I recently looked into this for a friend.
I was vaguely aware of BitLocker and knew that, contrary to some popular belief, a Trusted Platform Management (TPM) hardware chip is not required to operate BitLocker. TPM merely generates a hardened encryption key to use with BitLocker. There are other ways of generating a usable key.
In any case, unless you are working for the NSA, or keeping sensitive business or personal data on a computer you want to carry around in public – or unless you’re uncertain about physical security where the laptop is kept – then BitLocker could be more of an annoyance than an asset, if used. It’s possible to envision a scenario wherein careless use of BitLocker, or malevolent physical intervention, could render your laptop unusable.
Anyway, you get BitLocker with Ultimate, but not with Professional.
Here’s a summary of what I learned. Firstly, if you’re planning to pay Microsoft for a fully-officially boxed version of the product, then you can stop deciding. Choose Ultimate, which costs $20 more. $20 is only 10% of the retail price of Professional. Ultimate is $20 worth of cooler-sounding.
Looking into the OEM and other-discount software world, the situation changes. With a requirement of 64-bit OEM Service Pack 1 (no Branded and no Promotional versions allowed), I found a difference of nearly $50 between Professional and Ultimate.
I consulted a very complete feature comparison table, to identify each specific feature provided by Ultimate but not by Professional. I used a search engine to find out a little about each such feature.
The short version of what I learned: Ultimate is a “bridge” version between Professional and Enterprise. (Of course that is visually suggested by looking at the relative positions of the columns in the table.) The feature set of Ultimate seems designed to provide a less expensive way (than Windows 7 Enterprise) to set up a client PC to access certain features catered by an enterprise server. In some cases this server needs to be Windows Server 2008 or better (surprise).
Additionally, Ultimate has a couple of features thrown in that could be useful to geeky types outside an enterprise context, and a couple more that support multiple languages in the user interface. And there’s BitLocker.
Features you get with Ultimate that you don’t get with Professional
- Security/encryption – BitLocker
- Language support
- Display Language selection
- Language packs for free
- Geeky stuff
- Boot from Virtual Hard Disk file
- Federated Search (search from within Windows Explorer)
- UNIX native environment
- Enterprise client support
- Branch Cache (bandwidth conservation by local cache)
- Direct Access (VPN on steroids)
- Enterprise Search Scopes
- Federated Search
- Multimedia redirection
- Terminal Services enhancements (audio, multi-display)
- UNIX native environment
- VDI (Virtual Desktop Interface) enhancements
Worth $50? You decide. If I were deciding for myself, I would think things like:
- I don’t think I want to use BitLocker, but in the future a client of mine might be relying on me to protect their data.
- It might be useful at some point to see the Windows interface switching between English, Spanish, Chinese, etc … not sure to what degree that can propagate to text content. Worth looking into.
- For myself, I probably wouldn’t use Federated Search.
- Alternate boot scenarios or UNIX scripting – possible, no immediate need.
- Enterprise client features – some opportunity that would require me to access an enterprise network in one or more of these ways? This would be a high-impact, low-probability (HILP) scenario.
On balance, the HILP thing plus some latent geeky tendencies, would probably motivate me to spend the $50. And Ultimate does sound cooler.