Jan 29 2010

Going Virtual with Windows 7

Older apps that wouldn't work with Vista may run under Win7, thanks to its virtualized XP Mode.

If your agency is like most, it’s probably home to at least one ancient database that’s been kicking around since the days of DOS, or a custom programmed application written by a coder who’s long retired. Even if those apps ran fine under Microsoft Windows XP, they probably didn’t work well, if at all, under Vista.

App compatibility headaches were the main reason that agencies such as the Transportation Department and the National Institute of Standards and Technology forbade employees from making the Vista leap. And they weren’t alone.

The good news? Legacy apps will likely run smoother under Windows 7 because of its XP Mode feature. The free Microsoft add-on lets you create and manage a virtual Windows XP desktop within Windows 7 — essentially turning back the clock for your homegrown and legacy apps. Applications and their data will still be accessible from the Windows 7 desktop, but they will run inside their own XP SP3 environment.

Microsoft Enterprise customers can manage hundreds or even thousands of Virtual PCs using the Microsoft Enterprise Desktop Virtualization (MED-V) tool, which is part of the Microsoft Desktop Optimization Pack (MDOP).

At least two federal agencies are evaluating using XP Mode for their mobile workforces or for small groups of employees who aren’t centrally managed, says Ed Leary, a Windows client technical specialist for Microsoft’s federal group. He says another two agencies are piloting MED-V implementations.

But using XP Mode or MED-V isn’t necessarily for everyone. Your hardware has to be up to the task, you’ll need to pay more attention to security and peripherals, and there are some things XP Mode won’t do. Here are the questions you need to consider.

From 1 month to 1 day

The time Tuv Nord Group, a large German technical services provider, shaved from its application deployment time for 8,000 desktops through use of MED-V

SOURCE: Tuv Nord Group case study, June 2009

Can your system handle it?

Not every Windows 7 PC can run a virtual XP desktop. If you’re not running Windows 7 Professional, Enterprise or Ultimate, all bets are off.

XP Mode also requires more memory and horsepower than either Vista or Windows 7. Each desktop will need at least 2 gigabytes of RAM and an additional 15GB of storage beyond what’s needed for the primary operating system. It must also have a processor that supports Intel’s VT or AMD-V virtualization technology (see "Can Your CPU Handle XP Mode?" below).

Is XP Mode secure?

In addition to any antimalware software running under Windows 7, each instance of XP will require its own virus and spyware killers.

You’ll also have to adjust XP Mode’s firewall and user account settings. By default, XP Mode gives administrative rights to users. That’s not a good idea, says Peter Beauregard, a product unit manager at BeyondTrust, a provider of privileged access lifecycle management solutions in Agoura Hills, Calif.

“If you’re running a critical business app or working with sensitive data, you don’t want the user logged in as administrator,” he says. “That opens up too many security risks. You want to set everyone up as a standard user.”

Some apps, however, require administrative access to work. In that case, says Beauregard, agencies will need to deploy software that can manage admin rights on a process-by-process basis — turning it on as apps need it, then turning it off before users can do any damage.

Beauregard suggests organizations require users to provide a password when logging onto XP Mode — ideally, using the same domain account they use when accessing the network.

“This will allow you to remotely manage the user and computer from Active Directory, patch the virtual machine, apply group policy, manage virus protection and so on,” he adds.

Will it support your peripherals?

Windows Virtual PC will recognize drives, printers, scanners and other plug-and-play USB 2.0 peripherals, says Leary. But first you’ll have to enable them, either when you install the Virtual PC software or via XP Mode’s pull-down menus.

For many older devices, the recommendation is that organizations test before deployment in an enterprise. Devices that don’t use USB 2.0 or need to communicate directly with hardware typically won’t work in XP Mode.

And because it uses virtualized drivers, Virtual PC may not be able to take full advantage of all your internal devices. For example, even if you have a high-end video card, display resolution maxes out at 1024x768 pixels and 32 colors. Don’t count on tapping graphics-intensive apps on your virtual desktop.

XP Mode or MED-V?

There’s no hard and fast rule about when it makes sense to go with MED-V over XP Mode.

Leary says it comes down to how much you’ll need to manage the apps running in Virtual PC.

“The key question is, do the apps you’re considering virtualizing need to be managed? If yes, then you need MED-V.

If you put it in a virtual environment and never have to touch it again, consider XP Mode.”

For large groups of users, MED-V will make managing firewalls, security and admin rights much easier. It offers other advantages, too, such as the ability to manage and run up to four virtual desktops per PC.

It’s possible a legacy app will simply run in a native Windows 7 environment. Again, test, test, test.