Log in using OpenID

Windows XP Migration A Practical Guide

NCC Guidelines
Volume 4 – Number 4
Windows XP Migration
A Practical Guide
National Computing Centre
About the author
Jason Meers
ason Meers, MBCS CITP and VMware vExpert 2014, is a senior consultant at
Xtravirt working within the VMware Professional Services division.
Jason has been consulting in server virtualisation and desktop virtualisation since
2001, and is currently completing an 11,000-seat VMware Horizon Suite and
Windows XP to Windows 7 migration for a UK local authority.
He has been working with the NCC to develop virtual desktop solutions and bestpractice guidelines since 2005, and has also worked as an independent advisor to
the UK Conservative Party, UK Cabinet Office, the Northern Ireland Assembly and
Jason can be contacted at
Xtravirt specialises in transformation projects, with clients ranging from highly
distributed organisations such as Avis Budget Group with a workspace
transformation over 12 countries and 1,000 sites, to high-density volume such as a
24,000-seat migration for global luxury car manufacturer Jaguar Landrover.
Xtravirt is supporting one of its most senior consultants, Jason Meers, with this
guide to Windows XP migrations. Jason is a recognised consulting architect and
author in the virtualisation space, and has led a number of large and complex
projects. Xtravirt and Jason share a pragmatic approach to supporting organisations
dealing with the complexities of IT transformation, using methodology developed
from years of field experience.
If you would like to talk to Xtravirt about helping your organisation with Windows
XP migrations, workspace or cloud transformation projects, please contact
Please note that this guide does not constitute legal advice and you are advised to seek
professional guidance in all matters relating to the legal implications and compliance risks of
running Windows XP in your organisation after 8 April 2014.
2 NCC Guidelines 2014
Windows XP Migration
Part 1 – Introduction
On 8 April 2014 Microsoft Windows XP officially went ‘End of support’, and no
further security updates or security patches will be made available. For most
businesses still using Windows XP, this will be a major headache and could present
some critical security challenges.
In this guide we provide information about the business issues around the use of XP,
and some practical advice and guidance for managing the challenges ahead.
Business risks
Put simply, the risks to most businesses and individuals still running Windows XP
are as follows:
• Security updates will no longer be made available to protect XP from malicious
software, spyware, data corruption, data theft or misuse by third parties or remote
• When new security exploits and security holes are discovered and fixed for other
versions of Windows such as Vista, Windows 7 or 8, Windows XP will not receive
any of those security patches even if the exploit and fix would be identical for XP as
it would for all of the other versions of Windows.
• Exploits and vulnerabilities in Internet Explorer running on XP will also remain
unpatched (as Internet Explorer is treated as a closely knit component of XP).
• Other vendors are likely to remove support for other programs and applications
if they are running on XP (in reality this is an opportunity for other software
vendors to force end users to buy new versions of their products and blame
• A chain is as strong as its weakest link. No matter how secure the rest of the
computers are on your internal network, a single unpatched computer is all a
remote attacker needs to gain access to the internal network and launch attacks,
steal data or install malware on other computers inside the perimeter of your
• Knowingly ignoring the risks of running vulnerable software inside your
organisation could leave you open to fines and litigation (the Data Protection Act,
for example, can levy a fine of up to £500,000 per incident); or losing the ability to
process financial transactions or credit card payments electronically (PCI DSS
compliance for example).
• For publicly traded companies in the US, including all wholly owned subsidiaries
and all publicly traded non-US companies doing business in the US, the SarbanesOxley (SOX) legislation might also apply. SOX compliance may affect IT
departments in three different ways in relation to ‘electronic records’. The first rule
deals with destruction, alteration or falsification of records. The second rule defines
the retention period for records storage. The third rule refers to the type of business
records that need to be stored, including all business records and communications,
including electronic communications.
Windows updates
In smaller environments, Windows security updates and operating system patches
are provided through the Microsoft Windows Update service. The current settings
for downloading and installing security updates and patches through Windows
Update can be viewed or modified by opening up the settings in the main Windows
Control Panel:
Windows XP Migration
NCC Guidelines 2014 3
National Computing Centre
In larger environments, Windows updates are usually configured and applied
through WSUS (Windows Software Update Services) or SCCM (System Centre
Configuration Manager).
WSUS is a mechanism for downloading, approving and scheduling the installation of
patches and updates to specific groups of users or computers according to a predefined schedule. In many organisations, these updates are tested on a small subset
of machines to make sure they do not introduce any new incompatibilities or
SCCM is an enterprise-grade management solution for Windows environments.
WSUS can be integrated with SCCM to provide a central solution for installing,
configuring and patching software on Windows devices.
WSUS and SCCM are often used with a ‘Group Policy’. This is essentially a collection
of settings that an IT administrator can define and apply to a group of users or
computer in an automated manner.
Security risks around Windows updates
As the number of companies connected to the internet increased, so did the
number of security exploits. Over time, IT departments began to struggle to keep
up with the number of security updates that were starting to appear.
To reduce the administrative overhead, Microsoft introduced its Patch Tuesday
service in October 2003. Patch Tuesday allows Microsoft to accumulate or ‘roll up’
all of the security updates and patches created during the previous month, and
deliver them on the second Tuesday of the month. This gives IT departments a
whole month to test each patch and schedule the updates to be delivered in a
controlled, predictable manner.
Patch Tuesday has had some unwanted consequences. Virus authors and criminal
gangs creating malicious software (malware) soon realised that if they waited until
the day after Patch Tuesday to release a security exploit or piece of malware, they
would have a whole month to take advantage of it before Microsoft could attempt
to deliver another security update. From this window of opportunity, Exploit
Wednesday was born. It is now very common for zero-day exploits to be released
into the wild on or just after Exploit Wednesday.
A zero-day or zero-day exploit is a security vulnerability that malware authors and
criminal gangs start to take advantage of before the software vendor knows that a
specific security hole exists in their software. The vendor literally has zero days
notice of the bug. Now the 8 April deadline has passed for XP security updates and
patches, any new vulnerabilities found in XP will automatically become zero-day
exploits, as Microsoft has categorically stated that it will not fix them after the cutoff date.
Some IT departments are advocating the use of third-party anti-virus solutions and
firewall products as a ‘band-aid sticking plaster’ to cover up the security holes left in
XP. But whilst this may offer protection from some types of attack, it should not be
relied on as a long-term solution as XP begins to look more and more like a Swiss
cheese over time.
Though there is no conclusive evidence to support this at time of writing, many IT
security professionals believe that virus authors and criminal gangs have been
deliberately holding back malware and security exploits until XP becomes a freefor-all, to launch a ‘Zombie Invasion’.
4 NCC Guidelines 2014
Windows XP Migration
Zombies and botnets
In the past, viruses and malware would often make their presence known to the
user and proudly proclaim that the computer had been infected, to gain
notoriety as a cleverer, smarter virus than Virus X, Y or Z. Some viruses simply
displayed a message on screen, or copied themselves from one computer,
floppy disk or USB stick to another. Some of the more malicious viruses would
delete data files, or completely destroy all of the data on a floppy disk or hard
However all of these viruses had a fatal flaw. A virus that announces itself in a
flamboyant style, like Liberace, or destroys its host and loses the ability to spread to
another computer, is always going to have a limited lifespan.
As the virus authors who sought critical acclaim from their peers were replaced by
organised gangs focused purely on making money, a paradigm shift occurred and
viruses started to be developed that made it hard for anyone to firstly discover
them, and secondly remove them.
The term ‘Zombie’ is used to describe a computer that is under the control of a
criminal gang without the owner’s knowledge. When computers are hijacked, they
can then be assembled into a huge network of robots controlled by a single
command and control centre. These networks are often known as botnets.
Botnets are sold on to other criminal gangs in chunks of time. And whilst a botnet
might contain hundreds of thousands or even millions of machines, access to them
can be sold for fractions of pennies and still create a huge financial return for the
people renting them out.
It is widely anticipated that many computers running XP will now be unwillingly
recruited into botnets and hired out to send spam emails, launch DDOS attacks on
other websites (distributed denial of service attacks are a form of extortion) or be
used to mine for bitcoins (a new virtual currency).
Application support from third parties
Another concern for many organisations is that third-party software vendors may
use the end of extended support for XP as a stick to beat more licensing revenue
out of customers in the form of:
• Forced product upgrades.
• Increased support fees.
• Reduced obligation to answer any support queries with software running on XP
(regardless of whether the issue has actually been caused by running XP).
So if you haven’t done so already, it would be a good idea to speak to your existing
software suppliers and find out if they intend to help you make the transition as
painless as possible, or use it as an opportunity to use their powers for evil and
‘move towards the dark side’.
Please note: the intent of this section is not to introduce scaremongering for the sake of it,
but to highlight that whilst most IT departments are looking at this as an IT problem to
overcome, some suppliers and criminal gangs are seeing it as an opportunity to make
money from a downed opponent with limited time, budget and resources. Many business
owners are also showing apathy towards the situation and may not fully appreciate the
impact this may have on their business, productivity and reputation, if mis-managed or
Windows XP Migration
NCC Guidelines 2014 5
National Computing Centre
Part 2 – Microsoft End of support policies
The information in this section should help you to clearly identify which versions of
Windows XP you may be running, and how the End of support dates may affect
you. The information is taken directly from the Microsoft website and can be found
Windows lifecycle fact sheet
Last updated: February 2014.
Every Windows product has a lifecycle. The lifecycle begins when a product is released and
ends when it’s no longer supported. Knowing key dates in this lifecycle helps you make
informed decisions about when to upgrade or make other changes to your software. Here are
the rights and limits of the Windows lifecycle.
End of support
End of support refers to the date when Microsoft no longer provides automatic fixes, updates
or online technical assistance. This is the time to make sure you have the latest available
update or service pack installed. Without Microsoft support, you will no longer receive security
updates that can help protect your PC from harmful viruses, spyware and other malicious
software that can steal your personal information. For more information go to Microsoft
Support Lifecycle.
Different End of support dates
It is important to note that Microsoft often quotes two End of support dates:
• End of mainstream support.
• End of extended support.
During mainstream support, Microsoft provides free product updates, product
enhancements and security fixes. During extended support, security updates for a
product remain free, but most other product updates and enhancements are only
supplied as an additional paid-for service.
Windows XP versions
In 2001 Microsoft released Windows XP to the world as the successor to Windows
2000. Over the lifetime of XP, several versions have been made available including:
• Windows XP Home and XP Professional. These were aimed at the home user and
the business user respectively and contained only minor differences, where certain
features were enabled or disabled.
• Windows XP Embedded. This was a cut-down version of XP designed for use on
devices such as thin clients, public displays, industrial systems and electronic point
of sale (EPOS) systems.
• Windows XP Media Center Edition. Often known as MCE, this is an enhanced
version intended to turn a standard PC into a home entertainment hub by
incorporating features such as a built-in DVD player and personal video recorder.
• Windows XP Tablet Edition. A customised version of XP designed to be used with
purpose-built tablets or laptops and monitors with touchscreen or pen input
• Windows XP Starter Edition. A restricted version aimed at emerging markets and
unlikely to be found running inside UK businesses.
6 NCC Guidelines 2014
Windows XP Migration
• Windows XP N and KN Editions. These are versions with ‘no’ copy of Windows Media
Player or Windows Messenger installed, created in response to an EU ruling into Microsoft
‘abusing a dominant position’. They are again unlikely to be found inside UK businesses.
• Windows XP 64-bit editions. Microsoft also released a 64-bit version of XP called
Windows XP Professional x64 Edition. This went on to become the basis for
Windows Server 2003 64-bit. As Windows Server 2003 goes ‘End of support’ over
a year later than XP Professional, we will illustrate this as a temporary ‘get out of jail
free’ card for organisations that require some extra breathing space in order to
make a smooth transition away from XP.
Key deadlines for Windows desktop operating systems
Table 1
Client operating
Latest update or
service pack
End of mainstream
End of extended
Windows XP
Service Pack 3
April 14 2009
April 8 2014
Windows Vista
Service Pack 2
April 10 2012
April 11 2017
Windows 7
Service Pack 1
January 13 2015
January 14 2020
Windows 8
Windows 8.1
January 9 2018
January 10 2023
Table 1 shows the current support deadlines for several versions of Windows (as of
March 2014). Most organisations will probably skip Windows Vista given the amount
of time a migration to Vista will take, and the fact that it is already out of
mainstream support, and most likely focus on a Windows 7, Windows 8 or a BYOD
(bring your own device) strategy.
Table 2
Products released
Extended support end date
Windows XP Home Edition
April 8 2014
Windows XP Professional
April 8 2014
Windows XP Media Center Edition 2002
April 8 2014
Windows XP Media Center Edition 2004
April 8 2014
Windows XP Media Center Edition 2005
April 8 2014
Windows XP Tablet PC Edition
April 8 2014
Windows XP Tablet PC Edition 2005
April 8 2014
Windows XP Professional x64 Edition
April 8 2014
Windows XP Embedded
January 12 2016
You may have noticed from Table 2 that Windows XP Embedded has a slightly
longer life expectancy than other versions of XP.
Windows XP Migration
NCC Guidelines 2014 7
National Computing Centre
Table 3
Products released
Extended support end date
Windows Server 2003 R2 Datacenter Edition
July 14 2015
Windows Server 2003 R2 Enterprise Edition
July 14 2015
Windows Server 2003 R2 Standard Edition
July 14 2015
Windows Server 2003 Datacenter Edition
July 14 2015
Windows Server 2003 Enterprise Edition
July 14 2015
Windows Server 2003 Standard Edition
July 14 2015
Windows Server 2003 Web Edition
July 14 2015
Table 3 shows the extended support dates for Windows Server 2003 and Windows
Server 2003 R2. If you are wondering why we are showing these dates, you may
remember from an earlier section that XP and Windows Server 2003 share a
common code base, and most applications that will run on XP will also run on
Windows Server 2003.
If you have an application that absolutely cannot be made compatible with
Windows Vista, 7 or 8, then running the application on Windows Server 2003
through Terminal Services might be another option to consider that would give you
another two years’ grace period. We discuss this option as well as several other
options later in this Guideline.
Part 3 – Creating a migration plan
This guide offers a practical, pragmatic approach to migrating users away from
Windows XP as gracefully as possible.
Whilst some of the suggestions here might not fall into the category of ‘best
practice’, if you haven’t already started your migration from XP yet when reading
this, the chances are that right now you are probably more focused on damage
limitation, mitigating risk and generally just ‘keeping the lights on’ in order to fight
another day, than adhering strictly to best practice.
The strategy outlined here falls into a few different categories, or ‘work streams’. If
you have the time and resources available, then by all means set up multiple teams
to work in parallel. If you have fewer resources at your disposal, you may have to
prioritise these yourself or draft in extra help. The work streams are:
• Mitigating the risk of continuing to run existing Windows XP desktops.
• Selecting an operating system.
• Selecting a migration strategy.
• Installing the operating system and core components.
• Managing the applications.
• Managing the end-user data and profiles.
8 NCC Guidelines 2014
Windows XP Migration
1. Mitigating the risk of continuing to run existing XP desktops.
The ideas presented in this section are not intended as long-term solutions; they are
offered purely as an acknowledgement that many organisations will still have some
machines running XP and may need more time to complete the migration.
Whilst the main migration work is going on, you will need to take steps to mitigate
the risk from the existing machines, and these are suggestions on options and
strategies that may help during the cut-over.
Please note: some options presented here may not be suitable or appropriate for
your organisation; each organisation should decide for itself the risk, benefits and
implications of implementing any particular option. If you are in any doubt, please
seek professional advice.
• Internet. The biggest risk to vulnerable machines comes from the internet and
internet connections. If you can find a way to remove the ‘default gateway’ from
your XP machines, then internet connectivity can be removed altogether, or forced
to go through a local proxy server on the same subnet.
The local proxy can be configured as a ‘bastion host’ – to act like a doorman or
bouncer between the vulnerable machines and the internet. We discuss bastion
hosts later in this section.
• Local network. The local network, whilst trusted, is often an ‘open’ or ‘flat’
network where machines can communicate with each other directly. Windows XP
machines may infect other machines on the local network, and other machines on
the network may be able to infect XP machines.
We discuss methods such as VLANs, NAC and NAP later in this section, which can
all be used to reduce these risks somewhat when compared to a traditional LAN
(local area network).
• Removable media. Care must be taken with removable media as this is another
vector for attack, even for machines with no internet connection. If your anti-virus
solution has an option to ‘scan removable media before access’ you should enable
this with the highest level of scanning practical.
In years gone by, when most viruses were spread via floppy disks, it was common
for organisations to set up an individual machine as a ‘sheep dip’ system, where all
removable media would have to be individually scanned on this machine first,
before being allowed to be used on any other machine on the network.
• Web browsers. In recent years a new type of infection method called ‘drive-by’
malware has become more prevalent. A drive-by infection is triggered from just
viewing a web page on the internet (you don’t have to download or install anything,
just merely visiting an infected page is enough). Many drive-by infections are served
up from website images, adverts, flash content, plugins, frames and JavaScript that
may be part of the overall page design.
Some software vendors have made definitive support statements about providing
web browser security fixes on XP well after the Microsoft cut-off date. Google, for
example, states that security updates will be available for Google Chrome running
on XP until at least April 2015. Mozilla has also made a commitment to continue to
support Mozilla Firefox on XP after 8 April 2014, but has not provided any specific
cut-off dates.
Third-party add-ons may also be deployed to improve security on browsers running
on XP. For example, many organisations have increased browser security on Mozilla
Windows XP Migration
NCC Guidelines 2014 9
National Computing Centre
Firefox by using third-party add-ons such as NoScript, AdBlock Plus and FlashBlock
which can limit the effectiveness of some drive-by browser attacks, and something
known as ‘cross-site scripting’ (abbreviated to XSS). This is a process in which
scripts are able to load web content in the background from websites the user does
not know they are visiting.
Due to the risks associated with browsing the web, you may also want to consider
changing your default web browser as well as your operating system (if you don’t
have applications that depend on a particular version of a browser). Most browsers
can be uninstalled (even the version of Internet Explorer that would normally be
installed as part of the ‘core’ Windows build can be uninstalled).
For users who need to maintain an old browser such as IE6 for a particular
application, or need to have two different versions installed at the same time, the
sections on ThinApp and App-V later in this guide may be of interest.
• Email. Many modern types of malware are either spread via email or distributed as
attachments or images sent via email. Even if you have removed your ‘default
gateway’ or locked down your web browser, your inbox could still leave you vulnerable
to malicious content from the internet in the form of email and email attachments.
Wherever possible email should not be used on vulnerable machines. In later
sections of this guide we provide suggestions and alternative methods for providing
email access to your users that may be worth considering.
• Anti-virus. Anti-virus (AV) is going to be a key part of any mitigation strategy. It is
also a double-edged sword. Machines disconnected from the internet cannot easily
download virus signatures and updates, and machines that are connected to the
internet in order to download virus signatures and updates are just that – connected
to the internet.
Wherever possible, you should use a central AV management server to distribute
virus signatures and updates to machines over the local network. Most AV vendors
offer ‘managed’ versions of their products. Where this is not possible, some AV
vendors allow virus signatures and updates to be downloaded individually and
installed through an .EXE or .MSI file. However this more manual process is less
reliable and more prone to machines slipping through the cracks.
Whatever method you use to deploy an AV solution to your end users, be sure to
use the highest level of scanning and protection available (or practical if your
machines are under-powered).
• AV without installing an anti-virus product. Most vendors now offer ‘hypervisoraware’ anti-virus products. Essentially the hypervisor intercepts all network traffic,
disk access and memory access and can scan virtual machines without the
operating system having any local AV solution or agent installed, or even knowing
that an AV product is being used.
If you virtualise your desktop machines you could use a hypervisor-aware AV (such
as McAfee MOVE) and solve the problem of requiring an internet connection to
receive AV updates.
• Proxy servers and firewalls. A proxy server, or bastion host, is a centrally
managed solution for providing internet access to a large number of computers,
whilst protecting those machines from direct contact with the internet.
This can be any device which has been specifically prepared for connection to the
internet that ‘proxies’ internet connections on behalf of the machines on the internal
network that are requesting them through the proxy.
10 NCC Guidelines 2014
Windows XP Migration
Most firewalls, web caching devices and some types of security servers (Microsoft
Internet Security Accelerator Server or ISA Server, for example) can be set up as a
scanning proxy.
If your existing firewall supports it, you may also have an option to install an AV
virus product on the firewall itself. Given the risks involved it may be worth
considering buying a new firewall that supports AV scanning either as a
replacement for your existing firewall, or specifically for machines that need extra
• Personal firewalls. If your AV vendor also provides a ‘personal firewall solution’ as
part of its security suite, it may be worth investigating using this on vulnerable
machines, in place of any provided by the operating system itself.
A feature that is often overlooked on personal firewalls is the ability to restrict the
outbound connections a computer can make (not just the inbound connections
coming from the internet). If your computers should only be communicating with
specific machines or machines on a specific subnet, you can lock this down through
the use of a personal firewall.
• VLANs. Virtual local area networks (VLANs) can be used to segregate network
traffic and provide a level of isolation between devices. Though setting up and
using VLANs is beyond the scope of this guide, it is worth speaking to whoever
manages your internal LAN network and asking them if setting up new VLANs is
an option for you, in order to separate and isolate groups of machines from each
other (without having to run additional cables and switches to form parallel
• NAC and NAP. Network access control and network access protection are both
methods of allowing or denying access to devices as they are connected to the
network. Implementations vary from different vendors but as a bare minimum,
most will check for the existence of up-to-date operating system patches and the
latest AV signatures before allowing a device to successfully connect to the internal
LAN network. Every version of Windows Server since 2008 has had some form of
NAC or NAP functionality, so you may have some of these features available
• Dual-homed devices (physical). A dual-homed computer has two network cards,
and each can be configured for a different network (without allowing traffic to be
forwarded between the two networks). The first network card will usually be
configured on the normal LAN, and the second card will be connected to another
network that either runs on different physical cables and switches, or is isolated
with a VLAN.
Where a desktop computer or server runs a critical piece of software that cannot be
made to run on a newer operating system, it could be connected to the isolated
network (which has no outside connection to the main LAN network); and a new
computer that was dual-homed could use its normal LAN connection for most
everyday tasks, but connect to the isolated network just for the applications or
services that could not be easily migrated. This allows a user to access the old
computer or old application (but does not allow the old computer a route back out
to the internet).
Where a standalone application is causing problems and cannot be migrated to a
newer operating system, an even simpler version of this would be to provide a new
desktop computer to the user which performs most tasks through the main LAN
connection, and access the application on the old computer through a remote
desktop connection through a cross-over cable that connects the old computer
directly to the second network card on the new computer.
Windows XP Migration
NCC Guidelines 2014 11
National Computing Centre
(Please note: as discussed earlier, none of these solutions are ideal, but where no
other option exists for a service or application that is business-critical, these might
be your only options.)
• Dual-homed devices (virtual). If your organisation is familiar with virtualisation,
then virtual switches could be a more elegant way of providing a dual-homed
solution. If the new desktop and old desktop can be virtualised on the same server,
the network traffic between the two machines need never be visible on the main
LAN network and could be completely contained within virtual switches on the
virtualisation server.
Other products, like Hyper-V (which is now included with business versions of
Windows 8) or VMware Workstation, could be used to run the old computer as a
virtual machine ‘inside’ the new computer, until the legacy applications can be
upgraded, replaced or retired.
Most virtualisation solutions include free tools to convert a physical machine into a
virtual machine (or P2V as it is commonly known).
• Client/server applications. A client/server application consists of two parts – the
client and the server. The client might be an application installed on each computer
individually, and the server may be a database server that each of the clients
connects back into as part of a central system. If the client portion of the
application can be run on a modern operating system, but the server component
can’t (or vice versa) a dual-homed network, isolated network or segregated VLAN
might also be an option in the short term.
• Citrix XenApp and Citrix Presentation Server. Citrix XenApp – which is
sometimes also known as Citrix Presentation Server, Citrix MetaFrame or just Citrix
– is a popular solution for providing remote access for remote workers. It is typically
set up to allow an application to be installed on the Citrix server, and run remotely
on the end user’s computer as if it were actually installed and running from the
user’s local computer.
Citrix XenApp does not have to be used remotely, it works just as well (if not
better) on the same network as the users themselves. If the existing versions of
your applications, or the new versions, can be run on a Citrix Server this could
save you from having to go round every computer to uninstall or re-install
However, Citrix also has another trick up its sleeve. Citrix XenApp (up to XenApp
version 6.5) can be installed on Windows Server 2013 and Windows Server 2013 R2
which is supported until 14 July 2015. As Windows Server 2013 and Windows XP
share a common code base, most applications written for XP can be installed on
Windows Server 2003 and Windows Server 2003 R2.
Citrix XenApp could then be used to present these XP applications individually, or
as part of a full desktop to a new Windows Vista, Windows 7 or 8 computer (with
little or no modification in most cases).
• Microsoft Remote Desktop Services. Microsoft Remote Desktop Services (RDS) –
or Terminal Services as it used to be known – could also be used in much the same
way as Citrix XenApp to provide individual applications or whole desktops to users
who have moved to a new version of Windows on the desktop. Again, the Server
2003 and Server 2003 R2 versions of Terminal Services could be used to run
applications originally designed for Windows XP.
• Companion devices. If all else fails, you might even want to consider providing a
companion device to a user who cannot otherwise migrate to a newer desktop
12 NCC Guidelines 2014
Windows XP Migration
operating system. If the user can still function using an additional tablet device or
laptop or small form factor computer for browsing the web and using email, this
might buy you more time and more options when trying to migrate the user’s main
computing device.
2. Selecting an operating system.
Once you have minimised the risk your existing XP machines pose, the next decision
is which operating system(s) you are going to migrate to.
A few years ago the only options for most organisations would have been another
version of Windows; however the landscape has changed and more choices are now
available – we cover the more well-known options here:
• Windows Vista. Given that Vista received a mixed reception from consumers and
businesses alike, and only has three more years of extended support left, many
organisations will be skipping it and moving directly to Windows 7, 8 or something
If you already have a large number of Vista machines, you should note that an inplace upgrade from Vista to Windows 7 is a relatively painless operation (in most
cases), and Windows 8 is also possible with a bit of persuasion.
For more information about upgrading Vista to Windows 7, see the Windows 7
Upgrade Advisor tool at
Windows XP Migration
NCC Guidelines 2014 13
National Computing Centre
A similar tool is also available for Windows 8 at
• Windows 7. From experience, most organisations who are still using XP are likely
to move to Windows 7 rather than 8, as the difference between XP and Windows 8
is huge, and would likely confuse most users, not least because most people have
been using the Start button since 1995.
When everything is changing at such a rapid pace (hardware, operating system,
drivers, software), the last thing that most organisations want is to remove all the
features that users are comfortable with and replace them with something new at a
time when IT staff are already struggling with the increased workload.
• Windows 8. This operating system has a drastically new interface called Modern
UI, previously known as Metro. Modern UI was primarily designed to be used with
touchscreen devices and will often confuse users who don’t have a touchscreen
computer, or are used to doing everything with a keyboard and mouse.
Windows 8 has generally polarised opinion, with users who either totally love it or
totally hate it. The two most common complaints about Windows 8 are that the
Start button was taken away or changed, and that most things have been hidden. If
you don’t know how the ‘unhide’ mechanism works they will remain hidden and the
user will never find them (the number of people who still don’t know how to find
the Shutdown button is a good example of this).
So if you do decide to go for Windows 8, you may also need to provide some enduser training to prevent the helpdesk from being overwhelmed with calls.
On the plus side, Windows 8 comes with a version of Hyper-V that can be used to
run some of the more troublesome legacy applications (as a P2V clone of the user’s
old computer) in an isolated network until all applications have been successfully
• Windows RT. This is a cut-down version of Windows 8 that can be run on small
laptops and tablets with an ARM processor. RT has received a lukewarm reception
from most organisations and is not a mainstream system just yet. However if your
needs are minimal and a Microsoft web browser and Microsoft email client are all
that you need, then RT might be worth considering as a companion system.
• Mac OX. A few years ago only designers and musicians had Apple Mac
computers, but now they are commonplace in business environments. Many staff
now prefer to use a MacBook or MacBook Pro at work, rather than the device the
company provides.
If you use mostly mainstream applications (Microsoft Office, Adobe) or web-based
apps, then often a Mac version is also available. Clients are also available for Remote
Desktop Services, Citrix XenApp, Citrix XenDesktop and VMware View for those
wanting to bring their own device (BYOD).
• iOS. This is the operating system used on Apple iPads and iPhones. Most of the
applications widely used in businesses will have an equivalent app that can be run
on an iPad or iPhone. Many organisations have already started to integrate a tidal
wave of ‘iDevices’ into their environment.
• Android. This is the operating system developed by Google for running
smartphones, tablets and small form factor computing devices. Android currently
runs on roughly 80% of all smartphones and tablets worldwide, so even if you don’t
have a strategy for managing or incorporating it yet, you probably should start
thinking about creating one.
14 NCC Guidelines 2014
Windows XP Migration
• Linux. This was once the preserve of geeks and nerds. But a modern Linux
desktop contains free equivalents of the main types of applications used in business,
though they are mostly ‘equivalent’ rather than 100% compatible. A Linux migration
can deliver significant savings in terms of licensing costs, but is not for the fainthearted as a large amount of IT staff and end-user training may be required.
3. Selecting a migration strategy.
To successfully manage your migration, you are going to need a strategy. A strategy
is not only important for allocating resources, but it allows the IT department to
describe the migration process clearly to the business and provides the context for
determining progress.
Sometimes IT projects can fail because ‘activity’ is confused with ‘progress’. Having
a clearly defined strategy and plan can help to avoid this.
If your organisation has experience of performing desktop migrations and has triedand-tested methods for managing these kinds of projects, you can skip forward to
the next section. For everyone else, we provide a number of suggested steps below.
Alternatively you could seek temporary professional help and assistance from a
third party:
• Hardware inventory. The first thing you need to do is create an inventory of all of
the hardware you currently have running XP. The official system requirements for
Windows 7 and Windows 8 are shown in Table 4. However, a more practical
hardware recommendation for both versions might be more like that shown in Table
5. Where the old hardware does not meet the new systems requirements, you may
have no choice but to ‘replace and retire’ (in which case some decisions have
already been made for you).
Table 4
Version of Windows
Minimum 1 GHz CPU
Windows 7 and Windows 8
Minimum 1 GB RAM
Windows 7 and Windows 8 – 32-bit
Minimum 2 GB RAM
Windows 7 and Windows 8 – 64-bit
Minimum 16 GB of free disk space
Windows 7
Minimum 20 GB of free disk space
Windows 8
Table 5
2 GHz or higher CPU
With multiple CPU cores if possible
Some 32-bit hardware cannot utilise
more than 3 GB so check first
30 GB or more disk space
Plus any additional space for
Windows XP Migration
NCC Guidelines 2014 15
National Computing Centre
• Software inventory. The next task is to carry out a software inventory and identify
all the applications in use. It is not uncommon for organisations to discover 10 times
the number of apps they thought they had once this exercise is complete. Many
organisations will find applications that end users have built themselves, bought
themselves, or created in Access databases or from spreadsheets or documents
with macros.
If possible, you should rationalise this list and decide which applications to keep, which
to discard, and which applications to consolidate into a single application, or a single
version of an application (eg, multiple zip archive tools or multiple PDF creation tools).
• User list. Next you need to identify the users affected and correlate them into
business departments or according to the kind of tasks they perform. Organising
users into groups based on some common characteristic will often help the IT team
to focus more on the bigger issues without getting drawn into the specifics of a
particular use case.
This is not to say that individuals are not important; but identifying groups where a
large number of issues can be solved with a minimal amount of effort means that
these ‘quick wins’ can ease the pressure somewhat and give you more breathing
space to solve the difficult ones.
• Create a matrix. Once you have gathered all your information on hardware,
applications and users, you can start to create a dependency matrix that shows
which users need new hardware from the outset, and which ones are dependent on
which applications. If you can see a large number of users who could be migrated
over except for a single application, then this application might be given a higher
priority than others (simply because it allows a large number of migrations to be
completed quickly).
Several companies have software solutions for collating all of this information
together into a form that can be used to assist in a desktop migration. Many of
these are designed to be used as part of a VDI migration, but work equally as well
for physical hardware upgrades.
Lakeside Software’s SysTrack for Windows Migration and LiquidWare Labs’
Stratusphere FIT and ProfileUnity products are good examples. Microsoft’s
Application Compatibility Toolkit (ACT) also assists in identifying and managing
your overall application portfolio.
Microsoft MAP can be used for the discovery and inventory of computers and
applications; hardware and software migration readiness assessments; software usage
tracking; and capacity planning for virtualisation, public and private cloud migration.
4. Installing the operating system and core components.
Depending on whether you decide to re-use existing hardware, move onto new
hardware or go virtual, you are going to need a way of deploying the operating
system to these devices:
• Upgrade or clean install. If you upgrade from XP to Windows 7 or 8, you need to
be aware that you will effectively have a ‘new’ installation of Windows that still has
files and folders from your old XP installation on the same hard disk. There is no
upgrade option that will preserve all of your applications, data and settings (without
some extra tools or work).
In some respects you may prefer a new clean re-install over an ‘upgrade that doesn’t
upgrade’, so it may be worth trying a practice run of both methods on a test machine
to see if keeping the files and folders from the previous version are of any use.
16 NCC Guidelines 2014
Windows XP Migration
• Manual installation on physical hardware. By far the slowest way of performing
upgrades is to carry out manual installations of each machine with a CD or DVD
installation disk. Although this is the simplest method, for any more than 10
computers you should really be looking at an automated method.
• Automated installation on physical hardware. Several options are available for
performing automated installations:
– The best known is Windows Deployment Services (formally called Remote
Installation Services) which comes as part of Windows Server 2003 onwards. WDS
can be used to remove the need to visit each machine with a CD or DVD disk, and
can also be used and tweaked using WAIK.
– WAIK, the Windows Automated Installation Kit, is a Microsoft application for
customising and automating Windows operating systems. It helps you create files
that can be used for an automated, unattended installation using ‘answer files’ that
automatically select all the options required during the installation, so a human does
not need to be present clicking the mouse or typing on the keyboard. WAIK also
provides a mechanism for editing the Windows installation images (WIMs) directly
for customising installations or modifying drivers and components.
– Microsoft Deployment Toolkit (MDT) is an enterprise solution for creating and
deploying Windows operating systems, with the added benefit that it can also be
used to inject drivers, service packs, security patches and install applications at the
same time as the original installation. MDT has a point-and-click interface, but also
supports scripts and the ‘task sequences’ used by Microsoft System Center (if
– Microsoft System Center can be combined with MDT to provide an enterprisegrade distributed mechanism for deploying operating systems and applications to
thousands of end users and devices. Most organisations will build the operating
system image and task sequence with MDT, and deploy it out with a System Center
Distribution Point.
– Group Policy can also be used to configure key settings on newly created
machines. Not all configuration and settings need to be applied during the actual
installation if you have other existing mechanisms available to you.
– Server Based Computing, also known as Remote Desktop Services and formerly
Terminal Services, can be used to provide a desktop to an end user with a desktop,
laptop or other thin-client device. The version of the server operating system you
use will determine the type of desktop you provide to your end users. It is also
worth noting that Server 2003 will provide an XP-like desktop that will be fully
patched and supported by Microsoft until 2015 (see Table 6). Applications could be
installed directly onto the server itself or provided by another method such as Citrix
XenApp, Microsoft App-V or VMware ThinApp.
Table 6
Server OS
Desktop OS
Windows Server 2003/2003 R2
Windows XP-like desktop
Windows Server 2008
Windows Vista-like desktop
Windows Server 2008 R2
Windows 7-like desktop
Windows Server 2012/2012 R2
Windows 8-like desktop
Windows XP Migration
NCC Guidelines 2014 17
National Computing Centre
– Another alternative to providing a new physical desktop is to offer a new virtual
desktop using Virtual Desktop Infrastructure (VDI). If you are planning on
implementing remote access or BYOD in the future, VDI is often a good solution for
this too.
The difference between Server-Based Computing and Virtual Desktop Infrastructure
is that with SBC each user gets a slice of a single server which looks much the same
to everyone using it. A VDI desktop gives each user their own Windows desktop
that can be configured or set up differently to everyone else’s VDI desktop. VDI
provides end users with more freedom, but can be more complicated to manage
than SBC (without the right tools or training).
The most popular VDI products on the market at present are VMware Horizon View
and Citrix XenDesktop. Most VDI products can also be bought as a suite of
products that provide all of the components required to manage the operating
system, applications and user data (VMware Horizon Suite, for example).
VMware Horizon View is a VDI product that can be used to provide a modern
Windows desktop to laptops, PCs, thin clients, tablets and smartphones. Citrix
XenDesktop is a similar solution that marries the familiar XenApp and Presentation
server line of products with a full desktop solution. XenDesktop can use the
existing Citrix infrastructure you may already have (web interfaces, CAGs,
NetScalers) and works with the existing Citrix Receiver Client and a wide range of
18 NCC Guidelines 2014
Windows XP Migration
5. Managing the applications.
Although we have talked about the operating system migration for most of this
guide, the truth of the matter is that users and businesses work with applications,
not operating systems.
In most cases the only concern about the operating system is whether the
applications that the business requires are supported on it, or are capable of
running on it with some tweaking.
If your older applications don’t seem to work on a newer operating system the first
time you try to test them, here are some options that you can try to coax them into
• Windows compatibility settings. The simplest and most often overlooked options
are the built-in Windows compatibility settings. These can be accessed by rightclicking an application file and selecting ‘properties’ and then the compatibility tab.
For more options you can also try using the Program Compatibility Troubleshooter:
• Windows DLLs. Sometimes applications will not run because DLL files are either
missing, or the wrong version has been found on the system. If a DLL file is missing
you may need to extract or copy that DLL file from another system or the
installation media, and register it with the operating system.
Sometimes just dropping the DLL in the same directory as the application that
requires it is enough to fix an application. More information about registering DLLs
can be found at
More information about the search path Windows uses for finding DLLs can be
found at
• Runtimes and frameworks. If an application depends on a particular ‘runtime’ or
‘framework’, simply installing an application on a new operating system may not be
enough to make it work.
For example, many early .NET applications were written for .NET version 1.x and
Windows 7 ships with .NET 3.5. Again version 1.0 of .NET is not supported on
Windows 7 but .NET version 1.1 is, but you may have to uninstall any later versions
before the installer will work.
If your applications complain about missing files or DLLs that begin with ‘MSVB’ you
could be missing the Microsoft Visual Basic runtimes that the application was
originally developed for. Visual Basic runtimes can either be downloaded from the
Microsoft website or may be found on the original installation disks for the
• ODBC, ADO, DAO and DSNs. If your application requires database connectivity
and makes any references to ODBC, ADO, DAO, MDAC, User DSNs or System DSNs,
then you may need to configure ODBC data sources under ‘Control Panel’ or
‘Administrator Tools’ (see
• Recompiling and rebuilding. If you have the original source code for an application,
or the Visual Basic project files for an application, sometimes you just need to open
up the application again and either recompile or recreate the installation media again
from a recently patched machine running the development tools.
Windows XP Migration
NCC Guidelines 2014 19
National Computing Centre
It’s not impossible to recompile an application developed in the 1990s on a
programming tool from the 2000s and get it up and running and installed on a
modern desktop in 2014; however this would always be a last resort where every
other option had been ruled out.
• Windows Server 2003. As discussed in previous sections, Windows Server 2003
and 2003 R2 share a common code base with Windows XP, but are supported until
2015. Businesses can leverage this in a few different ways.
• Citrix XenApp 6.5 running XP applications on Server 2003/2003 R2, and Microsoft
Terminal Services running XP applications on Server 2003/2003 R2. Later versions
of XenApp and Terminal Services/Remote Desktop Services can also be used;
however only solutions based on Server 2003 share the common code base.
• VMware ThinApp can be used to take an application that would usually be
installed directly onto a computer and package it into a single file that can be run
on other computers or other versions of the operating system without requiring any
form of installation.
A ThinApp package could be copied to the network, copied to another desktop,
copied to another server or copied to a USB stick, and the application inside the
package can be launched with a double-click without any prior installation being
Whilst this is obviously very clever, the main benefit of packaged applications is that
they can be packaged on one operating system (XP for example), and run natively
on another operating system (Windows 7 for example). This is a tried-and-tested
method for running applications on operating systems that they are not otherwise
supported on.
One interesting thing about packaging applications is that most vendors suggest
packaging the app on the oldest version of an operating system that it supports,
which is just what most people will need to do during an XP migration.
• Microsoft App-V is a very similar product to VMware ThinApp from a functionality
perspective, although it works in a slightly different manner under the hood. App-V
and ThinApp have constantly leapfrogged each other on features for the past few
years, but both now support standalone applications (no management servers
required), support 64-bit applications, and support applications that install
Windows services and drivers.
App-V is provided as part of MDOP, the Microsoft Desktop Optimisation Pack,
which is only available to organisations with a Microsoft Software Assurance
• Citrix XenApp (also known as WinFrame, MetaFrame, Presentation Server or just
Citrix) has become synonymous since the 1980s with remote access to applications.
Citrix pretty much invented the remote application market we have today and has
developed the product over the years.
Citrix XenApp has always been able to present a full desktop to remote users, but
XenDesktop was designed from the ground up as a remote desktop solution that
could be used as a compete replacement desktop, not just something used
occasionally for specific tasks. As discussed earlier, Citrix XenApp can dovetail into
existing components such as Web Interface, CAG and NetScaler.
Citrix XenDesktop version 7, XenApp and XenDesktop have been combined into a
single product that now includes App DNA, which can also be used to help
organisations plan an XP migration.
20 NCC Guidelines 2014
Windows XP Migration
• Microsoft Remote Desktop Services (Terminal Services) is often used to provide a
full desktop but it can also be used to publish an individual application in something
known as a ‘seamless window’. An even lesser-known feature is the Remote App
functionality introduced in Windows 7 and 8. Remote App can automatically display
applications available through RDS in the standard Start menu, so that end users
launch a local application and a remote application in exactly the same way.
6. Managing the end-user data and profiles.
Once the operating system and applications are in place, you can apply the user
data and profiles to the end-user device. Over the years the user’s profile has
moved around quite randomly with each version of Windows between My
Documents, Documents and Settings, Users and a new hidden C:\ProgramData
directory. Managing profiles (which also include registry settings) can be
challenging, but not impossible with the right set of tools.
• User data. It should be easy to identify standard user data, such as documents,
spreadsheets, presentations and any other user-created information, and migrate it
over to a new desktop. The easiest way to copy or move this data is usually as part
of a logon script. The reason for doing this is because the login script runs as the
user (not a member of IT staff), and as the user, they will have the correct
permissions to access all of the profile areas and home directories on the old
system and the new system.
A simple script like this could be used:
xcopy /s/e/c/d {source path}\*.* {destination path}\
where {source path} and {destination path} are local drives\mapped drives or UNC
Note that the file NTUSER.DAT will always fail to copy, as it is the local copy of the
user’s registry (which will always be in use if the user is currently logged on).
Other tools that may also be of use are Xcopy32, Robocopy and CACLS, XCACLS
and ICACLS (depending on the version of Windows).
• User profiles. The user profile is quite complicated, and is made up of the
following components (amongst others):
– The user’s registry settings (HKey Current User).
– My Documents.
– Favourites.
– Cookies.
– History.
– Start Menu.
– Desktop.
– Application data.
– Local settings.
Several methods are available for migrating these:
Windows XP Migration
NCC Guidelines 2014 21
National Computing Centre
– Windows Easy Transfer is a Windows application that can be used to migrate user
data and profiles between machines. It can be used with any of the following
devices: Windows Easy Transfer cable, network drive, external drive, USB drive.
– Roaming profiles. Enabling roaming profiles is another method of making sure that
user data can be migrated between machines that use the same account in Active
Directory. Roaming profiles can be enabled individually on each user account
through ‘Active Directory Users and Computers’, or centrally through the use of a
group policy.
– USMT. The Microsoft User State Migration Tool is a more advanced method for
migrating user profiles between machines. The tool can take some time to learn but
its advanced capabilities are worth it. Microsoft has several informational pages
about each version of USMT, but Wikipedia provides a much simpler overview for a
first-time user at
– Enterprise management solutions. For organisations wanting a best-of-breed
solution for managing the complete desktop environment and end-user experience
(including user profiles and user data), two vendors worth investigating are
AppSense ( and RES Software (
We hope you find this Guideline and the content useful. There are a lot of options
when making decisions on platform migration and many technologies to enable,
enhance and accelerate the process.
Although there is a lot of information here, it is essential to form your own strategy
and technology selection plan.
It is worth getting advice through the NCC or specialist independent companies, as
not all processes, tools and approaches are valid for every organisation or migration
As with all business-critical projects, time spent planning is one of the key factors in
a successful migration. Allow plenty of time for this planning and where necessary
get external specialist help.
22 NCC Guidelines 2014
Windows XP Migration
Recent NCC Guidelines also include…
NCC Guidelines
Volume 4 – Number 3
Agile Working
Agile Working:
Using IT to
Improve WorkLife Integration
Vol.4 – No.3
Using IT to Improve Work-Life Integration
Flexible working, though highly
popular, is not agile working. So how
is agile different? This Guideline,
written by John Eary, director of JEC
Professional Services, sets out how
agile working differs from other
forms of flexible working and
describes the people, technology
and security issues that need to be
addressed to gain the benefits of this
new way of working.
NCC Guidelines
Volume 3 – Number 11
Five Personas of
Cloud Computing
Identifying the Reasons
for Cloud Adoption
Five Personas of
Cloud Computing:
Identifying the
Reasons for Cloud
Vol.3 – No.11
This Guideline, written by Garry
Sidaway, global director of security
strategy at NTT Com Security
(formerly Integralis), examines the
five main cloud computing
personalities of organisations, as
highlighted in the company's recent
research. By understanding where
your own organisation fits in this mix,
you can assess where you are in
terms of cloud adoption, your
approach to risk and security, and
the use of third-party services.
NCC Guidelines
Volume 3 – Number 8
IT Asset Disposal
IT Asset Disposal:
Developing an
Intelligent Data
Disposal Policy
Vol.3 – No.8
Developing an Intelligent
Data Disposal Policy
This Guideline, written by Steve
Mellings, founder of the Asset
Disposal and Information Security
Alliance (ADISA) and author of the
ADISA IT Asset Disposal Standard,
explores the issues surrounding IT
asset disposal and presents the
ADISA Disposal Framework (ADF)
which is a 10-step approach to
writing, implementing and measuring
the performance of an intelligent
asset disposal policy.
NCC Guidelines
Volume 4 – Number 2
Improving Application and
Network Performance:
The Case for AANPM
Application and
Performance: The
Case for AANPM
Vol.4 – No.2
Today organisations are increasingly
dependent on the performance of
their business applications which, in
turn, depend on the performance of
their network. This Guideline, written
by Roger Holder, EMEA field
marketing manager at Fluke
Networks, examines the case for
application-aware network
performance management (AANPM)
and includes examples of how it can
speed up problem solving.
NCC Guidelines
Volume 3 – Number 10
Securing Your
Networks & Systems
Using Security Testing as a Strategy
Securing Your
Networks &
Systems: Using
Security Testing
as a Strategy
Vol.3 – No.10
To ensure your enterprise has a
sound security policy, you must
properly test it. This Guideline,
written by Spirent's Marc
Meulensteen, explains how security
and performance validation can
reduce your exposure to security
breaches and ensure you are
protected against the latest attacks.
It will give you a manifest to make
security assessment a full part of
your network strategy.
NCC Guidelines
Volume 3 – Number 7
SharePoint 2013
SharePoint 2013:
‘Taming the beast’
to build business
Vol.3 – No.7
‘Taming the beast’ to build
business solutions
Many organisations and users still
struggle to understand exactly what
SharePoint does and can deliver. As
a result, many SharePoint
implementations have suffered
significant problems. This Guideline,
written by a team from ClearPeople,
looks at the different versions of
SharePoint 2013 available and
advises on how to choose the best
option for your organisation. The aim
is to provide a complete guide to
SharePoint 2013.
NCC Guidelines
Volume 4 – Number 1
IT Challenge in Moving
to Multi-Channel
Customer Management
IT Challenge in
Moving to MultiChannel Customer
Vol.4 – No.1
Consumers now use, on average, six
different channels to interact with
businesses and this number is likely
to rise. This has huge implications for
the way organisations work with
customers, but not all company
leaders have yet woken up to the
challenge. This Guideline, written by
Paul Sweeney, director of innovation
at customer communications
technology specialist VoiceSage,
explores the options IT and CMO
leaders now have in helping their
companies become truly multi and
NCC Guidelines
Volume 3 – Number 9
Bringing Big
Data to Life
Bringing Big Data
to Life: How to
Use Insight
Vol.3 – No.9
How to Use Insight Technology
The main foundation for big data
initiatives is a technology platform
that takes data in its rawest form and
converts it into consumable,
actionable information, which can be
accessed and acted upon by
decision makers. Three core
technology layers are required to
support this platform's functionality,
but this Guideline – written by Nobby
Akiha, senior vice president of
Marketing at Actuate Corporation –
focuses on the third layer (the Insight
Layer), discovering data insights and
making them operational.
NCC Guidelines
Volume 3 – Number 6
The Perfect Storm:
Understanding the
Security Threats in
the Connected
The Perfect Storm
Understanding the Security
Threats in the Connected World
Vol.3 – No.6
This Guideline, written by Amar
Singh, chair of ISACA's London
Security Task Force/Security
Advisory Group, looks at the threats
and opportunities that the
connected and converged world
bring to a business, and discusses
how the secure modern organisation
can start preparing against these
threats using a technical and
management approach.
Further reports can be downloaded at:
NCC Guidelines 2014 23
Improving Application and Network Performance
Since 1966, The National Computing Centre (NCC) has
been helping organisations to manage IT processes and
systems development, and equip people with the skills
to ensure business effectiveness. We do this through
a unique membership service that brings together
professionals and experts to identify, create and
disseminate knowledge and experience across the
spectrum of IT issues.
The National Computing Centre Limited
Norduck House, Moat Lane, Aston Abbotts,
Bucks HP22 4NF
NCC Guidelines
The National Computing Centre Limited
Norduck House
Moat Lane
Aston Abbotts
Bucks HP22 4NF
Tel: 0870 908 8767
Fax: 0870 134 0931
© The National Computing Centre
Limited 2014
No part of this publication can be
reproduced, stored in a retrieval system,
transmitted or made available to the
public in electronic form or by any
other means (electronic, mechanical,
photocopying, recording or otherwise)
without the written permission of the
publisher. Whilst every care has been
taken to ensure the accuracy of the
editorial content the publisher makes
no representation and gives no warranty
as to its accuracy and cannot accept
any liability for any direct, indirect or
consequential damage or loss howsoever
caused arising out of or in connection
with the content of this publication.
First Published April 2014
Report inappropriate content