Andrew Lees: Microsoft Tech-Ed 2004

Remarks by Andrew Lees, Microsoft Corporate Vice President, Server and Tools Marketing
Microsoft Tech
·
Ed 2004
San Diego, Calif.
May 25, 2005

ANNOUNCER: Welcome to the likely fictitious Woodgrove Financial Services. After a recent acquisition of a competing firm, Woodgrove’s IT management has decided to use the acquired branches as a test bed for rolling out a new branch office technology stack, which, of course, needs to be up and running first thing Monday morning. It’s going to be a long weekend.

DAVID: My name is David. I’m an IT professional, an infrastructure manager. It’s a full-time job and by full time, I don’t mean 40 hours per week. I mean I’m on call every second of every day. I put out so many fires that my title really should be Woodgrove firefighter.

PAULA: I’m Paula. I’m an information worker, a branch manager for Woodgrove. My needs are simple: I just need technology to work for me, not against me. I need it to work all the time.

DAVID: To survive, I have to know a lot about a lot: a lot of technologies, a lot of industry trends, a lot of potential problems. I can handle just about anything a vendor can throw at me, but it seems like most of my time is spend troubleshooting or doing password resets.

PAULA: Information is my life. I need it when I need it. I need to share documents with my clients. I’m trying to get simple things done quickly.

DAVID: They want it simple to use, but they don’t get that it is complex to implement. I’m supporting three different versions of everything. And every time something new gets installed, it breaks something else in my system.

PAULA: Is it asking too much for IT just to make things work?

DAVID: Is it asking too much for them to stop asking dumb questions or maybe just RTFM? (Laughter.) (Cheers, applause.) And where did the expectation come from that everything was supposed to work perfectly and fast and never crash or slow down?

PAULA: I hate missing deadlines.

DAVID: I hate missing entire weekends with my family.

PAULA: I have to put in extra time to finish the job.

DAVID: I never get to finish the job.

PAULA: Fortunately Microsoft is finally telling us we can do more with less.

DAVID: Do more with less what? I mean, the fact is, it is impossible for me to get it all done. I know, I know. I keep hearing about automation and simpler deployment. Well, great, I needed it yesterday. And in the meantime, when something can’t be done, my coworkers, they don’t see it as the software’s fault, it’s my fault.

PAULA: I just want IT to stop saying no.

DAVID: I just want to start saying yes.

ANNOUNCER: Please welcome Microsoft’s Corporate Vice President of Server and Tools Business, Andy Lees.

ANDREW LEES: Well, good morning. I just want to start saying yes. Continuously dealing with firefighting and standing still, this is real-world IT pain. You know, I bet everybody in this room has pagers and cell phones so that they can be contacted just in case another crisis breaks out, and we all know the code. One voice mail means that the new application that you just deployed is not working properly. Two voice mails in a row means that another virus just hit. Three voice mails in a row means that the CFO forgot his password. And four means that the network is down. This is real IT pain.

We understand that pain, and today I’m going to show you how we can help. Now, you and I know that you are working hard, but where is all the time spent? A recent study conducted by Accenture showed that 70 percent of the time of IT was spent sustaining and running existing capabilities – 70 percent of the time standing still, doing things like maintaining service calls, managing existing systems, dealing with security. And only 30 percent of the time is spent adding new capability, adding new value to the business, helping new solutions, helping your users be more productive and have access to information.

So, what’s the root cause of this problem? Well, simply put, the root cause is complexity within and across the life cycle. Application developers say it’s too difficult for them to be able to go through and design and build applications and put solutions together. IT professionals, it’s too difficult to go through and deploy and manage solutions that they require to run the business. And information workers say it’s too complicated to be able to go through and analyze the information that they need.

Not only do you have complexity in each of these areas, but complexity about the way they work together. Yesterday, we showed the complexity of an application developer — are they really considering what’s required for the IT to be able to through and deploy, manage and operate that?

So, there are three ways in which we can solve this. One, just keep suffering. Well, that’s certainly not something that I would want to go through. I guess the second option is that we can go through and start throwing extra people and resources at it. Now, we’ll feel good for a while with that, but of course that’s not sustainable, because sooner or later we’ll just run out of money. A better solution would be to engineer software to be more integrated, to reduce the complexity by design, and that’s our approach, and we call it integrated innovation.

What does that actually mean? Well, we want to design each one of our products to be the best of breed. We want SQL to be the very best database that there is, period. We want Exchange to be the very best e-mail system that there is. We want Visual Studio to provide the richest and best way for developers to be productive. What we also want to do is to say, well, if you want to do programming as part of SQL Server, wouldn’t it be good to use exactly the same programming tools as you do in our developer products, make sure you have the same IDE, same debugging tools, and so on?

Today, we’re going to spend a lot of time talking about Windows Server System. It’s a collective name that we use for our server products at Microsoft. But, this is much more than a name. Window Server Systems stand for integrated innovation. So, what is this used for? I’ll take e-mail as an example. If I want to go through and provide an e-mail service to my users, I want to be able to make sure I have a common directory with single log-on to make it much easier for me to manage it the same way that they would do that for networking as well as e-mail. If I want to provide remote access to my e-mail, that means that I need to be able to open the firewall up so that a user can go through and get access to the mail system. So, I would like the firewalls to know about the mail system to make sure that the hole that it opens is just wide enough to make sure that only e-mail — that application to application traffic — can go through that.

In other words, wouldn’t it be good if all of these pieces were designed to work together? And that’s what we provide with Windows Server Systems. So you’ll see later on in a demonstration that will show ISA 2004 working with Exchange, working with Windows Server 2003, and all will work consistently across everything, even the way in which Exchange works with storage systems. Later on today, we’ll be announcing an add-on pack, a pack of storage solutions to make sure that Exchange works seamlessly.

So, of course, doing this, we want to do this more than just inside of e-mail and firewalls. So we really think of three sort of common scenarios, common usages, that Windows Server Systems is designed for. The first one is operational infrastructure. That’s making sure that we really nail things like file and print serving, networking, deployment and management to your server infrastructure inside of your business.

The second area is information work infrastructure. This is so that you can help your users be more productive, providing them with tools for messaging, for collaboration, for communications, and so on. And then finally, providing an application infrastructure. This really is about enabling line of business solutions with things like Web services. Then ultimately, so that you can add value to the business through things like streamlining businesses, making sure that you connect together within your business, and between businesses, for better integration of things like data management.

So in the presentation, we’re going to show you how Windows Server System can help you in three ways. First of all, it’s going to help you manage costs. Secondly, it’s going to help you keep the business running. And thirdly, to deliver new business value. And we do this through three core initiatives that we have at Microsoft.

The first one, which Steve spent some time on yesterday, is the Dynamic Systems Initiative. This is a way that radically simplifies the way in which we do operations and management, and it does that by not only being good at those individual things, but looking at it from the entire life cycle when you’re designing your solutions, and you do that with operations and management in mind.

The second thing, an initiative we have at the company, is Trustworthy Computing. This is all about making sure that you can provide a secure and reliable and scalable infrastructure upon which you can build your solutions. Then finally, we have .NET, which is really about enabling you to build and integrate applications faster, and get rid of the applications backlog, particularly using Web services.

So in the demonstration, we’re going to focus in on these three areas. Managing costs: we’ll show you how we do that through operational efficiency, how you can keep your business running with a more secure and a more reliable infrastructure, and how we allow you to deliver new business value, so that we can reduce down — having done the first two things — we can reduce down the amount of time that you’re spending standing still, and add more value in terms of applications platforms, and information worker productivity. Steve Ballmer yesterday spent more time on the application side. He was demonstrating Visual Studio 2005. Today, I’ll probably spend more time on infrastructure.

So we’re doing this integration based on your feedback to reduce complexity. Before we get into the demonstration, the way that we’re going to do this is through a thing called the common engineering roadmap. This is how we’re bringing all of our infrastructure together. It makes it very concrete and allows us to make sure that we honor our commitment to integration. In some ways, I guess this is analogous to where the industry was with word processors and spreadsheets many years ago. I’m sure that many people in this audience will remember the time when word processors and spread sheets, they didn’t look alike. They didn’t work alike. They weren’t integrated. You couldn’t share information. Well, Excel and Word, and ultimately Office, changed all of that. The common engineering roadmap is our strategy for doing the same thing on the server. And the Common Engineering Criteria 2005 is the first deliverable. We’ll provide a set of ever-increasing criteria to be able to help you better reduce costs, and manage the business, keep the business running, and add value.

I’m not going to go through all of the criteria now, but for example, in terms of managing cost, we’ve made a commitment that the way in which you manage each of our server applications, the operating system itself, all part of the Windows Server System, is through Microsoft Operations Manager, or through MOM. That means that if I was the Exchange team, I’m going to design MOM as the way in which I manage Exchange. Because of the scalable capabilities of MOM, that means if I want to manage lots of Exchange servers, or, I want to have a single console across all of Windows server, I can do that in MOM. Now, that doesn’t mean that MOM is only about Windows Server System, but it means that the integration that we have between the elements of our server products and MOM are very tightly integrated.

We have criteria that help us make sure that you can be more secure. The way in which we develop the applications, so it’s secure by design, it’s secure by default settings that are there, and also that it’s easy to have it secure in the deployment. Steve talked yesterday about how we use Watson to provide closed-loop feedback, and how this is a very important step in how we develop the products. Just think, for example, on the Windows client side, on the desktop side we have had Watson for a while.

Did you know that 85 percent of all of the crashes that we got reports on were down to six drivers — six drivers. So what do we do about that? Well, we talked to the people that wrote the drivers. We can tell them exactly which line of code the problem was in, they fixed them, we posted them on the Windows Update, and we go through and fix it on all your user desktops. We also get feedback about how we need to better protect the system from rogue device drivers like that. And this closed-loop feedback, all of our products are using this same technology, and the same way of doing that, so we can get better information, so that we can improve the quality and experience to help you keep the business running.

In terms of delivering business value, the common criteria outlines how we will integrate Web services very deeply and architecturally into all of our products to make sure they are .NET connected. We will even be providing architectural guidelines about how you combine together the different elements of Windows Server System around core ways you would use it, core usage scenarios. So, we’re doing this based on your feedback to reduce complexity.

The other thing that we get feedback about is the product support lifecycle. So, I’m very excited to tell you that today we are extending support as part of a new product support life cycle that we’re announcing today, where we will move from 7 years to 10 years, a minimum of 10 years support, for all of our business software. And this means that you can, from the time of shipment, you can guarantee the sort of support, and we can be much more predictable in the way in which you can get support around our products.

As well as that, we’re also announcing you’ve asked us to go through and to unify the guidelines that we provide you as to how to utilize all of the Windows Server System together. So we’re also announcing the Windows Server System infrastructure environment. This is where we looked at a comprehensive architecture, and scenario-specific usage scenarios. It means that we have one set of guidance, one way in which we’d recommend you do things like, say, identity management, and you do that in a consistent way across all of the products that are part of Windows Server System.

We’re committed to your success not only in the technology, and listening to feedback and improving what we provide to you, but also in the ongoing relation that we have with you through MSDN and TechNet. We’re very committed to make sure that IT professionals get the information that they need from TechNet, and developers do the same through MSDN. We do that through things like guidance, things like tools, the events, and Web casts. I mean, two weeks ago alone we did a Web cast on TechNet about the security issue that happened. We had 30,000 people, even though there was like 2 days notice for the Web cast, we had 30,000 people watch the Web cast live, and many more people than that, a multiple of that, in terms of downloading on demand.

Such is the commitment that we want to have in giving you the information that you need to be successful. Even more than that, though, with MSDN and TechNet, we realize that we want to build upon the experience of the total community. We want to make sure that people can easily share ideas between each other. I’m hoping that you’re using this event here to seek out people that have common experiences, and you can share ideas and information and skills and things that you’ve learned about how to utilize technology in different sorts of ways. And we’re facilitating that through MSDN and TechNet.

For example, when Visual Studio ships in its next version, if you want help, not only will we, of course, include the help information that Microsoft has provided, but we’ll also push you towards, and integrate directly into, the community and news groups, so that you can immediately see what other people’s feedback we get about that area is, and how they have workarounds in certain environments, so that you can get the most out of the technology.

OK, so what we’re going to do is spend most of the time actually showing you how our technology can help address the pains I outlined earlier.

In the first demonstration, we’re going to take a look at reducing costs and to do that we’re going to look at a branch scenario. In the branch scenario, I’m going to do three things. First of all, we’re going to provide secure access to e-mail for remote users. The second thing is we want to reduce our connectivity costs between the branch and the headquarters. And then finally, what we want to do is say, ‘Is there a way in which you can optimize the configuration of our existing system in that branch scenario?’

During the demonstration you’ll see us show for the first time the Best Practice Analyzer for SQL Server. This is a thing that we’re announcing today that enables you to look at existing systems and make sure that they are optimally configured.

And also announcing today is the SQL Server 2005 data encryption, which you will see when we ship SQL Server 2005 next year.

So for the purposes of the demos, we’re going to take you to a fictitious company and take you from the comfort of the conference center to Woodgrove Financial Services.

DAVID: For me it’s all about security. For them, it’s all about access and remote access and right now, I just want my e-mail.

PAULA: I just want my e-mail. Is that too much to ask? And can I get it instantly without VPN? I mean, how hard can that be?

DAVID: Not so hard, just time-consuming and expensive, with all the dedicated lines that I have to lease.

PAULA: We just need to work together to get it done.

DAVID: Yeah, I work while you keep asking me why it’s not done. But let’s talk about working together. How about if something from Microsoft actually worked with something from Cisco?

PAULA: Oh, and make sure you’ve optimized our security. I mean, did you implement one of those firewall things yet? And is that what’s slowing down my connection to corporate? Because a 20 meg PowerPoint file takes —

DAVID: I know, I know, forever to open, like, what, a minute?

PAULA: Huh, more like ten minutes.

DAVID: That is an exaggeration but, hey, don’t worry, I put it on my list along with optimizing configuration, data encryption and verifying about 50 best practices with each server. I think I need a Harry Potter wand.

PAULA: You just need to listen to Microsoft. Do more with less.

DAVID: What, do more with less time? I mean, get real. How is Microsoft going to help me?

ILYA BUKSHTEYN: Hello. My name is Ilya Bukshteyn. I work for Microsoft, and it’s my mission today to demonstrate how we can help David and all of you with your challenging business requirements.

Now, as a lot of you know, especially the Microsoft partners in the audience, we at Microsoft are very good at talking about how we can help, but our partners are great at actually implementing the solution. And so, that’s going to be the case today as well. And I have with me Jon Rauschenberger from Clarity Consulting who’s actually going to be helping drive the demonstration.

JON RAUSCHENBERGER: And, Ilya, my mission today is to make you look good.

ILYA BUKSHTEYN: Great. So let’s go ahead and dive into the scenario that Andy was talking about, and let’s talk about how we can meet Paula and David’s needs.

The first thing we want to talk about is configuring e-mail access on the go, as Paula had asked David to do. So what we’re going to look at here is the new ISA Server 2004 console. So we’re at the Woodgrove data center, and Jon is going to go ahead and publish a mail server. As he does this, you’ll see that he has options for publishing a standard base mail server, an SMTP server, or a specific option for Exchange Server. If you choose Exchange, the benefit you get of ISA Server and Exchange Server both being part of the Windows Server System is that the two know exactly each other’s needs. And so to securely open up access for mobile access, Outlook Mobile Access on the device or full Outlook client, Jon only has to choose from one of three check boxes, and ISA automatically opened that hole through the firewall but still kept the minimum possible attack surface area.

JON RAUSCHENBERGER: What we see now, Ilya, is that I’m actually at the step in ISA where I need to configure the listener that traffic is going to go through to get to our Exchange Server. So at the ISA level, I’ve got a couple of options here. I can choose whether I want to enable HTTP and HTTPS, or force people to come over HTTPS, which is what we want to do.

In addition, I can specify my authentication mechanisms here at the firewall. So you can see we’ve got the ones you’d expect, the basic and integration. You could also do a forms-based authentication so if you want to write your own authentication form you can do that; a whole bunch of options available to you for authentication at the firewall level.

ILYA BUKSHTEYN: And that’s again the integrated security that we can provide as part of Windows Server System.

So let’s go ahead and apply those changes. That’s going to give us the mobile e-mail access Paula was asking for.

Now, let’s move out into the branch. David was talking about the expense of branch connectivity, and this is something we’ve heard over and over again from all of you and we’ve experienced it ourselves at Microsoft. One of the new features in ISA Server 2004 is the ability to replace lease line connections with much more inexpensive VPN connections, and that’s what Jon is doing right now.

Now, the dialogue you’re seeing here shows that we’re using standards-based protocols to do those VPN connections. That means that you can leverage the software and hardware investments that you’ve made, such as those Cisco VPN concentrators that David was talking about.

As Jon is going through and making this connection, I want to note that we at Microsoft have actually done this ourselves for all of our global offices and we’ve been able to save US$3 million in the last year alone just by doing this.

JON RAUSCHENBERGER: What we see here, Ilya, is I’ve finished my configuration within the ISA management console, but I haven’t applied the changes yet. I can discard those if I want, I can configure more options or, if I’m ready, I can go ahead and apply those. So, it gives me a great deal of flexibility in terms of setting up my servers and then electing to apply those changes when I’m done.

ILYA BUKSHTEYN: OK, so now we’ve got less expensive lines connecting to our branch office. Let’s talk about how we can use those lines more efficiently.

So Paula mentioned the dreaded 20-megabyte PowerPoint file going over the WAN. One of the things that all of you have been asked to do I’m sure is to set up some way for information workers to have access to their files locally. That means file replication. In the past, file replication has been too complicated to set up and manage.

What we’re looking at here is a technology preview of some branch server technologies that we have coming in the next release of Windows Server 2003. So Jon is showing the management console, and one of the things you can see is that we’re now introducing a hub and spoke topology model, much more efficient for the branch scenario.

Once Jon goes ahead and adds the branch server for Paula’s branch to the replication scenario, the files will get replicated out to her branch server and Paula is going to be able to access her resources.

Here John’s showing you a monitoring console so we can take a look at our network traffic.

If we switch to the information worker machine that someone like Paula would be using in the branch, I’m going to open up a PowerPoint file. This one happens to be about 8 megs. And the other problem with file replication today is when you make a simple change — and so in this case I’m going to just add some type to my PowerPoint — when I save that, that’s a lot of traffic going over the wire. So on John’s machine, you can see that we just sent a lot of traffic over the wire. In the case of PowerPoint, it actually touches that file multiple times so we just sent 8 megs multiple times over the wire.

To address this, we’re introducing a new feature called RDC, Remote Differential Compression. John is going to go ahead and turn that on. I’m going to go back to my PowerPoint and fix the mess that I just made and save it. And now what you’ll see is far less traffic going over the wire, because with RDC file replication services, it only sends the change that we made. Along with getting rid of leased lines, this functionality lets you be much more efficient about how you use your branch connectivity.

All right, let’s move on to the last of David’s challenges. This is something that again, when I talk to all of you, I hear over and over. We know how to configure our servers effectively, but how do we keep track of whether servers all over your enterprise are actually configured effectively?

What you’re seeing here is the new SQL Server Best Practices Analyzer. This lets you automatically scan your SQL Server 2000 — and in the future, 2005 installation — for a variety of configurations. Here Jon is showing you just some of the categories. You can look for common database administration issues, development issues and, in fact, you can also scan for SQL Server 2005 readiness. So this tool will point out any potential issues you may have when you do choose to upgrade to SQL Server 2005.

We’ll go ahead and run this scan on our SQL Server. As it’s running, I want to point out that this is one of the features that we see as a common service across Windows Server System. Later at the conference, in some of the breakouts, we’re going to tell you about an upcoming tool we have that does this type of work for Exchange and we envision that going across all Windows services and products.

So Jon is showing you the results of our scan. You see mostly we’re good, but let’s focus in on the noncompliance issues. It looks like we have two issues, one relatively common, log and data on the same disk. Another is actually a SQL Server 2005 readiness issue. So this is something your developers may have done in the code that will cause you headaches. With this tool, you can point out exactly what they need to do to make sure you’re ready to go to SQL Server 2005 when you want to.

JON RAUSCHENBERGER: Running a snapshot scan like this was great. We can see the status of our server right now, but SQL BPA actually also stores all of our scan results in a database so we can see historically, here are the scans that we’ve run and you can go back and take a look at how you’re doing against your best practices over time as you make changes to your servers.

ILYA BUKSHTEYN: One of the reasons that you may be asked to look at SQL Server 2005 is the native data encryption that Andy mentioned earlier. This is a very common request that we get from a lot of you — how do you protect your data all the way through a multi-tier application?

So I’m going to go ahead and run an application that is sort of typical of what someone would run in a branch such as Paula’s branch at Woodgrove. And I’ll log in as a typical end user. And what this allows me to do is look at my customer information, my customer list and some detailed information about each customer. I’ll go ahead and look at this customer’s credit history. Now that’s some sensitive information, credit card numbers, security codes. An average end user probably shouldn’t be able to look at that.

Now, today you would have to go to your developers, ask them to look at application logic, use third-party encryption that you then need to manage. That’s costly and it’s also time consuming.

With SQL Server 2005 we have native data encryption. So Jon is running a script that will go ahead and encrypt that database in a way that is integrated, that’s easy to manage and requires few or no changes in the application logic for you.

So I’ll go ahead and run the same application, and first I’ll log in as the same end user, the same person I was logged in as earlier. And I’ll follow the exact same steps of selecting the customer information. This time when I look at the credit history you can see that the sensitive information is, in fact, encrypted.

Now, I’ll log in as a power user this time, and because SQL Server encryption is user-specific, this time when I look at my information without any application changes I can see the data I need to see.

All of these features together will help David and all of you manage costs in your environment.

Thank you. (Applause.)

ANDREW LEES: So what you’ve just seen I hope is a good example of how we’re trying to design Windows Server System to work together. You saw that the options in the firewall knew about Exchange and knew how to configure it so that it was optimized so that just the hole that was opened for the pass-through was just exactly what was required for Exchange and minimized your surface area.

You then saw how we’re thinking about things like file replication, you saw a preview of the next version of Windows Server 2003 that we’re codenaming R2.

And finally, you saw how we have the Best Practices Analyzer, and Ilya talked about how we’re going to be doing the same thing across our different products. And, in fact, even more sophisticated is how, if there is a configuration that’s wrong or that’s not optimized inside of Windows, even though you’re doing a test inside of something like Exchange, it goes through, it looks down the stack to say, oh, well, to get the most out of Exchange you might want to configure the server in this particular way, such as the integration across the Windows Server System.

Now, we’ve just shown you some examples of how we can go through and reduce costs, but you may be a little skeptical with just a demo. So how does this work in the real world? Well, inside of Microsoft, as you would hopefully expect, we use all of our own technology extensively. And as we’ve made the transition over from earlier versions to Windows Server 2003, Exchange 2003 and so on, we’ve been able to reduce our costs significantly. We saved more than $9 million in this current year alone through things like server consolidation, through better management and help with deployment. We really do use this stuff a lot. I mean, with Exchange alone we have 75,000 mailboxes, we send six million pieces of e-mail and we’ve been able to reduce the number of sites that we had e-mail servers from 77 down to 7 as part of the consolidation exercise.

We also at the same time have been able to do a better job internally, the IT group, of providing the service levels for the business; very high degrees of availability in their testing is what they are providing.

But, of course, anybody worth their salt will know that running the business is not just about reducing costs. What you also need is a secure and reliable infrastructure. And so for us, security is one of the top priorities at Microsoft.

Steve talked yesterday about the things that we’re doing in our technology and the things that we’re providing for IT professionals and developers. Basically, it comes down to five things.

The first one is improved isolation and resiliency. What that means is to make sure that your perimeter is more secure and each of the individual nodes or machines on the network is also more isolated, so that if a problem occurs, its ability to be able to spread around your network and how much damage you do is greatly reduced. And that also helps, of course, with the resiliency of your system. We’re doing this through technologies like Windows XP SP 2 on the desktop, and also utilizing client inspection technologies we’ll show you in just a moment.

The second area is where we go through and improve authentication, authorization and access. This is really all about making sure that people have access to the information that they need, but only to people who should have access.

The third area is about quality and engineering excellence. In some respects, this is about minimizing the number of vulnerabilities. Our goal here clearly is to make sure that we intend to zero in, in terms of the number of vulnerabilities there are in our software, and we’ve updated our whole software development lifecycle. We’ve changed the way in which we develop our products, and that’s having a marked impact in the quality of the latest technology that we’re providing.

Also what we’re doing, though, is to make sure the things that we learn we are providing out to other developers in our development tools and also in our platform. And you saw that demonstrated yesterday in Visual Studio 2005 how you can do testing for common problems like buffer overrun.

Of course, if there are updates, if there are patches needed, this is a big problem for you to be able to go through and manage that. And so we are significantly simplifying and automating the update process. By the time we get to the fall this year, we will have a single way in which updates are deployed across the Windows Server System line of products. There will be one way in which you can receive the patches, you’ll go through and deploy them and, if you need to, roll them back as well.

We’re focusing in on update quality, reducing the size of those and minimizing downtime. Already we’ve been able to reduce the number of reboots by about between 10 and 30 percent — depending on what type of products and in what type of scenario — the number of reboots required as you would go through and deploy a patch.

And then finally, we want to provide guidance and tools and make sure if there are issues that we’re very responsive. Guidance and tools, because, of course, you in the audience here, that you will go through and utilize the technology in lots and lots of different ways. And so we want to make sure that we give you the guidance such that in common scenarios you can say, ‘Ah, OK, this is how I need to set this thing up to be secure in my environment and for how I am utilizing the technology.’

Security is very important to us. You know, I guess in some respects it’s kind of like we’re in this sort of bizarre tennis match that’s going on. The hackers are always going through and serving to all of us and even when we win the point, they always get the ball back. Success will be about changing the game entirely. We envision a near future where it would be more like Star Trek, where you just simply go through and raise your shield and the hacker attacks bounce off so that you can control your environment and do things like deploying updates on your schedule and not on theirs.

To make this come true and to make this happen, we have a number of innovations that need to come together. So what we’re going to do is we’re going to show you some of those things. During the demonstration, we’re going to be featuring the client inspection and isolation technology, which we’ve never shown before. We’re going to be talking about Exchange Instant Message Filter, which we are announcing availability at Tech
·
Ed, and also the Exchange Edge Services, some extended message filtering capability that’s coming out in the next version of Exchange.

So to take a look at those things, let’s go back to Dave at Woodgrove.

DAVID: I’ve got a firewall up the hackers can’t get through. You would think that all is well, but then I remembered that relaxing at home is my biggest threat.

PAULA: So now, honey, I’ve finished downloading that program. Now I need you to tell me again how to make those annoying permission screens go away? Just click, turn it off, then click OK? What are they worried about anyway? I’m just trying to get some vintage MC Hammer tracks. (Laughter.)

DAVID: Yeah, so he can hammer my network. Man, how do you protect against stupidity? I mean, they shouldn’t be allowed to have that kind of power.

PAULA: Boy, these file-sharing programs are great. They’re going to love this at the office.

DAVID: And the scary thing is she’s serious. Now, I wish I could remotely frisk her machine and just delete all that crap. I mean, it’s bad enough that I have to let Internet traffic all the way in before I can decide if I want it in.

PAULA: I think they said we’re getting some Microsoft updates. I’d better make sure Dave installs them so we have the latest stuff.

DAVID: Yeah, I’ll get right to that. Sometimes those updates cause me tons of work fixing everybody’s applications. I mean, somebody should ask somebody at Microsoft if those updates could come with a big undo button.

ILYA BUKSHTEYN: Well, I think I’ve got that big undo button right here. First, let’s take a look at how we can address the Nightmare on Elm Street scenario that we just saw. How do we help users help themselves and at the same time help all of you get fewer calls to your help desk?

What Jon’s going to show you, picking up from where Paula left off with her MC Hammer music sharing program, Jon’s going to look at some new features of Windows XP Service Pack 2. This is the Service Pack all of you got in your bag in release candidate form, and we’re working hard on getting that release as soon as you tell us it’s ready.

One of the great things about Service Pack 2 that Jon’s showing you is the new Security Center. The Security Center gives you a one-place-stop to look at the overall vulnerability state of your machine, and when a vulnerability is detected, in this case Paula having turned off the firewall, it tells you very simply how you can fix that vulnerability, such as turning the firewall back on again.

JON RAUSCHENBERGER: It’s great that Security Center is able to track Windows components like the Windows client firewall but it also can track third-party products. So we see here I’ve got eTrust Antivirus running on Paula’s machine. If I disable that, Security Center also detects that I’ve done that, gives her the warning that her machine may be at risk and also gives the recommendations on how she can correct that problem. So it doesn’t monitor just Windows components, but it also integrates with third party solutions like virus scanners.

ILYA BUKSHTEYN: As Jon said, it’s a key design point for us to integrate with the software that you’re using.

But at the same time, I’m sure that all of you that are network administrators are sitting here going, ‘What is he talking about, why would an end user be able to turn off a firewall?’ Well, one of the things that we’ve heard feedback on and are addressing in Service Pack 2 is the ability to configure the Windows firewall at a very fine-grained level using policy. So you can apply a policy that says the firewall settings are this at work and this at home for mobile users so you can help make sure with policies that your desktops are more secure and more resilient.

But then, what happens when that mobile worker, when Paula with that MC Hammer music and whatever else may have downloaded with it comes into the office? What happens when she VPNs in?

Today some of you probably know that you can write custom script to inspect that machine on a VPN connection. What we’re showing you here is a conceptual demo of some technologies that we’re working on, again for the next release of Windows Server 2003 and this does client inspection and isolation.

So what you saw here was Jon do a VPN connection, the network Security Center saw that the machine had outdated virus definitions so the machine was isolated, new definitions were downloaded and only then was the machine given full access. But today, you can’t do that kind of inspection when the person actually comes into the network and plugs in.

What I’ve got here is a laptop that is currently unplugged. I’m going to go ahead and plug in the connection, and now that I’ve plugged in you see the exact same experience that we had on VPN. We’re going to allow you to do the same client inspection and isolation whether the user comes in VPN or wired or wireless. This will truly help you put a shield up around your network. (Applause.) Thank you.

So the next step, of course, is extending that shield to cover one of the biggest problems you have today, and that’s spam and malicious e-mail. I read a stat in my hotel room in the paper that two-thirds of all e-mail today are spam, and that spam today is getting all the way in to your users’ desktops, eating up your bandwidth and on your network and causing you all sorts of problems. Let’s take a look at how we can address this.

So Jon is running what is clearly not a corporate standard mail sender here, and he’s going to go ahead and send me some spam mail. As he’s sending this, I’m going to show Outlook Web Access, so not a full smart client, but a Web client for mail. And when I go ahead and look at my junk mail, here’s the junk mail he just sent me.

Now, what we’ve shown you here is the Exchange Intelligent Message Filter that, as of today, is available to all of you for download. This allows you to take your Outlook junk mail processing capability and move it from the client to the server, so that the end user has the same experience, whether they’re using a device-based mail client, a Web client or the full Outlook client.

JON RAUSCHENBERGER: Ilya, the Intelligent Mail Filter is fantastic. It will block probably 90 percent of the spam that you receive. But what you guys are all probably starting to see more and more is spammers are using a technique called spoofing to get around those types of filters.

So what I’ve done here is changed the spam message I’m going to send to Ilya, the contents are exactly the same, but this time I’m going to spoof it as though it’s coming from one of Paula’s coworkers who is on her white list, and now we see if we go back to her mailbox that message hits her Inbox rather than getting blocked by the spam filter.

ILYA BUKSHTEYN: And I don’t know about you, but I’ve certainly had this happen to me where my coworkers got an e-mail that’s supposedly from me talking about things that I shouldn’t be talking about and often wondered what the heck I was doing sending that kind of mail.

There’s nothing in normal SMTP mail protocol to prevent spoofing, but we are working on a new technology that last week we opened up to the standards community called Caller ID. Caller ID is an advanced technology that helps us do a type of reverse DNS lookup to see if you get a mail and it says it’s from your environment, you can check the IP address against the known IP addresses in your environment and if it doesn’t match that mail won’t come in.

Caller ID is being introduced in Exchange Edge Services. This is an update that we’re going to be releasing later in the year for Exchange Server 2003, I should say next year, actually.

What this does is takes the SMTP mail gateway and router in Exchange and separates that out, allowing you to run it on a separate machine in your DMZ on your network perimeter. This is great for processing large volumes of mail, Internet mail volumes or doing cross-company routing, but it’s also great for keeping things like spoof off of your network completely.

All you need to do is to enable Caller ID on Exchange Edge, as Jon is going to do here, take the extension DLL and the XML schema file and drag and drop it into the Exchange Edge environment.

JON RAUSCHENBERGER: We’re all set.

ILYA BUKSHTEYN: And now I’ll go back to my client and patiently wait for my next spoof mail.

JON RAUSCHENBERGER: And what we see now is I’m trying to send that spoof mail but we see that my program is just blocking here. And this isn’t an error; what’s happening is the Edge Server is receiving this mail. Now that Caller ID is enabled, it’s going out and doing a reverse DNS lookup to see if the e-mail it’s receiving from David at Woodgrove.com is actually coming from a known Woodgrove mail server.

So you can see the results here came back from the Exchange Edge Server indicating that you’re trying to send a mail coming from a Woodgrove.com user but you’re sending it from an IP address that has not bee published as a valid Woodgrove mail server, so the mail gets rejected at the SMTP level, never gets into our network. (Applause.) Thank you.

ILYA BUKSHTEYN: So now we’ve got the shield around your network, the shield extends to e-mail. Let’s talk about how you can now deploy updates in your environment on your schedule and not the hacker’s schedule.

What John’s showing you here is the console for SMS 2003, System Management Server 2003. This is our latest version of System Management Server, and based on your feedback, it’s been significantly enhanced from previous versions.

One of the enhancements is the ability for SMS to automatically go out to our update site and download all of our product updates and for each update to download a product catalogue which lets SMS target just the machines which need that update.

So in this case, what John’s showing you here is a set of updates that he’s downloaded, that SMS has downloaded automatically, and for those updates we’re going to create a set of packages that we need to deploy.

So we see here that there’s a security update for SQL Server 2002 for which we’ve created a package. This would allow you to test this update in your staging environment, make sure that it works for you and when you’re ready to go, you can advertise this package and, of course, only the servers you’ve targeted, the servers that need the update will get that update.

So the update is being downloaded. Let’s go take a look at monitoring that update. To do this we’re going to go into MOM, Microsoft Operations Manager 2005. So you see here the console for MOM, the new console. It looks like we have an alert for one of the servers that was getting the update.

What Jon’s going to go ahead and do is drill into the alert and look at some of the detailed info.

JON RAUSCHENBERGER: So we have our LOB application deployed on this server that we’re tracking with MOM. We’ve got a management package built into MOM so that when problems occur with that application we’re notified.

Now, one of the features we have the ability to do with our own internal applications is along with that application, to publish information about those errors, so if they occur we can see here — I can take a look at the information our developers have provided, that when this error occurs it’s most likely an issue with the application not having connectivity to SQL Server, and there’s even some information there about what I as an IT pro can do to take a look at how to resolve that problem. We basically need to make sure that SQL Server is available and running in a healthy state.

ILYA BUKSHTEYN: This is one of the great new things about MOM 2005. The MOM Management Pack gives you the information you need at your fingertips to resolve these errors remotely instead of having to go to the server. And we’ve had great support from ISVs such as Siebel in writing these MOM Management Packs and as Andy talked about all of our severs will come with that.

Now, we saw that the application was having an issue. We come to the big red undo button David was talking about. As part of the Windows Server System Common Engineering Criteria, all updates that we’re going to ship will come, will be transacted, enabling you to roll them back.

And so what Jon is doing is taking the package that we got, creating a new uninstall package, same executable with a backslash U parameter targeting the server that had the specific issue, and once that’s done we can smoothly uninstall that update just on that one server, allowing you to get your application back up and running. (Applause.) Thank you.

This is how we’re going to help you keep the business running securely, efficiently, helping you lower your support burden. Thank you. (Applause.)

ANDREW LEES: So what we just showed you is how we can have more secure and resilient desktops with XP SP 2. Now, we didn’t get a chance to go through all of that and hopefully you’ll be able to see in some of the sessions at Tech
·
Ed here. But things like application blocking, more control of firewalls, we’ve put it on much more as default. We’re much more aggressive at closing down the system to stop it so it can be more isolated so that it’s more resilient in the case of an attack.

We also saw a concept demo of what we’re going to be delivering in the next version of Windows Server next year, which really helps you go through to isolate the perimeter both from VPN and also because it’s a DHTP server, when you just plug it in it, sort of frisks the machine, makes sure it’s clean. You’re the one that defines the script and the criteria that it needs to match before it goes through. During that checking, the only resources it has access to is what you allow it, which is typically enough for it to make it clean and then go through before you let it into your network.

We then went through and took a look at the Exchange Intelligent Message Filter and also how we can help protect you from spam.

And then finally, what we also showed you was how we can help you with updates. If you want to, just have your machines directly point to our update services so that they come down automatically. You can stage them using Windows Update or, of course, using SMS. It gives you the highest degree of controls to choose what gets deployed on what type of machines and when.

Now, we think that in terms of keeping your business running, System Management Server and Operations Manager are key for you inside of your business. We’ve made significant improvements in the latest version of these products, particularly SMS 2003 and the new version of MOM that’s going to come out.

But we don’t want you to take our word for it. What I’m announcing today is that for every person who’s attending Tech
·
Ed, we’re going to provide you with a free copy of SMS 2003 and MOM 2005 when that’s available, free of charge. These aren’t cut-down versions there; it’s the full products for you to be able to go through and take away. (Applause.) It’s about $10 million worth of software that we’re providing to you right now.

By the way, the way in which you get that is you go to the registration desk and you just pick up the copy of SMS, and we’ve provided Services for UNIX as well to help you with UNIX migration. You have in your pack Operations Manager 2005 beta version and what you’ll be able to do is we’ll give you a voucher that enables you to download the full version when that’s available later on in the year.

Now, please don’t all rush over there directly after this presentation. You can go anytime during the Tech
·
Ed conference and pick up the software and hopefully that you can get good use out of that.

The third area that I talked about in terms of helping you was really going through and delivering new business value. And so what we’re going to do is particularly focus on making users more productive, information workers more productive.

Now, information work productivity really is a great thing, except that as an IT professional, often increasing their productivity makes you less productive. Their gain is often your pain.

But we can break that cycle. In the next demonstration, we want to show you how you can have your cake and eat it. I’m going to show you how you can give your users more capability and at the same time spend less time going through and supporting them.

During the demo we’re going to see how we can connect together two companies so that they can share information, and we’re going to do that using Active Directory Federation Services, which is our implementation of the identity federation using the Web services standard.

Now, this is a good example of how the industry is coming together to help interoperability, a thing that Steve talked about yesterday. This standard is based around the Web services standard. Now, the bottom line here is it’s exciting that these companies today at Tech
·
Ed are announcing their support for that standard, to help make sure that we have a high degree of interoperability for how we can bridge different companies together in a secure environment.

So without further ado, let’s take a look at how we can increase information worker productivity back at Woodgrove.

PAULA: OK, now if you’re done whining, how about we focus on getting some real work done? I need you to set up an extranet site for me and the client team.

DAVID: Can’t do it, too expensive.

PAULA: Somehow I knew you were going to say no. Look, I’ve set up a basic in-house project Web site last year using SharePoint. It worked great. Why can’t you just do that?

DAVID: Look, I’m not really saying no; I’m just saying I know it looks easy but it’s really way more work for me than you think.

PAULA: Well, what about access to my e-mail over the Internet, like from my client’s office or my hotel room, or better yet from my cell phone? You’re going to say no again.

DAVID: No. I’m going to say I need more time.

ILYA BUKSHTEYN: Let’s take a look at how we can get David that extra time in the day.

You heard Paula ask one of the most common requests I’m sure all of you get, how can we, information workers, do more self-service collaboration? What Jon is showing you here is Windows SharePoint Services, a site set up for Woodgrove using Windows SharePoint Services. He’s going to go ahead and self provision an extranet site. Very simply, what this means is that someone like Paula can create the collaboration site they need, can do the work they need to do without you having to use your time to set it up, support them, all of the things that eat up time in your day.

One of the things Jon is going to show you here is the ability to apply templates to sites as they’re created. So at Woodgrove, they’ve created a template for extranet sites. This lets you manage exactly how your users set up their site so that even though they’re doing self-service collaboration, you continue to have some control.

Again at this point I’m sure the administrators in the audience are saying, ‘Wait a minute, I can’t have everybody in my company creating their own site. What is that going to do to my network, my storage?’

With Windows SharePoint Services, we provide you with centralized administration. Jon’s going to walk through the console here. This allows you to do things such as create centralized search across all self-provisioned sites, manage how much space can get allocated per self-provisioned site and in this case, we’re going to look at use confirmation and auto deletion, so if a site has been inactive for a certain amount of time, you can send notices, and after a certain amount of notices you can get rid of that site completely; self-service collaboration with centralized administration.

Now, the next request that you heard Paula describe is I want to work outside of the company with my business partners. All of you know how difficult that is today. For you that means setting up user accounts for people outside the company and that means password resets and help desk calls or it means writing complicated logic to create a trust relationship.

What we’re showing is a technology preview of Active Directory Federation Services. This is coming again in the next version of Windows Server 2003 and allows you, as Jon is doing here, to exchange public keys with another entity, do advanced things such as mapping of identity based on your two environments, and then once you’ve added that public key to your Active Directory, Active Directory is extended to allow applications such as Windows SharePoint Services to enable cross-company collaboration seamlessly, again without extra work and complexity on your part. (Applause.)

OK, so then the next thing Paula asked for is e-mail and information anytime, anywhere on any device. And I’m sure all of you know today that users could be using devices such as this, the Motorola MPX Windows Mobile powered smartphone or the new Audiovox 4100 that I understand a lot of you bought at the show, both from AT & T. These devices are very powerful, but in the past they’ve created headaches for you because you can’t manage them.

One of the things we’re showing here at Tech
·
Ed is the Device Management Feature Pack for SMS 2003, allowing you to roll out active synch settings and manage these devices so that they’re not rogue devices in your network.

The next best experience is, of course, if a user has a computer available with a browser they can use Web-based e-mail, and Jon is showing Outlook Web Access that I’m sure many of you are familiar with. It’s a very rich experience that users can get at.

But usually we get the next level of request, which is I want to be able to work online and offline and I don’t want to have to VPN. This is something that is enabled today with Outlook 2003 and Exchange Server 2003 through a feature we call RPC over HTTP, which Jon is configuring right here.

JON RAUSCHENBERGER: Ilya, what I’m doing is stepping through and manually configuring Outlook to run over RPC over HTTP. Certainly this isn’t the sort of thing we’d expect Paula or any of our end users to be able to do, but you can push this configuration out and manage it centrally through policies to configure how Outlook is running on your client’s desktop.

Once I launch Outlook the only difference that users will see is that they’re now prompted for their password when they log in. Once that happens, Outlook under the covers goes out and connects to our Exchange server over RPC running over HTTP and they get their full Outlook experience.

ILYA BUKSHTEYN: So now you’ve given your information workers access to rich client e-mail without having to do a VPN connection, but what happens when they get an e-mail with a file link? To them this is just a nasty dialogue box they don’t want to see — why doesn’t it just work?

We’re going to show you the last technology preview today for something we’re calling Anywhere Access. What this lets you do, as the name implies, is to truly provide anywhere access to the information your information workers need. This lets you share not just e-mail, but also file shares and terminal server sessions without having to do a VPN connection. This is actually more secure than VPN because you can limit access to just the resources you select and you can limit it by user.

So Jon’s gone ahead and given my user the access to the file share I need, and here without creating a VPN connection, I now have access to the resources that I need.

So with Anywhere Access, with identity federation and with self-service collaboration we’re helping David and hopefully all of you deliver the new business value through information worker productivity that you need to move your business ahead. Thank you. (Applause.)

ANDREW LEES: You know, it’s interesting. As I said before, we utilize these technologies internally, and providing Anywhere Access for all of our information workers really has been very popular, helping people to be able to access e-mail no matter where they are without VPNing. The good news about that is that the IT department is significantly more secure because they don’t have the VPN sessions going at the same time.

This whole notion of providing productivity to the users and also going through and enabling IT is very powerful. This whole notion of self-service has enabled the internal group inside of Microsoft, they actually see that SharePoint Portal Server is actually significantly cheaper and easier for them to manage than even file shares were before, so at the same time you can have your cake and eat it.

What we also saw was the bridge about how you can connect together two organizations using the Web Services Security Standard. This is great because it means that all that hassle that you get with things like passwords — because there is a bridge that’s built between and that uses the Web services security standard — it means that the password problem kind of goes away. As long as they’re authenticated in the bridge then off they go and again that saves you more time.

As we put the demonstrations together, one of the things that I’d like to do is to thank our platinum partners. You know, we used a lot of kits inside of the demonstration and also they’ve helped us by sponsoring the overall conference here and so I’d like to thank AMD, Dell, HP, EMC and Computer Associates for their help with the conference and the demonstrations today. (Applause.)

Also during the demonstrations, you saw some preview of technology with Windows Server 2003 R2. This is the codename for the version that’s going to come out after the Service Pack, which comes later on this year. Inside of this you saw us simplifying the branch server scenario in terms of deployment and management, better network defense and also identity federation, which we’ve just shown, which allows anywhere access for mobile workers. This will be built on Service Pack 1, which is delivered later this year, and the good news about that is it will give a high degree of application compatibility.

We’re talking about the future. Yesterday we talked about the Dynamic Systems Initiative. So I’d just spend a few moments going through describing that, and then we’re going to give you a conceptual demo of exactly how that’s going to work.

First of all, the way to think about this is that we’re thinking about the overall lifecycle for systems, the way in which they’re designed, operated and managed.

The first step in that is when I originally design my system, as I’m going through and I’m architecting it, it will create a thing called a System Definition Model or SDM. And this thing will go through and it will describe exactly how it will work in terms of deployment and operations.

What we’ll then provide is a set of modeling tools that looks at this and you’ll go through, put in the parameters that you need as you’re going to go through and deploy this inside of your organization. This allows you to go through and look at different network topologies, different machines that are required, it can look at the definitions of different hardware that you have such that you can go through and make sure that when you hit the go button that it is deployed successfully.

And, in fact, we will automate that step so that when the deployment goes, after you’ve done the modeling, you’re happy with the configuration and you want to hit go, it automatically will create the thing so it can be rolled out inside of your organization.

And then finally it’s the same Definition Model that will be utilized in terms of managing and making sure that it’s operated as designed and as you modeled in terms of how you go through and implement the system in your own particular organization.

So let’s take a look at a conceptual demonstration of what this would look like, because this really helps bring it to life. And here what we’re going to do is we’re going to show you how in a future version of Exchange we could utilize Dynamic Systems Initiative for us to be able to go through and help us with deployment, operations and management and so in the future version of a thing called Systems Center, which I’ll describe in just a moment.

ILYA BUKSHTEYN: Let’s leave the Woodgrove of today and go forward a couple of years to the Woodgrove of the future. With all of the things we’ve been able to show you we think Woodgrove is going to be able to grow quite aggressively, and so they’re going to want to expand offices in Europe and Asia. And, of course, as you know, one of the more challenging things to do in IT is to do capacity planning and modeling for that kind of a global rollout of infrastructure.

Let’s look at how Woodgrove could in the future use DSI technology to do a global Exchange rollout.

What we are looking at here is a tool that is going to be part of a future version of Systems Center. This tool allows you to do modeling for this type of rollout. Jon is selecting first of all an industry template. This will take in System Definition Model, SDM, for that industry to first give us an idea of the typical usage scenarios for users in that industry.

Next, Jon is going to go through and put in information about our three main offices, the largest in America, the second largest in Asia and the last in Europe. As he does this he’s specifying things like number of users in the office and also what time zone we’re in. This allows the modeling tool to do a proper model of exactly what’s going to be going on across the wire at any point during the day as people in those offices come in, do e-mail and actually use the infrastructure that we’re designing.

Once Jon has the information in for all of these offices, again one in Americas, one in London and in this case one in Tokyo, we’re going to tell the tool kind of connectivity that we have between those branches. So this allows us to better understand the pipe that we have to send information over.

After that, Jon can do two things. One is put in some usage scenario statistics and two, tell this tool the kind of hardware we have in the offices. Now, what this is doing is taking the SDM for Exchange in the future, which tells the platform what resources Exchange requires, and then adding to that the SDM for the hardware — dual Xenon machines in this case — which tells the operationally-aware platform what resources it has. And so now the platform can combine the two in the most effective way.

So the modeling tool is summarizing all the parameters Jon has entered. We can go ahead and accept those. And now we have everything we need to actually run the model, which Jon is going to go ahead and do.

Once we do that, we can actually prescribe an architecture, as the tool has done here, give you a topology that we think will work for the scenario. Let’s actually simulate that model to make sure it works for us.

So as we do this, it is using all the SDM that it read in for Exchange and the hardware, combining that along with the parameters we put in for other resources and usage and we can use this view to sort by performance to see if we’re in range for CPU utilization, network utilization, the things we care about from an infrastructure perspective.

What about the user experience? We can also go ahead and look at the latency report. This is using SQL Server Reporting Services, one of the common services across Windows Server System, and we can go in, look at our latency reports and Jon can say, ‘OK, what’s it going to be like for a user to send the mail from Americas to Asia with medium load?’ This will go through, look at the SDM we just generated and come back with a report that’s going to tell you exactly the kind of user experience you’re going to provide to your business.

This is just a glimpse of the kind of powerful technology and dynamic systems that we’re going to work on delivering to you with the Dynamic Systems Initiative.

Thank you. Have a great conference. Thanks, Andy. (Applause.)

ANDREW LEES: Thanks, Ilya. Thanks, Jon.

So this demo shows you where DSI is going, but I also I want to be clear that DSI starts today with SMS 2003 and MOM 2005. We’re in the middle of delivering the sort of now wave on this slide of what our product roadmap looks like. Think of this as the managed cost and reduced complexity sort of wave.

One of the things that’s exciting that’s going to happen later on this year is we’re going to ship Windows Server 2003 Service Pack 1. Now, this is important because not only does it provide a whole set of fixes and capability but what it also is is the kickoff for our 64-bit systems. What you’ll see is in using the X64 standard — we already have Itanium support — but X64 is particularly exciting because what it allows you to do is it has a very high degree of compatibility and yet still get the advantages of 64-bit.

In our labs today, we are running 64-bit Windows with 32-bit applications with very, very, very high degrees of compatibility. What’s interesting is we’re seeing a performance improvement of between 10 and 30 percent as we go through and do that.

And the cost of the hardware, well, the cost to manufacture the hardware is actually not that great as an incremental cost, and so I would imagine that, for example, over the next two years we’ll see a big shift over from 32-bit to 64-bit.

Also important in this wave is MOM 2005, the synchronization of our update process to be unified across Windows Server System, and also at the bottom there you’ll see Virtual Server 2005. This is something we received a lot of feedback on, that customers want to be able to go to the new versions of our technology, but the issue is one of compatibility. They may have some NT 4 application, some legacy application that stops them from making the move. The power of a Virtual Server is that you can still run that NT 4 but in a sandbox in a machine within a machine, which is what Virtual Server enables, but still actually make move forward for you to be able to take advantage of Windows Server 2003, and that will be available later on this year.

Next year we go into the “Yukon” wave. We showed Visual Studio 2005 yesterday and that will be accompanied by a new version of SQL Server — SQL Server 2005 — and really a whole set of different products that will enable you to add more value to the business through line of business solutions.

We will, in the general session just after this, be going through the Visual Studio 2005 in quite a lot of detail, so I encourage you to go through and take a look at that.

And after that comes the “Longhorn” wave, which we’ve talked about a little bit, and this is a synchronization across client, server, Office and Business Solutions, which brings a whole new architecture for the way in which we can move all of these things forward.

But let’s finish off by going back to where we started, the complexity and pain and how we’re going to help you address that through integrated innovation.

I hope that during this presentation we’ve been able to show how you can reduce time standing still, less time sustaining, more time adding value to the business, and also how you can do this today.

You know, I look at the impact that you can have with the software. I think, for example, Dave, who’s in the audience today from (Pink ?), he used Windows Server System to save a thousand man hours and $175,000 annually due to better systems management, server consolidation and lower mainframe related costs.

When I think about keeping the business running, I think about Heather at K2 Sport. Heather used Windows Server System to secure desktops and automate patch management, resulting in a 50 percent reduction in help desk calls and 2,400 hours saved for each year for IT.

When I think about new business capability I think of (Seori ?) at Reuters. She used Windows Server System to launch new products for financial services customers in record time while also remotely managing over 10,000 servers worldwide with a small central team, a Reuters’s team.

These are just three examples of how IT is doing more with less.

I wanted to spend time actually showing you the software in action, and I hope that what you’ve seen and what you’ve heard is how we are committed to helping you be successful, freeing you from that tyranny of voicemail and pages. We are committed to help you do more with less. Thanks very much.

(Applause.)