Microsoft UK Tech.Days Windows 8 Camp

Held at the De Vere New Place near Southampton this was a very different experience to the other Microsoft events I have been to in the past. Firstly the audience was much smaller, more like 60 than 600 attendees. Also, this wasn’t in a lecture room or a darkened cinema, but the room was arranged with us sat at circular tables, (with power for laptops) and the whole day was much more interactive.

The main presenters for the day were Andrew Fryer and Simon May from Microsoft, accompanied by some of their colleagues.

During the day we covered a wide range of topics centred around Windows 8. It included quite a large chunk of Virtualisation- Windows 8 as an OS provided via a Virtual Desktop Infrastructure (VDI), or individual applications virtualised and pumped out using Microsoft’s AppV architecture. The User Experience has come on leaps and bounds since the days of Remote Desktop connections to a Terminal Server. The two big advances being touch - Simon played Fruit Ninja (badly :) ) over remote desktop demonstrating the 10 points of multi-touch – and graphics, in particular DirectX and Video playback. The ability to provide a 3D graphics card in software is impressive, the demos were run from a (nicely specced) laptop so putting some proper grunt behind it from the data centre should produce even better results.

There was a brief intermission from the technical subjects at this point after this as we were talked through some of the licensing options. If you thought it was complicated licensing a physical Windows environment then just wait till you have to license a virtualised one where users have primary devices, companion devices, other devices that aren’t companion devices, personal devices at home running the corporate Windows image, and personal devices at the office. It’s not surprising there’s a whole industry devoted to licensing.

Late on in the morning we had a look at Windows 8 apps, of particular interest was the ability to test home-brew apps to the standards set by the Windows Store using the Microsoft Deployment Toolkit. These apps sit nicely bundled in an “.appx” file, so there’s no messing around with multiple files for an application. These .appx files can then be side-loaded onto a Windows 8 device using Powershell, SCCM, or Intune (amongst other solutions).

Lunchtime came along and we were all set a challenge- remember what we’d been shown this morning and deploy Microsoft Dynamics to a VDI session. The first table to complete this on all their laptops would get a prize.

I’m pleased to say that our table won this challenge, and thanks to the UK Tech Net guys for coming up with the prizes for us. The challenge was in several steps. First you had to connect to the wireless. Then you had to reconnect to the wireless because it had dropped out. Then (once Simon had hurriedly fixed the user accounts) login to the VDI environment. My Windows 7 laptop was now running a Windows 8 session.

Now in the VDI session the real work began. We were trying to remember all the little bits and bobs that had come up during the morning session. To summarise, the steps were:

  1. Import the certificate for Dynamics from the file server. This needed to be done as administrator (earlier on we wondered why the domain admin password had been mentioned!).

  2. Install the dependencies -I used a powershell command

1Add-AppXPackage -Path \\Fileserver\Challenge\Dynamics\Dynamics_Dependencies.appx
  1. Install the Application – again I used powershell
1Add-AppXPackage -Path \\Fileserver\Challenge\Dynamics\Dynamics.appx

After lunch we were shown that I could have combined steps 2 and 3 and used the command:

1Add-AppXPackage -Path \\Fileserver\Challenge\Dynamics\Dynamics.appx --DependencyPath \\Fileserver\Challenge\Dynamics\Dynamics_Dependencies.appx

Buoyed by our success we began the afternoon session. This started with a look at System Centre Configuration Manager (SCCM) as a means for deploying Windows 8 and applications. This built on the discussions of Windows Deployment Services and Intune from the morning.

I found this of particular relevance as we’re currently finishing up a project to shift to SCCM to deploy Windows 7 at work. One of my aims of the day was to get some insight as to how we could use this infrastructure to push out Windows 8 (at least to selected users) without all the upheaval that it’s taken to get to this point. The good news is that this should be straightforward- we’ve got SCCM 2012 SP1 currently so everything should be in place to add a Windows 8 deployment without breaking the existing setup.

Next up was Dynamic Access Control- this is a subject I haven’t really looked into before and I’m not sure it’s something I’m going to use in our current environment. The big thing here is being able to control file access based on a users’ location, device, and Active Directory information. For example, Bob from Finance may be allowed to look at the finance files located on the server using his work laptop in the office, but not if he takes the laptop offsite (even if he is connected to the corporate network by VPN). However his boss, Jane the Finance Director, is allowed to see the file from both the office and her home location.

It’s all quite in depth, and provides very granular control but looks like a lot of work to implement into our existing system, and then potentially a lot of work to maintain without giving us much advantage over using user/group permissions to control access. Time shall tell, but there’s so many other exciting technologies and only so many hours in the day that it’s necessary sometimes to pass on things.

Nearing the end of the day we had a demo of DirectAccess. This can be setup to provide VPN-like access to a corporate network for domain-joined devices, but with a couple of advantages. Firstly it can be used to manage the offsite device from the office- those laptops that disappear from the office for months (or even years) at a time can now be looked after by the IT office almost as if they were just down the corridor.

Secondly, DirectAccess can work from user login. Our current VPN solution requires the user to login to the device, then run the application, then login to the corporate network. Only then do they get working network drives and access to all the corporate systems.

To round off the day we were shown Windows To Go – running a corporate Windows 8 image from a (special) USB memory stick on a non-corporate PC or laptop without having to worry about the personal files on the device interfering with the companies setup, or visa-versa. Although I think we need to wait for the price of the USB sticks to come down, this is definitely worth investigating as a BYOD solution- imagine giving all your students a USB stick they can stick in their personally-owned PC and instantly have a Windows PC configured identically to our lab environment. It’s VDI but without the need for the back-end infrastructure or the “always-on” network connectivity.

All in all a good day, and I’d definitely recommend these camps to any IT Pros who work with MS Technologies (or like a free lunch!).