This post is part of the "Definitive Guide To Windows 10 Servicing" blog series.
Now that most enterprises are in the process of migrating to Windows 10, IT project managers are starting to look beyond the initial rollout project and turn their attention on how to maintain the new OS. Since Windows 10 departed from Microsoft's tried and true 3-4 year release schedule in favor of a modern Windows-as-a-Service model, pushing two new versions a year, maintenance will be continuous and iterative. In other words, you had better get ready to manage a lot of change, all of the time!
As you might know, Microsoft recently aligned its Windows 10 versions with the Office 365 and SCCM support cycles and ship one major upgrade in March and in September. Theoretically, each of these version will be supported for 18 months, so you don’t need to move all devices to the same channel at the same time. But beware, this has major consequences for both your Windows 10 release adoption strategy, and your deployment strategy.
To somewhat stagger the workload, most enterprises will either skip one release or slip the company in two larger waves. In either case, you will have to assign your users into deployment waves, the so-called Windows 10 deployment rings, to be able to manage your rollout as efficiently as possible and even in parallel if needed. Below, I want to show you what deployment rings are and how impactful this strategy can be:
Microsoft's Definition Of Deployment Rings
Microsoft defines deployment rings as follows:
Deployment rings in Windows 10 are similar to the deployment groups most organizations constructed for previous major revision upgrades. They are simply a method by which to separate machines into a deployment timeline. With Windows 10, you construct deployment rings a bit differently in each servicing tool, but the concepts remain the same.
Each deployment ring should reduce the risk of issues derived from the deployment of the feature updates by gradually deploying the update to entire departments. As previously mentioned, consider including a portion of each department’s employees in several deployment rings".
Essentially, they are simply a way to group devices into a deployment timeline based on your needs, capacity, or other deployment strategy considerations. Just like you probably did already for Patch Tuesday.
Typical Deployment Ring Setup
Microsoft has a recommended theoretical Windows 10 deployment ring setup, which I have outlined below:
- Windows Insider Preview (prior to the release of the new Semi-Annual Channel version): As soon as Microsoft releases a new version into the Windows Insider Preview, a few designated, tech-savvy Windows 10 migration project team resources will upgrade to the latest version to evaluate any new functionality.
- IT Pilot Ring (Semi-Annual Channel release + 0 weeks): Twice a year, in March and September, Microsoft will release new versions into the Semi-Annual Channel. This version was initially known as the Current Branch, which was followed 4 months later by the enterprise-ready Current Branch for Business release. However, Microsoft does not make this distinction anymore. This version is the final version and includes the new functionality of the previously released Windows Insider Preview. Most organizations will have a small group of IT pros test drive this version before rolling it out further.
- Business User Pilot Ring (Semi-Annual Channel release + approx. 4 weeks): About four weeks after the new version release, Microsoft recommends that you onboard a small group of tech-savvy business users to broaden your testing into your business user base. This concludes your pilot rollout phase.
- Broader IT Ring (Semi-Annual Channel release + approx. 6 weeks): Now you are ready to roll out the latest Windows 10 version into your wider IT organization. While this means onboarding a larger number of users than you have so far, you can iron out any wrinkles in your migration process and ensure that your security and privacy is tight enough. Microsoft estimates two weeks for this rollout, but in my experience, four weeks is more realistic, especially given the size and risk of the update, and the number of applications that will need testing.
- Broader Business User Rings (Semi-Annual Channel release + approx. 16 weeks): This ring will kick off as soon as you have completed your internal pilot phase and you are ready to roll it out to your entire business user base. If you have tens or even hundreds of thousands of users, you will want to sub-divide this into further rings. Again, Microsoft recommends 2 weeks per deployment ring, but realistically, you will at least need 2-3 months for this if you have a large estate!
Impact On Your Deployment Timeline
So what does this mean for your deployment timeline? You will have to kick off major deployment efforts as soon as Microsoft publishes the new release for your IT Pilot and Business User Pilot and move into your broader business user rollout as fast as possible.
Following the logic for a typical 10,000 seat organization with deployment rings of 1,000 devices, this entire process could comfortably take you 7 months in total — so, by the time you finish the first round of upgrades, you will have already started your next round. That is unless you skip one upgrade cycle.
There are no two ways about it: Deployment rings are a big consideration in your Windows 10 Servicing Management strategy!
They are essential to keeping everything running smoothly, but with lax management they can complicate the process significantly. You have to be extremely careful what criteria you use for your ring assignment and how you will handle the deployment of these rings. For example, as a user gets onboarded to their default ring, are all the required applications tested and certified on this new version? If not, you might stall your progress for weeks, and then no one gets migrated until this is remediated.
Once you have your initial Windows 10 migration behind you, subsequent mini-upgrades to the next release must be efficient and swift. You need to prioritize based on the user's application requirements, their readiness status, their location, etc. Therefore, your tooling is just as important as defining the process itself. For example, you must be able to know exactly which user is assigned to which ring, and what his or her readiness status is — just to name a few. A command and control solution built to accelerate IT Transformation projects, like Juriba's Dashworks, will enable you to do that!
Last but not least, I cannot stress enough that the time to act is now! You need to be thinking about this NOW! The initial Windows 10 release (1507) is already out of support, and 1511 is nearing end-of-life in October 2017 — leaving you vulnerable.