Posted by: kurtsh | August 12, 2012

INFO: A word about Windows-to-Go for Windows 8 Enterprise & Certified Hardware

imageWindows 8 Enterprise’s new feature, “Windows-to-Go” is a lot more than just “Windows installed on a USB flash drive”.  This is a misconception that has propagated across the Internet for a long time.  The written differences are documented here however here’s a good run down:

  • Hibernate and sleep are disabled by default. To help prevent Windows To Go from accidental data corruption during roaming hibernate and sleep are disabled. They can be re-enabled by using Group Policy settings.
  • Internal disks are offline. To ensure data isn’t accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go. Similarly if a Windows To Go drive is inserted into a running system the Windows To Go drive will not be listed in Windows Explorer.
  • Trusted Platform Module (TPM) isn’t used. When using BitLocker Drive Encryption a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers.
  • Windows Recovery Environment isn’t available. In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows.
  • Push Button Reset isn’t available. Resetting to the manufacturer’s standard for the computer doesn’t really apply when running Windows To Go, so the feature was disabled.

Also driver configuration & host profiling is also something that has been engineered into Windows-to-Go:

  • Windows To Go drives can be booted on multiple computers. During the first boot on a computer Windows To Go will detect all hardware on the computer and install drivers. When returning to that computer Windows To Go will identify the computer and load the correct drivers automatically. Users can do this on multiple computers with the same Windows To Go drive enabling the ability to roam between them.

    (Note that when they say it will “detect all hardware”, they mean being able to work with both UEFI as well as legacy BIOS based PCs, and also detected at boottime what hardware is installed physically and build a ‘hardware profile’ for the PC being used.  The hardware profile remains persistent for future use so that boottime hardware detection isn’t necessary for subsequent uses on the same PC.)

One of many other important changes to Windows 8, specifically for Windows-to-Go includes:

  • Resilience to unintended removal.  When the USB device is pulled from the system suddenly, the user has 60 seconds to get it back in there while the entire operating system halts.  At this point, there is either a graceful recovery and the OS resumes (with a warning dialog box to ‘avoid doing that’) or the system is shutdown.  This shutdown occurs to ensure that sensitive data on the screen is not exposed when the user, say, leaves the PC with their WTG device quickly & rashly.

There is also a variety of other accommodations afforded to Windows-to-Go within Windows 8 such as configuration management-by-policy, enterprise central deployment, cloning, etc.  A tremendous amount of work was done specifically for Windows-to-Go for both central USB device deployment as well as user self-provisioning through System Center Configuration Manager 2012 SP1.

Now something else that I found out was that Windows-to-Go had some additional engineering considerations that are pretty important:

  • Devices are “Mass Storage”. When queried using Device Manager, the USB device reports as actual fixed media – instead of “Removable Storage”. This is specific to certified Windows-to-Go certified devices, I believe.
  • Devices must be considered ‘high performance’.  They are certified through the Windows 8 Hardware Certification Kit and must be USB 3.0 drives with SSD & high random Read/Write speed as well as high endurance with low latency.  The exact specifications isn’t something I know but if you look at the devices below, you can probably get a good idea.

Here are two ‘certified’ flash drives that we use at Microsoft:

imageKingston KW-U4132-1FA – Bootable DataTraveler Ultimate 3.0

  • Capacity – 32GB
  • Fixed device – supports USB Boot
  • imageRequirements – system with USB 3.0 port
  • Fast – data transfer rates for USB 3.0 to 80MB/sec. read and 60MB/sec. write; USB 2.0 = 30MB/sec. read and 30MB/sec. write
  • Backwards compatible – with USB 2.0.
  • Dimensions – 2.90" x 0.87" x 0.63" (73.70mm x 22.20mm x 16.10mm)
  • Operating Temperature – 32° to 140°F (0° to 60°C)
  • Storage Temperature – -4° to 185°F (-20° to 85°C)
  • Simple – just plug into a USB port
  • Practical – durable casing with a solid lanyard loop
  • Guaranteed – five-year warranty

imageSuper Talent Electronics Bootable USB 3.0 Express RC8 Flash Drive
(25GB, 50GB, 100GB models)

image

  • Mfr Part Number: ST3U25GR8S
  • Capacity: 25 GB, 50 GB or 100GB
  • Interface: USB 3.0 and USB 2.0
  • NAND Flash: MLC
  • Performance:
    • Sequential Read Rate: 270 MB/s (max)
    • Sequential Write Rate: 220 MB/s (max)
  • Shock: 1500G (operating)
  • Vibration: 16G (operating)
  • Reliability:
    • Data Reliability: Built-in EDC/ECC function
    • Data Integrity: 10 years
    • Wear Leveling Algorithm: Global wear-leveling
  • Dimensions: 92.7 x 25.0 x 8.0 mm

Note:  If you’re interested in some other reading, I found a rather detailed 3rd party “review” of Windows-to-Go that has no association to Microsoft but might be useful to reference.

Posted in Uncategorized

«
»

Categories