While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Microsoft recently released Windows 8, the latest client version of the Windows operating system. Available in four versions — three for x86-based personal computers, and one for ARM processor-based computing devices — Windows 8 is the most dramatic update to Windows’ look and feel since the introduction of Windows 95.
But as radical as this new visual presentation of Windows is, evolutionary changes within the underlying functionality of Windows 8 make it a better operating system than its predecessor.
Windows 8 Enterprise, the primary focus of this review, is a volume-licensed version of the OS with a number of management enhancements. But the other versions of Windows 8 — the basic consumer Windows 8, the enhanced Windows 8 Pro (which shares most of Enterprise’s functionality, aside from the management interfaces) and the ARM version, Windows RT — though designed for smaller organizations, could also find a home in the enterprise.
Windows 8 has many performance enhancements that make it a better experience for users. Because of tweaks such as memory deduplication, the operating system takes up less system memory. This allows it to boot up faster — in about half the time it takes Windows 7 to boot up on the same hardware.
Then there’s the new interface. The main advantage to Windows 8’s interface is that a single operating system can be used with ease on a tablet device as well as on a desktop, while users can employ more desktop-optimized applications on touch- or pen-driven computing devices when needed. Windows 8 has two separate user environments: a full-screen interface previously known by the code-name Metro, and a more traditional, multi-windowed “desktop” for compatibility with applications written for previous versions of Windows.
Metro is optimized for use with touch interfaces, and eventually will be the interface of choice for users of Windows tablets, such as Microsoft’s Surface. While it works well enough with a mouse and keyboard shortcuts, the Metro interface is best, and most intuitive, for touch devices. The built-in full-screen applications that come with Windows 8, such as Windows’ Mail, are examples of what can be done by following Microsoft’s design lead; they are open and simple in their layout and get a lot done without the old Windows “chrome” to work with.
The desktop interface, on the other hand, is where the mouse and keyboard of old still rule supreme and where many users will spend most of their time in applications. But touch and pen-based input work here as well, allowing users to work with the same documents and applications they would call up in a typical desktop environment, without using a keyboard or mouse. Windows 8’s pen interface provides some of the best handwriting recognition I’ve seen. It even deciphered my cursive scrawl most of the time, inserting it into Word documents just as easily as text tapped in with the operating system’s built-in virtual keyboard.
Speaking of virtualization, Windows Pro and Windows Enterprise include a client version of Microsoft’s Hyper-V virtualization engine, as well as a client for connecting to remote virtual machines. That means that Windows 8 users can run older operating systems in a local virtual machine or access sessions through a virtual desktop infrastructure without additional software. Some usability elements of Windows 8 enhance the user experience no matter what part of its interface they’re in. First, the Start button and menu are gone from the desktop environment, replaced by the Start page — a common, tile-driven full-screen interface that can display live data and alerts from apps in Windows 8’s full-screen world. A scan of the Start page can show new emails, alerts from social networks and other information without even opening the applications represented by the tiles in the Start page.
Microsoft has included many features in Windows 8 that will appeal to IT administrators. The integration of PowerShell for scripting and remote management of administrative tasks has been extended and improved. Windows 8 Enterprise can be managed with the same skills and tools that organizations use for their existing Windows 7 environments, using policy-driven configuration management.
Security and manageability are major components of Windows 8’s improvements. Metro applications are “sandboxed,” so they can’t read other applications’ data or files unless given explicit permission; administrators can even keep all data off the client. A feature called Address Space Layout Randomization (ASLR) changes the memory addressing of application components from one startup to another to prevent malware or rogue programs from reading specific blocks of memory. The feature was introduced in Windows 7 for applications that were specifically built to use it. But a new “force” feature in Windows 8 lets the operating system apply ASLR to any software component, regardless of whether it is explicitly compatible.
Another security feature tweaked in Windows 8 Enterprise is AppLock, the application whitelisting and blacklisting capability supported through security policies in Windows 8 Enterprise.
One of the most interesting security features of Windows 8 Enterprise is the ability to create a “Windows to Go” disk image on a USB 3.0 device. The Windows to Go USB drive can be used to boot up a secure copy of the operating system from virtually any PC, and connect back securely via DirectAccess to the organization’s home network. That means an admin can let users work from their own PCs at home, from a shared PC in a hotel environment or from nearly anywhere else without fear of introducing malware from a computer outside the organization’s physical control.
Adding storage to PCs has been made a lot simpler by Windows 8’s Storage Spaces, which allows administrators to create virtual disks out of pools of physical disks. These virtual disks can be thin-provisioned, making it appear that they have more available storage than is installed on the PC. To increase the capacity of a virtual disk, an administrator just has to add another drive. IT shops can also create software-based mirrored drive configurations with Storage Spaces, providing redundancy in case of a disk failure.
Windows 8 comes with the same challenges that any new version of an operating system has. There are new hardware demands and new interfaces to learn. Some older hardware won’t work with features of Windows 8, such as the Hyper-V virtualization software, which requires a 64-bit processor with second-level address translation capabilities.
While Windows 8 Enterprise and the other versions for x86 and 64-bit PCs can integrate into existing Active Directory domains for management, Windows RT for ARM devices has very limited integration and manageability through Active Directory service.