Planning an Upgrade with MAP Toolkit 4.0
Microsoft’s Assessment and Planning Toolkit (http://technet.microsoft.com/en-us/library/bb977556.aspx) is an application that automatically inspects a network and generates reports. The recently-released version 4.0 now includes Windows 7 in its assessments. The idea is that you run the toolkit from a PC on the network, and it checks out all the machines using remote administration and WMI (Windows Management Instrumentation). A separate report gathers performance data on servers. You can then generate several kinds of report, including Windows 7 readiness, Server 2008 or Server 2008 R2 readiness, and server consolidation. The toolkit also has a number of links to other related resources.
MAP has a number of pre-requisites, including the .NET Framework, Word 2007 and Excel 2007 (these last because the application automates Office in order to generate reports. It cannot be installed on a Domain Controller. The setup will download and install SQL Server 2008 Express on drive C, without giving you any choice in the matter. It uses SQL Server to store its assessment data, and requires its own instance even if you have SQL Server already installed.
Since the installation is somewhat intrusive, this is not something to do casually on a customer’s machine. The alternative is to install on your own machine, though even then the assessment is unlikely to be completely zero-touch because of the client configuration requirements. The MAP tool normally works fine from a machine connected to the network, but not joined to the domain.
If an earlier version of MAP is already installed, do not upgrade it unless you no longer need existing performance data, as this is not migrated.
Preparing the network
The most problematic area of MAP is that it does not always succeed in assessing every machine. Common reasons for failure include a firewall preventing access, WMI failure, remote administration failure or network timeouts. Another practical issue is that some laptops will be out and about rather than connected to the network. In order to maximise the chance of success, you need to ensure that the target machines satisfy the following requirements:
• Remote Administration is enabled in the firewall. This opens TCP port 135.
• File and printer sharing is enabled in the firewall. This opens TCP ports 139 and 445 and UDP ports 137 and 138.
• The WMI Windows Installer Provider is available. This is usually installed, except on Server 2003 or 64-bit Windows XP. On these machines you can add it though Add/Remove Programs, Windows components.
• The Remote Registry service must be running. This is usually running by default.
Preparing the network with Group Policy
The best way to ensure that client machines have the necessary firewall exceptions is through Group Policy. The relevant section is Computer Configuration > Administrative Templates > Network > Network connections > Windows Firewall > Domain profile. Set the Remote Administration Exception and the File and Print Sharing Exception, adding the IP range of the local network. For example, if the local network runs on 192.168.255.x, then the IP range is 192.168.255.0/24. Wait for the changes to propagate, or update a client specifically with the gpupdate command. On networks without a domain you can set these exceptions though local group policy on each machine.
Running the analysis
The first step once MAP is up and running is to create or select a database. The database is a unit of isolation, so you could use the same installation of MAP on several networks, and provided each one uses a different database there should be no conflicts (so taking your own laptop with MAP pre-installed is a good way to use the tool). Reports are saved by default to (documents)\MAP\(dbname), where (documents) is the current default document location, and (dbname) the name of the current MAP database.
Step two is to run the Inventory and Assessment Wizard. This raises a screen called Computer Discovery Methods. There are six discovery methods, and by default the first two are checked: Active Directory and Windows Networking Protocols. It is odd that both are checked, since the documentation advises you not to use both at once. If it is available, Active Directory is the obvious choice. When Active Directory is selected, you will be asked to specify the domain and enter the credentials of a domain user, and to select which computers to find; usually the ‘all computers in all domains’ option will be what you want.
The wizard then presents a dialog called WMI Credentials. Here you have to specify one or more accounts which belong to the Local Administrators group on each machine to be assessed. The path of least resistance is to enter a member of the Domain Admins group.
The assessment now runs, and will report how many computers it discovers and how many are successfully assessed. Once it completes, you can immediately view a summary of the readiness reports for Windows 7, Windows Server 2008 and Windows Vista from the main screen; full reports are generated separately.
The Server Consolidation assessment is separate, and depends on the Performance Metrics wizard having run successfully. Unfortunately this wizard cannot use Active Directory, but requires a text file with the names of the computers to assess. It is not as bad as it sounds, since this is only for servers. Run Notepad, and type in the names of the servers to assess, one per line. Save the file. Browse to this file in the Import Computer Names dialog in the Performance Metrics wizard, enter credentials as before, and continue. You also need to specify the duration of the performance metric collection. Although it defaults to one hour, that is not long enough. A better choice is a 24 hour period over a weekday, or whatever is the busiest time.
Once the assessments are complete, you can generate reports. Not all the reports are available from the main window, but you can generate all the reports in one action from the File menu, Prepare New Reports and Proposals.
Using the reports
The big question: are the MAP reports worth the effort? Here’s a quick look at what you get. Reports are all in Excel or Word format.
This worksheet lists all assessed computers with basic details including computer model, current operating system and service pack level, processor type, installed RAM, video card, BIOS date (a good clue as to the age of the machine) and size of hard drive. This information is required for any kind of network upgrade recommendation, and will help identify which machines will need to be retired. Even when MAP failed to connect, it is useful to have the machine listed. Unless you have other auditing tools in use, on a large network this report can save a lot of legwork.
Hardware assessments for Windows
These reports analyse each computer and compare their basic specifications against the base requirements for Windows 7 or Server 2008. The device list is also recorded, and MAP inspects its database to see if a driver is available. Although MAP has a substantial database, most machines we tried threw up at least one instance of ‘There is no compatibility data available for this device,’ which means MAP cannot tell whether the upgrade would work as-is or not. Still, the report at least gives an indication of whether an upgrade might work.
MAP generates a proposal to go with each assessment, summarizing the results and the benefits of an upgrade.
SQL Server Assessment
This report lists all instances of SQL Server. There is a matching proposal document that summarises the data and lists the benefits of SQL Server 2008. Since the report finds all instances of Express versions, which are often installed by applications such as MAP, it is potentially misleading, but a useful starting point.
Virtual Machine Discovery
As you would expect from the name, this report lists servers that have virtual machine hosts, provided they are from Microsoft or VMware, together with the guest operating systems on each host. Virtual machines are also indicated as such on the complete hardware inventory.
Office 2007 Assessment
This report lists what version of Microsoft Office is currently installed on each machine, if any, and assesses whether an upgrade is possible. It is a useful report for checking licensing as well as upgrade possibilities.
Performance Metrics Report
Aimed at servers, the performance report measures memory, disk and CPU usage over a period. The data is primarily intended for the Server Virtualization Planning wizard, but could be useful for any server upgrade recommendations.
This is not an in-depth security assessment unfortunately, but merely checks for the presence of anti-malware and firewall software, in a similar manner to the Windows Security Center. It might still be useful in cases where there is no other monitoring of security configuration, perhaps if you’re evaluating what’s in place at a new client.
Windows Server Roles discovery
This report lists roles – such as Active Directory, DHCP, DNS, IIS – active on each server.
Application Virtualization Proposal
This proposal sets out the benefits of App-V, Microsoft’s application virtualization technology: App-V enables applications to run from the network without any setup or dependencies beyond the App-V client. It shows which PCs can run the App-V client, but does not actually recommend applications to be migrated.
Power Savings Assessment
Working on the principle that newer versions of Windows (both client and server) have superior power management, and that virtualisation also saves power, this proposal summarizes the potential energy savings from upgrading. The proposal is arguably suspect, since it does not take into account the environmental cost of replacing hard
ware, but nevertheless it highlights a valid area of concern and will help you put figures on the often nebulous promise of cutting costs by saving power.
Network Access Protection Proposal
This document explains the benefits and infrastructure requirements of Microsoft Forefront client security and Network Access Protection (NAP).
Server Consolidation and Virtualization Proposal
This document uses data from the performance report to offer a recommendation for virtualisation. The proposal makes most sense for larger organizations. In the sample proposal documents, 96 physical servers are migrated to six virtual servers, achieving some dramatic savings. Many small businesses manage on one or two servers, making virtualisation less beneficial, though there is still a case to be made.
The pros and cons of MAP
It’s a compelling idea. Whiz onto the customer’s premises, connect to the network and run a utility, then print out ready-made upgrade proposals and walk out with a large order. Sadly, the real world is not like that. The first problem with MAP is that you will rarely get a successful complete assessment at the first attempt, and even after working with Group Policy you may find some machines absent or resistant to being probed. The second issue is that automatically- generated proposals will not be an exact fit for your customer’s requirements. As you would expect from boiler-plate text, they tend to be bland, somewhat verbose, deeply Microsoft-centric, and biased towards upgrading everything. They are not documents which you could distribute without editing.
That doesn’t mean the tool isn’t useful. The amount of detail in a successful hardware inventory would take considerable effort to replicate manually, for example. It is also true that technologies such as App-V and even Hyper-V are not well known by all businesses, yet they can deliver real savings in the form of reduced hardware and easier management. On a successfully prepared network, MAP does a good job of auditing the hardware, operating systems and applications, which is the essential first task in making an upgrade recommendation. Think of it as a time saver, rather than a replacement for your own expertise.
Microsoft Partner Network: Microsoft Assessment and Planning Toolkit
The partner page for MAP includes instructions to customise MAP with your own branding (only available to registered partners), datasheets and presentations that you can also customise plus Webcasts and video demos
Infrastructure Planning and Design
Microsoft’s guides for infrastructure planning cover 20 different technologies from Active Directory to Terminal Services and Windows Deployment Services, plus all the Microsoft virtualisation options like App-V, MED-V, Hyper-V and the differences between them
Server virtualisation assessment with MAP
Although it covers MAP 3.1, the second and third parts of this series are a good guide to the process of using MAP to make decisions about server virtualisation
Application virtualisation might be a good solution for some customers but it isn’t the easiest technology to explain; brush up on the details of Microsoft’s solution