Windows 7 Moves People to the Cloud

One of the hottest buzzwords in technology is the ‘Cloud'. Vendors across all types of computer applications and services are looking for ways to leverage the power of cloud computing. Microsoft takes that a step further by making it easier to move a different kind of resource to the cloud: people.

Actually, that egg may have come before the chicken. Laptop sales have steadily crept up on desktop sales, surpassing desktops in late 2008. That is a domino-effect from another chicken-and-egg conundrum in that the work force has become increasingly remote and mobile.

Arguably, it is the evolution of remote computing and the rise of telecommuting and roaming users connecting from home, hotel rooms, and coffee shops which has fueled interest in cloud computing to begin with.

Regardless of which chicken begat which egg, this is the henhouse we live in now and it has been a headache for IT administrators. Remote and branch offices come with unique network connectivity issues. Roaming users with laptops are difficult to manage and secure, but Windows 7 (combined with Windows Server 2008 R2) has the potential to change that.

Let's take a look at some of the common issues faced by a roaming / remote work force and how Windows 7 addresses them:

Dropped Connections. The VPN (virtual private network) is a fact of life for roaming and remote users. It is the secure, encrypted connection that allows them to penetrate the organization's perimeter defenses and access internal network resources.

It is not uncommon for the VPN connection to drop. Each time it does, the user must re-authenticate and re-establish the connection which takes time and interrupts productivity. Microsoft developed the VPN Reconnect feature for Windows 7 which automatically reconnects broken VPN connections in the background.

Slow Bandwidth. Organizations are more spread out than ever. Many have remote / branch offices scattered across town and around the world. Branch offices often have localized servers and resources, but also must maintain access to data and network resources at the headquarters or primary data center.

A major problem with this remote network access is speed. Limited bandwidth between sites combined with the limited processing capacity of servers and resources in the primary data center bog things down.

BranchCache reduces WAN (wide area network) utilization and increases efficiency for remote offices. BranchCache can operate in either a client/server or peer-to-peer mode. Either way, when a user needs access to data the information can be retrieved from a local cache rather than having to be pulled from the main server every time.

Rogue Machines. Arguably the biggest headache for IT administrators when it comes to remote users is trying to maintain and secure those roaming assets. Computers on the internal network have the benefit of things like automated patch updates, managed firewall and antimalware protection, and managed policies. Roaming devices may go days or weeks without connecting to the home base and won't receive the updates until they do.

DirectAccess changes that dynamic for both the IT administrator and the user. With DirectAccess, remote computers are connected to the network as if they were sitting in a cubicle at the main office as long as there is a live Internet connection.

Even if the user is not logged in, the IT Administrator can interact with the computer and apply updates as if it were sitting on the internal network. From the user's perspective, DirectAccess makes the VPN obsolete because the computer is connected seamlessly from virtually anywhere.

Users are increasingly mobile. Whether they are traveling around the world or working from home, the users are *in* the "Cloud". That geographic diversity is a catalyst for the rise of other cloud computing products and services, but working from the cloud still has its challenges.

Windows 7 features like VPN Reconnect, BranchCache, and DirectAccess simplify network access for remote and roaming users. These are features with a direct, measurable effect on productivity and the all-powerful bottom line and help justify the

Windows 7: The Good, the Bad, and the Unknown

Microsoft's new OS isn't perfect, but it is what Windows Vista should have been. Here's a hands-on look at the version that's beginning to hit PCs.

For most people who are considering moving to Windows 7, October 22 is D-Day. On that date Microsoft's newest operating system lands on store shelves, both as a shrinkwrapped upgrade and preinstalled on new PCs. For some folks, though, D-Day has already arrived. Microsoft has issued the final RTM (release to manufacturing) version of Windows 7 to large companies that buy Windows via volume licenses, as well as to IT pros who belong to its Technet service. The Windows Vista era is officially drawing to a close--although you could argue that it never really quite started--and the Windows 7 one is under way.

And that promises to be a good thing, whether you're a satisfied Vista user, a disgruntled one, or a Windows XP holdout who has been waiting for something better. Windows 7 feels like an anti-Vista: Unlike that OS, for instance, it doesn't try to dazzle you with flashy new visual effects. With the removal of Vista applications such as Photo Gallery and Movie Maker, Win 7 actually does fewer things than Vista did. Even its unprepossessing name is a change from the epic-sounding monikers that began with the unfortunate Windows Millennium Edition.

But Windows 7's lack of glitz is a huge part of its appeal. Unlike the increasingly chaotic and annoying Microsoft OSs that preceded it, Windows 7 is designed to stay out of your way so that you can get stuff done. It smartly addresses Windows annoyances both new (User Account Control) and old (the system tray). And the final version I've been using seems to realize the promise of the rough drafts we started testing last October.

Windows 7 isn't without its warts, but I haven't been so impressed by a new Microsoft operating system since Windows 2000 debuted close to a decade ago. Here's a quick look at some of its best features, a few drawbacks, and areas where reserving judgment makes sense. (Much more PC World coverage is on its way, including an in-depth review with speed benchmarks, upgrade tips, and Windows 7 system reviews.)

The Good...


The OS is less piggish: One of the many regrettable things about the initial version of Windows Vista was that its signature feature--the splashy Aero environment--was too much of a resource hog to run well on many early-2007 PCs (even those that had been promoted as Vista-capable). The PC World Test Center hasn't benchmarked the shipping version of Windows 7 yet--stay tuned--but all signs point to this OS being sprightly enough to perform decently on all current systems, including those allegedly underpowered, pint-size machines known as netbooks.

The taskbar has been reinvented: It's amazing how little the taskbar and its system tray have changed since Windows 95. In Windows 7, they both undergo sweeping, long-overdue makeovers. For the most part, the results are extremely pleasing.

Windows 7's new taskbar sports better thumbnail previews, context-sensitive Jump Lists, and other features that help speed up the management of apps and windows.The new taskbar's default style does away with text labels and relies solely on program icons, therefore making better use of screen space. Its thumbnail previews--an improvement over Vista's--work well even when you have multiple windows open for one application. And the new Jump Lists feature gives you right-click access to context-sensitive menus of options (such as the ability to play shuffled music in Windows Media Player) even before you've launched an application. Even the nub on the right edge of the taskbar, which you can click to reveal the desktop, is a welcome, subtle enhancement. (One taskbar quibble: The border around running apps in the taskbar isn't a clear enough cue to distinguish between them and those that aren't currently active.)

The new system tray (aka the notification area) gives you fine-grained control over the applets that live there and how much they can pester you.The system tray--which is officially called the notification area, although I don't know anybody who calls it that--is no longer one of Windows' most aggravating "features." When you install new applications, any associated system-tray applets are cordoned off in a holding pen, where they can't clutter up the tray and can't use word balloons to pester you with information that you may or may not care about. You can also choose to have an applet appear in the system tray but in bound-and-gagged form, so it can't pop up messages. Microsoft has also dramatically reduced the volume of distracting messages from Windows itself, courtesy of Action Center, which queues up system alerts so that you can check them out at your convenience.

The famously annoying User Account Control security feature now lets you specify just how obnoxiously it should alert you to potential security problems. 

UAC is now tolerable: Windows Vista introduced User Account Control, which tries to warn you of attempts by viruses and other malware to tamper with your system. But it essentially has two settings: So Annoying You Click Without Thinking, and Off. In Windows 7, you get two intermediate settings that alert you only if a program changes settings, with or without the melodramatic screen-dimming effect. This new version is such a reasonable approach that it's even more mysterious how Microsoft could have botched the Vista version so badly.

Libraries collect your files: For years, Microsoft has tried to train Windows users to store all of their personal files in one place, helpfully providing a folder named My Documents for that purpose. Many of us blithely ignore the suggestion and store stuff willy-nilly around our hard drives. A new feature called Libraries splits the difference by giving you virtual folders for documents, music, photos, and videos that combine the contents of whichever folders you specify into one unified view. The Pictures Library, for instance, can show all your photos even if they're stored in a dozen different places. Still, there's room for improvement--Libraries would be even more useful if they were integrated with the existing Saved Searches feature, which creates another, separate form of virtualized folder.

The Bad...


HomeGroups' media-sharing features sound cool, but they work only with Windows 7 PCs, and feel unfinished. 

 HomeGroups are disappointing: HomeGroups sound like a nifty idea--a way to share folders full of media and documents between PCs across a network, so you can peruse photos stored on a desktop in the den from your laptop in the living room, for instance. But Microsoft's implementation is surprisingly half-baked: Rather than letting you specify a password during setup, for instance, it assigns one consisting of ten alphanumeric gibberish characters and tells you to write it down. And HomeGroups work only if all the PCs in question run Windows 7. A version that also worked on XP, Vista, and--dare I say it?--Macs would have been far cooler.

Windows Update can still shut you down:
There's no reason to believe that Windows 7 will require less patching than earlier versions of the OS. If you use Windows Update the way Microsoft recommends, however, your computer may still demand that you shut it down so it can update itself, or it may decide to devote an extended amount of time to installing updates when you try to reboot it. In the largely compliant and considerate Win 7, this aggressive approach to updates is a flashback to Windows' pushy past.

You can't upgrade Windows XP: If you want to upgrade a PC from XP to 7, you'll need to start anew, reinstalling all of your apps and re-creating your settings. (Windows Vista users can opt to install 7 on top of their current OS, although not in every possible scenario.) Microsoft's decision not to enable XP-to-7 upgrades is defensible--a fresh install will probably be more reliable than one plunked down on top of XP's eight-year-old underpinnings--but it will scare off some XP users who would probably love Windows 7 once they got it up and running.

...and the Unknown


How bad will compatibility issues be? Windows 7 looks and works differently than Windows Vista does, but below the surface it isn't radically different. That should make for fewer headaches with incompatible drivers and software--and indeed, it helped even the earliest Windows 7 preview versions run surprisingly smoothly for prerelease operating systems. But as millions of people install Windows 7 on an endless array of PCs, undoubtedly some of them will encounter problems that Microsoft didn't anticipate. (I've run into setup quirks and driver issues with the Windows 7 RTM version myself, but I've been able to work around them--by installing from a USB drive rather than a DVD, for instance.)

Device Stage provides resource centers for your peripherals and gadgets--if hardware manufacturers do the heavy lifting of building them. 

Will hardware companies take to Device Stage? This new feature gives your printer, camera, and other peripherals information centers of their own, which hardware manufacturers can customize with features such as links to online manuals and troubleshooting tools. But unless companies invest the time to build useful Device Stages, this could be another Microsoft bright idea that doesn't go much of anywhere. Also, parts of Device Stage look short on substance (giant photorealistic renderings of your peripherals!) and others look potentially irritating (printer companies hawking ink cartridges right inside your OS!). All in all, I don't think it'll be a tragedy if Device Stage doesn't catch on.

Is touch input a boon or a boondoggle? Windows 7 is the first version of the OS with special support for multitouch input--for example, if it notices that you've opened the Start menu with your finger rather than the mouse pointer, you'll see a roomier version of the menu that takes less precision to navigate. Of course, all of that requires a multitouch-capable PC, and only a handful (such as the upscale HP TouchSmart) are on the market. Windows 7's arrival might prompt a profusion of interesting new touch-enabled PCs--but even then, what we really need are interesting touch-enabled applications. (Microsoft's touch demos have tended to feature such ho-hum uses as fingerpainting in Windows' own Paint program.)

The Bottom Line


Last year Microsoft tried to repair Windows Vista's reputation by pretending it was a new OS code-named Mojave and getting focus-group subjects to say nice things about it. If the company had released a Vista back in 2007 that was as pleasant to use as Windows 7 is, the OS might never have had image problems in the first place.

Even when an OS upgrade is as appealing as this one, it makes sense to proceed with caution. Many of the people who grab Windows 7 at the first possible opportunity will be happy they did. But I suspect that some of the folks who wait a bit more--installing the new OS only after other people have discovered unexpected glitches with applications and drivers--will be even happier. And if you're using an aging PC, it's perfectly sensible to hold off on Windows 7 until you're ready to buy a brand-new system that's designed to run it well.

My advice for Windows users, then, is this: Get Windows 7, but on your own schedule. It'll be ready when you are--and you'll almost certainly consider it an improvement over whatever version of Windows you're using now.

Windows 7 Networking Guide

Whether at home or at the office, networking has gone mainstream. Once upon a time, a computer had value as a stand-alone machine running applications, but that time has passed. Without an ability to access the Internet, retrieve e-mail, chat via instant messaging, and connect with file shares and software, the computer is little more than an expensive paperweight.

Clearly, the trend is toward remote and mobile computing, and it's important for an operating system to provide the tools necessary to remain connected and productive from anywhere. Microsoft is incorporating a variety of new networking features in Windows 7 that simplify connectivity and help users access network resources no matter where they are connecting from. Here we'll take a closer look at some of the innovative networking features to be found in Windows 7 (we may get a little bit technical at times).

Let's start with an enhancement aimed primarily at home users and home businesses: With Windows 7, Microsoft introduces the concept of HomeGroup. The HomeGroup feature serves two primary purposes: (1) to make sharing files and resources between computers on a home network easier, and (2) to protect shared files and resources from guests or wireless-network intruders.

Select the types of content that you wish to share with the HomeGroup.

Many homes have multiple computers, and users want to be able to share music and pictures, or network all of the computers so as to print to a single printer. This type of local area networking has been possible in Windows for years, but it has often been easier said than done, leading to many hours of user frustration.

Open HomeGroup from the Control Panel. Click on Create a HomeGroup to begin the process. You can determine the types of files or content that you want to share with the HomeGroup by checking or unchecking the appropriate boxes.

After you click Next to create the HomeGroup, Windows 7 will automatically generate a password that other users will need in order to join the HomeGroup and share the resources. Windows 7 Starter and Windows 7 Home Basic versions cannot create a HomeGroup, but computers running any version of Windows 7 can join a HomeGroup. One significant drawback to the HomeGroup concept is that it works only with Windows 7, so any Windows XP or Windows Vista systems in the home will not be able to participate.

Windows 7 automatically assigns a password for the newly formed HomeGroup.

Using a HomeGroup simplifies the process of sharing files, folders, and other network resources with trusted computers on your home network. At the same time, it enables you to allow visiting guests to connect to your wireless network for Internet access without also granting them access to the shared content and resources. It also prevents any unauthorized rogue wireless connections from gaining access to shared resources.


VPN Reconnect

Roaming users rely on VPNs (virtual private networks) to provide a secure connection between their computer and the internal company network. When a user is sitting in a hotel room, or in a conference room at a customer site, and establishes a VPN connection, the user's PC will generally remain connected unless there is some other network issue that interrupts the connection.

However, users who rely on wireless broadband connectivity to establish a VPN connection while on the move are faced with frequent dropped connections and a cumbersome process for reauthenticating and reestablishing the VPN connection each time.

The VPN Reconnect feature allows Windows 7 to automatically reestablish active VPN connections when Internet connectivity is interrupted. As soon as Windows 7 reconnects with the Internet, Windows 7 will also reconnect with the VPN. The VPN will still be unavailable as long as the Internet connection is down, and the process of reconnecting will take a few seconds after Internet access becomes available again, but VPN Reconnect will ensure that users stay connected with the network resources they need access to.

VPN Reconnect is basically an IPSec tunnel using the IKEv2 (Internet Key Exchange) protocol for key negotiation and for transmission of ESP (Encapsulating Security Payload) packets. ESP is part of the IPSec security architecture that provides confidentiality, authentication of data origin, and connectionless integrity.

In situations such as viewing streaming video over a VPN connection while riding on a commuter train, users typically lose all buffered data and have to start the video over every time connectivity is lost. The features of the IKEv2 IPSec tunnel and ESP help ensure a persistent connection even if the IP address changes during the reconnect and allows the streaming video to resume from the point it was at when VPN connectivity was lost.


What's better than a VPN that automatically reconnects and retains its connection state? How about not needing a VPN in the first place? DirectAccess is one of the most compelling and game-changing features of Windows 7, both for users and for administrators faced with a remote and roaming work force.

Aside from the issues mentioned above for users trying to stay connected on a VPN and access internal network resources, roaming users also pose a problem for administrators. Mobile computers that aren't connected to the network miss out on security updates, software patches, and Group Policy updates. They will get the updates when they eventually connect, but days or weeks might go by with those remote systems missing critical updates.

DirectAccess provides a persistent and seamless bidirectional connection between the internal network and the Windows 7 system, as long as that Windows 7 system can connect to the Internet. With DirectAccess, remote and roaming users experience the same access to corporate shares, intranet sites, and internal applications as they would if they were sitting in the office connected directly to the network.

DirectAccess works both ways. Not only can the computer access the network seamlessly across any Internet connection, but the IT administrator can also connect to DirectAccess client computers--even when the user is not logged on. With DirectAccess, IT Administrators can monitor, manage, and deploy updates to DirectAccess client computers as long as they are connected to the Internet.

DirectAccess uses IPsec for authentication and encryption. DirectAccess can also integrate with Network Access Protection (NAP) to require that DirectAccess clients be compliant with system health requirements before being allowed to connect to the network. IT administrators can restrict access through DirectAccess and configure the servers that users and individual applications can access.

Built on IPv6

IPv6 is required for DirectAccess. DirectAccess connectivity is built on the foundation of globally routable IP addresses that IPv6 provides. IPv6 has been around for a while, and most systems and network devices are IPv6-capable, but the actual adoption of IPv6 as a replacement for IPv4 networking has been slow.

DirectAccess uses split-tunnel routing to intelligently route data to the proper destination.

Microsoft was aware that IPv6 is not available everywhere, so the company designed DirectAccess to take advantage of IPv6 transition tools such as 6to4, Teredo, and ISATAP. Within the network, DirectAccess relies on NAT-PT (Network Address Translation-Protocol Translation) to provide connectivity between DirectAccess and IPv4 resources.

DirectAccess uses split-tunnel routing to intelligently route network traffic based on the intended destination. Only traffic destined for the corporate network is routed through the DirectAccess server, while traffic intended for resources on the public Internet is routed directly to its destination. Split-tunneling ensures that the resources of the DirectAccess server are not consumed by unnecessary network traffic.

Windows Server 2008 R2 Required

DirectAccess cannot function in a vacuum on a Windows 7 system. It requires a DirectAccess server to connect to, and a DirectAccess server means Windows Server 2008 R2. The DirectAccess server must have two network interface cards: one connected to the public Internet and one to provide access to the internal intranet resources. DirectAccess also requires at least two consecutive IPv4 addresses on the network interface card connected to the Internet.

Troubleshoot DirectAccess connectivity problems using the built-in wizard.

The IPv6 translation technologies mentioned above (6to4, Teredo, and ISATAP) must be implemented on the DirectAccess server. Only a PKI (Public Key Infrastructure) environment can issue the necessary certificate for authentication and security, and a DNS server running on Windows Server 2008 or Windows Server 2008 R2 is required as well.

Users who experience problems connecting to DirectAccess can use the appropriate troubleshooting wizard to identify and resolve problems. Open the Network and Sharing Center and click on Troubleshoot problems; then select the Connection to a Workplace Using DirectAccess wizard to begin troubleshooting.

URL-Based QoS

No matter how much network bandwidth an organization has, it is safe to assume it is not unlimited. As more users access the network, or more users connect to bandwidth-intensive data like streaming audio and video, the network bandwidth is nibbled away until it is gone, forcing the router to queue data, which in turn slows down network communications.

By using URL-based QoS, traffic intended for can be given a higher priority than traffic headed for

Even without maxing out the internal network capacity, this type of queuing often takes place where the internal network meets the external network. The internal network may be operating at 1GBps speeds, but the connection to the public Internet might be 10MBps. Network packets from the internal network are queued by the router and transmitted on a first-come-first-serve basis as bandwidth becomes available on the external connection.

Not all network destinations are created equal, though, or treated equally. Requests to an application server used to process orders or data being sent to a mission-critical database should take precedence over traffic destined for Google or Facebook, say.

Administrators can configure Quality of Service (QoS) to prioritize the traffic and ensure that the high-priority traffic gets preferential treatment. Windows will assign outgoing packets a DSCP (Differentiated Services Code Point) number that the router can use to determine the priority of the packets. As the network gets bogged down and packets are queued up, the default first-in-first-out functionality is overridden, and high-priority packets are sent out first.

The QoS functionality has been a part of previous versions of Windows, but it required that priority be assigned based on specific IP addresses and port numbers. However, multiple Web sites may use the same IP address, and one Web site may have multiple IP addresses, making QoS difficult to utilize in some instances.

With Windows 7, Microsoft has added an ability to configure QoS based on URL. Administrators can ensure that traffic intended for intranet applications or important Web sites gets processed ahead of lower-priority traffic (see the last figure above) without having to configure the precise IP address and port of the destination sites.

URL-based QoS can also be used to intentionally downgrade the priority of nonbusiness-related sites such as ESPN or Facebook. Assigning these URLs a low priority will force those packets to be handled with even less urgency than normal traffic.