Migration from RM CC3 to Windows 7

Overview

The school’s computer network was managed until 2010 by an aging RM Community Connect 3 system, a product with a number of technical issues which had received no significant development in several years, and which suffered from a slow release cycle for security and stability updates. The entire network was migrated to a plain Windows Server 2008 R2/Windows 7, managed in-house by IT support staff.

Need

Crosfields School’s PC computer network was running a common education network platform from RM called Community Connect 3 (CC3), an extensive proprietary management layer built on top of Microsoft Windows Server 2003 and Windows XP. Though comprehensive and highly functional at its time of release, CC3 had very little development in its later years, not least due to the release of its successor in 2008, Community Connect 4. Released updates for the underlying Microsoft Windows were only supported by RM after being tested and repackaged, and even critical security patches often took weeks (or longer) to reach customers. Use of standard Microsoft Update technologies was not only unsupported, but strongly discouraged due to known issues with CC3.

Overall, day-to-day administrative niggles and bugs in the client management software, and a lack of support by RM for various new technologies, was severely hindering the development of the school’s technical infrastructure. Server virtualisation was completely unsupported, as was the use of any NAS server other than expensive bespoke solutions from RM. Deployment of newer client operating systems such as Windows Vista or Windows 7 was highly problematic.

In light of this, the school considered two options: attempt to solve some of these problems by upgrading to Community Connect 4, which would continue to be supported under contract by RM, or attempt to solve all of them by foregoing the RM management layer and replacing the client and server infrastructure with an in-house solution using Windows Server 2008 R2 and Windows 7 (known in education circles as a ‘vanilla’ install).

Consideration

• All user account information needed to be retained, along with file share structures and permissions.
• Control and restrictions on client workstations needed to remain largely intact, to prevent both pupils and staff from accidentally (or intentionally) causing technical problems.
• The existing catalogue of software needed to be retained, or close substitutes made. This applied not only to the user-facing software, but also to the administration software provided by the CC3 management layer.
• Faster logon times were strongly desired by staff to reduce wasted time in ICT lessons.
• Approximately 80 existing client PCs were being retained (in addition to 60 new PCs), so any new system would have to be capable of running on existing client hardware, as well as being compatible with existing printers and other peripherals.
• Automatic installation of Microsoft security updates within a maximum of a few days of release was strongly desirable.

Solution

Views were sought both from other schools and a reputable IT support company with experience supporting RM Community Connect systems. The support company, along with the majority of schools (including some Community Connect 4 users), advised against upgrading to CC4 due to performance and reliability issues. Since this was also the more expensive option in terms of software licensing, the decision was taken to implement an in-house solution.

• New existing server hardware was used to deploy Hyper-V server virtualisation on Microsoft Windows Server 2008 R2.
• New Domain Controllers running Server Core installs were promoted onto the existing domain, and FSMO roles transferred to a new operations master server.
• User data was transferred from existing servers onto new equipment running Microsoft Windows Storage Server 2008 with ACL data intact.
• User data was reorganised by script into the new Windows Vista/7 user profile structure (separation of Documents/Videos/Music/etc. and move of some preferences such as Internet Explorer favourites and Recent shortcuts).
• Flexible file storage quotas were introduced using File Server Resource Manager, and were used to encourage storage of data such as photographs in shared areas rather than personal directories.
• User preferences and Application Data were retained as far as possible, and where they could not be retained, sensible defaults were set automatically via Group Policy Preferences.
• Existing software install packages were transferred onto a new server running Microsoft System Center Essentials 2010, which managed application installs and Windows Update (this was later replaced with a standard WSUS server and Local Update Publisher).
• Existing Domain Controllers were demoted and removed from the network. Some server hardware was retained and repurposed as an additional Hyper-V host server.
• All workstation hardware was reformatted and re-imaged using WDS with Windows 7 Enterprise.
• RM workstation client restrictions were replaced with standard Group Policy restrictions.
• RM Virus Protect (a rebranded edition of Symantec Antivirus) was replaced with VIPRE Enterprise.
• RM Tutor classroom management software was replaced with AB Tutor Control.
• Almost all user and computer management extensions provided by the RM Management Console (including network share and printer mapping) were replaced by functionality in Group Policy Preferences.
• For a few pieces of older educational software that caused difficulties with Windows 7 (in particular UAC) or was incompatible with other software, a Microsoft App-V server was deployed to allow the applications to run on local workstations in a virtual sandbox where security restrictions could be lifted without compromising the overall security of the workstation.
• Existing layout of network shares and start menu items was retained (except for some consolidation) so that minimal user retraining would be needed. A 1-hour INSET session proved sufficient for staff to make the switch from the CC3 Windows XP network to the new Windows 7 based network. Pupils were able to adapt to the switch within a single lesson.

Staff and pupil reaction to the project was extremely favourable. When surveyed, not a single respondent indicated a preference for the previous system. Increased performance both at system boot and during normal use (due to the reduced system management overhead) was the most commonly identified key benefit for staff, while pupils picked simple benefits that affected their overall enjoyment in using the IT facilities, such as a relaxation of unnecessary workstation restrictions (e.g. desktop customisation) and the ease of access to programs via the Windows 7 Start Menu.