7, with extended support (for security patching) scheduled to end in January 2020. As Windows 7 is a heavily deployed endpoint operating system across the government and industry, many agencies and organizations are actively considering their upgrade options. Some organizations are pushing full speed ahead towards a Windows 10 upgrade — including the Department of Defense, whose CIO has directed a rapid transition to the Windows 10 operating system by January 2017. The memo to this effect, dated November 2015, applies to all DoD information systems currently using any Microsoft operating system.
Any upgrade process is delicate, however a Windows 10 endpoint upgrade has numerous organizational touchpoints that must be managed carefully. Considerations must be given to a variety of concerns, including:
– Minimum hardware requirements
– Software compatibility
– System image development
– Upgrade and support mechanisms
– Enterprise security policy
– Security Assessment and Authorization (SA&A)
– User training
These requirements may prove to be non-trivial for some organizations. The NSA has collaborated with DISA to create a “Secure Host Baseline” (SHB) for Windows 10 that includes hardware security requirements that may not be compatible with some DoD organizations’ desktop hardware profile. Legacy business software may not function correctly in Windows 10. And a new Windows desktop interface may prove to be challenging for users who have not seen a desktop upgrade in 15 years. Each of these risks must be addressed individually and methodically to ensure a successful upgrade.
Windows 10 contains a number of new capabilities and features including desktop tiles, Cortana search, the Action Center, the Edge browser, and Mac-style multiple desktops. And there are also a number of new enterprise capabilities that organizations can consider, including biometric authentication, Azure-based cloud logon, expanded remote access support, IoT support, and advanced interface support for voice, pen, touch and gesture. Many of these capabilities will enhance user productivity, but all must be implemented thoughtfully and carefully.
Aerstone can assist your organization with planning and executing a Windows 10 migration that is “secure by design.” This includes addressing your upgrade in the context of identity and access management best practices, with a sound deployment and configuration management process that yields a secure and supportable infrastructure. Our full focus is to provide a seamless upgrade experience that is minimally disruptive to end users, minimizes cost and risk to the organization, and fully compliant with published best practices and standards.
As an organizations changes and grows, it frequently becomes necessary to re-evaluate its directory and messaging environment. Microsoft Exchange and Active Directory have an extremely large install base, and a product release cycle that requires continuous upgrade of the organizational baseline. It is also common for merging organizations to seek value from IT infrastructure consolidation, based on new executive vision. And operational and security best practices are continuously evolving as well, leading some organizations to reorganize against a new backdrop of risks and threats.
New Features and Risks
Each new release of Active Directory and Exchange brings new opportunities, and new challenges. New features can enhance the functionality of the software, reduce cost of ownership, and extend the operational model to use cases with ever increasing complexity. However new features should only be implemented based on a thorough understanding of operational ramifications, which implies a requirement to train systems support staff on the latest versions of these products. It can be quite challenging for systems administrators to research and engineer systems upgrades while still being responsible for day-to-day-operations, however, which strongly suggests the value of third party subject matter experts in advance of any meaningful system change.
Microsoft Azure and Office 365 both offer exciting new capabilities for off-premises or shared hosting. These services may offer a substantially lower cost of ownership over internal hosting, and also provide significantly enhanced capabilities for an increasingly mobile workforce. The migration of core IdAM and messaging services to the cloud must be evaluated carefully, however, in terms of cost, features, security, maintenance, and accessibility. And the process of executing the migration must be managed so as to minimize downtime and data loss.
Aerstone migration staff have developed a sophisticated skill-set around executing complex systems migrations. We have an expert-level capability in both native and third party migration tools, notably Dell (Quest) Migration Manager for Active Directory and Exchange. We have the knowledge and expertise required to ensure a seamless and transparent migration process that ultimately reduces cost of ownership while meeting security requirements.
Our Experience Sets Us Apart
Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business. We
approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with security professionals across the military, intelligence community, civilian government, and commercial sectors.
Contact our sales team at firstname.lastname@example.org for more information.