END OF SUPPORT FOR WINDOWS 7 - BACKGROUND, BUSINESS IMPACT, OPTIONS FOR ACTION
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
END OF SUPPORT FOR WINDOWS 7 BACKGROUND, BUSINESS IMPACT, OPTIONS FOR ACTION
CONTENTS 1 Management Summary ........................................................................................................... 3 2 End of Support: Data and Background ..................................................................................... 4 3 Business Impact ...................................................................................................................... 5 3.1 Security............................................................................................................................................... 5 3.2 Stability and compatibility ................................................................................................................. 6 3.3 Plan your strategy now ...................................................................................................................... 6 4 What options do you have? ..................................................................................................... 7 4.1 Paid security updates until 2023 ........................................................................................................ 7 4.2 New: Windows 7 Virtual Desktop ...................................................................................................... 7 4.3 Migration to Windows 10 .................................................................................................................. 8 5 Decision criteria, advantages and disadvantages...................................................................... 9 5.1 Continue using Windows 7 to support legacy applications ............................................................... 9 5.2 Migrating to Current Windows 10 ...................................................................................................10 6 Planning the Migration to Windows 10 Correctly ................................................................... 12 6.1 Inventory ..........................................................................................................................................12 6.2 Definition of objectives ....................................................................................................................12 6.3 Planning to use Windows 10 ............................................................................................................13 6.4 Ensuring compatibility .....................................................................................................................13 6.5 Planning implementation.................................................................................................................13 6.6 Free Tools Support the Upgrade Process.........................................................................................13 6.7 Demonstrate and communicate ......................................................................................................14 7 How SoftwareONE Supports You ........................................................................................... 15 7.1 SoftwareONE Roadmap and Landscape Advisory Services..............................................................15 7.2 Cloud Services and Consulting .........................................................................................................15 7.3 Licensing Support .............................................................................................................................15 7.4 Individual Consulting by SoftwareONE Experts ...............................................................................15 Copyright © 2019 SoftwareONE Page | 2 of 16
1 Management Summary On January 14, 2020, Microsoft will end support for Windows 7, which is still one of the most widely used versions of Windows in the corporate environment. After that date, no more updates for Windows 7 will be made available, i.e. no more security gaps will be closed and no more technical support will be provided by Microsoft. If you continue to use Windows 7 as usual without making provisions, you will most probably encounter serious problems. Companies should immediately start planning how they can continue to harmonize their functional and security requirements after the end of Windows 7 support. This whitepaper examines the background and consequences of the end of support, describes in detail the most important options for action, and aids in making a decision. You may have legacy applications or many other important reasons to stick with Windows 7. In this case, Microsoft will continue to offer security updates for a limited time - either for a fee or free of charge when using the Windows Virtual Desktop. For the majority of companies, however, switching to a current Windows operating system is the best choice. We'll show you how to do it, what to consider when making your decision, and how to successfully plan and prepare for the migration. Copyright © 2019 SoftwareONE Page | 3 of 16
2 End of Support: Data and Background Support for Windows 7 will end on January 14, 2020. More specifically, extended support for Windows 7 SP1 (Service Pack 1) will end. Background: Microsoft's Fixed Lifecycle Policy applies to Windows operating systems prior to Windows 10. According to this policy, Microsoft will initially provide regular or mainstream support for a period of time (usually five years). This includes bug fixes, security updates and functional enhancements as well as telephone and online support, some of which is free of charge. At the end of this phase, Microsoft will continue to provide security updates and fee-based support as part of its extended support program. This phase also usually lasts five years. Windows 7 was launched in October 2009, Service Pack 1 in February 2011. Two years later (April 2013), Microsoft completely terminated support for Windows 7 without Service Pack. Since January 13, 2015, the company has only offered extended support for Windows 7 SP1, and security updates will be distributed for the last time on January 14, 2020. Copyright © 2019 SoftwareONE Page | 4 of 16
3 Business Impact
First a clarification: Even after the end of support of Windows 7, the operating system will continue to work.
However, there will be no technical support and no software updates for it. This means that newly discovered
security vulnerabilities will no longer be closed and additionally, that less and less new hardware and
software will be supported, resulting in incompatibilities and instability.
3.1 Security
If new vulnerabilities found in Windows 7 are not eliminated, this has a serious impact on the security your
data and systems. Especially since the end of 2014, the number of newly discovered vulnerabilities in
Windows 7 has risen, and the proportion of serious vulnerabilities with a high-risk potential is particularly
high among recent findings.
Of the 1097 vulnerabilities in Windows 7 recorded by the "CVE Details" database over the ten years since the
release of this version of Windows (as of July 1, 2019), 456 were not found until 2017 or later. A total of 335
gaps are particularly dangerous because they allow the infiltration and execution of arbitrary codes. Of the
136 new vulnerabilities published since the beginning of 2019, almost half, namely 63, were able to execute
code.
In addition, gaps and vulnerabilities found in newer versions of the Microsoft operating system (Windows 8,
Windows 8.1, Windows 10) are highly likely to be found in Windows 7 as well. Microsoft is developing its
system step by step - a lot of code from Windows 7 has been adopted in the succeeding versions. If Microsoft
informs about new security vulnerabilities in the course of security updates, attackers can derive targeted
attack options for Windows 7 from these. Missing updates will make systems running on Windows 7 an easy
target.
Vulnerabilities in Windows 7
2009 - 2018
250 229
200
162
149
134 136
150
102 99
100
64 63
44 35 51 47
39 35
50 15 29
18 14 18
11
10
0
2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
# of Vulnerabilities Code Execution
Source: www.cvedetails.com
Copyright © 2019 SoftwareONE Page | 5 of 16In the past, some large-scale attacks by blackmail Trojans (ransomware) have shown what damage this can cause. In May 2017, the WannaCry malware infected over 230,000 unpatched PCs in 150 countries, encrypting data and demanding ransoms. In addition to private users, numerous companies and organizations were also affected: At automobile manufacturers, production stopped, at Deutsche Bahn in Germany display panels and video surveillance systems failed, and in China the payment systems of 20,000 petrol stations. WannaCry used an exploit called EternalBlue, originally developed by NSA and used for years for espionage, which exploited errors in the Windows implementation of the SMB network protocol to execute external code (SMB Remote Windows Kernel Pool Corruption). To date, there are several Trojan variants that exploit EternalBlue, including NotPetya and BadRabbit. The damage caused by this exploit worldwide is already in the billions. Another danger: If a vulnerability is found in the cryptography platform of Windows 7 (Cryptography API: Next Generation; CNG), not only the security of the operating system is at risk, but also that of applications and data that require encrypted storage or file transfers - including confidential online transactions. Conclusion: Unpatched systems are highly vulnerable to hacker and malware attacks. Additional software such as virus scanners or firewalls can reduce the risk of such attacks somewhat, but security gaps are characterized by the fact that they can be used to circumvent other protective measures. Therefore, even third-party security tools cannot reduce the risk of attacks to an acceptable level for the use in a corporate environment. 3.2 Stability and compatibility In addition to the security problems mentioned above, the continued use of Windows 7 after the end of support is not recommended for other reasons as well. The increasingly poor support of new hardware and software will jeopardize the compatibility and/or stability of productive systems. On the one hand, there will be no driver support for newer hardware. Available Windows 7 drivers often do not support certain new technologies do so poorly (e.g. USB 3.x, Secure Boot). In 2017 Microsoft decided to refuse support for Windows 7 and Windows 8.1 systems for newer processors (Intel Kaby Lake, AMD Bristol Ridge and Qualcomm 8996). If you want to use any of these, you will need to switch to Windows 10. The same for software: Current Office versions no longer run on Windows 7; from January 2020, the combination of Windows 7 and Office 365 Pro Plus will also no longer be supported. Experience has shown that many other hardware and software manufacturers will also use the lifecycle end of Windows 7 to discontinue support for it altogether. 3.3 Plan your strategy now It should now be obvious that companies that still operate systems with Windows 7 should finally start to think about how to continue after January 14, 2020. There may be many companies that have been using Windows 7 until now for good reasons, like legacy applications that do not run on Windows 10. If you start now, there is still enough time to plan your strategy so that your functional and security requirements can be optimally and justifiably reconciled. Copyright © 2019 SoftwareONE Page | 6 of 16
4 What Options Do You Have? Basically, there are two options how to move forward with existing Windows 7 systems after January 14, 2020 to avoid security issues: You can switch to the current Windows 10 (see Chapter 4.3 below) or alternatively, continue using Windows 7 with Extended Security Updates (ESU). These are available as a paid offer for Enterprise Agreement customers until January 2023. You can also use Windows 7 through a Windows Virtual Desktop. Chapters 4.1 and 4.2 will go into more detail about this. In addition, it is also possible to continue operating the Windows 7 system in a secure environment and completely separated from the network (e.g. in a virtual machine) – but this should remain an exception. In theory, you could also change to Windows 8.1, since it will receive extended support until January 10, 2023. This is occasionally recommended for private users who can't get used to Windows 10. For companies, however, Windows 8.1 is not suitable for productive use for several reasons or only in exceptional cases: On the one hand, it is no longer sold by Microsoft directly. Second, as with Windows 7, support for newer hardware (processors and chipsets) is limited. On the other hand, for many companies that have stuck to Windows 7 because of their legacy applications so far, Windows 8.1 will cause similar issues to Windows 10. And ultimately, Windows 8.1 only postpones the solution of the actual problem with a new alternative until January 2023. 4.1 Paid Security Updates until 2023 In September 2018, Microsoft announced that it would extend support for Windows 7 until January 2023 with Extended Security Updates (ESU). However, not all Windows 7 systems benefit from this offer: ESUs are only available for Windows 7 Professional and Enterprise via the Microsoft Enterprise Agreement (EA), Enterprise Agreement Subscription (EAS) or Enrollment for Education Solutions (EES) contracts. The fees for this are payable per device and increase every year (because Microsoft has an interest in reducing the number of active Windows 7 installations). Customers with Software Assurance on Windows and those who also have Windows 10 Enterprise or Education subscriptions receive up to 50% off. With this support extension, Microsoft is responding to feedback from many Windows 7 customers that they need more time to migrate to Windows 10. 4.2 New: Windows 7 Virtual Desktop While Microsoft will charge money for extended security updates for on-premises installations of Windows 7, the company is offering free ESUs to customers using the new Windows Virtual Desktop service. This includes Windows and Office virtual machines hosted on Microsoft's Azure public cloud platform. Both, complete desktops and individual apps can be virtualized. Access works via any Internet-enabled client that supports Remote Desktop Protocol (RDP). Microsoft describes Windows Virtual Desktop as the only full Windows 10 enterprise multi-user environment and the best service for virtualizing Office 365 ProPlus in multi-user scenarios. Copyright © 2019 SoftwareONE Page | 7 of 16
Organizations that still need Windows 7 can use a virtual desktop which will receive free extended security updates until January 2023. This gives you more ways to support older applications as you prepare to move to Windows 10. The cloud offering was announced in September 2018 and is currently available as a public preview (as of July 2019). 4.3 Migration to Windows 10 For most organizations switching to Windows 10 is the best option. Unlike its predecessors, however, Windows 10 no longer has a fixed multi-year product lifecycle with mainstream and extended support but is offered in a semi-annual channel, also referred to as “Windows as a Service.” This means that Windows 10 receives new features in regular intervals in addition to security updates and fixes. Currently, this happens roughly every six months in spring and fall. For each feature update, Microsoft only provides support for 18 months after installation - or 30 months for certain Enterprise editions (currently always the versions appearing in fall). After 18 months (or 30 months), a new upgrade must be installed in order to continue to receive updates. If you regularly apply updates, you will not need to worry about end- of-support problems anymore. One exception are the LTSC editions (Long-Term Servicing Channel) of Windows 10 Enterprise, which do not get any feature updates, but instead receive ten years of support similar to the previous versions of Windows. They are designed for systems that need to perform consistent tasks and therefore do not need new features. They are not recommended for systems in productive use. In addition to on-premises installations, the Windows Virtual Desktop described in the last section is another option for action. Microsoft recommends that companies that are still using Windows 7 switch to a modern desktop with Microsoft 365 before the end of support, which includes Office 365 and Enterprise Mobility + Security in addition to Windows 10. With Microsoft 365, companies can set up a uniform solution for the entire workplace based on the modular principle, which in addition to the operating system also includes productivity tools for collaboration, the secure management of mobile devices and apps as well as intelligent security and analysis functions. Copyright © 2019 SoftwareONE Page | 8 of 16
5 Decision Criteria, Advantages and Disadvantages
5.1 Continue Using Windows 7 to Support Legacy Applications
If you have important legacy applications, you will most likely need to stay with Windows 7 for some time.
Nevertheless, you should start getting ready for Windows 10 migration because by January 2023 you will
have to finally part with Windows 7.
Until then, Microsoft offers you the opportunity to continue receiving Extended Security Updates for
Windows 7, either as a paid offer or free of charge as part of the Windows Virtual Desktop. Both options give
you enough time to prepare for migration to Windows 10.
The Windows Virtual Desktop allows you to keep your current legacy applications for now plus it is a first
step towards a future-oriented cloud strategy. For many organizations, a public or hybrid cloud infrastructure
is the optimal solution to meet the requirements of digitization and becoming more efficient, flexible and
agile. In addition, there are savings due to less maintenance and a pay-as-you-go model. You will only pay for
what you’ve consumed. For companies that have Microsoft 365 E3/E5 or Windows 10 Enterprise E3/E5
licenses Windows Virtual Desktop - and thus also Windows 7 virtual machines – comes without additional
license costs. You will only pay for the virtual machines and storage in Azure.
Continue using Windows 7: Advantages and Disadvantages
Option Advantages Disadvantages
Windows 7 • Support of Legacy applications • Relatively high cost for ESU
(installed physically) • ESU offer time to prepare the • Cost increases every year
migration Windows 10 until 2023
• No sustainable solution
Windows 7 Virtual • Support of Legacy applications • No sustainable solution
Desktop • ESU offer time to prepare the
migration Windows 10 until 2023
• ESU free of charge
• Agility and efficiency thanks to the
cloud
• Office virtualization for multiple user
scenarios
• Low IT spends
• Free for customers with M365 E3/E5
or Windows 10 E3/E5
• Predictable IT costs
• Start your digital transformation
journey
Copyright © 2019 SoftwareONE Page | 9 of 165.2 Migrating to Current Windows 10
Those who are not forced to continue using Windows 7 should start with planning a migration to Windows
10 as soon as possible. Organizations should use the end of Windows 7 support to check their requirements
and the various options when migrating to Windows 10. This is a good opportunity to take the next steps
towards a future-proof IT infrastructure. For many companies, cloud applications are playing an increasingly
important role in their IT strategy. Windows 10 migration is a good time for these companies to migrate
selected or all on-premises systems to the cloud and thus drive their digital transformation forward.
Microsoft offers the Windows Virtual Desktop for virtualizing Windows 10 machines on Microsoft's public
cloud platform Azure. A subscription to Microsoft 365 E3/E5 or Windows 10 Enterprise E3/E5 includes free
access to Windows Virtual Desktop as described in Chapter 5.1.
Options for Windows 10: Advantages and Disadvantages
Options Advantages Disadvantages
• All the benefits of Windows 10
Enterprise Edition
• Virtual Desktop Access (VDA) rights
included*
• Enforced updates
• Option to install locally on the device,
or within local or remote VDI • Does not include Microsoft 365 services
environment*
• Option to deliver Windows 10 Virtual
Desktop from Azure, or an approved
Windows 10 Qualified Multi-Tenant Hoster (QMTH)
Enterprise • An always up-to-date cloud supported
version of Office is available via Office
365.
• Supports Office 2019 (one-time-
purchase)
• Always up-to-date with Semi Annual
Channel with updates twice a year.
• Long term Servicing Channel (LTSC)
option available for restricted use
special-purpose devices.
• Enforced updates
• All the benefits of Windows 10
Enterprise Edition • No offline support for VDI
Windows 10 VDA
• Deploy within a local or remote VDI • Does not include Microsoft 365 services
environment*
Copyright © 2019 SoftwareONE Page | 10 of 16• Option to deliver Windows 10 Virtual
Desktop from Azure**, or an approved
Qualified Multi-Tenant Hoster (QMTH)
• Always up-to-date with Semi Annual
Channel with updates twice a year.
• A recommended licensing model for
thin client devices.
• Windows 10 Enterprise with Virtual
Desktop Access (VDA) rights included*
• Always up-to-date with Semi Annual
Channel with updates twice a year
• An always up-to-date cloud supported
version of Office is included
• Modern collaboration tools including • Enforced updates
Microsoft 365
Microsoft Teams
• Advanced information security and
compliance features
• Tools for management of client
desktops and mobile devices
• Most comprehensive solution for a
modern workplace
* Local Virtual Desktop Access and Virtualization Rights are restricted within Microsoft365 F1 or Microsoft Cloud Agreement (MCA).
Please refer to the Product Terms and your Microsoft Contract.
** Access Windows 10 Enterprise and Windows 7 Enterprise at no additional cost if you have an eligible Windows 10 Enterprise or
Microsoft 365 license. Access desktops powered by Windows Server Remote Desktop Services at no additional cost if you’re an
eligible Microsoft Remote Desktop Services (RDS) Client Access License (CAL) customer. You pay only for the Azure compute,
storage, and networking associated with the virtual machines you use in your environment.
Copyright © 2019 SoftwareONE Page | 11 of 166 Planning the Migration to Windows 10 Correctly Start planning your migration to Windows 10 as soon as possible to allow time for inventory, planning, compatibility testing, and deployment. The outcome should be a comprehensive roadmap. With this roadmap, organizations can ensure full software licensing compliance, optimal technical performance, and overall enable greater commercial success. 6.1 Inventory Planning should begin with a thorough inventory: The first step in creating a roadmap for Windows 7 EoS is ensuring that every part of your hardware and software environment is accounted for. By taking inventory of all software and device assets, your organization can estimate how much time, labor, and money will be required. Once all the hardware and software assets in your organization’s environment have been identified, determine which assets will require upgrades, replacements, or other special considerations. Finally, don’t forget to determine if any of your organization’s devices or hardware will need to be upgraded. 6.2 Definition of Objectives Take a look back at the incompatible assets you’ve identified, then suggest a few potential options for each product that must be updated. Consider the benefits and drawbacks of each potential option, which will help members of your organization make a well-informed decision about the future of your technological environment. Additionally, you should define where you want to go in accordance with your short and medium-term goals: What challenges does your company face in terms of IT support for its business processes? What should the IT infrastructure look like - self-operated systems, public cloud or hybrid provisioning? Which additional devices should be connected, for example mobile devices in the context of BYOD/CYOD scenarios (Bring/Choose Your Own Device)? Do you want to provide your users with new opportunities for teamwork, home office, field staff, first-line workers, etc. for which cloud applications are more suitable? Please note that even older Office versions will only be supported for a limited time; Office 2010 will only receive support until October 2020, Office 2013 until April 2023. Copyright © 2019 SoftwareONE Page | 12 of 16
6.3 Planning to Use Windows 10
Defining your mid-term goals and requirements, as well as the framework conditions such as budget and IT
resources, will help you determine the best way to deploy Windows-10-based systems - physically installed,
virtualized, or as part of a holistic modern desktop environment. It's a good idea to take a close look at
Microsoft's licensing terms for Windows 10. There are both pitfalls and great savings potentials with the
various volume licensing programs.
If you choose a physical installation, you should consider your upgrade strategy and update management
processes. The new dynamic release model of Windows 10 requires the relocation of update and migration
processes from deployment projects to running operations.
Note: As a Windows 10 Enterprise user, you can defer new feature updates for up to 365 days to ensure
system compatibility. For certain applications, a LTSC edition without function updates may be useful.
6.4 Ensuring Compatibility
Before an on-premises implementation, make sure your hardware and software are compatible with
Windows 10. The official system requirements for Windows 10 are the same as for Windows 7 and Windows
8/8.1; Microsoft assures that systems running these previous versions are compatible with Windows 10. In
many cases Windows 10 will run even better than the old operating system. According to Microsoft, 90
percent of the applications used will not have any compatibility problems with Windows 10. If you don't want
to rely on Microsoft’s statements, you should do compatibility testing accordingly.
6.5 Planning Implementation
The Windows 10 upgrade can be carried out as a new installation or as an upgrade or "in-place" installation.
A new installation involves a fresh installation of the systems, which offers some advantages for the IT
department (error-free system without problematic settings or superfluous data). From the user's point of
view, however, this method has the disadvantage that as a rule their data is not retained and must first be
laboriously restored from backups. Microsoft therefore recommends that you also use the “in-place”
installation of Windows 10, where you can directly upgrade systems with Windows 7, Windows 8 or Windows
8.1. All existing data, applications and drivers are retained. If an upgrade fails, the installation is automatically
reset to the previous operating system.
6.6 Free Tools Support the Upgrade Process
Microsoft has provided several free tools to make the upgrade process as seamless as possible - especially if
you want to upgrade multiple systems automatically and need testing and control. The Microsoft System
Center Configuration Manager (SCCM) and the Microsoft Deployment Toolkit (MDT) support the deployment
and management of Windows 10 systems. In order to quickly, easily and compliantly integrate Choose your
Own Device (CYOD) devices into your enterprise IT, you can use Windows Imaging and Configuration Designer
(ICD) to create an enterprise build image and deploy it to clients ("provisioning") without resetting and
reinstalling them.
Copyright © 2019 SoftwareONE Page | 13 of 166.7 Demonstrate and Communicate After the creation of a comprehensive roadmap, IT teams must not underestimate the importance of communicating the process with their entire organization if they plan to upgrade to Windows 10. Be sure to communicate the benefits of this new operating system, including greater productivity and security. In addition to this, be sure to explain any potential cosmetic changes that business users can implement to make their transition feel more seamless. Copyright © 2019 SoftwareONE Page | 14 of 16
7 How SoftwareONE Supports You
SoftwareONE will be happy to help you determine and successfully implement the best course of action for
your company. Benefit from our comprehensive Microsoft expertise and over 30 years of experience.
We offer the following services, among others:
7.1 SoftwareONE Roadmap and Landscape Advisory Services
The process of creating a roadmap itself can be daunting for many organizations. If your organization is
feeling the pressure of Windows 7 end of extended support, then don’t fret! Take a look at SoftwareONE’s
comprehensive roadmap and landscape advisory services to ensure your technological investments will be
properly aligned.
» Learn more
7.2 Cloud Services and Consulting
Many companies want to take advantage of the opportunities offered by the cloud. We help to clarify
open questions and migrate successfully.
Is my company ready for the cloud?
Will the migration pay off?
Will all my applications run reliably?
How do I optimize my cloud costs?
» Contact us now!
7.3 Licensing Support
As a leading global Microsoft partner, we offer you competent support in optimizing license and subscription
models - from procurement at the best price to integrated license management and cloud cost control to
training and reporting.
7.4 Individual Consulting by SoftwareONE Experts
Would you like an individual consultation with a SoftwareONE expert? Simply make an appointment with us:
CONTACT US TODAY Or speak to one of our experts now:
Find out more at T. +1 800 444 9890
https://www.softwareone.com E. sales@softwareone.com
Copyright © 2019 SoftwareONE Page | 15 of 16Disclaimer This publication contains confidential and proprietary information that is protected by copyright. SOFTWAREONEx reserves all rights thereto. SOFTWAREONEx shall not be liable for obvious typing and arithmetic errors in any document provided by SOFTWAREONEx. Liability for damages directly and indirectly associated with the supply or use of this document is limited in accordance with the supply or use of this document is excluded as far as legally permissible. The SOFTWAREONEx Services Statement of Work presented herein is intended exclusively as a guide to enable [Company Name] 's representatives to evaluate the offering of SOFTWAREONEx. It must not be copied, reproduced, passed to third parties or used for engineering purposes without the express permission of SOFTWAREONEx. Copyright © 2019 by SOFTWAREONEx. All rights reserved. SOFTWAREONE is a registered trademark of SoftwareONE AG. All other trademarks, service marks or trade names appearing herein are the property of their respective owners. Copyright © 2019 SoftwareONE Page | 16 of 16
You can also read
