Vista Volume Activation Overview VLK 2'0 - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Vista Volume Activation Overview VLK 2'0

Description:

Install Vista or Longhorn on any machine that will host KMS ... Roll out Vista or Longhorn Server 'clients' (using the same methods used to roll ... – PowerPoint PPT presentation

Number of Views:44
Avg rating:3.0/5.0
Slides: 17
Provided by: Ande155
Category:

less

Transcript and Presenter's Notes

Title: Vista Volume Activation Overview VLK 2'0


1
Vista Volume Activation OverviewVLK 2.0
  • Anders Björling
  • Senior Consultant
  • Microsoft

2
Agenda
  • Activation in Vista and Longhorn
  • OEM
  • Key Management Service (KMS)
  • Multiple Activation Keys (MAKs)
  • Supported Scenarios
  • Script for administrative purposes

3
Activation in Vista and Longhorn
  • There are three activation options for Vista and
    Longhorn Server.
  • OEM pre-activated machines
  • These machines do not need VLK 2.0 activation
  • KMS (Key Management Service)
  • For managed environments where users are
    connected to the corporate network
  • MAK (Multiple Activation Key)
  • For decentralized networks where users are rarely
    or never connected to the corporate network

4
Vista Volume Activation Scenarios
5
Key Management Service Intro
  • Key Management Service (KMS) is the central
    service in VLK 2.0 that handles volume activation
    of all clients and servers in an enterprise
    network.
  • Target Larger networks (at least 25 machines)
    that clients machines can regularly connect to.
  • Benefits
  • Secure and centralized key administration
  • Easy OS roll-out with automatic activation of
    clients
  • Improved ongoing security
  • Better accounting and trouble shooting
  • Runs on Vista client or Longhorn Server
  • WS2K3 support is planned post Vista RTM

6
Key Management Service Setup
  • Deploying the KMS service is easy and straight
    forward.
  • Acquire VL Keys and media (same as today via
    online portal)
  • Install Vista or Longhorn on any machine that
    will host KMS
  • Install VLK to enable Key Management Service
  • KMS encrypts and stores the VLK in its trusted
    store for security
  • No other steps required
  • Configure KMS so that clients will be able to
    communicate with KMS periodically
  • KMS activated machines automatically re-activate,
    but will go out of tolerance after 180 days if
    disconnected
  • Configure TCP port and firewall (optional)
  • Configure DNS as needed for KMS discovery

7
Vista/LH Server Client Setup
  • After the KMS is running, deploy the clients.
  • Roll out Vista or Longhorn Server clients
    (using the same methods used to roll-out Windows
    XP DVD, Disk Imaging, Remote Imaging - WDS)
  • Optionally configure clients to locate KMS if not
    using auto-discovery (see next slide)
  • Each client has a 30 day grace period after
    installation to contact the KMS.
  • The first 25 clients to reach KMS are only
    counted, and kept in KMS list for 30 days
  • Any subsequent client can automatically activate
  • The first 25 automatically retry every 2 hours,
    and can then activate

8
KMS Deployment Details
  • KMS Discovery
  • KMS attempts self-registration with DNS (via SRV
    resource records)
  • DNS may require setting of permissions for KMS
    depending on network
  • Client query obtains list of all KMS computers in
    the DNS domain and selects KMS at random
  • KMS Communication
  • Uses anonymous RPC over TCP (must open firewall
    port)
  • TCP port (default 1688) configurable via WMI
    (registry key)
  • Requests are asynchronous and lightweight (200
    bytes)
  • A single KMS on a desktop machine can handle
    20,000 requests / hour
  • Support for users that connect intermittently by
    automatic sensing when a machine comes online
  • KMS Management
  • WMI support for remote management of clients and
    KMS service
  • All activity is logged in application event log
    of clients and KMS
  • Sample reporting utilities and MOM pack will be
    provided (Not available now)

9
Multiple Activation Keys (MAKs)
  • If you are not sure if a user will be regularly
    on the corporate network, issue them a MAK.
  • MAKs can be used multiple times (e.g. 100
    activations), but have an upper limit
  • MAK usage can be viewed via Microsoft online
    portals, and additional activations can be
    requested at no charge
  • MAKS are protected in the trusted store, but have
    less ongoing security, and no centralized
    accounting (like KMS)

10
Multiple Activation Keys Cont
  • MAKs require key roll-out to each machine. This
    can be scripted or a MAK can be included in the
    Vista image.
  • MAKs must activate against MS once per machine
    either online automatically, or offline using a
    confirmation ID received via telephone. This
    confirmation ID can be used multiple times to
    re-activate the same hardware.
  • Auto-activation of MAKs can be setup by an admin.
  • Bulk MAK activation using the telephone
    activation system is supported, so that the
    confirmation IDs for multiple machines can be
    received with a single transaction
  • MAK activations do not have any expiration
    associated with them, but they can go out of
    tolerance if enough hardware has been changed.
  • Users can change from a KMS activation to a MAK
    by installing the key

11
Activation Scenarios Timeline
  • Machine automatically activates and re-activates
    within grace or expiration period
  • Machine goes out of 30 day grace period (or
    tolerance period) and into reduced functionality
    mode (RFM, which disables interactive log-on)
  • Admin user installs MAK key and activates within
    30 day grace (activation does not expire)

Automatic Activation Requests (2 hrs by def)
Automatic Activation Requests (2 hrs by def)
Automatic Activation Renewal Requests (7 days by
def)
Grace
Activated
RFM
Grace
User Unable to Log On
Re-activation after expiration 180 days (Each
renewal extends this to the full 180 days)
30 days
30 days
12
Reduced Functionality Mode
  • Activate today or some features will no longer
    work notifications come up frequently near the
    end of the grace period before RFM.
  • To fix RFM mode
  • Connect machine to the corporate network with KMS
  • User with admin privilege can manually change to
    a MAK key (when attempting to log on this can
    also be scripted by IT Pro)

13
VLK Customer Experience Comparison
14
Common Questions
  • How does this affect my TCO?
  • The impact on total cost of ownership will vary
    depending on customer corporate network
    configuration. In most cases the impact will be
    very small, requiring no new infrastructure or
    management.
  • For many customers the additional asset
    management capabilities built on VLK2.0 will
    offset any additional IT management costs.
  • New hardware is not required. KMS is lightweight
    and can co-exist with other services.
  • What are the volume editions that support KMS?
  • Client Business, Client Enterprise, Server
    Enterprise
  • The client versions are upgrade versions only.
  • Why is the value of n set at 25 machines?
  • Extensive research and customer feedback has
    shown that a network size of 25 machines will
    balance out a positive customer experience
    against creation of illegal networks. Customers
    with networks less than 25 machines will use
    Multiple Activation keys.
  • Isnt this just about Microsoft trying to make
    more money?
  • While decreasing software theft of Windows
    benefits Microsoft, no enterprise wants to be
    responsible for illegal use of their volume keys.
    Improved security and accounting of volume
    licensing keys and software benefits Microsoft
    customers.

15
Built-in Scripting Support
  • cscript C\windows\system32\slmgr.vbs
    ComputerName UserName Password ltOptiongt
  • cscript \windows\system32\slmgr.vbs ato
  • Activate manually
  • cscript \windows\system32\slmgr.vbs ipk
  • Activate machine and turn it into KMS Server
  • cscript \windows\system32\slmgr.vbs dbi
  • Display KMS and client license info

16
  • Questions?

17
VLK 2.0 Activation Policies
  • KMS Activation
  • N-Policy (min. machines per KMS) 25
  • Expiration period until reactivation 180 days
    (30 days for Beta 2 testing)
  • Hardware tolerance bound to system hard drive
  • Out-of-box grace period 30 days
  • Out-of-tolerance 30 days
  • If user has gone beyond expiration or changed
    their hard drive
  • MAK Activation
  • No N-Policy
  • No expiration
  • Hardware tolerance Certain hardware changes will
    require a re-activation, and will count against
    MAK total.
  • Out-of-box grace period 30 days
  • Out-of-tolerance 30 days
  • For changed hardware only
Write a Comment
User Comments (0)
About PowerShow.com