In a series of briefings held on both coasts last week for product reviewers, Microsoft detailed the features that will be included in its Windows 7 Enterprise edition when it is released later this year. This high-end bundle will have all the bells and whistles befitting a corporate client operating system including support for scripted PowerShell commands for easier centralized management, help desk-friendly tricks and desktop virtualization options.
Specifically focused towards use within large organizations with volume licensing deals in place, the enterprise edition of Windows 7 will be strongly reliant on Microsoft's group policy controls and Active Directory service advancements.
According to the enterprise strategy outlined by Microsoft product managers during the New York event, Windows 7 Enterprise will come with a wide variety of tools that should resonate with network and system administrators. Some will be bundled in the base price while others will come with an added fee.
Microsoft has been criticized for not yet including enough enterprise features in it widely distributed Windows 7 beta code.
The set of free Windows 7 tools demonstrated at the reviewers briefing don't seem to rely on Microsoft's ever-smoother administration GUI at all — they're based on Microsoft's command-line scripting system, PowerShell 2.0, which has been released for a developers' preview and will come bundled with Enterprise edition.
Microsoft's also including more than 500 scripts and 'commandlets' with PowerShell. While PowerShell 1.0 has been in XP and Vista in the past as it's been around since 2006, it has been upgraded so that these commandlets can take advantage of enhanced group policy controls that affect everything from system security to Microsoft Sharepoint accessibility.
The scripts – which can be executed on a Windows 7 client or Windows 2008 server and then propagated as needed to administrative domains — are designed to help system administrators build and deploy tailored group policies that are easier to both understand and manage than those set up with previous versions Windows clients and servers. Microsoft is banking on better adoption of group policies for everything from security and compliance up through user-driven mobility services.
When Windows 7 Enterprise users are logged to Microsoft's Active Directory Services, administrators can use PowerShell policy directives to push, multicast-style, immediate changes and updates to group policies to logged on users. These 'pushed' remote policy executables can perform rudimentary functions like adding network shares or applying regular updates as well as emergency operations such as closing ports to block zero-day vulnerabilities.
The optional enterprise-focused Windows 7 features will come via Microsoft's existing Desktop Optimization Package (MDOP). Microsoft will be delivering things like Direct Access (an IPSec-based VPN-less VPN), Bitlocker enhancements (including encryption of removable devices), Branch Cache (single instance file stubbing to unclog WAN traffic), Federated Search (multiple source file/folder/content indexing for search), as well as App-V ('locationless application loading') and Med-V (Microsoft Enterprise Desktop Virtualization). The MDOP mix also extends to traditional 'enablers' for network management applications, such as an application authenticator (AppLocker) and an asset inventory service.
Less trouble, more shoot
The Windows 7 Enterprise will also have several help desk tricks built into it. One of them, called Problem Steps Recorder, allows a user to record steps taken when things go wrong, so as to demonstrate a problem to help desk personnel without an often-required remote access session. An example shown during the briefing started a macro recorder that tracked each step in an application failure. The recording was made in HTML that could be subsequently viewed — click-by-click — on any modern browser. The page can be e-mailed so that malfunctioning applications and conditions can be documented for tech support and quality assurance purposes.
The Automated Troubleshooting feature in Windows 7 Enterprise (think network troubleshooting) has been vastly revamped (especially in terms of wireless connectivity troubleshooting). Microsoft has shipped Diagnostic (troubleshooting wizards) with both XP and Vista. Windows 7 adds 'on-demand' Diagnostics that can be loaded from policy-defined resources and locales. Libraries of them can be ostensibly built, and they can use PowerShell-driven resources as well as those developed via Microsoft's Diagnostic authoring tools.
This feature can now also include third party application/component troubleshooting steps alongside the familiar troubleshooters found in XP and Vista. And the trouble processes can be combined to help solve a problem that would require multiple steps, like first getting a Wi-Fi connection established and then getting an application to work properly.
Windows 7 Enterprise includes the first major revamp of performance and state monitoring through the addition of familiar WinInternal application suite. Logs produced through this revamped utility can give administrators a more articulate look at system conditions during troubleshooting missions.
Virtualizing Windows 7 for the Enterprise
Windows 7 Enterprise virtualization – which will all be delivered under the optional MDOP deliverable – has four possible configurations: presentation virtualization (video, perhaps audio, keyboard and mouse), desktop virtualization (Hyper-V and Virtual PC product-based), profile virtualization (user states and configuration), and application virtualization.
Application virtualization, via Microsoft's Softricity acquisition — is the most interesting prospect here. This process allows application sandboxing — which is execution of applications on external servers — in a seamless fashion as though the application is running on the local machine. This trick, called Coherence by competitor Parallels, sends keyboard, video and mouse commands from the Windows 7 client to the application — and back — from the host where the application is being executed. Users aren't aware that the application (and ostensibly the data) doesn't reside on their own hardware.
Expected Windows everywhere?
With the description of what will be included in Windows 7 Enterprise bundle, it's quite clear that Microsoft has taken to heart the fact that Vista hasn't been strongly adopted in the enterprise, mainly because of its perceived incompatibilities and mixed messages.
It is also clear that Microsoft is not veering very far from its homogenous underpinnings.
Little was mentioned about how Linux and Apple machines might co-exist with Windows 7 in an overall enterprise pictures. Mainframe accessibility from a Windows 7 client wasn't talked about. Corporate Windows 7 Enterprise netbook plans weren't cited at all during the discussion, nor were the integration of varying mobile phone devices.
Additionally, in order to manage Windows 7 machines in the enterprise, Microsoft was trying to build a case not only for greater administrative controls to end points, but an organizational buy-in to Windows 2008 Server and its overall Systems Center management platform.