News

Microsoft Gives Windows 10 Patching and Update Advice

Microsoft wants IT pros to take a freer approach toward installing Windows updates in production environments.

If they do that, it will help them prepare for the arrival of Windows 10. That view, which may seem contraindicated in the minds of many IT pros, apparently is the new marching order stimulus coming from Redmond, based on some Ignite talks this month.

Windows 10, when it gets released as a final product, will have a faster update cycle that will include the delivery of new features along with security patches. Microsoft currently gets millions of devices worth of telemetry from its Windows consumer users each month. They typically use the Windows Update (WU) service to automatically install the latest operating system updates without testing them first. Microsoft has a WU participation rate among consumers of 96 percent.

That's all good, but Microsoft hasn't been getting the enterprise feedback it wants, explained Thierry Paquay, a member of Microsoft's Windows CXE patch team. He outlined Microsoft's new hopes for IT pros that patch Windows systems in an Ignite talk this month, called "Getting Ready for Windows 10: Servicing Windows Client and Server in a Managed Environment Today."

Microsoft's New Advice to IT Pros

Paquay explained that Microsoft would prefer it if IT pros would be more "proactive" about installing optional updates and update rollups than they have been in the past. They should also turn on telemetry reporting so that Microsoft can get the feedback it wants. This talk was aimed at organizations that currently manage Windows clients and that are considering managing Windows 10 clients when the new OS gets released.

Of Microsoft's many update types, Paquay just described four: security updates, hotfixes, optional updates and update rollups. First, organizations should deploy security updates as soon as possible, Paquay said.

Hotfixes, on the other hand, are designed to solve a particular problem. In the past, Microsoft had published information saying that hotfixes should only be deployed if an organization was experiencing the specific problem being addressed. Paquay said that Microsoft's new recommendation for installing hotfixes is that organizations should deploy them proactively. He said IT pros can do testing if they need to, but "don't wait" to deploy hotfixes.

Optional updates that come out each month also may have gotten ignored by IT pros over the years but Microsoft now wants organizations to test and deploy these optional updates proactively, too, Paquay explained. He added, "I know that's a big ask."

Update rollups, which are collections of hotfixes in a single package with a reboot, also should be deployed proactively, Paquay said.

He also talked about a so-called "convenience rollup" but never explained what it was. Based on his description, they sound a lot like update rollups, or maybe they are service packs.

Paquay's bottom-line advice to IT pros was to deploy security updates as soon as possible. Next, deploy hotfixes. IT pros should validate optional updates and then deploy them proactively. Lastly, they should update their Windows computing environment baselines with convenience updates (see chart).

[Click on image for larger view.] Figure 1. Microsoft's new patch recommendations for IT pros. Source: Ignite session.

He added that if IT pros start carrying out these tasks now, then they will be ready to do the same thing when Windows 10 arrives. However, if organizations just focus on deploying security updates, then things will be more difficult when Windows 10 arrives, he warned.

Microsoft has already changed its traditional patch approach. For instance, Paquay informed his Ignite audience that Microsoft no longer issues regular monthly Windows rollups. The last one happened in December, he said.

Paquay did not explain what the frequency of Windows 10 updates would be. However, Microsoft officials have previously suggested that Windows 10 updates would arrive when they are ready, rather than according to a set schedule. Possibly, there might be multiple updates per month.

Microsoft plans to provide more information about this update concept in a future Windows IT pro blog post that's going to arrive in coming weeks, according to Paquay. His talk is also described in this blog post by a Microsoft Premier field engineer.

Paquay's talk was an appeal of sorts to IT pros who had paid to attend Ignite, and who get paid for exercising caution and keeping systems running in organizations. The talk comes at a time when Microsoft has had notable troubles in issuing problem-free software updates. For instance, just last week, Microsoft reissued Service Pack 1 for SQL Server 2014 after a flawed initial release. The flawed patch, described as rendering SQL Server 2014 "unusable," had 270 downloads before being halted by Microsoft. Such context may make Paquay's somewhat of a hard sell among IT pros.

Another Ignite talk illustrated how Microsoft hopes to streamline the Windows 10 patch process via its new servicing models.

Windows 10 Servicing Options

A different Ignite described Microsoft's coming "service branch" options for organizations for managing Windows 10. Microsoft first started talking about this new model, which includes "long-term servicing branches" and "current branch for business servicing" approaches for managing Windows 10, back in January, but important details were lacking. The Ignite talk, "Windows as a Service: What Does It Mean for Your Business?," by Michael Beck, a partner director for Windows CXE at Microsoft, provided just a few more details.

Microsoft conceives of Windows 10 as being "Windows as a service," a phrase that's usually associated with apps accessed over the Internet. It already functions that way for consumer Windows users, according to Beck. Hundreds of millions of consumer devices get updated by Windows Update each month. Windows Update keeps those devices always up to date.

Some organizations, on the other hand, have "special systems" that maybe can't tolerate lots of change. These special systems handle so-called "mission-critical" workloads. Examples include air traffic control organizations and emergency rooms, Beck explained. These sorts of organizations might fall into a "long-term servicing branch" approach to managing Windows 10. Beck explained that a long-term servicing branch is declared by Microsoft every two to three years. Examples are service pack releases. Long-term servicing branch customers get security updates but they don't get the latest OS features.

In response to a question, Beck said that when Windows 10 arrives, it will not be possible to separate security updates from feature updates. He added that all Windows 10 updates will be "cumulative" updates.

Business users are in the middle, with workloads that aren't quite mission critical, but they're not consumers. Beck said that business users could be set up as special systems users, but it would be expensive and end users would not get the latest features. Microsoft's recommendation for business users is to "treat them as the professional they are," Beck said. And that's carried out via a Microsoft Windows 10 update plan called Windows Update for Business (WUB).

WUB apparently is plan terminology that's associated with Microsoft's "current branch for business servicing" plan. Beck said that current branch for business is equivalent in meaning to "ready for business." In response to a question, Beck said that the WUB plan will be for Windows 10 Pro and Enterprise edition customers.

WUB can have "testing rings" in which updates are rolled out to smaller groups before being broadly released. Microsoft follows that approach itself before rolling out its software for internal testing. Beck showed this slide during his talk, which shows different test rings (fast and slow) that could be arranged under the current branch for business servicing approach:

[Click on image for larger view.] Figure 2. Microsoft's internal testing, current branch (Windows Update) release and current branch for business update model. Source: Ignite session.

Essentially, Microsoft is claiming that its Windows software is tested by millions of users before being more broadly released.

The stream of WUB updates to organizations won't cause a bandwidth hit because it will have peer-to-peer delivery of Windows 10 updates, Beck contended. IT pros can set "maintenance windows" that determine when an update is taken and when reboots happen. This approach will integrate with existing tools, such as Windows Server Update Services (WSUS), System Center and third-party software tools.

About every four months, Microsoft declares a "current branch" and delivers it to market. WUB users get the "opportunity" to test and validate those features before they are declared business ready, Beck explained.

Essentially, there will be three update options for Windows 10 users: WU, WUB and special systems updates. A slide presented by Beck seems to suggest that WSUS will be the tool for special systems updates:

[Click on image for larger view.] Figure 3. Suggested use cases for Microsoft's Windows 10 update options. Source: Ignite session.

Beck talked a bit about hardware requirements. Windows 10 will have hardware requirements that have been unchanged since Windows Vista. If an app worked on Windows 7, it will work on Windows 10, Beck said. Windows 8.1 apps in the Windows Store will run fine in Windows 10, he added. Microsoft's Internet Explorer 11 enterprise investments will continue in Windows 10.

He also talked about deployment options. Windows 10 will still have a wipe-and-load option for operating system upgrades. However, Beck said that "in-place upgrades" will be viable for commercial customers. He said that in-place upgrades are the recommended approach for organizations running existing devices with Windows 7 or Windows 8/8.1.