The U.S. Army began its complicated journey to Windows 10 in early 2016, shortly after the Defense Department directed its agencies to do so. With support for Windows 7 ending in 2020, the DOD was looking for ways to update its users’ work environment and cut IT costs while improving cybersecurity.
In two years, the agency successfully upgraded roughly 950,000 computers serving about 1.2 million soldiers and civilian employees across 150 countries. Other agencies, such as the Coast Guard and Small Business Administration, have achieved similar objectives with their own migrations.
To get to the finish line, IT teams are taking a careful, strategic approach that mitigates risk and delivers measurable improvements as quickly as possible.
Army Takes Inventory and Upgrades Its Infrastructure
All DOD agencies were supposed to complete the migration away from Windows 7 by January 2017, but after it became clear that was too ambitious, DOD extended the deadline to March 2018. The Air Force completed the job in early 2018, and the Navy and Marine Corps, which share an IT network, are expected to finish this summer.
The first order of business for the Army was to take inventory of all active devices on the network, says Thomas Sasala, Army architecture integration center director and chief data officer.
“We had to baseline our activities, to begin with,” he says. “Then we spent close to a year looking at what we had and figuring out where we needed to make critical investments.” In addition to new computers, the Army also had to invest in new servers, increased bandwidth and training for employees.
Next came migration testing and planning, “and then we ramped up the migration through the end of 2017 and into the beginning of this calendar year,” Sasala says.
The process was a massive undertaking, Sasala notes — not just because of the Army’s sheer size, but also because the new operating system is so different from its predecessor.
“To get to Windows 10, we had to upgrade our entire infrastructure, and that wasn’t something that was in our initial plans,” he says.
Part of the process involved moving to the most recent version of Microsoft’s System Center Configuration Manager. Microsoft’s Windows as a Service model updates features every six months, and “every time Microsoft issued a new version of Windows 10, we had to essentially rewrite the scripts to deploy it,” Sasala says. The Army used automation and the new SCCM to keep up.
Windows 10 Makes Army's IT More Secure
The Army’s experience with learning to adapt to the frequent updates is not unusual, says Andrew Hewitt, a Forrester analyst focusing on infrastructure and operations.
Most organizations have found ways to deal with the disruptions, he says. For example, some IT teams avoid widespread problems by first updating the OS for low-risk users who don’t employ a wide variety of applications. This enables IT administrators to address problems on a limited scale before updating other users, especially those who handle sensitive information.
Agencies that effectively address updating issues generally see significant benefits with the new operating system. For example, the OS features multiple security enhancements, including container-based isolation for its Edge browser through the Windows Defender Application Guard.
“When it comes to management requirements, Microsoft has really simplified things with Windows 10 by moving away from the traditional Group Policy Object management style to a mobile device management, application programming interface style, and that makes everything easier,” Hewitt says.
Because this new approach “is driven over the air,” he explains, “it does put a lot of stress on organizations’ networks, but most have found they can handle it successfully with peer-to-peer content distribution network partners.”
The main benefits seen by the Army so far, Sasala says, are “on the back end, because our infrastructure is more secure. For end users, not a whole lot has changed. There’s just a slightly different user interface.”
Windows 10 provides agencies with services that offer more protection from direct hacks, identity mismanagement, viruses and data loss. New tools such as Secure Boot, which allows a device to boot up only if it’s using software the original device-maker recognizes, “really protect us from some cyber vulnerabilities that have been out there for years that we hadn’t been able to mitigate in a meaningful way,” Sasala says.
Coast Guard Takes a Holistic Approach to Windows 10 Upgrade
Enhancing security was also a top consideration for other IT leaders overseeing migration to Windows 10.
“This wasn’t about a tech refresh,” says Brian Burns, the U.S. Coast Guard’s acting CIO and acting deputy assistant commandant for Command, Control, Communications, Computers and IT. DOD oversees the Coast Guard’s IT. “This was, and still is, about cybersecurity.”
The Coast Guard, Burns says, was under a directive to wrap up migration by the end of March. “So, our first question was, ‘How do we get our hands around this?’ It wasn’t as simple as saying we’re going to replace or upgrade about 46,000 workstations. We had to take a broader, more holistic approach.”
Toward that end, the Coast Guard divided the work into two components: office IT, accessible in a standard workplace, and special-use IT, such as training simulators or medical devices.
Next, he says, the Coast Guard focused on risk management, following the ITIL framework of best practices. “It was pretty much all hands on deck from an IT standpoint to get this done.”
SBA Migrates Users One Batch at a Time
Russ Miller, director of IT services with the Small Business Administration, describes a similar commitment by those at his agency as they scrambled to migrate to Windows 10. About 23 percent of SBA’s 4,400 employees telework, complicating the project.
“You can do a hard push to computers in the field,” he says, “but the problem is, Windows 10 is more than a gig of data per computer, so you need to have good communication.”
SBA’s solution: tackle the job “daisy-chain” style, 300 computers per batch.
“We issue updated PCs when we take their old PCs out,” Burns says. “Then we reimage the old ones to Windows 10 and distribute them to the next 300 people.”
Like Sasala and Burns, Miller says the improved security of the new system makes it most attractive to his agency, but the platform’s stability and usability have also been key. The SBA also got an unexpected — and happy — surprise.
“The amount of operating space that Windows 7 takes is immense,” he notes. “Windows 10 uses about a seventh of the space, which leaves more space available for your applications and tools and the connections that you need.”
He’s also been happy with Office 2016, which has a number of significant enhancements, including better graphics and connectivity. “Everything about it is a little bit easier,” he says.
Miller says his team has faced challenges as they migrated SBA to Windows 10, including data-transfer issues related to OneDrive (the delicate setup requires an experienced technician) and maintaining compliance with the Defense Information Systems Agency’s Security Technical Implementation Guides.
Now, however, the end is in sight, and Miller is confident SBA will successfully finish this fall.
“It’s taken a lot of work from a lot of different people,” he says. “It’s good to know that we’re almost there.”