Microsoft: The Road Most Traveled
Microsoft is making big promises about Longhorn and other product development, but will it deliver? We spoke with company execs about initiatives in security, server operating systems, storage, convergence and
July 15, 2005
Right now, Longhorn is grabbing most of the attention, but it is only part of the road map that Microsoft has laid out. Major initiatives in systems management, security, collaborative applications and mobile computing are in the hands of partners and developers. Further down the road, CTO and collaboration software guru Ray Ozzie's fingerprints may be all over Microsoft's applications and general approach to computing.
But where are Microsoft's products headed in the immediate future? Based on the results of high-profile court cases in the United States and Europe, you might wrongly assume Microsoft would build a litigation-proof strategy of product separation and distinction. But Microsoft executives consistently talk about greater integration of functions into the operating system and tighter coordination of applications. As XML becomes the Microsoft standard for describing data within and between applications, broad horizontal frameworks that tie front-end and back-end systems--as envisioned by the "Office as Platform" initiative--will become the model for development across the company's product lines.
One of the drivers of many Microsoft initiatives is the company's greater sensitivity to the charges that its applications and operating systems are insecure. Many of the Office platform enhancements are based on authenticating each user and drawing user privileges and access levels from an Active Directory database. Improvements in the messaging platform and mobile computing applications will make it easier for authenticated users to carry that authentication with them throughout an enterprise, so they can securely access information from any location. Also, Microsoft's server improvements include significant enhancements to the process of updating and validating server code, and all Microsoft operating systems (which now have a common code base across client and server versions) can take advantage of No-Execute features in current-generation CPUs.
The total picture is of a company that has its range of products moving in unison, with Longhorn as both the rallying cry and the goal. As with most technology, however, the details are critical. --Curtis Franklin Jr.Look around your data center. You likely see a number of Microsoft Windows-based servers, all chugging away to process your organization's data. Since the release of Windows NT 4.0, Microsoft has been a force in the data center, and since the release of Windows 2000, that force has gained strength.
Yet, the depth of Microsoft's market penetration and the maturity of Linux threaten the company's data center growth. More than 20 percent of the respondents to our reader poll said their companies had migrated away from Microsoft products in the past 12 months, while less than 10 percent had migrated from other vendors' products to Microsoft's. Most of those who migrated to Microsoft's wares had used products from Novell or SCO, while almost all who migrated away from Microsoft products went to Linux or Apple OS X offerings. No surprises there. What is somewhat surprising is that Microsoft's own polling yields different results: The company says it sees both Windows and Linux gaining share at the expense of big iron operating systems.
In our poll, we didn't quantify the number of machines, nor did we qualify our questions to limit responses to production systems, so that might be the explanation for the difference. It certainly gives us food for thought.
Microsoft is both hated and loved for its deep and easy product integration. It should come as no surprise, then, that when we asked Microsoft execs why people should stick with the company's operating systems, the consistent response was: "Integration of experience across workload and across server products." We have to agree: At least in the short term, the ease of integration between most Microsoft products makes for an attractive package.
When we asked Microsoft what the company focused on with regard to changes in server hardware, Walt Ralston, senior technical product manager, pointed to the X64 editions of Windows 2003. The focus on making the operating system available at the same time that 64-bit chips were reaching the market in large numbers is a taste of what we can expect as dual-core and multicore processors become large players in the server market.When asked if the Windows Driver Verification program is finally over the acceptance hump, Ralston said all those tools are available online, the process takes only a week, and certification costs only $250. "The end result is that you have device drivers running with maximum stability for servers," Ralston said. Certainly, $250 is not prohibitive to small vendors, which is probably why the number of unsigned drivers has decreased.
It's no secret that Microsoft is noticing increased competition from Linux and other open-source applications, and Linux is perceived as a cheaper overall solution. Since Microsoft has built its business on price and ease of use, our last question was a broad query on the future of the Microsoft operating system. Ralston said he is optimistic based on the number of people with networks and broadband connections but without servers. The server applications and tools group has driven profits over the past few quarters, but we noticed that he couched his response in terms of users who do not have networks today. We hope the server app side of his answer will keep the enterprise in Microsoft's sight as it develops future generations of its server operating systems. We also hope that when it says server applications drive profits and it builds future versions of the OS, the company is thinking in terms of the enterprise--the largest consumers of server applications--even though the OS group seems focused on the tiny, networkless business.
Microsoft showed us a not-to-be-shared plan for server operating systems through 2009. Considering how far off that is, we assume this road map is incomplete, but we can expect more of what we've seen in the recent past--64 bits, improved interoperability between Microsoft products, and even a few surprise additions, like support for Linux in Microsoft Virtual Server. In the end, we're optimistic too. Anything that makes the job of enterprise IT easier is OK with us. --Don MacVittie
Analysts spend a lot of time hyping the enterprise benefits of SOA (service-oriented architecture), but rarely do they discuss the benefits of a software vendor running with SOA. Microsoft's "Office as Platform" strategy does just that. The company has decided to make Office a platform for the enterprise, similar to application server platforms, but more focused on desktop productivity functions.
SQL Server 2005 leads the charge (read our review on page 17). Although it's still in final beta stages, SQL Server 2005 looks promising, with more than 1,000 new features, including integration of the .Net Common Language Runtime (CLR) and out-of-the-box data encryption technology. Thomas Rizzo, SQL Server director of product management at Microsoft, said SQL Server 2005 lays the foundation for the next 10 years of database technology.SQL Server already offered EII (enterprise information integration) capabilities, but Microsoft also "made bets around SOA," Rizzo said. Although many relational databases provide direct XML access to data, and some go a step further by providing Web services access, no competitor has embedded the ability to use XML and Web services as data sources.
But Microsoft isn't stopping there. Integrated storage is the next big thing, according to Rizzo. "Data lives in silos, and we hate that," he said. Windows File System (WinFS) will solve that problem by offering an integrated store system, which will enable search and integration across disparate data. But it's about more than just searching data. Microsoft is interested in the semantics of the data and discovering the relationships between data and, according to Microsoft, WinFS understands relationships between documents, e-mail, contacts and even records in a database.
Like other groups within Microsoft, the SQL Server team is relying heavily on the next version of Office for access to features like analysis services and dashboard capabilities within SQL Server. Just about all business intelligence vendors offer Excel integration, because they recognize that enterprise users are familiar with the program. With Microsoft extending Excel's use into the BI realm and beefing up its SQL Server Analysis Services, vendors like Business Objects and Cognos will endeavor to keep their own products ahead of Microsoft's. Microsoft maintains that the database should provide the analysis services rather than push off that responsibility to a client. Few can argue with the need to deploy--and ultimately support--fewer products on the desktop.
SQL Server 2005 isn't the only Microsoft technology to embrace the "Office as Platform" strategy. Microsoft Business Solutions (MBS) has a product road map that moves its business solutions, including Great Plains, Navision and Solomon, to take advantage of Office as the presentation layer. The target market: not just small and midsize businesses, but also departments and branches of large enterprises. "We are deliberately targeting the spokes of enterprises," said Christian Pedersen, senior director of the New Solutions Offerings for MBS.
Microsoft continues its vision of affordable agility--through initiatives like Project Green, which "componentizes" Microsoft's disparate Great Plains, Navision and Solomon business solutions to fit together in an SOA fabric. The first wave, which will give each application the same look and feel, is projected by 2007. The second wave, which will extend Microsoft's portal into all product sets, is expected by 2008. With Office and SQL Server 2005 capable of consuming services as easily as a kid eats ice cream, customizing business solutions for vertical markets as well as enterprise needs becomes almost child's play.Aiding in Project Green, WinOE, Microsoft's workflow engine, will be embedded in Longhorn. Workflow and business project management must integrate the human component, and the forthcoming Office 12 coupled with WinOE will make that integration easier not only for Microsoft, but also for all vendors in the business process management and workflow markets. Microsoft is exceptionally good at adapting to the user, and it's difficult to argue that users aren't comfortable with Office and Outlook as productivity tools. Providing a mechanism by which products can easily integrate with workflow and business processes within the underlying OS would let the market concentrate on scalability, auditing and automation rather than the user-interface technology required to bring users into the flow. A lot depends on whether WinOE is standards-based and interoperable--something we won't know until Longhorn is ready for serious testing.
So though MBS products might be considered small potatoes for a few years, Project Green may change your mind as it moves to a more flexible, adaptable framework. Customers needn't worry about the convergence between the product lines. "We're not forcing migration from one product to another," said Pedersen, adding that the componentization will provide the necessary convergence without being intrusive.
We're not convinced. It sounds plausible, but we've all seen the mess that can result from upgrades of one Microsoft technology to another, so we aren't willing to take bets on this one. Those who tried to upgrade Windows 95 instead of just wiping their drives know that upgrades of any kind are fraught with problems; the developers cannot possibly anticipate them all.
However, keep a close eye on MBS in the next few years. With the focus on scalability and security in SQL Server, the heavy investment in moving business intelligence into SQL Server and the general acceptance of Office as a platform, Microsoft may yet move its business solutions into the corporate class. --Lori MacVittie
Microsoft has spent the past couple of years driving into storage, as evidenced by the release and subsequent update of Windows Storage Server, the surprising popularity of the Microsoft iSCSI Initiator and the announcement of Microsoft Systems Data Protection Manager.Claude Lorenson and Ben Matheson of the Windows Storage group told us Microsoft intends to stay as technology-agnostic as possible while the Fibre Channel/network-attached storage/iSCSI debate rages. Microsoft's iSCSI Initiator is a key element of many iSCSI deployments, but for the company it's an indicator of a job well done more than Microsoft's intentions in this market.
Microsoft launched the iSCSI Initiator in June 2003. The next version, to be released later this year, will include Multi-Path IO [MPIO] and other enhancements. Version 3.0 will integrate with Active Directory and RADIUS-type protocols as access controls.
In our Real-World Labs®, we've struggled with the application of user-level security while testing all block storage products. Most block-level products do an excellent job using RADIUS to secure management interfaces, but do little to limit the access a user has to a volume. User-level access control should be centralized. Although we're not certain Active Directory is the right place for this, it's an improvement over what we have today: no user-level control unless it's implemented at the file and directory level across the storage area network.
We also asked Lorenson and Matheson about the success of Windows Storage Server (WSS, which is used by 10 percent of the respondents to our reader poll). They noted that Microsoft has sold more WSS units in the "greater than $500" NAS category than anyone else. Since no one who has experience in storage actually counts units, this isn't an impressive stat. It might make for good marketing on Microsoft's part, but it's easy to sell more $500-to-$1,500 units than $10,000-to-$250,000 units. Their comment doesn't tell us anything about the amount of storage sold or the dollar income, both of which we suspect is higher for the high-end NAS vendors.
We also asked about Microsoft's Simple SAN Initiative for Windows Server, a process to certify its resellers' products as a Simple SAN, and how Microsoft's plan is different from others out there. Matheson said that Microsoft typically sells to Windows admins who work with environments of 20 or fewer servers.So, when it comes down to it, Simple SANs are for simple environments. Our only concern is the same one we have with all Simple FC SAN products and initiatives--once you open each server box to install a host bus adapter, then configure that HBA and apportion storage, does simple apply anymore? We think not, but Microsoft is at least approaching this problem from a logical starting point.
We also asked about System Data Protection Manager, a replication/CDP (continuous data protection) solution Microsoft plans to release in early 2006. Developed in conjunction with tape vendors, the solution is a disk-to-disk-to-tape product, meaning it lets systems administrators stream off their data at fast disk-to-disk speeds and then back up to tape at their leisure, greatly reducing the backup window. Microsoft is entering a competitive market with several well-known vendors making inroads.
Overall, we applaud Microsoft's efforts with the iSCSI Initiator and look forward to evaluating DPM. We'd like to see real numbers for WSS, but since the product is resold, we probably won't be seeing those numbers anytime soon. Microsoft's Simple SAN will struggle, just like all the other Simple SAN initiatives have, and we are glad the company is working on storage issues right in the operating system. Storage must be tightly coupled with the operating system to operate at its best. --Don MacVittie
Microsoft has developed a reputation for leaning toward ease of use and away from security. It has responded with several initiatives, from integrated patch management to tightening default OS permissions to implementing code for No-Execute CPU features. For a security update, we spoke with Gordon Mangione, senior vice president of security products.
One of the most significant challenges has been the fact that most application software and users run their sessions at the administrator level. Microsoft will use the Least-privilege User Account (LUA) to fix this situation in Longhorn. LUA should be highly effective against worms and spyware but will require changes in behavior for both users and developers.Ideally, software will allow the storage of application-state information in locations and use embedded functions without requiring administrative privileges, complying with guidelines Microsoft put forth two years ago. Users and system administrators will be able to deploy user profiles that include much more restrictive operating privileges than those at the administrator level. Microsoft has provided tools to make this a reality. For example, if an application under Longhorn requires access to parts of the registry protected by administrator privilege, the operating system can provide a virtualized copy of the registry that will be seen only by the affected program, minimizing the potential impact on the system and other software. For users, Microsoft has created a Protected Administrator feature that allows greater security at the admin level, since individual programs will run at the least-user privilege unless they've been preapproved for higher privileges by the organization's systems administrator.
Microsoft's emphasis on rights--user rights and system access rights, among others--is its basis for security. Network Access Protection, which originated with Windows Server 2003, limits network system rights based on configuration and policy status. Rights Management Services (RMS) define who can read, alter and duplicate word processing, spreadsheet and other files according to the user profile stored in the Active Directory database.
Of course, all of this works best in a homogenous, fully integrated Microsoft environment. One of the more serious questions about the entire rights-based security framework must remain the extent to which user rights can be stored, queried and transmitted in an environment that contains a variety of operating systems and applications. Microsoft has shown some willingness to acknowledge the existence of Unix and Linux, and the company has long made the right kind of noises about standards compliance. There is always the caveat, though, that working in anything less than a 100 percent Microsoft framework means accepting dramatically reduced functionality. That reduction means one thing when you're talking about whether a printer is low on ink and quite another when you're managing the identities of your network users.
The biggest changes for users come from two directions. First, the question of which rights you have will always be present, making itself known in everything from the way you authenticate to the network to the files you're allowed to open to the applications you're permitted to execute. Your network identity carries many more consequences in the new Microsoft security plans, and administrators must have the policies and procedures for dealing with identities that matter--something not always present in today's world of "permission creep." Next, with permissions properly applied, users should be able to work more comfortably and safely, with less worry about malware and malicious software from various sources.
It does seem that Microsoft is taking questions of security seriously. Moving users and processes to the least possible permission level and taking full advantage of the No Execute bit on modern processors should, by themselves, take care of many malware issues. Enforcing policies for gaining network access will make the network and its components much more secure (though Cisco and other security vendors have their own ideas about what that policy enforcement should look like). Taken as a whole, though, the Microsoft security products coming in and around Longhorn will provide administrators the tools to create a more secure network, and will make using those tools easier by coming to life with more rational and secure default behaviors. It's hard to guess precisely how attackers will respond, but Microsoft's new focus on security should at least make the criminal's job more challenging. --Curtis Franklin Jr.In the description of its Dynamic Systems Initiative (DSI), Microsoft talks about how committed the company is not only to espousing this standard in its products, but also to making sure it gets as many partners supporting DSI as possible. Microsoft is shipping DSI technology in Visual Studio 2005, Microsoft Operations Manager (MOM) 2005 and Systems Management Server 2005. Additionally, management vendors Computer Associates, Dell, NEC, Hewlett-Packard and Opsware are either shipping DSI modules or adding them this year. It would be easy to wave aside this Redmond attempt to monitor and manage the world as just marketeering, but after a chat with two execs in Microsoft's Enterprise Management Division--Kirill Tatarinov, corporate vice president, and Anders Vinberg, architect--we were optimistic about this initiative to build management into products.
DSI isn't the only proposed management framework. Industry initiatives including ITIL (IT Infrastructure Library), Business Service Management and Autonomic Computing all attempt to improve distributed IT systems management. It might seem like Microsoft is coming late to the party, especially since IBM's On Demand and HP's Adaptive Enterprise have been woven into those companies' respective management pitches for years. In addition, CA, BMC Software and other management vendors promise heterogeneous cross-silo management. But Microsoft may actually deliver a critical mass of adopters, making multiple-vendor participation a reality. Microsoft is talking up its DSI management framework as a way to build management into all applications, not just its own, from the start.
DSI, like any management framework, comes with lots of APIs and proposed partnerships. Systems Definition Model (SDM), a critical part of DSI, is a programming language used to express operational management knowledge in an application. SDM represents management information about a system, application or piece of hardware using class properties. For example, SDM can define the specification of thresholds indicating the health of a network application for all application components. Predefined health metrics apply to specific OS, hardware and applications.
Microsoft Operations Framework (MOF) covers best practices. A Microsoft extension to ITIL best practices, these recommendations explain how to operate and use systems once the systems are configured. Tatarinov and Vinberg defended yet another Microsoft standard as necessary in order to gain momentum quickly. They said that waiting for ITIL to reflect DSI specifics would slow adoption to a crawl. We agree--it's been 10 years and counting for DMTF (Desktop Management Task Force) initiatives. And we detected a real enthusiasm as both Microsoft representatives gushed about the outreach to new partners willing to develop SDM modules.
Beyond sharing practices, SDM models configurations prior to deployment. Modeling is a good--even a great--thing that few outside the government and academia bother with because of the complexity of real-world situations. Prior to joining Microsoft, Vinberg was responsible for the predictive modeling technique of CA's Nugents, a complex performance-monitoring software to predict system usage and even failure. Unfortunately, Nugents hasn't delivered on CA's promise to foresee performance bottlenecks, at least not in any wide-scale way. Given this background, we were skeptical about SDM's predictive claims, but Vinberg bluntly attributed the failure of Nugents to a lack of committed resources, a claim that rings true from our testing of CA performance management.So, DSI has a core modeling language, Systems Definition Model (SDM), and a best practices-based Microsoft Operational Framework (MOF); not to mention Tatarinov and Vinberg's evangelistic fervor regarding newly converted vendors. Does this mean we should jump on board? A better question might be: How can we not? --Bruce Boardman
Microsoft has a hand in many digital convergence technologies, including video, streaming media, podcasts, VoIP (voice over IP) and instant messaging (IM). Dennis Karlinsky, group product manager of Microsoft's Real-Time Collaboration Group, got us up to speed on the company's plans for messaging.
Microsoft once had an IM system that worked solely with Exchange servers. This product had a limited feature set and wasn't competitive with other IM systems. So in 2003, Microsoft rewrote its IM product from the ground up and released the Live Communications Server (LCS). It offers additional features and presence capabilities, including support for industry-standard SIP (Session Initiation Protocol) because the old Exchange protocol wasn't extensible enough to support market demands, according to Karlinsky.
Windows Messenger likewise was deprecated for corporate IM. Although LCS 2005 supports Windows Messenger, Microsoft has released a new enterprise client--Office Communicator--that is the preferred client for the private IM system. Windows Messenger will remain the core for the consumer side. Office Communicator is not installed by default on any current release of Windows, so Microsoft isn't taking special advantage of its considerable installed base, as it did with Windows Media or Internet Explorer. Karlinsky couldn't provide details on Office Communicator for Longhorn, so we don't know if Office Communicator will be installed by default. But Office Communicator will be the OS' preferred client, so you don't have to wait for Longhorn to start rolling out Microsoft IM.
Microsoft's goal is a horizontal IM and presence platform. A Microsoft value-added reseller can add vertical market and specialized components through APIs. LCS can work with SIP and VoIP systems to add presence management and IM. SIP lets you integrate audio, video and data collaboration to the IM client as well as outside networks. Microsoft LCS 2005 has gateways to AIM, Yahoo and MSN. Although Microsoft provides both the public MSN network and the private LCS system, these are considered different networks. Microsoft has an advantage over its competitors by offering a gateway to the big three players.Microsoft is also incorporating presence information into Outlook and the Office suite. Microsoft's goal is to have its IM system work with third-party business applications, such as customer-relationship management products. Karlinsky highlighted Microsoft's partnerships with a number of developers, including Polycom, Siebel and Siemens.
Just about every time Microsoft embraces an open protocol, there are claims that the company breaks its own application. For instance, Microsoft has been charged with making extensions to SIP that won't work across all IM clients--a claim Karlinsky doesn't completely deny, stating instead that some of the features customers demanded just weren't supported by SIP/SIMPLE at the time. Microsoft will move toward the new standards as they progress, and away from its proprietary protocols. We can only hope that Microsoft will truly embrace and not extend. If LCS is to be an underlying product with other SIP and VoIP products, standards compliance is essential. Tight competition with IBM Lotus SameTime--another SIP IM suite--should keep Microsoft in line.
Karlinsky said he foresees an IM explosion within the next 12 months, and we agree. The next major revision of LCS will come out in 16 to 18 months, though another service pack may be released before then. Microsoft's success here will depend in part on what VoIP vendors offer as supported IM solutions. Siemens, a major VoIP vendor, sells a product that runs as an extension to Microsoft LCS server. If other VoIP vendors create their own IM and presence suites, or use competing products like IBM SameTime, Microsoft will have a tougher go. --Michael J. DeMaria
You May Also Like