Steve Ballmer Speech Transcript – Networld + Interop 98

N+I Keynote

Steve Ballmer


[Due to the varying sound quality and subject matter of tapes, the information in this transcript may contain inaccuracies.]

STEVE BALLMER: Thanks to all of you for taking the time and joining me this afternoon.It’s a real pleasure.I apologize to those of you who look like you’re standing; you’re no worse off than I am but you were supposed to have a chair.I apologize for that.

I notice I’m sitting here, or standing here under this rocket.I actually came in and I have a lot I want to talk about today, pretty serious stuff, pretty important set of things that I think we really need to put our heads down and work on in order to deliver to our customers who are very focused in on networking and management the tools they need. We tried to cut the rocket down, but NetWorld + Interop is on a roll I guess and it had to stay up there for this presentation.

This is a particularly exciting time for me to have a chance to make this presentation.So much is going on in the networking world, so much is going on in terms of Windows NT and the way people are looking to use it inside the enterprise.It’s also a time though that really so much is going on in terms of networking equipment.I happened to be in Pittsburgh yesterday, and I had a chance to meet with Eric Cooper, the founder of Fore Systems, and we were talking about the fundamental change that’s happening in the networking equipment world as people look to move from a model that essentially resembles that of the old mainframe to a model that’s much more like that of the PC world today.General-purpose operating systems, very programmable, being used to run the switches, the routers, the etc. of the future.So it’s a great time to have a chance to be here and to talk with you today.

The focus of my presentation though will be on the kinds of things that I think we need to do to really make the PC enterprise ready.Certainly PC servers, PC clients are being used broadly through enterprises today, including for many mission critical applications.But the question still gets asked about the PC and about the software that comes from our company.Is it really ready for the enterprise?Is now the time?So I want to kind of give a little framework.Because people are pushing along that envelope.And I want to tell you where we are and what we think we need to do.

It’s important for me to give you a little bit of perspective on how we see our customers.About a third of our business comes from the largest enterprises in the world.Those enterprises, though, are made up of a number of different constituencies.There’s the business people, the users, the line-of-business decision makers who care a lot about the value that the computing infrastructure can bring.We’ve talked a lot recently in the press, and we’ve been doing some advertising about a concept we call the digital nervous system.It’s an expression that’s designed to embody the aspirations that we think information technology people and business people should have for the value of IT.I don’t want to talk about that today because I don’t think that’s the issue most germane to the people who work with products every day.

For the developers, for the IT infrastructure people who really work with the products, who bring the digital nervous systems to life inside companies large and small there are key issues.We’ve proposed a major architectural framework for the developer.We call it Windows DNA:Windows Distributed Internet Architecture.Today I really want to talk about the fundamental architecture that I think is important in the data center, in the network, in the management approach that you bring, or that we will bring as PCs become more important in the enterprise.I like to call that the Windows Management Architecture.So I want to come back to that point once I give you a context of where Windows NT is today and how we hope to evolve the management infrastructure in the future.

First a reminder about the evolution of Windows NT particularly over time.When we started building Windows NT back in the last 1980’s we had a simple goal: we wanted to bring together the best of Windows with the best of Netware with the best of Unix.That was really the focal point for the first releases we made of Windows NT.Over the last several years we’ve been focused in on bringing together the best of Windows NT with the best of the Internet as we’ve included browsing capabilities, service capabilities, richer TCP/IP support that’s been a real straight-on focus.I’d say our focus at this point in time, in 1998, is really in some sense bringing together the best of NT with much of the best of the mainframe in terms of the manageability and reliability for which it’s known.

Now I’m going to admit to you that we have a long way to go but I want it to be clear that this is the objective, the top objective that we’re pursuing from a management perspective certainly with Windows NT today.And it is one of the prime objectives for Windows NT as we move forward during the course of the next several years.

Windows NT has been a product that has been received really quite well in the marketplace.There are now over 20 million Windows NT workstations deployed around the world, three million NT servers; we’ve seen good volume and good acceptance, both as a file server and as an application server.And we’re very proud of the fact that today there are as many new databases, relational databases installed per year on NT as there are on Unix.We’re very proud of the way that NT is picked up as a file server or a print server or an infrastructure server.

We’ve seen application vendors really build around the Windows NT server and client model.Over 4,000 applications from people not only like SAP and Baan and PeopleSoft and Oracle and Lotus and Microsoft, but literally thousands of vendors who make vertical applications, small business, retail, pharmaceutical applications, sales force automation applications and the list goes on and on.Windows NT really has emerged as an incredible riveting point for the development of business applications.We have around the globe almost 20,000 solution providers, companies that we work with very closely who have skills and training and ability to provide services around Windows NT.There’s over 250,000 people who passed the Windows NT certification tests at either the product specialist level or the more advanced systems engineer level.

We formed an important partnership, in cooperation with Cisco, where we’re working together on directory-enabled networks, working to make sure that the Active Directory which is in NT 5 is well supported in both environments, that we have a common view of how to do network multi-media, quality of service, and a lot of other important issues, I think, as we take a look at what’s going to be required to run the networks of tomorrow.So we’re pleased with the uptake in the market.We know we have things we need to work down on the management side, but we’re pleased with what we’ve seen happen and the customer acceptance.

The thing that is most gratifying, I think, as we think about customer acceptance is what’s actually happening in real live customers.Take Prudential Insurance.Prudential Insurance is a company that has had quite a grab bag mixture of systems.There’s not been one centralized networking or management infrastructure.They had Wang systems and OS/2 systems and UNIX systems.They decided to really try to pull things together into one homogeneous topology, manage the TCP/IP network in one homogeneous way.They decided that they wanted to standardize on NT Workstation and Server, and use NT as the foundation for their management approach.They’ve rolled out already 25,000 of the 85,000 NT Workstations that they planned to deploy.They have 6,500 NT Servers in place.Maybe I’ll read to you just a couple of comments from the folks at Prudential, and let you get a sense of why they’re so excited.
“We recently deployed a new enterprise application that they wrote, and additional workstation software to 5,000 users, in two weeks, as opposed to several months.”
The gentleman goes on–George Luidas from Prudential–
“We feel, at this point that Windows NT 4 is a mature product.It provided the scalability, stability and reliability we require for our systems.We keep up to the latest Service Packs through a very rigid change-management process.The equipment runs well.It stays there, and it doesn’t have much downtime.We look forward to some of the new capabilities, in terms of transaction server, Internet server and SQL server.”
And he goes on from there.

This kind of response, this kind of satisfaction really is gratifying to us.We know that for many in the audience, you’ve had very good experiences.Some of you’ve had more mixed experiences.Our goal is to strive to get the kind of result in each and every organization represented here that we’ve seen at Prudential Insurance, or that we’ve seen at Turner Broadcasting Sales.

Turner Broadcasting Sales does all of the ad sales on behalf of the Turner Network–CNN, TNT, etc.They had an old environment based around Pathworks and DEC All-In-One Mail.They converted that over to be based on NT, our Systems Management Server, Microsoft Exchange, the sales automation application written using Microsoft Office as a component, and BackOffice.That’s the mission-critical application of Turner Broadcasting Sales–automating the sales process, getting advertising sales done.They’ve seen very, very good response and had very, very good performance out of that system internally.

I’d like to show you just a short videotape, and we can hear directly from the folks at TBS about what their experience has been and why they’ve been very pleased with their investment in Windows NT.


I’m glad there was a little chuckle at the end.

So much for the good news.So much for the kinds of very positive experiences that customers are having.But there’s still a lot of issues, a lot of areas in which I think we can continue to improve, and a lot of areas where we’ve had feedback from customers to apply our best energy, our best initiative, a lot of areas that people have very high expectations from their experiences, particularly in mainframe environments and with years of having a chance to hone their UNIX systems and others.

There are three areas in which we get consistent feedback, consistent focus that comes from the people that run the networks, provide helpdesk services, run the data centers around the world, where we need to continue to push forward.What I’d like to do is try to summarize for you what we think we’re hearing, some of the things that we’re doing, and some of the things that I think we’ll still have left to do.

The first is in the area generally of configuration management.One of the great issues today is managing large networks of PCs, keeping those up and running, making sure that, as there’s migration, new applications are to be deployed, new system pieces and components, new desktop tools, that the tools and infrastructure allow those kinds of migration and configuration management to happen very seamlessly.We get consistent feedback.People want to centralize the configuration process.It’s crazy today the degree to which many customers run around and touch individual desktops and individual servers.To some extent, there are tools in place, from us and others, that customers don’t have deployed, that can help.But there’s still a lot more that we need to do in the management infrastructure to improve in this area.People want configuration to be profile-based.If Joe is a member of the marketing department, there’s a set of things Joe ought to see, be able to do, be able to work with.

Software distribution — distributing software today takes a long time.I was pleased to hear about the kinds of improvements we’ve had at the Prudential.But, when I sit down and talk to customers who are trying to do an SAP rollout, an Office migration, and they tell stories about how it can take a year, a year and a half, I know we have a problem, an area in which we need to invest to provide better tools.Part of that relates to the issues of migration.Migrating from release to release of anything is hard.Is the code compatible from release to release?The applications that people have built have gotten so complicated that it is even more important that an application, no matter what components it uses–Windows, Office, third-party applications–can move transparently.

State information — I don’t know how recently any of you have upgraded your PC.But the whole process of upgrading a PC highlights some of the difficulties in migrating state.The state of your system — your user profiles, your configurations, your settings — are distributed in many places.We’ve got to make it much easier for that information to be centralized, to be transparent, to be understandable, and move from system to system.It’ll take constant work from our industry to work on issues of data format compatibility from release to release.These are issues, which every day, I know can reach out and bite the people in this audience in a bad way.

I was talking to somebody who’s involved in one of the big on-line services recently, and they were talking about how their basic view of software distribution is very different than the view we use inside the enterprise.Inside the enterprise, the default mode is you roll something out, and then, if it doesn’t work, you roll it back.The basic model in an on-line service is quite different.You roll out something to a few users.You see what their experience is.You keep propagating it, or you immediately can pull it back.That requires essentially a transacted configuration manager.So it’s very easy to roll something out, pull it back, and return exactly to the state the system was in before it ever got touched.

Release management — there’s a discipline required about release management from software vendors and from the application vendors and developers inside your own organization.There needs to be a discipline about what gets changed, how things get changed, how often they get changed.It’s possible to do great work in this area.I was out meeting with one of the largest retailers in the world.They’ve got thousands of sites of retail stores to which they need to distribute software.They distribute and update the software in their stores every two weeks, every two weeks.Now, some of you may say, oh, my God, to propagate new releases of software to several thousand locations every two weeks is amazing.But there’s a very strong discipline to the procedures and processes that they follow to accomplish that.Their stores have UNIX servers.They’ve got NT servers in them.Yet they’re able to roll out new software on an every-two-week basis–really quite amazing.

The tools and infrastructure, though, need to make all of these things simpler.It shouldn’t be a requirement that there be huge sophistication in your shops in order to get any of these scenarios to work very well.There’s a lot more machinery required to provide the kinds of capabilities in the configuration area and migration area that we see today on host-style systems.

The second area I want to focus in on is availability and reliability.How do you meet service levels?What are the sets of questions and issues?Growing up in the PC world, as we did, the issue always wound up…the issue used to be just one of testing.How do you test, test, test, test, test?Every year, we’d work to get better and better and better.Our industry has worked to get better and better.But a lot of the issues, as the PC and the PC server really permeate the enterprise, a lot of the issues aren’t just about the quality of the software.It’s about its resilience.It’s about the tools that it gives people to help detect problems in advance, to repair problems, to do maintenance on-line, to balance workloads in case there’s an unforeseen set of capacity issues.

So the kinds of things which are certainly imminently required and which we think we need to attack as an industry — clustering and load balancing, very high on the priority list of things we hear from people.Event monitoring — it is terribly difficult today, even with third-party tools, to do a great job of monitoring what’s going on, on a broad set of PC systems.Preventive management or on-line health — I think it’ll be a long time, unfortunately, several years before the PC industry can rival some of what the mainframe does in this area.But the notion to anticipate problems — not just when a disk is likely to get full, but when is this application likely to have a failure or a problem, or is this user likely to run into a condition that is problematic?There are some basic things we need to be able to do first in the software.The applications that people write must be better instrumented, which means the operating system must provide tools and standard support for that kind of instrumentation.That’s what it’s going to take to get the preventive management.That’s what it’s going to take to get very rich diagnostics built into the system.

I was talking to the CIO of one of the large Canadian banks several weeks ago, a customer who just decided to move forward with the major deployment on one of our products.I was saying thank you, and then asked, how are things going?What’s our experience with you over the last several months?He said, it’s really very good.Our systems are by and large up and running, which is great.We’re very happy with that.When we’ve had problems, your support people have done a fantastic job.I said, that all sounds pretty good.Is there more?He said, well, yes, there is.There’s a but.I said, what’s the but?He said, we’ve found that it’s just a good idea for us to reboot this one NT Server every four weeks, whether it needs it or not.I said, excuse me?I had some idea what was coming.He said, well, we wind up hitting a problem.If we let the system go much over four weeks, we almost always have a problem.So, rather than run into it, we just reboot the system.When we have had the problem in the past, we’ve not been able to capture enough information to provide to your people to fix it.They’ve always been happy to come and visit us, and see, but we can’t predict when this problem’s going to occur.

What you need to do is focus on the kind of diagnostics that IBM finally had to put into the mainframe systems, where essentially you start capturing a little bit of information in a very focused area and then ask for more and more and more, because, if you just try to instrument everything to solve this problem, you’ll slow the system down.You’ll never be able to finish all the development.You’ve got to really take a look, think through, study what has been done in these host systems in this area.He sent me a big book on the kinds of analysis tools that have been built up for specific problem-shooting, troubleshooting types of exercises, the kinds of things that he’s now asking for, looking for and expecting.He said, we’ve seen this kind of thing before in the host systems.We’ve had host systems that have problems, that required some kind of major reconfiguration or reset periodically.But we have better tools to get to the root cause of the problem than we do in the PC systems.

Certainly everybody in this room is familiar with the concept of DLL…what word should I use…DLL conflicts.That’s the nice word to use — the DLL conflicts that can occur inside a PC environment at the desktop or at the server.We need to take steps forward to help isolate the effects of DLLs on one another, so that configuration and reconfiguration cannot threaten the kind of availability and reliability that people expect in the servers and workstations that they’re deploying.

Security — two days ago, I had the pleasure of spending most of the day on Wall Street.Thirty percent of the stock trades in the United States, retail stock trades now in the United States, occur on-line–30 percent!One of the top areas of focus and interest, of course, from these folks on Wall Street were the issues of security.How do we control access?There’s many parts to this problem.It’s not all about the Internet.

But there are some fundamental things people want to see: centralized authentication, policy-based management for access, secure business transactions, secure purchasing, non-repudiation.This is very big in the financial sector.You have to be able to not only log in, but you have to be able to prove that a person said they actually made the transaction.Otherwise, people say, oh, no, no, no, no, I’m sorry.I didn’t really intend to buy that stock.That must have been a miscommunication.Maybe somebody impersonated me… Particularly if the stock goes down.This is a very common phenomenon in the telephone environment of financial services.There’s a set of work that needs to happen to put the right technologies in to avoid the kind of repudiation that’s a problem.Private communication, improved auditing, server isolation–these are issues which are all known to people here, but, in some senses, security demands on the PC market exceed what we’ve ever seen in the mainframe world, because of the Internet.The Internet puts sort of a new standard, a new bar, and a new set of requirements that come out of the fact that people really want to do electronic commerce.They really do.

I’m asked sometimes, will IT spending really go totally off the deep end next year because of Y2K?The basic answer is probably yes, I expect there to be some decline.But particularly because of the push and interest in people in deploying electronic commerce systems, I expect to see spending stay at a higher level than it might if people were to really freeze everything down.So I’m cautiously optimistic.

But security is getting to be the big issue in the electronic commerce world particularly, and particularly for business to business transactions.It’s one worry to worry about sending credit card information across the Internet.The kinds of concerns people have if they’re going to do multimillion dollar funds transfers, business to business, are, again, quite a different thing, and require quite a different and more extensive security infrastructure.

Now, the management approach and management architecture has to be something that really underpins the whole system.When we talk about our development architecture, Windows DNA, every application that’s built to Windows DNA needs to participate fully in the management architecture of the PC.It’s not good enough to just say, Windows will do this.We need to manifest a whole set of services, which the system itself takes advantage of.That is the additional add-on services in Windows NT, that the equipment vendors, both the communications equipment vendors like Cisco, like 3COM, like Nortel, like others, and the PC hardware vendors take advantage of.The core server applications, the messaging systems, the database systems, from Microsoft, from Oracle, from Lotus, should participate in this management architecture.The line–of-business applications, the desktop productivity applications, the filing tools, the print tools, the intranet servers must all participate.The way we manage user profiles must all participate in this management architecture.

So, as we look forward to Windows NT 5 and what we need to accomplish, we know what we need to accomplish is to put in a framework that literally we can pull developers to support and we can pull the infrastructure community to support, in much the way that developers have supported the rest of the Windows API over a large number of years.

I talked a little bit about the market progress and market success of Windows NT 5.I want to talk a little bit about…Windows NT 4.I want to talk a little bit though about how Windows NT 5 is really the core product that will take us forward and let us start delivering this Windows management architecture.Now, some of you’ll probably scratch your head and say, jeez, jeez, jeez, we’ve been hearing about this Windows NT 5 for a long time.You have, and I wish it had been less long.But I think it is important, particularly since NT 5 does carry the first…or I should say the next quantum leap forward of the Windows management architecture in a way that’ll let us get a quantum step forward.Really jump ahead in terms of rising to the challenge of making the PC enterprise-ready.

You know, for businesses and digital nervous systems, there’s something in NT 5.The way Office 2000, our new product, really works with the Internet Information Server, is very important.But it’s not the most important thing in Windows NT 5: the way we take the DNA architecture forward in NT 5 is super-important.NT 5 will carry the COM+ programming model, which is really the backbone of Windows DNA.That is one of the bedrock capabilities in NT 5.But I think probably the biggest change in NT 5 will come with the introduction of the Windows management architecture.I want to run through some of the pieces of that for you.

Some of the pieces span configuration, availability, reliability, security.We move to be policy-based in our management approach with NT 5.The improvements to the Microsoft Management Console, or the MMC, are important, because hopefully the ease of use that it presents to you in managing Windows client, Windows NT Server systems.We provide some automation tools for the infrastructure professional through the Windows scripting host.But those are just the capabilities that sort of override everything in the Windows management architecture.

As we think through the issues of configuring systems and the kinds of problems that I had a chance to talk to you about earlier, just look at some of the machinery that we’re putting in Windows NT 5.The Active Directory–most of you’ve heard a lot about that and know a lot about that.

The IntelliMirror technology was an important addition to Windows NT 5 that came kind of late in the process.It was not originally planned to be part of NT 5.It was one of the reasons why the product hasn’t shipped by now.But IntelliMirror is the basic…gives us the basic technology to start centralizing the management of programs, the management of state in the system.It gives us some of the machinery that will allow us to improve the entire software distribution process and the entire DLL management process in the system.

We’ll centralize the management of state on a server.That state is transitive. That system, the IntelliMirror system, can manage especially new applications and their DLLs, in a much more intelligent way than today’s systems.That IntelliMirror technology can propagate software out to the client, but in a way in which the master copies remain central, and we’ll show you that in a minute.There’s a new technology in NT 5 that we call Windows Installer Service.We’re certainly going to encourage all software vendors to take advantage of the Installer Service, because that’s a key step in being manageable by IntelliMirror and in gaining some of the configuration benefits that I talked about earlier.

The Windows Terminal Server — the Windows Terminal Server’s kind of a funny beast.But I do view it as part of the configuration challenge.Many people use the Windows Terminal Server either because they have people coming in over slow links and they want to be able to put in place an environment where the computation is configured centrally, or because they simply are very cost conscious, and want to configure a low-cost hardware solution.Windows Terminal Server was also a later addition to Windows NT 5.

The other thing which we have put in place now, even before Windows NT 5, is a very regularized process, starting with Service Pack 4, which has been very late, but starting with Service Pack 4, a very regular and disciplined process of quarterly service pack releases, with an entirely separate team to make sure those things really come out on a very regular basis, and a discipline about making sure that our programs, our applications don’t depend on operating system capabilities that aren’t in a regular service pack, that are in a QFE or some other distribution form to our customers.So a lot more discipline and regularity in the release process.

I’m going to ask David Hamilton from our product marketing team to come up and join me now.We want to show you some of the things in Windows NT 5 that affect change and configuration management.So please welcome David Hamilton.

DAVID HAMILTON: Hi, Steve.Okay, Steve, you spent some time talking about configuration management and the cost of change.What I want to do is show some of the improvements we made in Windows NT 4, and the way we’re going to get better in Windows NT 5, as well.


DAVID HAMILTON: Now, Windows NT 4 has added a new service pack recently, which you just talked about.That service pack includes something called Windows management instrumentation, which provides more data on what’s going on in that system.We can use that information in real world environments.I’ve got the Microsoft Year 2000 Web site up on my demo system at the moment.You can see we provide something we call a Product Guide, which lists all our products and their compliance levels.This is something you can use yourself to understand the compliance of the applications you have installed in your environment.It tells me whether SQL and Excel and Exchange, and so on, are compliant, at what level, and so on.Now, I can use that data, and I can combine it…

STEVE BALLMER: I tell you, I get asked about this all the time from customers.Having this stuff availability and really up to speed, that’s an important step.

DAVID HAMILTON: Yeah, but that is only half the problem.This is very abstract.

STEVE BALLMER: It’s half the problem…?

DAVID HAMILTON: Yeah.What I need to do is take that and apply it in a real world environment, and I can use that Windows management instrumentation technology and use SMS to do that comparison.Now, what SMS has done here is it’s sucked in that database, it can do it in a dynamic way, and allows me to run queries to find out where problems are in my environment.So it goes and discovers all the applications and looks at problems.It looks at the hardware and tells me about BIOS problems as well.For instance, I’ve got a range of Access applications, Access 2 applications installed on systems.Now, Access 2 is an old version of Access.It’s not compliant.So it’s telling me that.Now the nice thing about Systems Management Server is it actually delivers me the other half of the problem, the other half of the problem, as well–the solution.

STEVE BALLMER: Let’s go back a second.


STEVE BALLMER: I noticed you had some non-Microsoft products also in the list of things on that system that showed up as non-compliant.

DAVID HAMILTON: I do.That’s correct.The really nice thing here is, as standard with Systems Management Server, we provide the database of Microsoft applications, but it’ll allow you to import any database.So, if you go to a vendor…for instance, we have some vendors here who provided us with their compliance information…you can just load that file in and do those checks.

STEVE BALLMER: …and this is on the Web site today, and people can use this?

DAVID HAMILTON: It’s on the Web site.You can download it and use this.It’s really nice.I play with the demo a lot.Now, with Systems Management Server, once I’ve found my problems, for instance, like Access 2, what I can do is I can roll out fixes.So, for those systems that are having problems, I can centrally push out the fix that they need.So kind of a nice combination of taking that instrumentation, improving NT 4, to use the information on the Y2K Web site to roll outthose fixes.


DAVID HAMILTON: Now, what I want to do is show you the kind of things we’re doing moving forward with NT 5.0, on this system over here.Now, NT 5 adds a new piece to the puzzle, which is the active directory.What the active directory gives us is a highly distributed multipurpose directory that allows us to manage particular components.For instance, I can manage user settings.I can manage applications.I can manage…I can even manage data.So I’ve got a particular user here.It’s myself.Actually, I’m going to manage myself.I get away with a lot of stuff in a demo.

STEVE BALLMER: In a demo?You’re allowed.

DAVID HAMILTON: I guess so, just this once.Now, that user is in the headquarters domain.What I can do is I can assign a group policy to that particular domain.The way that actually looks is I have the ability to, say, assign documents, assign applications, assign policies.For instance, for that group of users, I could say that they need to get the benefits document and the street market handbook.Everyone in my organization needs those documents.They shouldn’t need to store them locally on their system.They should just be generally available.So, as an administrator, I’ve said let’s give them those documents.I’ve also said, let’s give them a range of applications.Now some of these applications, as an administrator, I’ve decided that they have to have.In that sense, when they log on, we deliver them in what we call a just-in-time fashion, and install them on the system.

Now, that’s only half the problem.You also need to publish applications that people can install if they wish.You make them available to them.If those people want those applications, they can pull them down.Let’s actually have a look what that means to the user.I just locked this system.Let me unlock it.On the system, if I go into the My Documents folder, should find that those two documents are there.

STEVE BALLMER: Because you’ve assigned those to me, and they’re always on my desk, no matter what I do.

DAVID HAMILTON: That’s right.That doesn’t mean that I don’t own that My Documents area.I can create a new document, like a text document, and put it in here.This is my area.What I’ve said is, you’ve always got to have at least those two documents, because you need them.As an administrator, I know that.I can also see what applications are installed.Visio’s installed, for instance, on that particular desktop.So those profiles have been applied in terms of applications, and in terms of documents.Now, what users tend to do…you know, I’ve done it myself…is, I wonder if I can free up some disk space?I’m going to delete this executable.I’m sure I don’t need it.I’m sure it’s not part of my regular job.Now, what happens usually is, when that user comes in and launches Visio again, it should fail with some cryptic message like don’t find the DLL, don’t find the exe, or whatever.But, because my profile says I need this application to be whole, we use this thing called Windows Installer Service to go out and get that application and pull it across.Now that same service is the service you talked about in terms of DLL conflict.

STEVE BALLMER: This is a benefit that you get, if the applications that you’re installing have been re-written to take advantage of the Windows Installer Service.

DAVID HAMILTON: …and Visio has made use of that.So the user didn’t even really know he’d broken something.We kind of fixed it for him, without him worrying about it.Then we’ve got that information.

That’s kind of half the problem.What happens when my system fails?Okay, so, out back they just pulled out the power plug.You’ll have to believe me.It’s their favorite bit of the demo, probably my least favorite.Now, what I do is, as I roam to the other machine, which is now up on your screen, I log into that machine.What I’m doing is…well, what the administrator has set up this system to do is to cope with a disaster recovery situation.For me, disaster recovery has two costs, or disasters have two costs.There’s the cost to the user, who is unproductive, and there’s the cost to the administrator about rebuilding the system.Now, the nice thing is, because I’ve set up profiles, I can roam to another machine, log in, and those profiles will follow me to that machine.

STEVE BALLMER: Your profile, your user information is now entirely centralized.

DAVID HAMILTON: That’s correct.But, at the same time …..

STEVE BALLMER: So we’re not storing any information in the registry –none of that junk is on the hard disk?

DAVID HAMILTON: No, it’s not.

STEVE BALLMER: So, when I would go get my new computer next time, my new computer would really be configured just like my old computer?



DAVID HAMILTON: Now, what’s really nice, you might see that, I don’t just have two documents, I have three.I created that new text document.I don’t have to log off that machine and log on to this machine.

STEVE BALLMER: It’s everything.It’s your data.It’s your state.It’s your preferences.Everything has been IntelliMirrored not only to this machine, now you said you’re you on this machine, it’s been IntelliMirrored here for you.

DAVID HAMILTON: In a dynamic fashion.So that document I created 15 seconds before the machine went south is already there and available for me.That’s great — that’s provided me with a temporary solution.If I borrowed this machine from the IT department as a loaner for a couple of days, it’s great.But what about actually fixing the problem?Well, the nice thing in Windows NT 5 is we’ve got this thing called the remote installation service, and what that remote installation service allows the administrator to do is actually roll out a remote OS to the client machine…roll out a remote operating system.As a user, when my machine was ready for me to move back to, all I would need to do is just very simply enter user name and password, if I can type, a domain, and follow a very, very simple wizard that allows me to set up this computer from a centralized location.So I’ve got my temporary fix by roaming to a different system.I’ve got the permanent fix by rolling out the OS.So, as you can see, changing configuration management is getting much better.

STEVE BALLMER: Super.Thanks, David.


STEVE BALLMER: Let me talk about some of the things now on the Windows management architecture delivered in NT 5 for availability and reliability.One is quality of service guarantees in the new TCP/IP protocol stack, which we think people will find very important.There are many cases where there’s simply insufficient network bandwidth reserved for a given application, a given class of users.This will be based upon policy.We addressed that with the new protocol stack in NT 5.The Windows management instrumentation that David talked about I consider very important again for availability and reliability.The events that we collect, the information that comes out of the system that somebody can use to really monitor the system and understand what’s working and what’s not working is an implementation in NT 5, that applications need to take advantage of.We provide clustering for the systems services in NT 5.The DHCP implementation, the DNS implementation, the file system itself–those are all now clustered services which hasn’t been the case with the clustering implementation we have in place.

For applications that are written as modern applications to take advantage of COM+, we will provide application load balancing, as a high-availability feature in NT 5.Disk quotas, so we can count on restricting the user from filling up the disk in a way that others suffer as a feature of NT 5.I talked about the characteristics of IntelliMirror.New applications that are written using the Widows Installer Service will actually have management on the DLLs of their applications, so that they cannot collide with one another, and so that their DLLs are held separately for them from other applications.So the new class of applications begins to separate itself.Of course, it doesn’t do anything for existing applications.

Dynamic volume support helps with on-line maintenance.You can move things to other machines.Auto restart of failed services helps a lot in terms of availability and reliability.Far from everything we need to do, but a very good start in the management architecture is implemented in NT 5.I’m going to invite David to come back on stage and join me and show you a couple of the things in NT 5 for availability and reliability.

DAVID HAMILTON: You can’t get rid of me today, Steve…


DAVID HAMILTON: Okay, so what I’m going to show you very briefly is some of the functionality for availability and reliability.I’m going to start just very briefly with NT 4 and Systems Management Server 2.0 and show that, based on feedback from a lot of you, what we’ve done is we’ve actually added the ability to do network topology.What we’ve got here is a network topology map, providing you information about what’s going on in your network as a whole.Now, that’s okay to help us with proactive management, to keep our NT servers up and running 24 hours a day, seven days a week.But with NT 5, what we want to do is actually add a business focus to that.Now, I’m going to take you over there, Steve, we’re going to wander over here.What we’re adding with NT 5 is this notion of quality of service.You talked about service level agreements a little bit earlier.

I’ve got a really interesting configuration here.Hopefully, you can see, what we’ve got happening here is we’ve got a feed.That feed is coming through this particular machine, and is going into a 3COM QOS-enabled Switch.It’s going across the network, back into another switch, and back out this PC.What you’re seeing on the screens on eitherside is actually the output from that.What happens when I cause problems?What happens when our network becomes saturated, as for some reason networks seem to do?Well, I start to see problems.Now, what happens if this is a financial application and it’s the end of the quarter, and I’m trying to close my books.And my network suddenly became busy because everyone’s downloading the latest version of Quake.I’m in trouble.

STEVE BALLMER: Not at Microsoft.

DAVID HAMILTON: No, of course not.No one plays Quake at Microsoft.

STEVE BALLMER: As long as they pay for it, it’ll probably be okay.

DAVID HAMILTON: Now what we’ve done with Windows NT 5 is we’ve given you the ability…hopefully you’re seeing this on one of your monitors…to actually modify the policy and say that particular applications or particular users have a greater level of availability…

STEVE BALLMER: Of network bandwidth.

DAVID HAMILTON: Network bandwidth.So, for instance, I’ve got this user, Todd, and all I’m going to say about Todd is Todd gets more bandwidth than anyone else.Todd’s important.Not sure who Todd is, but he’s important.What you’ll see, across a period of about 10 seconds, is that my data feed will gradually come back, and will fix the problem.So you see we’re rectifying ourselves.Now, the network hasn’t gotten any less busy.I can promise you, that network is churning away.You’re seeing some distortion.But I’m able to make the application work.So I’m able to guarantee a quality of service for a particular application I’m using.

STEVE BALLMER: That requires the cooperation, of course, to work together with Cisco, with 3COM, with others, on quality of service, and the way that’s implemented through TCP/IP.

DAVID HAMILTON: Absolutely, and what we’re using here is the directory-enabled nature of bringing together networks and directories and users and providing this kind of solution.


DAVID HAMILTON: Okay, I’m done.

STEVE BALLMER: Super–thanks very much, David.

I want to turn, as the last area, to security.I talked about the important needs and some of the scenarios.NT 5 is rich in the way it extends the Windows management architecture for security.Kerberos, public key security with certificates, we support IP Sec in Windows NT 5.The file system can be encrypted, if you want to encrypt things…actually in the file system.Very important, I would think, for laptop users and for servers, which you can’t count on physically securing.You can securely install the OS so somebody can’t come along and impersonate the operating system in the wrong way and install over your system.We do support virtual private networks as a basic built-in functionality of Windows NT 5 and its communications and dial-up facilities.Just a start, but I think still quite a good start.I’m going to invite Ron Cully from our team to come on up and join me.We’ll show you a little bit of some of these capabilities in Windows NT 5.Ron…

RON CULLY: Hi, Steve.How’re you doing?

STEVE BALLMER: Good.How are you?

RON CULLY: Great.We’ve heard a lot from our customers about how important security needs to be as a priority in the company.And what we’ve learned from that is that not only does it have to have all the richness they need, but it has to be really simple so it reduces the time it takes to do complex tasks.We’ve done a lot in both NT 4 and in NT 5 to make that better, but we don’t have time to show all that.So what we’re going to do is going to show two things.First, how do we make it better to secure end systems, because for the security of end systems, you brought up the question of…”how do we do this with secure environments?

So what we’re going to do is walk through Security Configuration Editor.The second thing we’re going to show is how do you secure your network.A lot of people out there are doing a lot with the network today.VPN is becoming really important to support mobile users who need to come in.

First, let’s take a look at how we support the security of the end system.In NT 5, we’ve added in a thing called the Security Configuration Editor.What we found is this was so important that we back-ported it to NT 4 and we added it into Service Pack 4.

STEVE BALLMER: So this is available to people today.

RON CULLY: Yeah, this is available today.Let’s say that you’re an administrator, and you just got a pallet full of new systems in that have got Windows NT Workstation, and and your applications.But, maybe your password policy is not the same as what you want for your corporation.Or maybe there’s some registry entries that you want to have adjusted.

Or, another case, maybe you’re the administrator.You just inherited responsibility for a system.You found out the day before the former administrator was escorted out for a security violation, and you’ve got to plug the hole that he left behind.So how are you going to find that in the hundreds of things that are there?

What we do is we go over to…here we have Windows NT 4 server, its a domain controller, and we can load on the Security Configuration Editor.Now, if we look in configurations, we can see a number of templates that define how security should be established for a given system, based upon the type of system.So, since I’m the DC and I want a secure DC, I can see that I’ve got password policies here about how long the password age has to be, minimum password length, etc.Let’s say I want to find out what has changed on this particular system.I can go in and do an analysis on this system.I’ve done this earlier to save a little bit of time, but basically import that template.We can take a look and see what’s changed.So, by going into the password policy, we can see that there are some things that have been changed and the security’s been relaxed.So I can go in and I can change an individual item, and have some differences.Or, if I want to, I can go into here and say,
“configure the system now”
, and it will apply that template to the system and restore all the configuration parameters to what I want.

STEVE BALLMER: That’s great, it’s great.You can do that all centrally across users of a given class.

RON CULLY: Yes.You do need to…right…you need to go to the particular system, run this tool, and that will restore the results.


RON CULLY: Okay, the second thing is that 50 percent of the…or, at least 50 percent, if not more…of traveling workers are carrying notebooks with them, and they need to have access in and out of their network.Virtually everybody in the Web environment is out there doing things on the Net.So there’s two important areas of security.First, I need to make sure that I can provide secure access into the network so my business travelers can get access.Second, I need to secure the network so that the outside world can’t hack through and get to things.

So what we’ve done is, we have two things in Windows environment.First, on Windows NT, we include routing and remote access service.This service integrates both direct-dial remote access here on this COM port, as well as virtual private networking access from the Internet through some other link, and provides a secure way of communicating in.So this gives you a central way of managing that, which is nice.

The second thing we can do is we can add to that the Microsoft Proxy Server.The Microsoft Proxy Server provides us the Web management, the Web security management.So, if we look at the properties here of the Proxy Server, we’ve added in…we’ve opened up the port that’s necessary for VPN access.We’ve also opened a port for domain name service resolution out into the Internet.So that gives us the ability to support those coming through Proxy Server, but nothing else.So nobody else can get through.

Now, that’s all really important, in terms of securing access into and out of a network, but the hardest part of all this is how do I go in and deploy a secure remote access solution?About 60 percent of the cost of deployment comes in, how do I push out these bits to the desktop and make sure the protocols are there and the configuration’s right, so the end user can do this?We provide a tool called the Connection Manager Administration Kit as part of Windows NT 4, and we’re carrying it forward into NT 5.With that tool, I can configure how the user will receive this package.They can simply double-click on it.It’s end user installable.You can see we just installed that.There was nothing really for the end user to do.If we open this up…

STEVE BALLMER: We just installed this on my notebook.But show the rest of the people, I like this a lot.

RON CULLY: Great.Okay, so, if we open this up, you can see we can do all kinds of customization from that tool that created this package.We can customize what the help number is that people should call from the road.We can put in some custom graphics, and so forth.So I’m going to go ahead and enter in my password and establish a connection.Now, to do this, I need to connect somewhere.So I’ll open up properties, and I’ll go to my phonebook.Now, we can see here another problem.Who knows the phone number for the ISP in Muskegon, Illinois?So, by integrating in a directory of numbers…a phonebook, from the ISP, in this case, Worldcom, we can have phone numbers from just about any state we want.That gives me VPN access and it’s in this main panel.It guides the user to the least-cost numbers to use for remote access.But if…let’s say my ISP were down, I’d want to have remote access.So people won’t throw away their way, direct dial.So I can put the direct dial numbers over here, and you can see that’s going to cost us a lot more.I am not going to probably do that if someone’s looking at my expense report…

But I do have access if I need it.But, you know, this machine is connected directly to the Internet.I don’t need to use a phone number, so I’m going to go ahead and connect directly through my Internet connection and connect in now.So we’re verifying, and now we’re connected in.As we can see, we just opened up automatically a Web page that’s on my corporate network.Now, that shows how we can integrate applications as part of the connection process, to further simplify it for the user.

So we provide a secure solution.We provided a low cost of connections.We’ve made it easy for the administrator to manage the integration of direct-dial and virtual private networking altogether, and we’ve cut down on the deployment costs a lot, as well as 25 percent of the support calls.The best part is this is…the VPN pieces are all part of Windows NT today, and it saves you about $35 a seat or more, per seat, for the use of that, just by turning it on.

STEVE BALLMER: …and I like having the phonebook built into my client–the best feature of all for the user.Thanks very much.

My goal in the three short demonstrations is more to tantalize you than to show you all of what’s in Windows NT 5.I hope you start getting something of the sense of the richness of the improvements that we’ve made to the management architecture in NT 5.The key, though, the absolute key to success in taking that PC to the next level, in terms of it being enterprise-ready, is to go still further.

We’re working with a large number of third-party management tool vendors, including Hewlett-Packard, Computer Associates, Platinum, BMC, Net IQ, Seagate, Tivoli and others.We’re taking our own tools, the System Management Server and our Proxy Server, and we continue to improve them.System Management Server will focus in the NT 5 timeframe, providing enterprise management of the IntelliMirror capabilities that I talked about.The Proxy Server will graduate in the NT 5 timeframe to be really fully an enterprise-class firewall product.Our own applications, Office and our BackOffice applications, will be compliant with the management instrumentation architecture, the installer service, the Active Directory, and we are evangelizing all builders of Windows applications, particularly COM+ and Windows DNA applications, to take advantage of the Windows management architecture.

With all that we’re doing in NT 5, we will still have more to do.I don’t want to try to pretend in any sense that NT 5’s the end of the road.It’s just a huge step forward.There are more things people want for clustering than we will provide in NT 5 itself.Those will have to follow.We know already people are going to come back and ask us for an even more robust eventing system, built into the operating system, that takes an additional step with Windows management instrumentation, and makes that data more available.We know we need batch tools, to further provide automation against what happens in the data center.

I already talked about the fact that we’re just starting down the road of providing real health monitoring and preventive management.I talked about some of the things in the diagnostics area.NT 5 will take us a small way.We’ll have a lot more to do.The list continues.Of course, we have to ship Windows NT 5 itself.I’m working very hard on it, and it’s still a ways in the future, and I feel terrible.But I’ll feel even worse if we don’t absolutely, positively have the quality on NT 5 there.It’s a big step.We’ll still have more to do.We’ll still have more things to try.But, from here on out, we’ll just have to continue to work, work on the performance, work on the quality, get the feedback.Improve, improve, improve.Some people ask me, oh, is it bad?You’re shipping it in 1999, the year before the year 2000.I guess it’s not genius to ship a new operating system in the year before Y2K itself, but I’m an optimist.I think people are going to have so much extra time, once everything gets frozen down next year, to just evaluate NT 5.So we’ll ship it the day it’s ready, and we are working very hard on that.

We’re also investing this year over $3 billion in R & D.R & D to improve the development infrastructure and WIN DNA, R & D to improve the end user services and the digital nervous system concept, and, of course, R & D to improve the management infrastructure.The PC has permeated the enterprise in many ways.It’s in data centers.It’s in networks.But it still has a long, long way to go.We will do our level best to make sure that Windows NT is the platform that really helps take the PC all the way up into the enterprise.

Thank you very, very much.

Related Posts