Viewing entries in
Announcements

Announcement: End of Support for CloudReady Home Edition 32bit

Announcement: End of Support for CloudReady Home Edition 32bit

Today we're announcing the end-of-support timeline for 32bit images of CloudReady: Home Edition.

Around 7 months ago, we announced new policies around device support, including the fact that Education and Enterprise Editions of CloudReady would stop providing 32bit images in August of 2019. Since that time, we’ve reviewed 32bit images, their challenges, and the time investment it requires of us, with the aim of clarifying the outlook for the 32bit images on the Home Edition as well.

In the end, it was clear that now is the right time to be retiring 32bit images for all of CloudReady.

Starting at the end of August 2019, the Home, Education, and Enterprise Editions of CloudReady will stop builds, releases, and updates for 32bit images.

Reasons for This Change

As we described in our January announcement, the Chromium and Linux communities are shifting support away from 32bit support, which leads to more and more gaps where the latest security and feature updates are unsupported, unavailable, or broken on 32bit builds.

Our core commitment with CloudReady is to provide a secure and reliable OS, and we don’t feel we can deliver on that promise on all future 32bit builds.

What to Expect Next

CloudReady v76.4 will arrive in late August this summer. That release will include 32bit builds for Education, Enterprise, and Home Editions. For all releases following that, Neverware will stop building 32bit CloudReady and will not ship updates or provide support to existing devices running 32bit images.

32bit-only devices will be able to continue running v76.4. That release may work for a few months, or for much longer, but we won’t be able to guarantee functionality, in whole or part, on those devices after that point.

64bit-capable devices that are installed with 32bit images will stop getting updates, but can be reinstalled with 64bit images. Since v64, CloudReady has provided notifications to these devices to make users aware that their device is capable, so you can check for those after each update to determine if your device should be reinstalled.


It is never our preference to limit support or prevent use on specific hardware. Nevertheless, our team is confident that this change is in the best interest of CloudReady’s long-term success, and we hope this information will help explain why.

We value every user of CloudReady and hope all of you will continue to support Neverware by running CloudReady on your devices.

 
Forrest Smith

About Forrest

Forrest Smith is Neverware's Director of Product & CX. A native of the Buffalo, NY, area, Forrest came to Neverware as a sales intern and never left. He runs on coffee, PB toast, and dollar pizza slices.

View all posts by Forrest.

 

Introducing New Update and Deployment Features for CloudReady

Introducing New Update and Deployment Features for CloudReady

 

Hey CloudReady Fans!

Ease of management has been a part of our mission with CloudReady since its launch four years ago, bringing the G Suite integration and Chrome Enterprise management available on Chrome OS devices to any PC or Mac. Today, we’re putting some of the feedback and insight we’ve gained in those four years to work in three additional features to help administrators of CloudReady.

Peer-to-Peer Updates

Peer-to-peer updating has been a feature on Chrome OS for some time, and now CloudReady will also support it.

v73.1 was the first version to support Peer-to-Peer (P2P) updating by bringing in a new update server with important protocol changes. And now with the stable release of v74.4, all up-to-date devices are eligible for these more efficient updates.

P2P updates allow managed CloudReady devices on the same local network to share their update payloads with one another, reducing the total network bandwidth required to complete an OS update. These transactions occur silently in the background, just like CloudReady updates always have. They also maintain security by ensuring update payloads are signed by Neverware, and only ever downloaded from a device managed under the same domain.

Just as with Chrome OS devices, P2P updates are enabled for all managed devices automatically and cannot be disabled in the Google Admin console. Instead, customers who do not want their devices to use P2P should disable multicast DNS (mDNS) in their network settings interface.

You can read more about peer-to-peer updating on Google’s Support page, or in the CloudReady Knowledge Base.

Update Caching

The same changes that allow individual devices to share their updates also allow for another bandwidth-saving option: update caching.

A caching server uses a proxy to download and serve copies of commonly accessed webpages and payloads, minimizing bandwidth constraints caused by many devices contacting the same endpoint. When it comes to Chrome OS and CloudReady updates, their availability over HTTP make them perfect candidates for caching, allowing devices to retrieve an exact copy of their update without leaving the local network.

Google’s Support page on update caching includes a number of important considerations that you should review carefully if you are considering update caching.

Mandatory Enterprise Enrollment

While P2P and Update Caching both enable functionality that was already possible on Chrome OS, our third feature brings the ability to do something that is only possible on CloudReady.

Mandatory Enterprise Enrollment is a new management feature for CloudReady that allows admins to require that devices be enrolled for Chrome Enterprise management prior to first use, and even optionally set a domain name to restrict enrollment to their chosen G Suite domain.

Mandatory Enterprise Enrollment is made possible via an interaction with my.Neverware.com and Neverware’s servers, similar to our existing CloudReady licensing. Some changes in the my.Neverware.com console surface these controls, including the “Plugins” tab being renamed to “Device Configuration” and the addition of a new sub tab for Enrollment:

CloudReady new feature: Mandatory enrollment for new devices into the Google Admin console using Chrome Enterprise

When you enable Mandatory Enterprise Enrollment via the checkbox above, your devices will check in with Neverware servers prior to first login and then automatically lock the device to Google’s Enterprise Enrollment screen, requiring the person setting it up to successfully enroll it (to the domain of your choice, if configured) before it will allow any other use.

This feature provides peace of mind for IT Admins who need to ensure only fully managed devices are deployed in their environment.

Note that existing deployed CloudReady devices are not impacted by Mandatory Enterprise Enrollment - only newly installed devices on v74.4 or higher will support this feature.

For more info and answers to common questions about Mandatory Enterprise Enrollment, visit the CloudReady Knowledge Base.


With all of these new features, we hope IT admins who are rolling out CloudReady for the first time, expanding their install base, or just maintaining healthy machines will see benefits.

If you have thoughts or needs for future improvements like these, we encourage all customers to bring that feedback to our support team, their Account Manager, or any member of the Neverware team.


Forrest Smith

About Forrest

Forrest Smith is Neverware's Director of Product & CX. A native of the Buffalo, NY, area, Forrest came to Neverware as a sales intern and never left. He runs on coffee, PB toast, and dollar pizza slices.

View all posts by Forrest.

 

ZombieLoad and CloudReady

ZombieLoad and CloudReady

 

What is ZombieLoad?

Over the last few weeks, a security exploit known as “ZombieLoad” has been published. This vulnerability, somewhat similar to Spectre and Meltdown in the past, allow attackers to abuse performance features on a computer in order to run arbitrary code without the administrator or user’s consent. There is a lot of information available about this issue and we recommend that all IT admins take some time to read up on the issue, starting with these suggested links:

  • https://zombieloadattack.com/

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130

What actions should CloudReady users take?

CloudReady, similar to Chrome OS, has automatic updates turned on by default, so as in the past, no action is necessary in order to receive security fixes unless you are currently restricting updates.

To ensure your school or business receives security updates as soon as they are available, make sure you are following all recommendations listed at https://network.neverware.com on your organization’s networks, and that you are not blocking/disabling device updates in your Google Admin console.

How is Neverware responding to these issues?

Yesterday, v74.4 of CloudReady was released to all Editions and all release channels of CloudReady. Along with normal improvements, that update includes mitigation strategies for ZombieLoad to match the changes Google has made for Chromebooks.

What are the security patches in v74.4?

To mitigate these new risks, Chrome OS and CloudReady v74 are disabling Intel’s "hyper-threading” wherever it is available. More about this fix, the rationale for implementing it, and the limited impact on performance can be found from the Chromium authors here:

In our testing so far, there have been limited changes to performance on CloudReady devices, even amongst our oldest machines.

Other and ongoing security patches

The Google and Chromium teams intend to ship additional improvements and protections in v75 and onwards to further limit any risk from ZombieLoad. As always, our commitment to security and reliability on CloudReady means that CloudReady devices will receive those same improvements when we release v75 and v76.

We will update this blog with any additional info as it becomes available.

CloudReady update URL changes

CloudReady update URL changes

 

Hey CloudReady Fans!

TL;DR

Neverware adds new network services in some updates, and does not employ static IPs for our service URLs. Therefore, we always recommend whitelisting all traffic to the neverware.com domain whenever possible.

Update URL Changes

For those customers who restrict network access, please make sure to note the following new update URLs in CloudReady version 73.1 and up, and add to your whitelists (if you are not already whitelisting all traffic to neverware.com):

  • (Enterprise and Education Editions) https://cloudready-paid-update-server-2.neverware.com

  • (Home Edition) https://cloudready-free-update-server-2.neverware.com

CloudReady devices on v73 and higher will use these URLs for all update information going forward.

Update payloads will continue to be downloaded from the same URLs as before, however for v73.1 and higher, the download protocol will be HTTP. Customers should be aware of this change in case they're blocking HTTP traffic. Google already delivers securely signed update payloads via HTTP, and we’re excited to start following this model to close one of the few remaining gaps between CloudReady and Chrome OS.

The old update URLs below still apply to previous versions of CloudReady and should also remain whitelisted until all devices are on 73.1 or later:

  • (Enterprise and Education Editions) https://cloudready-update-server-2015-03-12.neverware.com

  • (Home Edition) https://cloudready-free-update-server.neverware.com

Devices hitting the older URLs (i.e., those on CloudReady 72.4 or earlier) will continue to receive update payloads over HTTPS.

Why this change?

With v73.1 of CloudReady, Neverware is introducing peer-to-peer OS updates. The changes above are in service of this new feature, and are expected to bring bandwidth and speed benefits, especially to customers with large fleets.

Most devices, being on the Stable channel, will not be affected until v76.4. As long as they are on 72.4, their machines will continue using the old URLs. Once they update to 74.4, those machines will attempt updates with the new URL, which will happen when 76.4 goes out, as long as they remain on the Stable channel.

Please contact us with any questions or concerns using the links below.

CloudReady is now Citrix Ready certified

1 Comment

CloudReady is now Citrix Ready certified

Hiya CloudReady Fans!


We’re back with another blog post to tell you about an awesome partnership we’ve established.

CloudReady, meet your long-lost cousin (on your father’s side), Citrix Ready!

Neverware has joined forces with Citrix to officially certify CloudReady with Citrix’s suite of solutions, under their Citrix Ready program.

Before jumping into what this means, let’s hit pause for a second and talk about what Citrix is.

What is this Citrix business anyway?

Citrix is the company behind an industry-leading virtualization product, Citrix Virtual Apps and Desktops (formerly known as XenApp and XenDesktop). Virtual Apps and Desktops allows organizations to securely and conveniently use Windows or Linux applications/desktops, running on a remote cloud or on-premises data center resources, and delivered to any end user device, ranging from mobile phone to CloudReady device to Chromebook to Windows PC.
More information here.

What is the Citrix Ready Program?

As defined by Citrix, “Citrix Ready is a partner program that showcases verified partner products trusted to enhance Citrix solutions for mobility, virtualization, networking and cloud platforms. The Citrix Ready designation is awarded to third-party partners that have successfully met test criteria set by Citrix, and gives customers added confidence in the compatibility of the joint solution offering.”

While CloudReady and Citrix have always worked well together, this partnership takes it one step further, providing additional elements of value to our customers and our product.


So really, why is this partnership important to CloudReady and our customers?

  • It’s not official until it’s on Facebook the Citrix Ready Marketplace.
    CloudReady is now officially defined as a supported operating system in Citrix’s Chrome Devices ecosystem, so that organizations can confidently adopt CloudReady without replacing their hardware or tools.

  • Can you hear me now?
    This partnership has deepened the channel of communication between Neverware and Citrix Product & Support teams, allowing Neverware to be both a strong resource of knowledge and a voice for our customers that are either using or considering using Citrix products.

  • Into the future, and beyond!
    Citrix Ready certification doesn’t only mean mutual product compatibility at this point in time. It also means that all future improvements Neverware & Citrix make to their products will be supported and complimentary.

Why would I want to use Citrix on CloudReady?

Many organizations see the value of CloudReady’s secure, manageable and easy-to-use platform, but dependencies on old or familiar Windows applications stop them from changing their endpoint OS. Things like Andrew from finance’s killer Microsoft Excel macros or Michelle from accounting’s full-version of Quickbooks are the reasons that organizations feel the need to remain on old/legacy platforms.


There’s a solution!

Virtualization tools like Citrix can deliver these applications seamlessly to your CloudReady devices, allowing your users to experience all the great things that come with CloudReady without sacrificing any business-critical functionality. Users and teams that are ready to move to a full cloud experience can do so, while users who still rely on legacy applications can continue to use them via CloudReady and Citrix’s highly secure and manageable environment. The combination of Windows applications running in Citrix’s seamless window mode, with CloudReady’s local, multimedia-rich browsing and web application experience, is sure to change the way you think about end user computing.

 

Microsoft Excel running seamlessly on CloudReady via Citrix.


 
 
Note

Side Note:

Our Product Team is working hard to further improve the experience of Windows apps on CloudReady. Want to help us mold the next-generation of end user computing?

 


How did we achieve Citrix Ready certification?

The CloudReady operating system was run through an exhaustive list of test criteria that validate the robust Citrix Virtual Apps & Desktops features, specifically on CloudReady devices. Things like graphics performance, multi-monitor support, & peripheral support are all tested to ensure a high standard of functionality across the entire CloudReady operating system.

We can all now sleep soundly at night, assured that we’ve done the testing, research and due diligence to ensure enterprise-ready compatibility with Citrix technology and CloudReady.

Got questions?

Using Citrix on CloudReady or Chrome OS already? We’d love to hear from you! Reach out here.

 

1 Comment

Announcement: CloudReady Device Support Policies

2 Comments

Announcement: CloudReady Device Support Policies

Today we're announcing two new policies to clarify CloudReady's support for certified models as they age. You can read about the details of each individual policy via the links below, and read further in this post to get a better understanding of how and why we developed these new policies.



Policy 1

32bit CloudReady images will no longer be offered or supported starting in August of 2019.

Read the policy

Policy 2

As of today, certified models now show a date when their official CloudReady support will end, with the nearest date being August of 2020. Going forward, certified models will generally have a support lifetime of 13 years from their OEM release date.

Read the policy


Reasons for These Changes

As a company, we believe in keeping good hardware running for longer, and for that reason retiring features or ending support for devices is always difficult. However, we have learned from our customers that reliability and predictability are just as crucial to a strong IT strategy as longevity and savings. So as we work with our customers, we are hearing more and more about how CloudReady can be a stabilizing factor in the their 2, 3, or even 5-year technology plans. In addition to shipping a reliable operating system, it's become clear to us that we also owe it to customers to provide the tools and information to anticipate the inevitable retirement of hardware, making it part of their plan, instead of a potentially disruptive surprise.

There is inherent conflict in CloudReady's mix of modern user experience, elite security, and deep legacy hardware support. Regardless of how deftly these tensions are navigated, technology's inexorable progress will eventually generate problems if you combine the newest features on the oldest hardware. We intend CloudReady's new hardware support policies, more than anything else, as a reflection of that technical reality and a blueprint for how we intend to continue handling it alongside you, our customers and users.

Hardware-specific bugs are unpredictable. Until the day they first appear, devices may perform perfectly, creating a dangerous balancing act between keeping your oldest devices usefully-deployed and avoiding the nasty surprises that can derail your IT plans. These new policies put Neverware's expertise to work on that problem for you, offering retirement timelines for your aging CloudReady devices that minimize risk without wasting good years.

Background for Policy 1: 32bit Builds

In the case of 32bit CloudReady, we see a short-term concern and want to act quickly to minimize the risk for CloudReady devices. Google doesn’t offer any 32bit Chromebooks, and has ceased support for the Chrome browser on 32bit Linux as well. With Google, and many other key Linux contributors, dropping the architecture, many tools and open-source components are falling into disrepair, making 32bit-only support increasingly challenging and bug-prone. As we incorporate support for better security and more Chrome OS features, we are setting an ambitious timeline of August 2019 for migrating all customers off of 32bit builds so they can benefit from all of CloudReady’s ongoing improvements.


Background for Policy 2: Models Older than 13 Years

For other aging hardware on CloudReady's certified list, we've identified a timeline that applies to every certified device. Under this policy, you can confidently keep devices deployed for 13 years from their original OEM release date. When that time is up, these devices will become just like other non-certified models, receiving the same regular updates, but with no guarantee of support.

When we first started selling CloudReady, no one we spoke to had active devices that were this old. At the time, we found that devices from the 2004-2005 era or earlier were impossible to use with CloudReady due to changes in support for a CPU feature called PAE. Since PAE was deeply ingrained in Chromium OS’s security model, we learned that this would represent a fundamental limit for supported devices.

While no two issues are exactly alike, we think this background on PAE is a good demonstration of the types of generational changes that, over time, will inevitably crop up and force older hardware to be retired. With all the info and experience available to us today, 13 years feels like a timeline that will comfortably avoid unexpected problems, but still keep devices deployed for many years beyond what was possible before CloudReady.


2 Comments

CloudReady USB Maker Updates

2 Comments

CloudReady USB Maker Updates

 

Hey CloudReady Fans!

We’ve released a new version of the CloudReady USB Maker today. The new version has a couple of helpful features and some fixes for an improved user experience.

Release Notes

  • Format CloudReady USB installers after done installing: Unlike the default Windows format feature, this new Welcome screen option preserves the storage capacity of the USB device.

  • Removal of USB device format prompt: Windows will no longer prompt users to format the device after USB installer creation.

  • Fixed: When running the USB maker a second time, "What's next?" text incorrectly displays during the USB installer creation step.

About the CloudReady USB Maker

The CloudReady USB Maker is a Windows application (.exe) that you can download directly from Neverware to guide you through the process of creating a CloudReady USB installer.

Current customers, or those with a trial of CloudReady, can get the USB Maker by logging in to my.neverware.com and visiting their Downloads tab.

Users of the Home Edition can find the latest version here.

As always, your feedback and suggestions are welcome!

Have questions at Home? Visit the forums!

Need help at school or work? Support's here to help. 

Need help installing?

2 Comments

Introducing the CloudReady Referral Program

Comment

Introducing the CloudReady Referral Program

 

Hi CloudReady fans!

Today, we’re very happy to share with you an exciting new initiative: the launch of our CloudReady referral program.

Since we brought CloudReady to market in 2015, more than 1300 schools and school districts have used CloudReady to transform their existing devices into secure, fast, and easy-to-manage machines that deliver the Chromebook experience—efficiently and affordably.

We know, however, that 1300+ schools represent just the tip of the iceberg, and that there are many other schools and organizations with similar needs and challenges that could potentially benefit from CloudReady.

That’s where you come in. We’re asking you to help us spread the word and raise awareness about CloudReady.

With our new program, you can refer colleagues and peers whom you think could benefit from CloudReady. For each referral who installs a CloudReady trial, you get a $50 credit toward your renewal. And when they purchase CloudReady, you get a $100 credit.

The more organizations you refer, the sooner you’ll accrue a free renewal of CloudReady (or additional CloudReady licenses) for your school or district!

You can find full details about how the program works, including how you can get started, here.

All CloudReady customers will receive an email containing your unique referral link, so check your inbox! (If you didn’t get the email, no worries—you can contact us or visit the Referral program page to have it sent to you.)

Happy referring!

Comment