Windows 7 Compatibility Issues May Mar Enterprise Adoption

By Andrew Garcia  |  Posted 2009-04-30

Windows 7 Compatibility Issues May Mar Enterprise Adoption

Microsoft officials proudly proclaim that the Release Candidate landmark of the Windows 7 development cycle represents a good time for businesses to start evaluating the new operating system in a production environment. While the code made available to this point seems strong enough to warrant this level of in-depth appraisal, I suspect IT implementers will quickly find too many questions unanswered to gain a firm grip on the role the new operating system can play in the enterprise-or if it has a role at all in the near term.

In my few days with the new version, I've found that the release candidate (Build 7100, available now to MSDN and TechNet subscribers and to the public on May 5) installs and runs quickly and efficiently; is highly polished for this stage of development; already supports a wide array of hardware; and is obviously rich with security, connectivity and usability features when compared with either Windows Vista or XP. 

But with the issues of application compatibility and licensing still not addressed in a manner companies can test, and with Windows 7's deep ties to the forthcoming Windows Server 2008 R2 to consider  (not to mention the moribund economy), potential implementers may find it difficult to find the value in the new OS, despite its obvious improvements.

Application compatibility, or lack thereof, was one of the torpedoes that sank Windows Vista-too many users and organizations found that operating system's security implementations broke mission-critical legacy applications or devices. As Windows 7 is built with the same security fundamentals in mind (including User Account Control, Address Space Layout Randomization and Kernel Patch Protection), Microsoft had to address the issue head-on with the new OS, to ensure customers a seamless transition to the new platform.

The announced solution-Windows XP Mode for Windows 7, or XPM-runs a virtualized instance of XP Service Pack 3 within Windows 7. Customers licensed for the right version of Windows 7 (Professional, Enterprise or Ultimate) will be able to download the software, which includes a copy of Windows XP SP3 and a license to run it virtually. Integration with the host operating system should be present, and users can expect to be able to launch virtualized applications directly from the host interface (similar to what one could do with VMware Fusion's Unity mode on a Mac).

As pointed out here, XPM is fraught with security concerns. Indeed, it appears that the XPM VM needs to be managed as a separate node on the network, and will require its own anti-virus, patch management and management software. But that's just the tip of the iceberg.

So Many Questions


I haven't received a copy of the XPM beta code, yet, so I find myself full of even more questions beyond these already sticky issues. Does the XPM instance itself need to be joined to the domain, and what does that mean for Client Access Licenses? Do the host and virtual instances need to be managed separately via Group Policy? Will security patches for XPM instances stop coming in five years, even though Windows 7 is protected for much longer than that?

With XPM, Microsoft has thrown up its hands and effectively proclaimed, "We can't support these applications going forward, nor do we want to try." I understand that perspective-everyone wants to move forward unencumbered-I just can't grasp the approach.

Two years ago, Microsoft bought not one but two companies with solutions that worked to solve application permission problems in environments where users don't have administrative credentials-Winternals and Desktop Standard. Although Microsoft did not actually acquire the pertinent technology in the latter case-that technology evolved into the company BeyondTrust-the Winternals technology could have made its way into Windows 7 but seemingly hasn't.

In my tests of the Winternals technology three ago, I found the underlying privilege escalation worked well but needed to be integrated into Group Policy. With the product now two years in-house at Microsoft, I held out a lot of hope that work could have been done and that the technology would be mainstreamed within a business-class operating system. But instead, we get XPM and a potential security and administrative nightmare.

In truth, I hate the approach Microsoft is taking with Windows 7 and legacy software. On the surface, I feel it levels the playing field with every other operating system out there, which can also run Windows XP in a virtual instance. So if I need to manage a second desktop-albeit virtually-to run applications that help me do what I need to today, why do I need to pay for a new base OS in the first place? 

If I need something modern, is now the right time to look elsewhere, since the backward compatibility story will be largely the same in either case? Or do I simply stick with what works-Windows XP and all its inherent problems-especially since we know that security patches for the older OS will keep coming through 2014?

It is here that Microsoft needs to convince IT implementers that the new features native to Windows 7 will be worth all of the costs that would come with an upgrade-for licensing, hardware, management and the resulting labor to get there-proving that Windows 7 will deliver things other operating systems can't.

Microsoft has gone to great lengths to point out Windows 7 represents the first time since Windows 2000 that the company has been able to develop a client and server iteration (Windows Server 2008 R2) in tandem, and the company has promised great things from this team development, with hopes that it will spark a similar level of uptake from its business customers. Features such as DirectAccess always-on remote connectivity and BranchCache local caching are the immediate fruit of this collaboration.

The tight integration with Windows Server 2008 R2, however, could present those testing Windows 7 with complications beyond simply loading the new OS on a laptop. To test DirectAccess or BranchCache within a production environment, testers will need to look closely at their server hardware, or consider testing the server side entirely in virtual instances. This is because the new server iteration will be available only as a 64-bit platform.

Those most likely to be considering an upgrade to the new platforms-organizations still running Windows 2000, which will expire from Extended Support next summer-will probably need to consider a server hardware upgrade. And even those companies that already have 64-bit server platforms in their data center need to look at whether they are currently running 32-bit iterations of Windows Server on those machines because there is not a direct upgrade path from there to the 64-bit R2 iteration.    

Just to be clear, as a user, I really enjoy using Windows 7. I think the new OS represents a vast improvement over Vista or XP, and the RC has already found its way into my day-to-day computing life. I suspect many consumers who spend any time thinking about their OS will feel the same.

But, given the terrible economy, I suspect Microsoft asks too much of its business customers because it's not just about the cost of the Windows 7 license and the costs to perform the upgrade. It's about the hardware costs to bring both the client and server fleet up to spec with the new versions, the 2x licensing costs for third-party management and security solutions, and the spiraling headaches that will come from having to support two desktops where there once was one. And most of all, it's about trying to stomach these costs when every company is being forced to make cutbacks across the board.

If the gold code of Windows 7 is to come in 2009-and it certainly looks like that will be the case-I don't think most businesses will have the stomach for it.

Rocket Fuel