At a university, PCs (in IT jargon "clients") are used both in countless diverse contexts of the departments in research and teaching and in the administrative and service units. In addition to the so-called workstations, there are dozens of other special uses of these clients with very different hardware and software requirements to be managed by IT Services (ITS): public information and display stations, PCs for searching library catalogues, PCs in training and practical rooms, laboratory equipment and device controls, to name but a few.
At the start of the migration to Windows 10 in 2016, the ITS managed around 3,300 PCs, the majority of which were running Windows 7. By the beginning of 2020, the number was already close to 3,900 PCs, 98% of which had already been migrated to Windows 10 at that point.
At first, that may sound like a very long time. However, apart from the large number of Windows PCs that had to be migrated, one must also bear in mind that the migration was carried out during ongoing teaching and research operations and did not lead to any significant disruptions.
But let's start from the beginning...
The release of Windows 10 on 29 July 2015 led to direct consequences for the IT infrastructure at the University of Basel:
- On the one hand, it had to be ensured that private Windows computers could continue to be connected to the university network with the new operating system.
- On the other hand, measures had to be taken to replace the Windows 7 operating system that had mainly been used at the university until then. The timeframe for this was clearly defined by Microsoft's announcement of an official end of support for Windows 7 (14 January 2020).
For this reason, IT Services started a project in summer 2015 to address the above-mentioned points, which was divided into three phases:
Phase 1: Bring Your Own Device, July 2015 - September 2015.
Phase 1 served to inform users who were thinking about acquiring a Windows 10 device privately or switching their private computers to Windows 10.
The first measure was to send out an information e-mail asking users to find out about the Windows 10 compatibility of the university IT infrastructure on the ITS website before making a purchase or updating.
Subsequently, relevant services and software for people who wanted to log into the university network with a private Windows 10 computer were identified and extensively tested (VPN client, e-mail, etc.). The test results were posted on the ITS website for self-information, as mentioned in the previous paragraph.
Phase 2: Pre-study Enterprise Deployment, December 2015 - September 2016.
In Phase 2, the university IT landscape managed by IT Services was analyzed with respect to a migration to Windows 10. This analysis was broken down into the following sub-areas:
- Readiness Hardware
- Readiness Software
- Readiness back-end (license management, storage, etc.)
- Features and security (telemetry, BitLocker, UEFI, etc.)
- Potential migration scenarios
Among other things, this phase examined over 100 academic software titles and 50 different models of workstations (desktops and laptops) for Windows 10 compatibility.
At the end of Phase 2, an internal ITS recommendation was issued on which computer models and under which conditions a Windows 10 migration should be carried out in the next phase.
Phase 3: Migration of the managed areas, February 2017 - December 2019
Using the recommendations from Phase 2 as a foundation, the IT Service Centers (ITSC) conducted the migration to Windows 10 in the organizational units they manage. The migration was carried out in a coordinated manner with each other and in close consultation with the service providers in IT Services.
Each workstation suitable for migration was completely reinstalled with a uniform image (across all organizational units supported). This means that all migrated computers managed by the ITS received the same basic installation, which ensures, for example, that the same security settings are set everywhere.
Security was generally an important topic during the introduction of Windows 10, since data about user behavior ("telemetry data") is sent to Microsoft in the event of careless configuration. This is prevented by special settings in the ITS image.
At the same time, consideration had to be given to the university staff in order to take them along with this change. As accompanying measures, therefore, a special website was launched, among other things, to facilitate the first steps with Windows 10. Furthermore, training courses were offered and videos and documents were made available for self-training.
At the end of the project on 1.4.2020, there were only 72 computers in the areas managed by IT Services that were still running Windows 7. This represents less than 2% of the total number of workstation computers managed.
The missing percentage points at this point can be explained, among other things, by device control computers (which are used, for example, to control a microscope), whose migration is generally more difficult. However, by operating these computers in specially secured network segments, impairments to university IT security are prevented.
In August 2020, access to the university network was finally blocked for all Windows 7 computers, whether private or university-owned, if these PCs could not demonstrate special protective measures (extended support from Microsoft or operation in secured network segments described in the previous section).
The coordinated migration of all workstations to Windows 10 was a major challenge - but one that also had positive side effects. For example, a further homogenisation of the IT landscape across several organisational units was achieved almost as a side effect by reducing the number of computer models with which a Windows 10 migration was carried out at all.
Likewise, the migration to Windows 10 offered the opportunity to implement security concepts and thereby increase security at the University of Basel. Examples include hard disk encryption and the central administration of local administrator passwords (LAPS).
While the ServiceDesk and the IT Service Center (ITSC) were primarily involved in the first phase, carrying out extensive tests and processing the findings and passing them on to the users, many backend teams were also involved in the work from the second phase at the latest. The regular exchange in the project thus also contributed to a better understanding among each other.
Another very positive aspect is that the users have accepted the new operating system very well. This is thanks in particular to the ITSCs, who carried out the migration and accompanied the users during the changeover.
However, the topic of Windows 10 is not finished with the migration. Further challenges await IT Services in the future. In particular, the regular updates to the latest Windows 10 releases, which are published by Microsoft every six months, must be carried out and their distribution analysed. Otherwise, the use of Windows 10 releases that are no longer provided with security updates could lead to new security vulnerabilities in the university IT landscape.