Remarks by Bob Muglia, Senior Vice President, Windows Server Division, Microsoft Corporation
Microsoft Management Summit 2004 Opening Keynote
Las Vegas, Nevada
March 16, 2004
ANNOUNCER: Ladies and gentlemen, please welcome senior vice president, Microsoft Corporation, Bob Muglia. (Applause.)
BOB MUGLIA: Good morning. Good morning and welcome to the Microsoft Management Summit 2004. We’re excited to have you here today. We’ve got a great lineup for you all week, lots of great sessions, a sold-out show. We think a lot of super stuff has happened in the management space at Microsoft and across the industry over the past year, and we can’t wait to talk to you about those details at a very low technical level to get you all the information that you need to go back and manage your business.
Now, looking back over the last year, it was about a year ago that we were here in Las Vegas for Microsoft Management Summit 2003. A lot has happened over the last year. We think it’s been a super year at Microsoft in the management space. We’ve done an awful lot of things. We’ve been focused on delivering on our commitments.
In fact, what my talk is really all about today is a focus on the overall strategy we have, as well as the specifics to help you manage your business and the delivery we’ve done, together with the rest of the industry, to deliver on what you need to get your job done.
Let’s start by talking about some of the challenges you face. This is something that I think is very well understood by everybody in this audience, the challenge that IT has today. In almost every sense, IT is more important than it’s ever been in terms of affecting the overall results of any company and business. Every company is an information company in some ways and IT is the core to how every company delivers results for their customers, for their partners, for their shareholders.
And yet IT faces a substantive challenge because any company that’s been around for any period of time has a lot of infrastructure already in place, many, many applications that they need to maintain on an ongoing basis. And we hear this again and again and again, from CIOs and operations managers, that the majority of the money and time they spend within their shop is spent keeping those existing systems running in an effective way for the business and that they have a small percentage of their overall budget, about 30 percent, that they can focus on new business applications that produce new business value.
So what’s needed? Well, the real core, what could be done is to focus the energies and the talent of the industry both within your companies, within Microsoft, within the rest of the industry to allow more of your time to be spent developing new applications for new business solutions. That’s really what it’s all about, how can we help you put more of your time and energy into doing new things that affect your business, reduce your costs and allow you to have success within your industry.
And at Microsoft we’re focused on this all up in something we call the Windows Server System. Let’s talk a little bit about that. The Windows Server System is a set of technologies, a set of initiatives that are focused on really doing two things. One is reducing the cost of running your ongoing operation, trying to drive those costs down so that you can put more of your energy in new things. And the second thing is focused on helping you to develop new applications more effectively.
Now, at Microsoft, if we are unable to help you build new applications faster than anything else on the planet, we’re just not doing our job. And so what we’re all about is how you can reduce those costs of your existing systems and put your energy into new things and then as you build new things do so in a way that is more cost effective, faster to deploy and much, much easier to manage.
I’ll spend a lot of time this morning talking about how some of the initiatives we have, particularly with Dynamic Systems Initiative, is all about how you can build applications that are designed to be managed in a long-term basis.
Now, in order to drive these two benefits, the Windows Server System really has three major components to it, three initiatives you might think of. The first is the Dynamic Systems Initiative and that’s what I’ll spend the majority of this morning talking about, how the Dynamic Systems Initiative can lower the cost of managing operations and streamline the process all the way from the design stage through into production and ongoing use.
The second key one is security; no question about the importance in today’s world that security infrastructure has in every business, how can we do things to reduce the cost of maintaining a secure infrastructure and give you some foresight into the future to help you manage systems securely as the world that we have continues to evolve. The world will remain a place where security is important into the future and how can you do the steps that you need to take to defend your business against tomorrow’s security threats.
And the third one is the .NET platform. And the .NET platform plays a major intertwined role with these other two initiatives in terms of building new solutions that are faster to deploy, easier to manage and provide better business value than anything else on the planet.
So that’s it all up really, to meet that IT need of reduced costs and providing additional business advantage, the Windows Server System is really three things: Dynamic Systems Initiative focusing on the overall management infrastructure, security, and then a .NET platform focused on making it easy for you to build applications.
So I’m going to start by talking about the Dynamic Systems Initiative in some detail and so let’s sort of start by an all up view of that.
At Microsoft one of the things that we’ve done, we’ve changed over the past, say, 18 months, is we’ve really moved away from thinking of management as something that we have a group focused on. We used to have a Management Business Unit at Microsoft. We don’t have that anymore. We have an Enterprise Management Division, sure, we’re focused on it, but what we’ve done is we’ve changed the way we think of management to be part of everything we build in our enterprise infrastructure, the desktop, the Windows Server, all of the server applications, Office. All of those things together need to have management as an intrinsic capability built in so that you can get a better experience, more cost effective, better business solutions.
And so we’ve taken that role of driving manageable solutions across all the parts of Microsoft and, in fact, are now more engaged with the partner industry than we’ve ever been to getting solutions that work together with our platform in a heterogeneous way out there for Windows to work well in your environment.
So what do we think of when we think of DSI? Well, we think of building applications that are designed for operations, how can we help you and your development teams create applications that really from the beginning are designed to be operated and more effective.
The second thing is making the platform operationally aware. You know, today’s operating systems really aren’t that operationally aware. They aren’t designed with the idea of what it takes to run them on an ongoing basis and usually that’s been relegated to third party add-on tools. So we’re thinking about how we can enhance the platform and are putting a tremendous amount of emphasis into the core platform, adding features inside Windows, Windows Server to make it more inherently manageable out of the box.
And then finally what sorts of things can we and the industry build on top of that platform, what sets of tools to enable intelligent management for all sizes of companies, everything from a small business to a medium sized business all the way up to the largest enterprise? How can we provide you the tools that you need to manage your business effectively?
Now, in thinking about this, it was interesting to look back and see some of the lessons that have existed in the past, because I think it’s always relevant. The software industry, while it’s becoming a mature industry, in a lot of senses we’re still growing, we’re still learning and there’s a lot we can learn from our brethren in other industries. And manufacturing has been through a lot of changes over the past 20 years or so, particularly in the U.S., and there’s many industries where this is true. Certainly the automotive industry is an example of that.
And this example is taken really from the automotive industry. It’s this realization that in the 1970s and into the 1980s Detroit spent a lot of money, literally billions of dollars automating factories. And they really thought that by putting a whole bunch of money into the back-end systems, the manufacturing systems, essentially their operational part of their business, they could make themselves more cost effective and compete more effectively with particularly their Japanese competitors.
And what happened is it didn’t actually work out the way they had expected it to. They found that although they had spent the money and they were somewhat more effective in the back-end, their overall costs were not reduced as much as they wanted, and they weren’t even seeing the quality improvements that they had hoped to see.
And when they took a look at this and they went back and said, well, what was the process, what’s going wrong here, how can we improve, they realized that they have to think about that process much more holistically. They couldn’t just focus on manufacturing; think operations when I say manufacturing. They couldn’t just focus on manufacturing. They had to think about the whole process all up. And, in fact, at the very beginning of the cycle for a new vehicle, there were decisions that were made in the development process where just a tiny fraction, like 8 percent of their budget had been spent, just a tiny fraction of their budget had been spent and yet the decisions that were made that early on had affected the downstream manufacturing costs and the downstream results that they and their customers would see. That’s thinking about this as a consistent cycle.
And when they took a look at this, they realized some things. They said, geez, they really had hoped that the antidote for this was to spend money automating factories, but it wasn’t. They just didn’t get it right by doing that. And, in fact, they realized that if they thought about that process from a consistent way, from the beginning of the design phase through the manufacturing and into the servicing phase of those vehicles, they could improve the customer satisfaction, produce a vehicle cost effective and, in fact, be more competitive in their industry.
Now, the one thing that they still suffered from, however, was that they didn’t have initially the tools to do this. I think we can learn so much. I feel like this is a lesson that my industry can learn a ton from, and yet there’s things that I think we can bring to the picture, too. We can learn from manufacturing in terms of understanding how their experience, by changing their experience, they resulted in better products and being more effective. On the other hand, we can bring some of these automated tools to you in the analogy of operating and running your business so you can be more effective.
And, in fact, in a summary that’s really what DSI, the Dynamic Systems Initiative is all about, how can we create, Microsoft together with the industry, partners in the industry, create a set of tools and solutions that enable you to more effectively build these applications and operate them at scale.
So let’s take a look at that. The world has changed in the last 15 years in terms of the applications you’re deployed. I had some experience in the early days of Windows NT, in the ’90, ’92, ’93 timeframe of Windows NT where we were doing the initial systems there and we thought about the environment, the application environment for running, at the time, a Win 32 application. And the model was pretty simple. You had a computer and the computer ran applications and that was how we structured things.
Well, you know, it’s not that way anymore. It’s just not that way for darn near any business solution you’re building. That whole upside-down cake has been reversed. And now when you think about building and deploying solutions for your organization, you recognize that you’re trying to solve a given business problem, you engineer the solution to that business problem and you build a set of services that typically run on a series of machines, all connected together, to solve that business problem.
And there are things like Web services that we know are going to make that easier and we’re seeing those deployments and they are, honest to gosh, working, things are out there to help, but fundamentally the complexity of the environment that you face today is greater than anything you’ve had before because now the solutions that you’re deploying are distributed across multiple machines, many times multiple geographies and even across multiple organizations. It’s very common that a solution is built up of services that come from multiple organizations connected together to provide the overall solution for your end users or for your partners or for your customers. That’s a complex environment. That’s a lot harder than it used to be. And the complexity of managing an operating that solution on a day-to-day basis is greater than it’s ever been before.
So how can we help you manage these things more effectively, and perhaps more cost effectively, than even in those simple days in the 1990s?
Well, the thing to realize is that when you look at that solution, the key to this is the recognition that that solution starts at the development stage and spans the lifecycle, the entire lifecycle of that application. And to solve this problem all up, it’s really necessary to take that lesson from the manufacturing industry and realize that decisions that are made in the development stage, the design and the development stage, impact the ongoing operations.
And in today’s world I think we’re aware of that. We know that when developers lay out applications they make a set of decisions in terms of the inner relations that those components have, but it’s not always that clear how those things are connected together.
And what DSI is really all about is providing a programmed, systematic environment to connect all phases of the application lifecycle together to allow solutions to be developed, deployed, operated and maintained on an ongoing basis as effectively as possible with feedback coming through at every stage of the cycle. The challenge at the high level is how can this information be passed, how can the knowledge be passed between these systems, and with DSI Microsoft is focusing on providing you with a solution to do that.
Now, in thinking about this, in thinking about those three stages, the development to the operations lifecycle and then there’s another stage from the operations to the end user, you think about how to day most companies actually share information between their various people within their organization.
So in today’s world it’s common for a developer to sit down, perhaps they use visual tools like Rose or Visio to lay out the components within an application. They then work with their development team, hopefully getting input from the operations staff and end user in terms of the solutions that are required, and they start building a solution.
It’s quite common that they do this somewhat in a vacuum, but even if they’re working cooperatively and they’re doing all the things they need to do, the knowledge that they gain through that process really isn’t captured anywhere. There may be some Visio diagrams. They probably get out-of-date relatively rapidly and are not maintained. Very often the communications between the teams doing development and operations is done through e-mails or phone calls; they’re not systematically captured in any fundamental mechanism that can be passed on to future generations of operations staff. And perhaps even more relevant, the operations people, well, let’s face it, really know what’s going on, on a day-to-day basis, the real characteristics of this application. They certainly have no formal mechanism to feed that information back to the developers to improve it. So if a component is performing poorly, how do they tell the development staff about that, and how do they get that fixed? Probably a phone call or an e-mail; again, not systematic, no process around that. That’s half the lifecycle problem.
The other half of the lifecycle problem happens between the operations staff and the end user. Operations has some tools to monitor their systems. They know to some extent what is going on with the systems. But let’s face facts, the end users are the ones that are using the system on a day-to-day basis and they know what works and what doesn’t work. They know when applications fail. They know when things are slow. How do they capture that information and feed that information back to the operations and development team? What’s the process for doing that?
I think in almost any IT shop out there, there really is no standard process for doing this and, in fact, the mechanism is one of cost. It’s help desk. End users call the Help desk complaining about problems that they experience. Help desk is a cost that companies have today and, in fact, even when those calls come in, are the right steps taken to remediate the problem for the end user? Is that information fed back appropriately to operations and development? Maybe it is within your organization. I think in a lot of cases it’s not. In every case I think it’s much more inefficient than it could be.
So that’s sort of a picture of the world today. There is a lot of knowledge that spans from the developer, operations to the end user, but that knowledge is not captured in a programmatic way.
What DSI is really all about is changing that and there are two core mechanisms we’re putting in place to change the capture of that knowledge and pass it between the developer and the operations staff on to the end user and back in a systematic way.
The first key one is this idea of a System Definition Model. Let’s talk about the system Definition Model. System Definition Model technically is an XML document that describes the inner relationship between the components of an application. It is created first by using visual design tools that we’re building as a part of Visual Studio, and other partners are developing within their development tools, and what that does is it allows a developer, as they create their application, to systematically define all of the components that exist and the relationships that exist between them and then capture that in an XML document that’s passed on into the operations stage.
Now, the key to this is that that document really describes the way this system works, what all the components are, how they are hooked together. And I’ll just point out that that doesn’t exist today in a systematic way in almost any application that’s currently being deployed. And certainly it does not exist today in a way that can be utilized by the operational system, by the computers, the servers, the desktops, all the machines that are running the operation of that application. They have no way to understand in an intrinsic, systematic way what that application is made up of and then understand how those components relate to each other.
This is a huge problem today, the fact that when you look at any management tool that exists in the industry, every management tool has to essentially recreate and think about the environment or perhaps I should say the operations staff needs to use the management tool to recreate what they think is the operational environment for their application.
Well, with SDM, the System Definition Model, we change that. It’s created and captured as a natural part of the development process. This is what we call building applications that are designed for operations. That System Definition Model, that XML document is sent over to the operational system, the monitoring tools on the operating system that’s running the application and it’s used to construct the model for how that application operates.
Sure, we can think about doing things like using that definition model to dynamically allocate resources, bringing computers online and offline based on capacity and needs that we’re seeing on an operational basis. That’s important, that’s an important part of what we’re doing with DSI.
But I think more importantly, we can use it as a template to understand how the system was meant to operate and thus allow the people that are operating it on a day-to-day basis to make the most effective use of their resources and to provide the best service.
And when the operations staff sees the need to make changes, when they see that things aren’t working the way they want to, when they need to reconfigure things, they make changes in their operational tools that affect the System Definition Model and that is sent back to development; that’s part of a continuous loop here where the operations staff that sees the ongoing day-to-day process of running the business can make the changes they need to be effective and the developers can take action on it.
So if an operations staff is finding that, in fact, things are not performing the way they need to be, they can identify the component that is not providing the performance that’s required, get that feedback back to development, have development make a set of changes to improve the performance of that, perhaps change the indexing and the database, whatever is required, and then send that back to the operations team for effective ongoing operations.
That’s sort of the first half, System Definition Model.
The second half is almost even more interesting. The second half is looking at what the end user is experiencing on a day-to-day basis with their applications and getting that feedback back to the operations team and back to the development team. And as I say, today it’s about Help desk.
What we found though is there are better ways to do this and to some extent Microsoft found this out on our own with our own products, because we had known that there are problems obviously with Microsoft products, we have many, many reports coming in to us of crashes and hangs and all sorts of things inside our applications. We’re not perfect; we’re software developers just like everyone else and we have our share of issues. But we want to fix them. We want to do everything we can do make those systems run better for our customers.
And so what we did is we created some tools that are part of our products. There’s a tool called Watson that we shipped a couple years ago. We interestingly enough first shipped it on MSN and got some feedback on that, and so began to get feedback from MSN and MSN client about what was happening to their customers. We then shipped it in Office, Office XP, and it’s now on Windows XP. And because it’s on Windows XP, what that means now is that every application running on Windows XP can benefit from the analysis information that comes back from Watson.
And let’s talk about Watson for a second. What Watson does is it sits in the system and it notices when an application fails. And when an application fails, it takes a snapshot of some of the internal state, some of the internal data structures of that application. We’re very careful to avoid things that might have privacy, personal information that might have privacy implications associated with it. We’re really interested in the stack trays and the status of the registers and things. And we’ve worked hard to get it so that the right set of data can come back. And when that application fails, we send that data back to Microsoft and we get some idea of what’s going on.
And the results are pretty remarkable. We get literally millions of these things a day coming back to us, literally millions of these things come back. Not surprising; we have hundreds of millions of users out there, and they run many applications, and those applications fail for a variety of reasons.
And what we find, it’s an interesting analysis, what we find again and again as we look at this, is that a small percentage of bugs account for the huge majority of problems that our customers face. Every single curve that I’ve looked at looks like this where just a few bugs cause the majority of problems and then it goes down and then you have a long tail of a set of problems that cause a much, much smaller set of crashes.
And what that means is that your team can focus, our team in this case can focus on solving the problems that impact the end users most. We think the results of this have been dramatic. Our belief is that these sorts of monitoring tools, of which Watson is just one of many we’re developing, these sorts of monitoring tools are perhaps the most revolutionary change in our process of developing software that we’ve seen in the history of the company. We think we can build more quality software earlier because of it. We think we can get a better understanding of the real experience our users are having.
And what we’ve come to realize is that this tool is an amazing component that is not just something Microsoft should use; it’s something that should be shared with the industry, so we’re putting in place processes where the data that comes back to Microsoft is shared with the application vendors and hardware vendors that are building products for our operating system so they can get this data to improve their applications so you have a better experience. That’s one side.
But there’s this whole world of business applications that you’re creating as a part of the solutions that you’re building for your company. And so what we’re doing is with services like corporate error reporting we’re putting in place a mechanism where you can take this within your organization and just provide that and provide that for your applications and use it within your company, so you can know what is working and what’s not working as part of the business solutions you’re deploying.
And that second loop is really about understanding the experience that customers are having and monitoring that on an ongoing basis and getting the real data that’s associated with that experience back into the operations staff so that corrective action can be taken.
We’re doing it first with crashes. We’re expanding Watson to do things like understanding hangs and other kinds of system failures, thinking about how we can focus on that to focus on performance data, where things are working and very fast versus where things are very slow, and then even expanding it into other things like getting information back on documentation and really every aspect of the end user experience, how can we build tools that help you understand what your end users are seeing.
We know we need it for our products. We’re building it into our products. And we think that that learning can help in terms of providing these same sorts of solutions to you for your customers.
So that’s DSI all up. I mean, that’s the whole concept, really two things. It’s about transferring knowledge across the cycle, and the two attributes of that are understanding –with the system definition model — how to transmit that between development and operations, and — with experiencing monitoring — how to transmit that from the end users back into operations. That’s the overall concept of DSI.
And one of the things about DSI that’s very important, when we looked at this we recognized that DSI was, in fact, very connected to everything else that’s going on in terms of developing solutions. We realized that DSI and in particular the System Definition Model, this XML document that describes the relationships between the components and the application, it’s a great management tool, no question about it. It’s a great way to reduce costs, it’s a great way to deploy better solutions. But it’s really a critical component that ties together all of the aspects of solutions that are being built.
So when you think about building your next generation business application, when you think about creating a Web service application that uses things like XML and underlying protocols like SOAP to transmit Web service requests between components that may be scattered geographically over wide distances, understanding the relationship between those things is really a core part of that application and it’s a core part of what we’re trying to do with .NET.
So the SDM is a centerpiece for DSI but it’s also a critical component of the operating system and it’s a critical component of our strategy for building a Web service solution that we call .NET. So it’s all connected together.
I want to talk a little bit about some things that have happened in this space. We have made a lot of progress on DSI over the last year. We’ve been working hard at this. Last week in Mountain View, California we held a design preview for about 150 folks, 50 some odd partners and customers came and we had a chance to preview what we’re doing here with those customers and partners and show them the specs and give them some code to get feedback from them.
This is still early. This is how we try and do this. We want to get this information out to people. We start with a small group, we’ll broaden it over time. And what we’re doing now is we’re taking a set of people who have very, very vested interests in this and getting their feedback early in the process so that we can work with them to build the best solutions on Windows and with them also to build the best solutions for heterogeneous platforms as well.
So we’ve made a lot of progress with DSI over the last year. We’ve actually got specifications done and some initial code written. We’ve begun the feedback process of working with customers and partners to get that information out there and get some feedback back and we look forward to continuing to broaden this and think about how this very, very important technology can affect both Microsoft systems as well as heterogeneous systems into the future.
With that, what I’d like to do is invite Prashant Sridharan up to give you a demo of what we’re doing with design time validation and Visual Studio.
PRASHANT SRIDHARAN: Thanks, Bob.
As you mentioned, over the past several years the complexity of applications has grown significantly. Software projects today aren’t just monolithic applications but they’re comprised of numerous distributed components and services.
I’m going to show a demo now of some of the technologies we’re going to deliver in the next version of Visual Studio that will help organizations reduce the impact of this complexity.
Now, historically you’ve had to choose between making your developers more productive and helping your IT staff maintain a reliable infrastructure. In Visual Studio we continue to make great strides in reducing development complexity but we do so in a way that facilitates communication between the architects who design applications and the IT managers who are charged with operating them.
Now, look at the monitor. Here we have a layout of a logical infrastructure for Wood Grove Bank, a fictitious financial institution. This diagram was likely authored by our operations manager.
BOB MUGLIA: So this diagram, this is a visual version of this diagram but this is also represented in an XML document, right?
PRASHANT SRIDHARAN: That’s right. And so here we can actually see the SDM file that describes this document and if we scroll to the bottom you’ll see a couple of things here, the DMZ and the application zone.
Let’s actually go back really quickly to the diagram and you’ll see that throughout the diagram we’ve created these several security zones that represented by the dashed lines. Now, each box in here represents hardware equipment while the lines represent the Ethernet connections, routers and hubs that connect them.
Now, in this situation our DMZ security zone has some predefined parameters, and if we look at the settings and constraints window for the hardened IIS machine, you’ll notice that the machine is actually constrained in what it can actually do.
Now, today most IT managers provide such information using complex Visio diagrams or written instruction manuals. As we know, few if any developers or architects actually read it and it shows when they try and deploy their solution.
BOB MUGLIA: Well, this is a great example of how tools teams today can work to communicate. Right now that communication is done really, as I said, through e-mail and things, but by putting these things in diagrams, by creating the SDM, we can connect the tools teams to other parts of the organization.
PRASHANT SRIDHARAN: That’s right, Bob. Today most of the time when people try and deploy these kinds of applications it invariably doesn’t work and a lot of time is wasted trying to reconcile the infrastructure with the architecture.
With Visual Studio, operations managers can deliver their network topology to the architect using this simple graphical tool. Now, in many organizations lead developers or architects also like to plan out their projects using visual design tools of their own and often those tools are quite brittle. They require a large degree of forward engineering and reverse engineering just to stay in synch with the underlying code.
Now, further, these tools enable architects to lay out their application model but they don’ provide that much guidance in terms of what’s actually possible in the networked environment. And with Visual Studio we’ve addressed both of these problems.
You’ve already seen our logical infrastructure designer and here we have a design surface for visually constructing our surface oriented architecture. Now in this diagram the boxes represent services and the lines represent the connections between them.
Now, in Visual Studio we’ve extended the Visual Basic metaphor of drag and drop to be drag, drop and connect. Architects can simply drag and drop services onto the design surface and then they can connect them using whatever protocol they desire. Here I’ll go ahead and create the connection from one service to another.
However, it’s important that the application architecture is more than just an artifact of development. You’ll see that when I modify the port in this diagram — let’s go ahead and select this port and raise this up a little bit — you’ll see that when I go ahead and modify the port and the port details window along the bottom and I change the name of this method to, let’s say, get_all_customers, that the method actually changes with it. I can also even change the return type if I want. And you’ll notice that the method return type changes as well.
Now, of course, simply delivering designers is not sufficient to reduce the complexity of service oriented architectures or to facilitate communication between all members of a software delivery team. With Visual Studio we’ve created built-in validation tools that help architects reconcile their infrastructure with their architecture.
Let’s start by first assigning each service in our application to the machines in our logical infrastructure diagram. You’ll notice that when I try and do it to the first machine that I get the
sign that tells me this isn’t allowed. That’s because this machine resides in the DMZ and I can’t put a service on that particular machine. If I try another machine, you’ll see that it works.
Let me go ahead and do the same thing for all the other machines in my architecture.
Now, with Visual Studio, architects can get that instant validation of whether or not their applications will work, but that’s not enough. What if, for example, one of my developers has done something in code that I the architect can’t see in the diagram? Maybe they opened a file somewhere or something. The validation tools in Visual Studio will help us examine code as well and help us determine if our solution will work in the given deployment environment.
To do so, all I need to do is right-click on the design surface and select Validate. You’ll notice that in the task list I’m getting errors that tell me that I need to reconcile my infrastructure and my architecture.
BOB MUGLIA: So this is exactly the thing I was describing earlier, how the design tools can provide a mechanism to understand what’s really going on within the solution and then transmit that onto the operations staff. In this case we’re seeing errors that exist within the design tool and are being caught here. And what we look forward to, the sorts of things we’re thinking about is how can we then take this SDM, feed that into the operations tools and then send that back to the developer and for analysis so that if there are changes that are made in operations that affect the system, that both the operations tools, together with the developer tools, can recognize the potential for those errors and correct them really before those mistakes happen.
PRASHANT SRIDHARAN: That’s exactly right, Bob, and in Visual Studio 2005 we’re going to do our part in the developer division to achieve this Dynamic Systems Initiative. We’re going to offer tools that enable architects and operations managers to communicate more efficiently with one another and moreover we’ll offer tools that reduce the complexity of delivering these service oriented solutions.
BOB MUGLIA: Thank you very much, appreciate it. (Applause.)
So that’s a demo of Visual Studio 2005. That will be entering beta shortly and that product we expect to ship in the first half of next year. So it’s an important step from a development process in terms of this overall DSI initiative.
One of the things that’s very critical I just want to emphasize throughout all this is that as we think about what we’re doing here, this is about much more than Microsoft. In order for us to be successful, we’re going to work very closely with partners across the industry, partners building development tools, partners building management solutions, partners extending our own management solutions into other environments, partners that build hardware, partners that build software across many, many different stages, many different parts of your overall business environment.
We think all of these things are connected together. We believe we can play an important role in helping to orchestrate this and define a platform that was designed to be manageable, to reduce costs and provide better solutions, but we know that in order for us to be successful we’ll do this together with partners across the industry. So we’re very excited to have a long list of folks that are joining together with us in the overall DSI initiative to try and provide those solutions for you.
Now, on the theme of delivering and execution, an awful lot of things have happened over the past year and a lot of things frankly are planned for the next year or so. And so what I want to do now is really talk about a series of those things that have either just happened over the last year or so or things that are coming in the next set of months that we think will really impact what you’re doing from a manageability perspective and really show delivery of this vision of DSI that we’re talking about.
DSI is a long-term vision but it’s also real and here today and we think that the things that we’ve executed on in the last year, together with the things that are coming, are real demonstrations of that.
So let’s start with Windows Server 2003. Windows Server 2003 has been a very important release for Microsoft because it provides the initial platform upon which we can deploy DSI based solutions. And DSI will also extend down to earlier platforms as well, but 2003 takes some key steps forward that makes things a lot better.
We’ve seen a very, very fast deployment of 2003. What those two pie charts are showing is that in the first nine months since 2003 has shipped, we’ve seen a lot faster adoption of this system within enterprises than we saw when, say, Windows 2000 came out. That’s largely because of two things. Windows 2003 is very upwardly compatible from Windows 2000, so it’s easier to deploy within an organization than 2000 was. And the second thing is that right out of the bat Windows 2003 provided a lot higher reliability and availability without major changes, without, say, a service pack.
In fact, in our own IT staff, in our own OTG organization we’re pretty much completely deployed on Windows Server 2003 and what we’ve seen is our availability numbers go up pretty considerably. Our systems in general are running with four 9s of availability and we actually have some systems that are running with five 9s of availability, given the underlying hardware environment, given clustered systems to provide that underlying level of hardware availability. So we’ve seen pretty dramatic improvements in availability with this operating system. It’s very, very stable. It’s very, very ready to deploy these business solutions, and that’s been key because it also contains things like the .NET framework and the managed code environment that makes it easy to deploy these business solutions. So server 2003 is critical.
Now, in the next few months we’re going to come up with an additional product that we think will help companies in a variety of ways to build manageable solutions. That product is Virtual Server 2005. It’s in beta right now and it’s expected to ship later this summer.
And Virtual Server does two things, sort of two key benefits that it brings. It’s a virtualization environment that allows you to take and run multiple operating system images within a single piece of hardware and those images can basically be anything, older versions of Windows or non-Windows operating systems, current version of Windows, and put all these things together and allow those systems to be exist, coexist within a single physical machine. Virtual Server is incredible from a software development and test perspective. It is almost ubiquitously used within Microsoft. If you looked inside any test lab, if you looked on developer’s machines, you went just about anywhere within our organization, you’d see us using Virtual Server because it simplifies the process of creating a standard image that can be tested and in a virtual environment and without any hardware repercussions. It reduces costs and it just makes life much, much easier for developers in the test process; very, very useful there.
The second thing that’s very, very useful, the second area of focus is to take and allow for migration of older environments on older pieces of perhaps almost obsolete hardware onto modern equipment. This is particularly important if you have older applications that you want to remain stable that some time left to their retirement but you want to retire the hardware. We’re doing some things to make it very easy — I’ll show this a little later on — make it very easy to take those environments, migrate them to modern hardware, and consolidate them together into a single piece of equipment that’s much, much easier to manage.
Virtual Server will be the lowest cost way of doing this in the industry. We haven’t announced pricing yet but we’ll do this in a very cost effective way for you, but we think this is a very exciting product to help you manage a set of different problems that you have and make them much more effective.
Systems Management Server 2003: I can’t tell you how excited I am about this product. How many people here use SMS? Most of the audience, a good part of the audience uses SMS. SMS 2003 is a great product. It is a product that we have been waiting for, for, oh, maybe 10 years in a lot of sections. We are very excited by what we’ve seen in the last, say, four or five months since this product has been released. This is the version of SMS to go out and deploy en masse within your organization. What we’ve seen is it solves the change and configuration and deployment problems, particularly for larger organizations, more effective than anything else.
Last year we talked about our plans to deliver it in the fall. We did that. We talked about the performance improvements that you’d get, the ability to consolidate these things together into a single server, how one SMS Server could support what many servers used to be required to do. You see that in some of the performance numbers there. That looks great.
We talked last year about how great SMS was in terms of managing mobile desktops and we’ve proven that out in the field. We’ve talked about how SMS is really good at deploying servers and configuring servers and we’ll show a little bit of that later, and we’ve seen a lot of that as well.
But the most exciting thing we’ve seen with SMS is in a world where getting updates out quickly across an entire enterprise, across all your desktops, across all your portables, across your servers; getting them out there quickly is very, very important. SMS 2003 delivers. And we’re seeing companies be able to deploy software to thousands, tens of thousands, even a hundred thousand or more desktops. We have several customers in production right now with SMS 2003 managing over 100,000 desktops. One of them is over 150,000 desktops. This is the product that is more effective at deploying solutions to that sort of number of desktops than anything else in the market. It blows away everything else out there and works more effectively.
And what we are seeing with this product is the ability to deliver a software update to 100,000 plus desktops in a matter of hours with 95 plus percent success rate associated with that. And so the results that we’re seeing are fairly unprecedented from the past, and we’re very proud of what’s happened here. We hope that this is something you’ll learn about this week and go ahead and get deployed within your enterprise and now is the time to do that. So we’ll try and show you all the things you need to know to deploy that effectively; we feel great about this.
Microsoft Operations Manage: We’re feeling really good about MOM, too. MOM has come a long way. The existing MOM product is in pretty broad use. We’ve seen a lot of acceptance of that product. Many companies are using this to manage their server environments. In our internal OTG shop at Microsoft we use MOM across all of our servers and the results have been pretty dramatic. We’ve seen a much lower set of costs associated with IT because MOM is able to take all of the events that are happening on those servers and distill them down to just a few events that are relevant. We’re seeing on average less than one event per server per day. And, in fact, when we look at those events, the number of those events that actually result in trouble tickets have been reduced dramatically.
So the overall cost associated with managing systems has been dramatically reduced because of MOM.
Now, why is this true? The reason this is true is because Microsoft has put a huge investment in building great management pack solutions for all of our operating systems and business applications. And we’re working with the industry to get those developed for third party applications as well.
And essentially that’s what matters, the knowledge and IQ associated with managing these applications is being poured into these management packs.
Now, when I talk to folks like Terry Myerson who runs the Exchange group, he says that the way to manage Exchange, unquestionably, is with MOM. There is no question about that. And he’s, in fact, got people within his organization, he has a team of people within his organization that are dedicated to building their MOM management pack solution so that Exchange is the most manageable solution it can be when connected to MOM. That’s true for Exchange, it’s true for SQL, it’s true for Windows, it’s true for BizTalk; it’s true across the wide variety of Microsoft applications and it’s also true because we’re working with third parties in the industry on this.
So MOM is very, very important to us and we’re very pleased today to announce a couple very important new products that you’ll be seeing later this year, the first of which is MOM 2005. MOM 2005 is the next generation of MOM. When you see the interface, which we’ll show in a few minutes, it will look very familiar to you. The interface is designed to be easy to use. This is a product that’s great for certainly large enterprises. It’s designed to work in a large enterprise environment. It’s designed to work in large enterprises that have Tivoli or HP OpenView or BMC or CA Unicenter. It’s designed to work together cooperatively with those environments. So if you’ve got those solutions deployed, MOM can work very effectively with them.
It’s designed to be simple to deploy. It’s designed to be the most manageable possible system that you could have. You can deploy MOM within your organization in a matter of hours and begin seeing results immediately, allowing your operation staff to be more effective.
And because we focused on ease of use, the effectiveness of the management solution, one of the things that we’re also announcing today as a part of the MOM 2005 family is there will be a version of MOM shipped later this year that we’re calling MOM Express, which is really designed for the smaller organization. It will have a set of limitations in terms of the breadth of computers that it can monitor. We’ll make it very full function but it won’t manage hundreds or thousands of servers. It will manage a small number of servers that are more appropriate for a medium sized organization and we’ll price it appropriately for that sized business.
And the goal here is to try to provide us a wonderful solution to make Windows the most manageable possible platform, Microsoft and third party apps on top of Windows as manageable as possible, whether you’re a relatively smallish, medium business, all the way up to the largest enterprise that has a very complex heterogeneous world.
So that’s really the focus on MOM, the best possible management environment on top of the Windows platform, by far the easiest to use, interoperating with other management solutions from other vendors, spanning from the medium sized business all the way up to the enterprise. We’re very excited about what this product will bring to the Windows environment this year.
The second thing, last year at MMS 2003 we announced System Center and our plans to announce System Center. And this year we’re proud to be delivering the first implementations of System Center. What we’re doing is we’re taking the MOM product and the SMS product, they’re together in System Center. You can think of System Center kind of like Office in the sense that Office has Word and Excel and PowerPoint. We’ll have MOM and SMS together with other tools over time that bring together with System Center.
And the first new module we’ll be adding in System Center is a data reporting service that takes data from MOM and SMS and brings it together to provide very, very unique views of that information that allows you to be more effective in understanding your business.
And it’s amazing because MOM has built into it a database and SMS has built into it a database and we’re taking the more advanced, sophisticated capabilities of SQL, building some OLAP systems on top of that to be able to bring those things together so that you can get very, very interesting views of your data. And the results of these first generation reports, while still pretty simple, are fairly remarkable at the data that you can get together when you combine change and configuration information together with operational data together in one place.
So we’re very pleased with this first new service that we’ll be introducing as a part of System Center and over time stay tuned because we’ll continue to expand the Systems Center family.
Our goal with System Center is to think about System Center as Microsoft’s management solution for all size companies and MOM is key to it, SMS is key to it, these reporting services are key and there will be more over time. We’re pleased by all that.
With that, what I’d like to do is invite Bill Anderson up to show us a little bit of some of these pieces coming together. Bill, welcome.
BILL ANDERSON: Great. Thanks, Bob.
So as Bob indicated, it’s been a really busy past 12 months and we’ve got a really busy roadmap moving forward, so what I want to do is kind of show you some of these technologies integrated together using pieces that are available currently, as well as some of the things that Bob’s already mentioned, including System Center, MOM 2005, et cetera, to show you how you can use that kind of technology to solve some of the common problems that you face on a day-to-day basis.
And I’m really going to take an approach of two different scenarios that I want to walk through. The first one is going to be a server consolidation scenario. Bob already spoke about using technologies like Virtual Server to be able to aggregate some of those underutilized services. So I want to show you a combination of MOM, Virtual Server and some automated deployment services to show you how you can identify under-utilized services and move them in an automated way. And then I want to spend some time dealing with some root cause analysis or problem solving that we all have to do on a day-to-day basis. So that’s really what I want to walk through with these technologies that you queued up.
BOB MUGLIA: Go for it.
BILL ANDERSON: So the first thing that you’re looking at is you’re looking at the MOM 2005 console. As Bob indicated, it’s kind of familiar. In fact, I feel compelled to check my e-mail right now. This is really based on kind of the Outlook model, which all of us are very comfortable and very familiar with, very simple navigation pane on the left and a task pane on the right, and a new topology view that not only allows me to look at my managed devices but kind of understand in scope of where they fit in my entire enterprise.
BOB MUGLIA: But this is an important thing to realize here that we have focused on lots of usability tests to understand what sorts of things would be easy for people to train on, maybe people who aren’t as experienced with operational tools, how can we make this very easy for people to deploy. So we built this console, brought all the information together in one place and put in it a user interface that’s very, very easy for users to understand.
BILL ANDERSON: Absolutely. We want to make sure that the time to value for the product is very short. In fact, one of the internal tests that we do is trying to install the product blindfolded and we’re getting much better at it.
So as you take a look at my topology view, it’s pretty indicative here. I’ve got some clusters that are centralized. I’ve got a cluster in the New York area. Also I have a series of clusters down in the Florida area. And just like you, I’ve got a lot of single purpose systems. In fact, if I look across Florida I’ve got things like e-mail servers or messaging servers. I also have, if I scroll over to the right, an IIS box that’s down there.
So I’ve got a lot of different single purpose devices that are out there, that, as you alluded to earlier, may increase my complexity and costs.
So I want to look at these systems and see if there’s some good candidates for consolidation. What I’m doing is going into the systems and reporting services and I’ve got a report called Candidates for Virtualization. What this is going to do is use the operational data that we’ve been tracking from MOM, indicating things like CPU utilization, memory utilization and other components like that to give us an idea of which systems may or may not be underutilized.
So I’m going to scroll down. The graph is really present utilization on those two thresholds that I mentioned, CPU and memory. You can see New York City seems to be a pretty busy office but the majority of my Florida servers in general are somewhere underneath 20 percent of their utilization. All of them seem to be prime candidates for us to be able to consolidate using MOM plus virtual services and we’re going to take a look at that.
Now, normally what you’d do is you’d run this report and then you’d have to manually go do all the work. Wow, I can see that I should take this IIS Server and I should consolidate it down. You’d have to get on a plane, fly to Florida, or you’d have to do some remote administration.
Well, I used to be an IT pro and my philosophy was, it wasn’t worth doing if I had to leave my coffee and donuts, so that’s the principle we’re adopting here.
It shows, exactly. (Laughter, applause.)
So I’m going back into the MOM user interface. And because of the fact that we’ve got this task pane now, we’ve actually automated these tasks at my fingertips.
I’m going to select this IIS box that we’re talking about and I’ve got a task over here called Migrate Physical Server. It’s kicking off an automated deployment script that’s going out, it’s now prompting me for my destination and I’m just going to go ahead and put this on the Virtual Server cluster that already existed down there.
And because of the fact that we’ve got Virtual Server, we have the programmatic access to Virtual Server. So in other words there’s a series of scripted APIs that allow me to really kind of control this process. And then Automated Deployment Services, which shipped right after Windows Server 2003 did, gives me a really rich task-based sequencing engine that allows me to kind of move through these processes. What it’s done is it’s gone to that IIS Server, grabbed the services, vitualized those and then it’s moving it over to my Virtual Server cluster that’s already in place.
Notice it’s going through the restore process now, rebooting and we’re ready to go.
Now, we could have done all five and you could have seen the whole thing go five times over, so we’ve actually consolidated the other four in the background. And when I go ahead and just refresh my diagram, you’re going to notice that the topology now reflects the new changes that we’ve made, and you’ll see that the Florida data center is now really virtualized as a single cluster.
BOB MUGLIA: So this idea of automating a process, like consolidating a set of older servers that are underutilized, this is a great example of innovation across the Windows Server System. We’re thinking about how we can take all of the components of technology that Microsoft is delivering, together with the rest of the industry to you, in a way that you can easily consume to do these sorts of pretty complicated tasks, in this case a set of server consolidations associated with bringing things together into one server under Virtual Server.
BILL ANDERSON: Absolutely, and it’s a combination of integrating the tools, as well as making sure that the infrastructure in place is really being built for manageability, making sure that tools like Virtual Server are exposed programmatically so the counters are able to be exposed.
So that was my server consolidation scenario. Now I want to kind of do a little root cause analysis or problem management, as it were.
Many of you who have seen MOM or are using other products know that they’re great at tracking things like events and generating alerts based on threshold violations. When I go into my alert view inside of MOM 2005, notice I’ve had a critical error that’s actually fired off. All the information that I need to know to understand that error is now down here below. And not only is it information from Windows but because of the investments from the Virtual Server team, they’ve actually provided a really rich set of management interfaces on top of Virtual Server so that I not only know that this is a problem but it’s specific to a unique Virtual Server in this cluster. Otherwise, I’d spend a lot of time just looking at the operating system level and not be sure where these consolidation problems have occurred.
BOB MUGLIA: And again this is because we’ve made an investment across all of the teams that are building enterprise applications and enterprise platform at Microsoft to make sure that the information that’s needed to manage these systems is provided as a part of MOM. The MOM management packs are being developed by the teams that are creating the applications themselves and I think it’s reflected here with that kind of information, together with some interesting troubleshooting information.
BILL ANDERSON: Absolutely. In fact, if I go ahead and hit the product knowledge tab down below, I’m really experienced with MOM and SMS but Virtual Server is kind of new. I don’t know a lot of details about troubleshooting it, not a problem. The Virtual Server team built their management pack for MOM and they give me all the details that I need to go troubleshoot this.
So it’s telling me it’s probably a failed hardware or a fault device driver and it gives me step by step how I would go remediate this, launch the VS admin console, et cetera, et cetera.
Again, I don’t want to have to go to a different console though, so we’ve used the task pane here that will allow me to go ahead and launch the Virtual Server admin console from here. Not only does it launch the console but it takes what I was doing inside the MOM interface and contextually moves it across for me. So it now knows that I was working on that IIS box that was there.
So it gave me some instructions to take a look at the network adaptor that we believe has failed. So I’m going to go ahead and hit that particular NIC, hit the information tab that’s there and its suggestion was, hey, look, just go ahead and move it to another network adaptor that seems to be functioning. So I’m going to make that change and then go ahead and apply that change.
So now what I’ve done is I’ve actually gone and restored service where I had a failure, but I may not have actually fixed the problem and I’m not really sure what the problem was to start with. I just know that I’ve restored service.
So what we want to do is use the integration within Systems Center, the MOM related data and the SMS related data to try and give me a visual correlation of my alert history and my change history and see if maybe we can guess what the problem was.
Go up to my reports and go back to my central reporting screen. I’m going to take a look at a server change history. Now, we know this was that IIS box that failed on us. So we’ll just go ahead and select it from the drop-down, generate a report and I’ll consolidate this so you can see it a little bit better.
At the top of the report I have the SMS advertisement status, so these are all of the advertisements that have been processed by this particular system. I’ve got a new driver for my Intel NIC and a bunch of security updates that we’ve done over the past three to six months to stay current.
In the same window I’ve got my alert history by date and you can see that all of a sudden the alert storms seem to kick off about March 1st. So what I want to do is actually go back up to my change history and, sure enough, March 1st I actually deployed an updated driver for that particular Intel network adaptor. More than likely that’s what caused the problem.
BOB MUGLIA: And this report is an example of what System Center reporting is all about, taking data that’s coming from SMS, in this case the change history, together with the ongoing alert status from MOM, putting those together into consolidated views so that you can make better decisions about how to operate your systems.
BILL ANDERSON: Absolutely. So now I’ve found what I think is the problem and I’ll go into my lab and I’ll test it and I’ll verify it, but as you guys well know, problems never exist on a single system they always exist across multiple systems.
So what I want to be able to do is actually go back out to that main report and see if I can take a look at any other servers that may have actually received that particular Intel driver update.
Go take a look at my report and sure enough it looks like most of Florida has gotten this particular update. Now, for those of you who have used SMS or at least looked at it, you know that I could have associated an uninstall command with this package or with this advertisement. I could go ahead and back that out if I knew I had a stable driver previously in play or I can contact my manufacturer, get an updated driver and get it targeted quickly and easily out to these systems so I can not only restore service but I can fix the problem and not have to redo it across multiple systems.
BOB MUGLIA: And that’s the kind of thing about it, that by getting all this information together in one place it gives people the information they need to run their business.
BILL ANDERSON: Fabulous.
BOB MUGLIA: Great. Thanks a lot, Bill.
BILL ANDERSON: Thanks, Bob. (Applause.)
BOB MUGLIA: So we’ve got a lot more to show you about SMS and Systems Center and MOM 2005. There are lots of individual breakout session that will delve into this in more detail, but that gives you kind of an all-up view of how we’re thinking about hooking these pieces together.
Let me talk now a little bit about security and some of the things we’re focused on doing there. Security is by far the most important area of investment inside Microsoft. We are working really hard at making our systems more secure and building the tools that you need to remediate security issues and to prepare for a future where attacks may be more individually directed.
In fact, if we look over the last year or two, a very high percentage of Microsoft resource has gone into both securing our systems and building security tools that are associated with it. And we really believe that over the next, say, 12 to 18 months, with the new things that are coming out from Microsoft and the third parties in the security industry, that the problems that have been experienced by many of you, associated with these widespread virus attacks, that the way that that happens will change. That’s not to say they’ll go away completely. We think we have the tools in place and the fixes in place so that there will be much, much less of them and we also think that we’ll give you tools to be able to prepare for these sorts of things and to fix these things very quickly when they do happen so that the kind of business impact they have is much, much less than what we’ve seen in the past.
But at the same time we think that the security threat is not going to go away. We think we can help make it better for you. We think that, however, the world we live in is a complex place and we will see more targeted attacks. That’s sort of, I think, the unfortunate future that we’ll begin to see over the next few years is companies, particularly high profile companies in risky sorts of industries being targeted by hackers that are associated with maybe they’re profit driven, maybe they’re disruptive driven, hard to say, but fundamentally targeted in individual ways.
And so we’re thinking about how we can provide you tools and we’re working with the industry so that you can secure your system against not just these broad scale attacks that we think will be diminished over time but also targeted attacks that are coming into the future.
So security is pretty important. I don’t think it changes, the landscape changes in any fundamental way of making it less important in the future. We’re dedicating a huge percentage of our overall resource to securing these systems for you and we anticipate that we’ll continue to do that into the future.
One of the key things certainly associated with that is getting things out and getting security fixes out and we’ve gotten lots of feedback from people about how expensive it is to deploy security fixes. We’ve gotten feedback about how hard it is for Microsoft products, not just Windows, to get them out. Obviously products like SMS help tremendously. SMS, of course, is the product of choice for enterprises to deploy new applications as well as updates, including security updates, within larger organizations. But for smaller organizations sometimes SMS is a little bit more complicated than what they would like to have.
And I think about really two kinds of organizations. There are organizations that are larger that want to have a great deal of control over their environment, they want to be able to target exactly when things are deployed and who they get deployed to in a great deal of detail, and SMS provides all the tools to do that; that’s what it’s designed for. It’s for the enterprise that wants control over their environment and it worked very broadly in that environment.
But there’s another kind of organization, a smaller business typically, which doesn’t have the staff to use a tool like SMS and also doesn’t care as much about that control, and that’s why we’ve built this thing that we call Windows Update Services.
Windows Update Services is a feature of Windows Server. It is the follow-on for what we used to call Software Update Services, so Software Update Services or SUS is no known as Windows Update Services. It’s a feature of Windows and it connects to tools like Windows Update, which is Microsoft’s service on the Internet for providing Windows patches down.
Now, what we’ll be doing this year is several-fold. First of all, we are expanding Windows Update and broadening it with a new service we call Microsoft Update, which is an Internet service to provide patches for products beyond Windows, products like Office and our server applications, et cetera. Those products will be appearing over time and all the patches for those will be appearing over time on Microsoft Update. Keep Windows Update around.
We have the clients. The Windows client is being updated with a new client that is more effective at pulling patches down and is able to do that in a faster way and getting those clients updated more quickly. And that client is very, very appropriate for consumers or very small businesses that wouldn’t want to run a server to control their environment themselves. So those two pieces work together.
That same client will be used with Windows Update Services for these medium sized businesses that just want it to work, to just get their Windows and Office, et cetera, patches down from Microsoft effectively.
So we have an infrastructure that’s client to Windows Update Services as a part of their Windows Server all the way up to Windows Update to get patches down. And then we’ll use the same infrastructure over time for SMS to have SMS build on the same security scanner and to use the same services that Windows Update Services provides in the platform to get patches down for larger enterprises.
So we’re going to build this in a very consistent, coherent way. The goal is to allow both customers who just want it to work and customers who want complete control of their environment to have a great solution and to do this in a way that is as effective and as fast as possible for companies of all sizes.
With that, what I’d like to do is invite Bill back up to show us a demo on patching. He’ll show us a demo both of Windows Update Services and SMS 2003. Welcome back.
BILL ANDERSON: Yeah, long time no see.
So what I want to do, as Bob alluded to, we’re really excited about Windows Update Services both as a standalone solution for enterprises that have a simple set of update needs where it’s really about getting the update quickly, getting it deployed easily and successfully but also excited about it as an infrastructure that not only SMS but other vendors in the marketplace can really draw from to make sure that any Windows customer on the globe gets a very consistent experience when it comes to being aware of what updates apply to their system.
So I’m going to walk you through Windows Update Services first so you can kind of see some of the new changes to it and then spend a little time in SMS as well.
So as we take a look at Windows Update Services, the first thing, as Bob alluded to, it’s like having a version of Windows Update inside of your corporate firewall. So what you do is you configure this internal server to subscribe to information from Windows Update.
So I’m going to go ahead and hit my Settings tab. Take a look at some of these subscriptions that we’ve got in place. Now, I have a single subscription that’s configured with the type of content and the frequency that I want. I’ll go ahead and show you some of those configuration details.
So by default I can include or exclude different platforms that I may want. As 64-bit is getting more popular this year, maybe that’s a platform I want to include in my updates list. You’ll notice I also have the ability to do Office updates through this. And as we get closer to release to manufacturing, we’ll also have SQL, Exchange and other Microsoft products with all their updates in this cloud.
BOB MUGLIA: So this is the first thing you’re seeing with Windows Update Services compared to SUS in the past is it works now for more than just Windows?
BILL ANDERSON: Absolutely, not only more than just Windows but even more than just critical or security related content. If you take a look at the classifications down below, I can specify generic updates. I can even pull update rollouts, drivers. And as we move forward, you’ll even see things like feature packs and development kits and tools populate into this. But right now there’s about five or six of these that you’ll be seeing in the Windows Update Services pieces that are there.
And then I have the ability to configure how frequently this is running, so that I’m making sure it’s scheduling in the background for me and off hours as I’m pulling this amount of content down.
I’m just going to go ahead and cancel out of this window because we’re already configured.
So let’s take a look at some of the updates we’ve already synchronized down. So I’ve got a simple user interface here that shows me the updates that are in general applicable to my system, both ones that I’ve already approved to distribute, as well as, if I scroll down, you’ll notice there are some unapproved updates down there as well, not only security updates but even some S3 graphics video drivers or other things that I’ve got down there.
The goal is to be able to know when something applies by simply clicking on it and having all the information that’s there. So, for example, this is a sample patch number 37. It’s one that we’re using for internal XP testing. I select this and as I take a look at the properties down below I have all the information that I need to look at, description of that particular update, when it was synchronized down, its release date. Notice this is an update that never reboots so I’m not concerned about rebooting in the middle of service windows and things like that. It also gives me the install parameters. One of the things with Windows Update Services is the ability to automatically roll it back. You’ll notice this one says uninstallable, so I can actually go automatically roll it back in case of failure as well.
BOB MUGLIA: So putting all this information in one place so people can determine which updates are applicable to their organization and determine whether they could roll it back if they needed to, et cetera.
BILL ANDERSON: Absolutely, and you want to have that information and make a quick decision on whether you want this to apply in your enterprise.
So I don’t know about you, but every time I see advanced, I feel compelled to click on it. So I’m going to click on the advanced approval on the left.
Now, one of the things if you have used Software Update Services before that this shows brand new is the concept of machine groups. I have the ability using tools like group policy or even just manually aligning machines to build sample groups that I can start organizing machines against and then I can make different decisions for each one of those groups.
So, for example, I’ve got a group down here called test workstations. What I’m going to do is set up a parameter called scan. What that means is as opposed to installing the update it’s just going to go out at the next interval and scan that system to indicate whether the install would have actually occurred or not or whether the update was applicable to that system. Now I can at least get a baseline look at how many of my systems in my enterprise would be impacted as I rolled this particular update out.
BOB MUGLIA: So the thing about Windows Update Services is these are system services that are part of Windows that can be utilized by both applications like SMS as well as third party applications that deploy software. So, for example, the scanning utility, the scanning feature is a feature of Windows that provides a consistent mechanism for scanning what is installed on a given computer. It’s used by Windows Update Services today and will be used by SMS later this year when we update SMS.
BILL ANDERSON: Absolutely. So I’ve set up a policy to go ahead and scan those test workstations. For my servers though I just want to get the update out there. So I’m actually going to set an install parameter.
Now, I don’t know about you, but we don’t have a lot of administrators sitting around our servers. We try and do everything very centralized. So what I not only want to do is publish the update for these servers but I want to set a mandatory deadline. I want to make sure that by a certain point in time that update gets installed on those particular systems. That way I can make sure that I’m getting consistent success across the board.
So I’m just going to go ahead and give it about a week or so, select okay, and select okay and I’ve now actually put in a policy for this particular update where we’re going to send a scan out to some test machines and install the other test machines and assuming that everything works well, then I would go back into this update and go roll it out into production.
BOB MUGLIA: We’ve tried to provide these users of these medium sizes businesses with the tools they need to be successful with Windows Update Services. It doesn’t have the same kind of control that SMS has but it has some level of control that’s appropriate for an organization that just wants to get the job done.
BILL ANDERSON: Absolutely. And the last piece of feedback we’ve heard historically is that one of the most critical things to you is having reporting, a really rich reporting infrastructure. So we’ve got some basic reports in here to be able to track your updates as they’ve gone through. I’m just going to open up my updates status report and I have the ability to view all computers or a specific group that I’m looking at.
I’m going to select my test workstations and take a look at some of the results on those systems.
So now down below it’s showing me patch by patch exactly which machines installed it, which machines needed it and any machines that failed, and this allows me to kind of at a very basic level understand what the applicability is of this update.
I also, if I’m troubleshooting, have the ability to look at a computer by computer summary. So, for example, I’ve got this spare three machine here that hasn’t installed any yet but it looks like four of them are actually applicable to it, so we’ll want to make sure that we’ve set up the installed deadline appropriately so that patch gets rolled out.
BOB MUGLIA: So this is a huge step forward from SUS, which really had essentially no reporting at all, so people were pretty dark in terms of understanding what was actually happening out there. We’ve tried to once again provide a basic set of reports for people to know what’s really going on.
BILL ANDERSON: Absolutely. And so that’s kind of a first glance at Windows Update Services for you.
BOB MUGLIA: And with Windows Update Services the one thing that we just this week we are putting Windows Update Services into a limited beta and it will be in a broader beta later this summer and we’ll get it out later this year.
BILL ANDERSON: Absolutely. But as Bob alluded to, we’re really excited about Windows Update Services as an infrastructure as well, the ability to scan consistently across systems for us as well as other software vendors that are managing Windows, so it’s a big step forward for us. In fact, the tools that we have in production today, like the Baseline Security Analyzer, we’ll actually be moving over to SUS for a lot of their patch-based scanning as well.
So for those of you who have been using SMS, you know that it’s a great tool for tracking compliance. In fact, I was just talking to one of our key partners, which is EDS, and they’ve been working on an outsourcing engagement with a customer rolling out SMS 2003. They were giving me some numbers this morning that are phenomenal. They were able to roll out SMS 2003 to over 20,000 workstations, 1,700 servers in under 30 days with only one help desk call in the entire project. And since then they’ve been rolling out updates with an average of 97 percent success compliance within 24 hours. So it’s really changed the way that this particular corporation has managed their ability to react to vulnerabilities in general.
BOB MUGLIA: And that’s what we’re seeing with SMS. We hear this again and again. People who have experience with previous releases with SMS or other tools are finding amazing success in using SMS to deploy applications.
BILL ANDERSON: And the key really is around compliance and control. So if you take a look at the report that I’ve shown up here, this is one of the standard compliance reports that ships in SMS 2003 and again as we move forward and integrate with Windows Update Services this compliance data will be based on this scan from that Windows component for consistency.
This particular scan was run in early February, a couple days after the February update package was released. And you can see we weren’t very compliant.
BOB MUGLIA: This is run in OTG. This is run within our Microsoft OTG.
BILL ANDERSON: This is run against the OTG data. So approximately 109 or 110,000 managed devices that are there. Forty-eight hours later we saw that we were at approximately 1 percent compliance. So now we know the amount of scope of visibility to this and we know the task that we have at hand.
Now, you mentioned the control of SMS and I think this is really the thing that as an enterprise customer looking at the features that I’ve got and the controls to be able to do this updating but do it within my defined service levels is pretty key.
Within SMS we have this concept of a collection. A collection is a grouping of machines based on inventory attributes or with SMS 2003 is also based on things like Active Directory, OU, other AD components.
Well, what we’ve done within OTG is we’ve literally built a series of collections that are reflective of our service levels as well as our server roles. In OTG we manage over 8,000 servers in our data center with SMS and we want to do all of that centrally. We don’t want the business unit owners to have to think about my update today, update tomorrow. So what we want is a central control metaphor that allows us to do this targeting but deploy updates in their service levels.
So, for example, I’ve got these work-when windows, work when Friday or Monday.
These are the defined service levels for these particular devices. This is a group of servers that have a service level window defined between midnight and 4:00 a.m. on Fridays so they can update changes as well as reboots within that time without suffering any user downtime. So SMS as a tool allows me now to target the updates to these systems within these rules so the business owner just gets updated.
The same thing is true in many of our product groups. So if I’m looking at Exchange or SQL, I may have a lot of clustered investment there as well. I don’t want to update both halves of the cluster at the same time, because then if I do have to reboot I’ll actually interrupt service.
So, for example, here’s a set of SQL servers that are the active half of clusters. So now I have the controls at my fingertips to update these first, provide a reboot if it’s applicable, and then update the passive side of the cluster as well; so the control that I need to update my systems without violating my service levels.
BOB MUGLIA: Great.
BILL ANDERSON: And then the last thing, as we’ve already talked about from a compliance standpoint, is all about reporting. But compliance isn’t a binary thing. You don’t say I’m compliant today, I’m not compliant tomorrow. What’s more important for you is to understand how long it takes you to get compliant.
So I want to show you a chart that we’ve built in SMS that allows me to track that. This again was from some of our OTG data. We made an advertisement in SMS, fired it out there, let machines start processing it, and then it had a mandatory time. So as you take a look at this chart you can see there were four or five hours that it was out there that people could install it on their own if they chose to. At the fourth hour that’s when the mandatory install kicked off.
So we can look at something like this across 110,000 nodes and know exactly how many hours it takes for us to reach the compliance level that we have to be measured against. But we also know that the troubleshooting elements are harder for that last 3 to 5 percent.
BOB MUGLIA: So we’ve got to 95 percent within six hours here, so what’s the rest of that? Where are the rest of those?
BILL ANDERSON: So let’s go ahead and drill through and we can take a look at this. So this is actually the detailed status back from SMS that’s showing me where I have succeeded. So we have over 103,000 and 95.8 percent sounds pretty successful except for when you have 110,000 machines and that means that 5,000 still aren’t done yet. For many of you, 5,000 might be your entire corporation. So for us 95 percent is good but it’s still not done.
However, with this detailed information at our fingertips we can notice that 900 of these, they’re done, they’re just pending reboots so we know we can actually with SMS schedule or force a reboot, we can contact the administrators to do so or we just presume that the users will reboot their system.
I also have about 3,000 machines that haven’t given me status yet, more than likely laptop users. In other words, the update was installed offline and they just haven’t connected back up to send us the status confirmation.
BOB MUGLIA: So you can track that over time. As those users begin to connect their machines, these patches will get installed.
BILL ANDERSON: Absolutely. We want to be able to provide all the information and the tools at your fingertips to drive as quickly as possible with the lowest cost towards 100 percent compliance. Whether using Windows Update Services or SMS 2003, our goal is to get you as compliant as we can as quickly as we can.
BOB MUGLIA: And we’ll get those fixes out there. Even if people are connecting over slow networks, we’ll get them out there as fast as they can possibly flow down. And what you’re seeing here is just a few machines have actually failed. And we’re seeing this again and again as people are rolling out updates within Microsoft and within companies that have adopted SMS 2003 that a very, very, very small number of machines just fail to install. So the amount of work that it takes to get those last machines connected and up and running is much, much reduced.
BILL ANDERSON: Managing update compliance with the same level of 9s that you manage your data center is frankly just cool.
BOB MUGLIA: That’s great. Great. Thanks a lot, Bill, I appreciate it.
BILL ANDERSON: Thanks, Bob. (Applause.)
BOB MUGLIA: So that’s Windows Update Services and SMS 2003. We’ve delivered on SMS and we’re working hard to get Windows Update Services out the door so that companies of all sizes have a great patching solution. This is a very important part of security because it’s part of closing that loop.
I talked earlier about learning the end-user experience, and that’s important to understanding what’s going on with end users, but part of that is getting fixes out to those end users, and we need to have a good, consistent mechanism to do that. We have half of that in place now and later this year we’ll have the whole thing in place so that companies of all sizes will have a great mechanism for delivering updates.
So the roadmap for DSI: We feel like we’ve done a lot over the last year to deliver on the commitments that we made to you a year ago. We shipped Windows Server 2003, we shipped SMS 2003, we’ve put MOM into beta, we’ve got betas going on in a number of these different products. Windows Update Services is working forward. We have an important service pack from a security perspective to Windows Server 2003 coming later this year. That brings about 64-bit support as well. MOM 2005 is doing great, we’re looking forward to that being released, Systems Center 2005. We have some updates to SMS that are coming later this year that we’ll talk about for deploying images and making it easier for people with some new feature packs for things like mobile devices. Virtual Server 2005 coming later this summer and then Visual Studio 2005 will be in beta this year, shipping next year.
Moving forward, we’re beginning the work on things like Systems Center v2. We’re certainly working actively on
will be a big step up in terms of how we can build manageability intrinsically into the system. And then we’re also looking at the next release of Visual Studio beyond
which will coincident with
or roughly coincident with
which is focused on both
features as well as further taking SDM and DSI further from a developer perspective.
So a lot has happened, a lot is going on in the future, a lot is coming this year. This is a big year for software that’s going to come out. We think there’s a lot of things to solve problems for you and we’ve got a lot of things coming over the next few years.
When we think about the Dynamic Systems Initiative all up, our focus is very simple. We want to make it as effective as possible for you to reduce your costs for your operational systems and to drive new business value.
We know that to do that management is an important part of the picture, but just like the lesson we learned from Detroit, it’s just a piece of the picture and we need a set of solutions that span everything from the development through the deployment and the operations of the system. All up we think of that as Windows Server System and the Dynamic Systems Initiative is a key part of it.
We’ve seen some great value that’s been delivered. We are very excited about SMS 2003. If you’re an SMS customer that’s not running 2003, at this conference learn what it takes to get migrated and moved but go back to your offices and move to SMS 2003. This product is ready for you to deploy.
If you’re considering a management solution, changing configuration management solution, learn about SMS 2003. We think you’ll find it’s the best product out there to solve your needs.
We’re very excited about some of the things that are coming later this year like MOM where we’ll really deliver on things like operational infrastructure, operational management and then Systems Center we’re taking our first step with Systems Center to provide you with the data that you need to more effectively run your business.
And we’re continuing to deliver on DSI, this message of DSI, starting with the development side with Visual Studio through the deployment and into the ongoing operations and management.
It’s been a great year. We think this is a trend. We haven’t always had great years of management at Microsoft. We think the last year has been a great year. We look forward to many great years together. We think this is a great conference, lots of great information. I’m certainly glad you’re here. Welcome to Microsoft Management Summit 2004. Thank you very much. (Applause.)