Windows 8 Enterprise is the reverse-mullet of operating systems: all party in front and business in the back. Up front, the new Start screen and touch-focused interface are more focused on users having a good time—one can not imagine many productivity applications for having access to content based on a gamertag, for example. Behind the tiles, the Desktop is where all the real work will happen.
And even at the Desktop level, Windows 8 Enterprise does not wear its business credibility on its sleeves. The exclusive features in the volume-licensed version of Windows 8 packaged specifically for business users are for the most part under the covers and barely visible. But they make it possible for users to work more securely, and take their work with them when they untether from the LAN—or, with one new feature, when they unplug their boot thumbdrive from the PC.
There are six features exclusive to Windows 8 Enterprise that aim to make it friendlier for business use:
- Windows to Go capability, which allows users to boot a secured image of Windows from a USB drive
- BranchCache content staging and network storage caching feature
- AppLocker application access control
- DirectAccess remote access technology
- Enhanced VDI support for touch-based Windows devices
- "Side-loading" of internal applications developed using the "Metro" interface
Not all of these features are new in Windows 8. DirectAccess, AppLocker, and BranchCache were available in Windows 7 Enterprise and Ultimate, as was VDI support. The improvements in BranchCache, VDI support, and DirectAccess are also dependent on changes in Windows Server 2012. And other than Windows to Go and VDI, the features are largely hidden from the end-user and depend on Active Directory and Windows group policy settings—and in some cases Windows' PowerShell—to be configured.
But are these features in and of themselves enough for businesses to justify upgrading—and dealing with the user retraining, software testing, and other hassles that come with a major operating system upgrade? For companies that have volume licensing already in place, for whom a "step-up" fee may not be that major a financial consideration, the other hard and soft costs of upgrading may outweigh any benefits from the internal improvements of Windows 8 itself. Much of the decision will rest on whether or not to embrace the new Windows 8 application development model, the adoption of x86-based tablets, and considerations beyond the technical soundness of the platform itself.
The good news is that Windows 8 Enterprise is ready to go when businesses decide to be assimilated—and IT pros won't have to change much about how they currently support Windows desktops and notebooks to accommodate the change. Some of the new features of Windows 8 Enterprise may not be easy to deploy immediately because of a lack of supporting devices and applications, however. So it might be a while before many businesses feel ready to stop fearing the Start screen and love Windows 8 Enterprise.
Windows to Go and VDI
For organizations that have users without a fixed PC to go to, Windows 8 Enterprise offers two ways to connect to their own personal desktop: Windows to Go, which puts the whole Windows 8 environment onto a portable USB-based storage device, and through a virtual desktop infrastructure with Remote Desktop Connection.
Windows to Go is a great idea: a secure, corporate-approved image of Windows 8 that can be booted from a USB-connected device on practically any recent PC without touching the local operating system. Combined with DirectAccess or a VPN, it gives people a safe way to reach back to the home office, check mail, and access documents from an untrusted PC. Users can do this at home, a client's office, or a public computer—all without fear of leaving a trail or exposing corporate systems to malware lurking on an under-protected system.
I did a somewhat involved test of Windows to Go's concept after the Consumer Preview was released, using Windows 7 administrative tools to build out my bootable image on a 32-gigabyte USB stick. It worked well for beta, but it was too labor-intensive for your average user to self-configure. Now, Microsoft has completely automated the creation of Windows to Go volumes with a click-and-go utility on a desktop for self-provisioning. There are also tools in System Center 2012 for provisioning Windows to Go images.
Windows to Go requires Windows 8 Enterprise to work because of its volume licensing—other versions of Windows get married by their installation keys to specific hardware. And that's fine, because it's a feature that is best when married with the other features enabled by Windows 8 Enterprise.
There's really just one fly in the ointment—the self-provisioning tool only works with USB drives that are "Windows to Go Certified." That's a short list at the moment. As of launch, there are only three devices certified for Windows to Go, and one of them—Western Digital's My Passport Enterprise—is a 500-gibabyte portable hard drive. This is not the sort of thing you carry around hanging from a lanyard (unless you're Flava Flav, and you glue a clock to it).
The key attributes of being a certified Windows to Go device are USB 3.0 support and firmware to support two partitions: a 350-megabyte FAT32 system partition and another larger NTFS partition for Windows 8 itself.
If you're an administrator building a custom Windows to Go "workspace," as Microsoft refers to it, the process can be automated to some degree. You'll need to use PowerShell scripts, the Deployment Image Servicing, and Management command-line toolkit or the Windows 7 Automated Installation Kit (see the TechNet walkthrough for those details).
One other limitation of Windows to Go that most companies won't care too much about is that the Windows Store is disabled and apps purchased from it won't run. That's because Windows Store licenses are linked to a specific computer.
Remote Desktop connection, on the other hand, follows a more traditional route to desktop and app access for users not bound to a single PC. Microsoft put a lot of work into its support for virtual desktop infrastructure in Windows Server 2012, and that's reflected in Windows 8 Enterprise. It now offers better support for all sorts of users—including those with touch-based tablets.
The biggest changes to VDI in Windows 8 Enterprise are related to how it connects to the remote session. Windows 8 and Windows Server 2012 use RemoteFX to support virtual desktop sessions, instead of the vanilla Remote Desktop Protocol. RemoteFX can harness a graphics processor on the server to power multiple remote desktop sessions. Users can then access apps with 3D graphics and handle all the heavy lifting on the back-end, either through a full remote desktop experience or through a RemoteApp virtualized application session.
The Remote Desktop Connection client in Windows 8 Enterprise also supports connecting local USB devices. Another addition is support for touch-based interaction with remote sessions of Windows 8—not just over a local network connection, but over a WAN connection as well. That may make Windows 8 Enterprise more attractive to organizations that want to put tighter security control on tablets, such as hospitals.
BranchCache
Introduced in Windows 7 and Windows Server 2008 R2, BranchCache is a technology designed for optimizing the use of bandwidth over a wide-area network. It does so by caching files and webpages from the corporate network locally. Instead of reaching out across the network to hit a remote Web or file server, BranchCache-enabled Windows clients retrieve metadata about the content from the original host, then check local caches. Those caches can reside either on a local Windows Server acting as cache server (in a "hosted cache" configuration) or from other PCs on the local subnet (using "distributed cache" mode).
On the client side, BranchCache gets switched on through a Windows Group Policy Object when a user logs in through Active Directory. Through the Group Policy Editor, you can designate the maximum amount of disk space that can be used for BranchCache's hash store.
Unlike Windows' client-side caching of network shares—a feature that's been in Windows since Windows XP—BranchCache isn't intended to provide offline use of files. While it can work alongside offline file caching, BranchCache can also be used with other sorts of network content, such as company-private webpages and Windows updates distributed internally through Windows Server Update Services. In essence, it's your organization's very own internal content delivery network.
Rather than storing data in a file structure, BranchCache stores it as a series of hashes based on the location the data came from. Windows 8 Enterprise PCs in a distributed caching environment share that data over the same protocols it came in on (HTTP, HTTPS, or SMB) as BranchCache services running on PCs exchange messages within the subnet.
Distributed cache mode works well for small offices where deploying a local server would be too expensive or difficult to support. It is also a good solution for organizations that use a hosting company or cloud provider for their Windows server infrastructure.
There's no user control surface to enable BranchCache, though you can turn the service on and off as administrator through Windows 8's services management console.
While the general functionality of BranchCache hasn't changed much from Windows 7 to Windows 8, there have been a lot of tweaks to how it performs them. Configuration of BranchCache in Windows 8 Enterprise is automatic, and Microsoft has added data deduplication features to the client-based BranchCache to prevent multiple PCs from downloading the same content. Changes are also made in smaller chunks now, so that small changes to files don't require another full download across the WAN.
reader comments
55