Microsoft Enterprise Desktop Virtualization – MED-V: Just a Band-Aid Solution?

Is Microsoft Enterprise Desktop Virtualization (MED-V) simply a Band-Aid? That is to say, not really a long term solution but a cover-up until it is “all better”? Is Med-V only a ‘point solution’ to ease migration or can you use that functionality to a wider audience to solve other problems?

Despite Redmond hailing Windows 7’s success, surveys have shown that Windows XP is still more than alive and kicking. A barrier for migration from Windows XP, is the “unknown risk” (and of course risk=cost) of not being able to run business critical applications in “the new environment”. MED-V, part of the Microsoft Desktop Optimization Pack (MDOP), allows migration from an old Microsoft operating environment to a new Microsoft OS while allowing access to ‘legacy’ applications. At the same time, MED-V gives your company the facility to manage both the ‘new’ and the ‘old’ operating systems and provide users with an integrated environment – merging legacy applications into the new workspace.

Here at TVP we believe in the maxim, “its not just how do you do it, but how do you manage it once its done“. What does MED-V offer over and above, say, Windows Virtual PC – or other non-Microsoft Client Side Hypervisors? Can MED-V  help you to migrate onwards and upwards more quickly? What would the benefits of implementing it be? Is “migration” MED-V’s only function or are there additional uses? Is it cost effective? What are the alternatives?

Microsoft’s CSHv Options

We’ve discussed using Client Side Hypervisors (CSHv) to manage your desktops. Microsoft has a number of CSHv options depending on your host OS and license type. Windows XP and Vista users can make use of Microsoft Virtual PC – while Windows 7 users, depending on their Windows 7 license, have two choices – Windows XP Mode and Windows Virtual PC.

Microsoft Virtual PC – is Microsoft’s Virtual PC 2007 product. With it, you can run multiple operating systems at the same time on the same physical computer. It is a product designed for individual users to run multiple OSes on one device for testing, development and training. However, not a product you can use to manage a migration. In comparison to other products, such as VMWare Workstation, it has a limitations – it doesn’t have USB device support for instance.

Windows Virtual PC is effectively the latest release of Virtual PC that runs on Windows 7. It is free – if its not already installed, you can download it free of charge from Microsoft.

It has a number of new features over its predecessor:

  • USB support – allowing access to devices such as cameras, flash memory drives, printers, scanners, and smart card readers
  • Clipboard Sharing – cut and paste between the host and virtualized devices
  • Smart Card redirection
  • Folder integration – users are able to access their personal folders( My Documents, My Pictures, desktop etc) from a virtualized environment
  • Support for higher resolutions – screen resolutions up to 2048×1920
  • Improved Stability and Performance

Windows XP Mode uses the runtime engine of Windows Virtual PC to provide a virtual Windows environment to deliver a free, pre-configured Windows XP virtual machine.  Note, that while Windows XP Mode is also free –Microsoft does not make this available for people running Windows 7 Home editions; Home Edition users  will need to download Windows Virtual PC and use a separate (i.e. fully licensed) copy of Windows XP to create their own Windows XP virtual machine and get all the functionality of Windows XP Mode. So, if you’ve asked users to bring their own computer and then expect to use that to run legacy desktops – you’d need to reconsider the tools to allow this if the user has Home Edition as their OS.

A drawback of Windows XP Mode was that it required devices that supported Hardware-Assisted Virtualization (HAV): effectively, the PC would need either an AMD-V or Intel-VT enabled processor. However, in March 2010 Microsoft issued a patch ( to rectify this issue.

Windows XP Mode and Windows Virtual PC are stand-alone features. They are a usable solution for a small company where the IT is essentially self-managed and the driver is getting applications working with the minimum amount of effort. While they provide a method of running legacy applications they do so in an unmanaged manner – and as such, are not suitable for larger organisations.

What is Med-V?

Microsoft Enterprise Desktop Virtualization (MED-V) is intended to provide deployment and management of Virtual PC images for larger organisations.

MED-V is part of Microsoft’s Desktop Optimization Pack (MDOP).  Bear in mind, MDOP is only available as a subscription for Software Assurance customers.

The MDOP suite has six components:

  • Microsoft Enterprise Desktop Virtualization (MED-V) building on the engine that enables Windows Virtual PC, MED-V provides for deployment and management of virtual PC images which even Microsoft state is to primarily resolving application compatibility with a new version of Windows. If you’re considering migrating from Windows to another OS – MED-V is not an option.
  • Microsoft Application Virtualization (App-V) turns most applications into centrally managed services that are never installed, never conflict, and are streamed on demand to end users: but not all applications, App-V is not a solution to deploy IE6 and IE7 for example.
  • Microsoft Advanced Group Policy Management (AGPM) enhances governance and control over Group Policy through robust change management, versioning, and role-based administration: arguably functions that should not be an “add-on” but should be core to the service.
  • Microsoft Asset Inventory Service (AIS) is a hosted service that collects software inventory data and translates it into actionable business intelligence; or ‘we’ll tell you what it is that you’ve got’ – although in all fairness – this is often a revelation.
  • Microsoft Diagnostics and Recovery Toolset (DaRT) which is marketed as “reducing downtime by accelerating troubleshooting, repair, and data recovery of unbootable Windows-based desktops” but in all fairness – are you going to use this tool often? Will you regularly spend time troubleshooting a standardised build to a standardised desktop?
  • Microsoft System Center Desktop Error Monitoring (DEM) provides insights into application and operating system failures, allowing helpdesk to be more proactive in managing PC problems, without installing an agent to the endpoint. It monitors failures and can help identify their causes and their resolutions. If you deploy DEM early, you can compare metrics before and after a rollout. This comparison can give you invaluable insight in to the impact of deployment:  has the update made your environment, more or less, stable?

Obtaining the license for the functionality of Med-V is not solely ‘a cost for MED-V’ – there are other tools in MDOP that can be used by your organisation. MDOP is relatively inexpensive (typically less than $10 per device) – yet the tool set that is provided covers a number of disciplines to help your organisation deliver best practices for Desktop Management and so, in turn, help[ reduce the cost of supporting your IT environment.

Microsoft initiated research from IDC to identify best practices that could provide guidance to other firms desiring to improve IT operations. This research identified that implementing the following best practices could drive associated savings:

  • Standard  desktop  strategy (savings  of  $110/PC). Deploying a standardized  desktop by minimizing hardware and software configurations.
  • Centrally managed PC settings and configuration (savings of  $190/PC): Keeping deployed PCs standardized by preventing users from making changes that compromise security, reliability and the application portfolio.
  • Comprehensive PC  security (savings  of  $130/PC): Proactively addressing security with antivirus, antispyware, patching, and quarantine.

In terms of ‘what does MED-V as opposed to Windows Virtual PC” – ‘the ability to manage deployments to users’.  MED-V allows you to accommodate integration of legacy applications while maintaining a standard desktop strategy as all desktops have a consistent configuration; the configuration of the XP environment can be centrally managed and because it is managed and maintained you can ensure that the virtual instance is correctly patched and maintained.

MED-V’s Reason to Be – The Windows Upgrade

Back in 2007 Computerworld reported an expectation that many would stick with Windows XP rather than move on. Recent statistics from Qualys out last month estimate that around 50% of Windows XP machines are still running Service Pack 2.

Officially, July 13th 2010 was End Of Support for Windows XP SP 2 and Windows 2000: if you’re in that 50%,  ‘upgrade’ may well be on your mind (although I’m sure you’ve been mulling this for a while -you’re likely aware  it was announced last April.. or not – “support has ended you say!?… oh darn”).

Microsoft advises all XP SP2 users to upgrade to either XP SP3 or (I’d suggest Redmond may change that to “preferably”) Windows 7. Win XP SP3 was released in April 2008 and will be supported until April 2014. Yet, an upgrade from XP2 to a newer OS may not be an option for organisations still relying on older PCs  – especially as budgets remain tight.

Moving to XP SP3 is more straightforward (in terms of hardware updates); but it could still pose application capability problems –  although to be fair, it is more likely you saw little difference between SP2 and SP3 to move on, and it is unlikely you’ll have major issues. Unlikely, but not always “impossible”. If you’ve no centralised deployment and update facility,  any company wide update is going to be challenging. Post XP3 the alternative was Vista – which many corporates saw as a ‘downgrade’ – so it is likely there has been little drive to change.

However, from the 13th July 2010  Windows XP SP2 users will not receive updates: if that is you, bear in in mind you’ll start to accumulate attackable vulnerabilities. Although no one can say for sure what the attackers’ preparations are (unless you’re attacker of course – answers in the comments please), having a static environment (which is what XP SP2 will be) will means your network is increasingly vulnerable to attack. Your options:

  • Keep as-is – it is at least a cheap solution.
  • Upgrade to XP SP3 – likely not to cost in terms of hardware, but there’s still going to be a cost deploying that update and validating that it does not impact on existing applications.
  • Upgrade to Windows 7 – obviously -this gives the greater level of support and security going forward but is  the most expensive to implement.

Can Med-V Help in the Migration to Windows 7?

Mircosoft’s suggestion is “why not roll out a new windows version; but keep your existing XP desktops running in this little VM until you sort out upgrading the program“. There is obviously still a massive demand for XP/IE6 and having to move from them is a great pain. MED-V gives you a management wrap around deployment and provisioning of the updated Windows Virtual PC environment.

Unlike other CSHv (such as Mokafive, or VMWare ACE) MED-V is focused on being a transition tool. Is this is “Good Thing”? There is an advantage in that it is geared to integrate more closely into the user’s Windows environment – and the cost of licensing MED-V in comparison to other solutions would be less.

Recent updates have removed the requirement for Hardware Assisted Virtualisation. So, unlike Virtual Computer’s NxTop or Citrix’s XenClient, MED-V doesn’t require AMD-V or Intel-VT processors. That said,  your devices will need to run multiple OS. Thus, you have not only the demands of the ‘legacy’ environment, but also the new OS: are your end devices able to cope? Deploying MED-V is not going to save on upgrading hardware.  However, depending on your organisation’s size, upgrading your end devices may not be as demanding in terms of hardware & migration costs as moving to Presentation Virtualisation or a Virtual Desktop Infrastructure.

Is Med-V Just a Band-Aid Solution?

MED-V is a solution to ease migration issues if you’re moving from Windows XP to a newer version of Windows? What are the challenges to move from one Windows OS to another? Primarily:

  • What additional hardware do I need?
  • Do my applications work in the new OS?
  • What licenses are required?

MED-V still needs you to review your hardware requirements. You could maintain the hardware and transition to using devices as “thin clients” for a VDI environment, but there’s a high capital expenditure cost to introduce VDI into a datacentre and an investment in time and resource to ensure testing and validation to ensure that the user experience is acceptable. It could be more cost to upgrade your end device hardware and more effectively manage your existing devices in-situ.

Can you use the functionality to a wider audience to solve other problems – say as a BYoC solution, or to deliver your applications to devices outside of your domain? MED-V does offer a range of deployment solutions, including deployment via CD – and images are encrypted. But, it is an image management solution – you need to consider not only is the image deployed, but how do you manage the data accessed from that image? In addition, it does only have drivers for Windows Operating Systems – so not a solution to deliver alternative OS; you couldn’t use it to migrate to Linux for example. Yet, MED-V is not simply a solution to migrate from one OS to another, but a method of managing user access to different Windows images for whatever purpose – migration, development, or testing.

An interesting question is “why is Windows Virtual PC and XP Mode necessary”? App-V is intended to de-couple the application environment from the operating system. Should there be a need to introduce a secondary OS – even if it’s managed its still more effort. Some application deployment solutions – such as Endeavors’ Application Jukebox or Spoon offer virtualized application solutions that could be used to deploy applications such as different versions of  IE versions to a single desktop.

The most important consideration is how are you best managing your desktops? MDOP provides a number of tools to help you deliver best practices and drive down cost of of managing your desktop environment. One of those tools is MED-V. It is likely as you move towards Windows 7 that you’ve existing applications that will not operate in the new Win 7 environment. You can enable access to these applications in a variety of ways – using Presentation Virtualization, or Hosted Desktops for instance – but to that mix you can add managing multiple OSes on the user’s desktop directly using tools such as MED-V, it’s not just a band-aid.