Tony Iams, Vice President and Research Director, D.H. Brown Associates
PORT CHESTER, N.Y., April 16, 2003 — The Microsoft Windows Server 2003 operating system is just days from launch, and industry analysts have been taking deep-sea dives to the depths of the software to bring back detailed previews for their corporate customers. One of the leading analysts to report on Windows Server 2003 is Tony Iams , vice president and research director for D.H. Brown Associates Inc., based in Port Chester. His 48-page report, Windows Server Platform Reaches Maturity , is available for download by non-subscribers at the DH Brown Web site (see Related Links at right).
PressPass spoke with Iams recently about Windows Server 2003. Microsoft sponsored a portion of the research in the report. However, Iams stressed that the opinions and analysis were those of D.H. Brown.
PressPass: You’ve produced one of the first major studies of Windows Server 2003. Tell us about your research for this report?
Iams : D.H. Brown has been researching operating systems since the late 1980s, so we have an extremely thorough and well-documented way of approaching this type of research. We maintain a knowledge base of functional capabilities for all the major platforms. We use a scorecard methodology to rate each system on the critical functions needed for various types of deployment, including enterprise, engineering, small and medium businesses, and so on. We spend a great deal of time understanding the business needs of customers, look at the key requirements for each scenario, and we determine which operating systems can meet those needs and how well they do so. We maintain and update those ratings based on information we gather from users, developers, vendors and others. We’re not a testing lab, but we also do hands-on evaluation to get our own experience with the systems. We use every public source of information available.
We were aware that Windows Server 2003 was reported to support a broad range of features that Windows NT Server 4.0 and Windows 2000 Server do not, such as 64-bit computing, a benchmark for performance on high-end symmetric multiprocessing systems. We looked at these features closely, we tested the system ourselves, we interviewed Windows customers and Windows developers. This report is the result.
PressPass: The title of your report is
Windows Server Platform Reaches Maturity
. What do you mean by that and what does that mean for users?
Iams : There are two aspects of this. First, with this release of Windows Server 2003, Microsoft fulfills its vision for the Windows server architecture as a platform capable of running very large workloads on very large mainframe-class systems. Optimizing an operating system for running well on these kinds of systems presents an extraordinary and tedious development challenge, and with Windows Server 2003, Microsoft has reached a major milestone in this process.
Second, the Windows Server design has been tested and refined ever since the first days of Windows NT Server now, 10 years ago almost to the month. So customers can gain the benefits of the fairly major revisions and strengths of Windows Server 2003 without the risks that usually accompany a new operating system. At this point, Windows is a proven architecture. So, for example, Active Directory is greatly enhanced, more powerful and easier to deploy and use, but its core technology has had time to mature on the Windows 2000 platform. I think there’s going to be a tremendous uptick of interest in Active Directory and features like it, for that reason.
Our discussions with customers confirm that Windows Server 2003 is incredibly stable. For example, the redesign of Internet Information Services (IIS) 6.0 introduces application isolation and recycling to neutralize issues before they hang the system. IIS security, moving functions out of the kernel and into user space so misbehaved applications can’t easily lock the system, is another innovation. There are a tremendous number of enhancements like this.
PressPass: Web services are getting tremendous buzz now, and Windows Server 2003 is the first Microsoft server operating system that has built-in support for Web services. How important is that to users?
Iams : Web services, and Windows Server 2003’s support for them, are incredibly important. The entire industry has agreed that Web services are the way to promote interoperability, and how often do you get the industry agreeing on anything? From the theoretical, computer-science standpoint, it makes tremendous sense to have well-defined services for specific functions and standard ways of providing those services to any application that needs them.
Software reuse, the hope of not having to re-invent the wheel every time you write a new application, has been talked about since the 1970s, but Web services is the technology that is finally making it real. Part of that timing issue is due to the Internet; we didn’t have that global network infrastructure 10 years ago. Another part is the widespread acceptance of standards XML, SOAP, UDDI that everyone can write to. This isn’t just a specification in a manual; vendors are pushing real products out the door that people can use.
It’s extremely important that Windows Server 2003 has built-in support for these standards. It means that not only can customers take advantage of them more easily, but since Windows is such a high-volume platform, the market for Web services is going to grow exponentially because now any Windows Server 2003 customer is a customer for Web services. And using Windows Server 2003 for Web services makes sense because the Windows platform offers ease of use, whether you’re an end user who will benefit from the graphical interface you don’t get with UNIX systems, or you’re an administrator or power user who prefers the enhanced command-line interface that Windows also offers. And if you’re a developer creating Web services, then you benefit from the power and productivity in the Microsoft development tools such as Visual Studio .NET.
PressPass: What’s one of the new feature sets in Windows Server 2003 that really impresses you as a great advance for enterprise environments?
Iams : Let’s talk about mobile computing. It’s intuitively very appealing, since it frees the user from the constraints of the physical network infrastructure. From the user’s perspective, you don’t have to worry about cables, routers, and so on. You just need some type of wireless card in your device, and you’re connected to the network.
While it’s easier for the user, the administrative burden grows. You no longer know where all of your users are, because they’re no longer tethered, or chained, to the physical network, where you can easily detect them. In the mobile environment, devices enter and leave the network at the user’s discretion, not the administrator’s. Administrators have the new challenge of ensuring these users come in and out of the network successfully. So connectivity is one issue for the administrator. Security is another. With users constantly entering and leaving the network, it becomes more challenging to authenticate users — to know they are who they say they are — and to authorize them, to give them appropriate system access once they’ve been authenticated.
What Microsoft’s done with Windows Server 2003 is take the heavy lifting out of dealing with these challenges to mobile computing. Active Directory, for example, is inherently designed to deal with large networks with various types of topologies. It addresses the needs for authorization in the wireless space very well.
That leaves authentication. With Windows Server 2003, Microsoft has provided functionality to address this. A key feature is the RADIUS — Remote Authentication Dial-in User Service. Microsoft has extended the dial-up connectivity aspect to also include wireless users with intermittent connectivity. The quarantine service, for example, enables administrators to restrict user access until the system can confirm that the users meet certain requirements and don’t pose a security threat. Internet Protocol (IP) version 6, a new Internet standard that Microsoft supports, extends the network to support a larger range of devices, such as cell phones. That’s another way Windows Server 2003 expands support for mobile computing.
PressPass: Microsoft has been talking a lot about the benefits for Windows NT Server 4.0 users who upgrade to Windows Server 2003. From your research and perspective, what should these users be thinking about?
Iams : They should be thinking seriously about upgrading. Microsoft has clearly been listening to customers and the issues that they had with earlier versions of Windows, and they’ve fixed those issues. Microsoft had already done a very significant job of addressing Windows NT Server 4.0 pain points with Windows 2000 Server, but many of those enhancements were
features and could be problematic for some users in some settings. Now, those features are stable and easy to use. So users leapfrogging over Windows 2000 Server as they go from Windows NT Server 4.0 to Windows Server 2003 get a double helping of enhancements without the pain.
For example, the increased manageability of Windows, and the resulting benefits for dependability, are enormous. Windows is now a fully hardened platform and part of that is based on the ability of the administrator to easily control the network and to do so remotely. That was tough to do with Windows NT Server 4.0. Now it’s easy. And that remote management capability links the administrator to entirely new classes of benefits, such as the ability to use new types of hardware, such as blade servers, which are very compact, small form-factor servers that are highly cost-effective, but that need the type of management that Windows Server 2003 provides.
There are persuasive benefits for upgrading from Windows NT Server 4.0, whether the user is in a global enterprise environment or a small-to-mid-sized company. The large, enterprise users get the support they need for vertical scalability, such as 64-bit computing, in their data centers. And by moving to Windows in the data center when they already have Windows in less-demanding uses, they get the benefits of simplicity and lower-cost that come from managing a single operating system rather than managing multiple systems.
Meanwhile, users in smaller environments get a platform that’s much easier and more cost-effective for them to operate today — a key benefit in smaller organizations that lack sizable IT staffsbut that’s also guaranteed to grow to meet their expanding needs over time. It’s the best of both worlds.
PressPass: You state in your report that Windows is designed from the ground up for secure distributed computing. What do you mean by this?
Iams: There are two types of security. Defensive security is the effort to minimize the circumstances or weaknesses that can be exploited by malicious users. Offensive security includes the tools that administrators can use to proactively secure their network. There’s a lot of press about defensive security, about potential problems with code. That’s a problem for the entire industry, and it’s an area that Microsoft’s done a lot to address not only in Windows but in all of its products.
With Windows Server 2003, Microsoft has done an extremely thorough job of reviewing code for circumstances that unauthorized users might exploit. Then it’s done a great job of making the software more secure by default, by shipping it in
mode and leaving it to the administrator to open up the server in the ways he or she needs, rather than shipping the server with everything open and requiring administrators to find and close all potential openings. That makes the server more secure while making the administrator’s life much simpler. Running Web applications securely in the protected common language runtime (CLR) environment, where they can’t affect the rest of the system, is another great aspect of defensive security. That’s called
Then there are the offensive security features, the features by which the administrator can actively make the system more secure. Group Policies, which work with Active Directory, are a key example. Now, the administrator doesn’t need to secure every workstation in the enterprise. Just define a policy once and that policy will follow users wherever they log in, anywhere on the network. That’s also an easy way to implement security. And making security easier means administrators are more likely to use these features and to make their environments more secure.
PressPass: Any final thoughts?
Iams: Yes. I started off by pointing out that Windows Server 2003 marks the fulfillment of Microsoft’s server architecture vision. It’s a milestone in another way, too. Windows used to have different core technology in its desktop and server versions. With Windows XP already available and the same core technology now in Windows Server 2003, this marks the first time that Microsoft truly offers a single operating system for servers and clients throughout the enterprise.
Uniting that environment via Active Directory, and using products such as Microsoft Operations Manager and Systems Management Server, provides a level of power and functionality throughout the enterprise — from server to desktop — that users never had before. When you add the ability to create a new generation of Web applications using Visual Studio .NET, Microsoft is really hitting on all cylinders. It’s very exciting to see.