In Person: Windows Server 2003

Betting on Server 2003

After a rather 'quiet' launch of its 64-bit Windows 2003 Server, Microsoft has again made promises to its customers. Time will tell whether those promises will be kept or not. Yasir Yousuf, Senior Marketing Manager, Windows Server Platforms, talks about the pros and cons of this new offering. by Rahul Neel Mani

Why has Microsoft historically not bothered much about the security of its server OSs?

Microsoft has always been focused on security of its OSs. We're the pioneers in the area of client-server security with technology like integrated domains, NTLM, CHAP, and MS-CHAP. Security is a unique area in IT where constant changes and reviews are necessary to identify new threats and new types of attacks.

In the last few years, security threats, types of attacks and new market realities have led us to develop Windows 2003 to be the most secure server OS we have ever built. And Windows 2000 has one of the highest security certifications.

What are the security features of the new product, that were not in Windows NT and Windows 2000 server editions and upgrades?

IIS security has been greatly enhanced. In the new version (IIS 6.0) Passport authentication is available to authenticate users on IIS-based web services/sites. IPSec is now possible over NAT. Cross-Forest authentication on Kerberos is a new feature that has been added to the Windows 2003. Microsoft has also ensured tighter security on the Active Directory (AD) database.

The product has also added restricted group policy mechanisms in the AD. And strict software restriction policies have been put in place to ensure that client computers cannot run applications that they are not authorized to run.

Given Microsoft's history of security breaches, will companies be keen to install this software?

Microsoft OSs, when implemented correctly and following the best practices outlined by Microsoft in the public Web sites and other Microsoft documentation, are one of the most secure products available. Security and protection against attacks, as we know is not a one-time activity, but a constant feature, which system administrators and security administrators are always fighting.

No matter what product being used, it is always prudent to follow the best practices outlined by the vendor. And the person who implements the solution should understand the product very well to implement it.

Does it take long to learn how to turn on and run IIS 6.0?

IIS 6.0 is a re-architected product and is now world class in its performance, reliability and security. If the organization requires any Web-related applications or services, the systems administrator has to take a conscious decision to turn on IIS and then understand what features and services he/she wishes to deploy.

Once the systems administrator understands which components of IIS are to be deployed, they can be turned on. Even though IIS 6.0 is very secure, there is still a lot of complexity hidden under the covers. The reason we have made it a little more complex to turn on, is that the systems administrators need to fully understand what they wish to do based on the business requirements before using them.

What are the benefits compared to a Unix/RISC-based server architectures?

Windows 2003 64-bit and SQL Server 64-bit are built with a basic design principle and deliver huge benefits compared to RISC/UNIX. The cost-per-transaction is much lower than RISC/Unix systems, which implies that a customer pays less for more. Cost of the hardware and OSs are much lower than Unix/RISC-based systems. And many other large enterprise applications can be consolidated onto the Wintel-based 64-bit architecture.

What does the revamped DFS promise to the users?

In Windows Server 2003, DFS uses AD site metrics to route a client to the closest available file server for a given path. A single Windows Server 2003 system can host multiple DFS roots. In the past we were restricted this to just one DFS root per server.

The company claims that this new initiative will focus on consolidation. How will it do so?

Windows 2003 can now support more CPUs, larger system memory, and more nodes for clustering. The new architecture supports larger loads that can run on a single server. This implies that more applications, which used to run on distributed individual servers, can now be consolidated onto the same server with excellent performance and isolation.

New features like Windows System Resource Manager (WSRM) allow the systems administrator to allocate system resources like CPUs and memory as a percentage of the total available. This means that, according to business rules, applications can be capped in the amounts of resources that they can get depending on their criticality at the time of the day or according to a schedule. These features let more applications be consolidated onto lesser servers.

The Active Directory is supposed to be mature according to Microsoft. How will enterprises benefit from them?

Several features have been added to the basic AD. AD offers cross-forest authentication. When two companies merge, they have their own domains and IT infrastructure. Windows 2003 AD allows cross-forest Kerberos-based authentication without the overheads of the older Administrative Trust relationships that existed with earlier products.

There is a 2x speed improvement in authorization and authentication performance over Windows 2000. The Active Directory Migration Tool is now able to migrate complex NT 4.0 passwords to Windows 2003 AD. Users can automatically connect to the nearest network printer and begin printing. They do not need to search for one in the Active Directory. There are several command line tools, which can be used to manage AD. And the NTDS utility has also been substantially enhanced

Previously if the company name changed, it was quite a task to rename the domain and in many cases it was virtually impossible to do without breaking associated applications that operated under the AD. Now we have a new procedure to seamlessly rename a domain, though Microsoft recommends that a deep understanding of AD is required to do this.

Why are the .Net Web services being pulled to this server architecture?

XML Web services will be the future of enterprise computing and our server products today are ready for them. Windows 2003 is the foundation for such Web services and offers the .NET framework and ASP.NET built into the basic server. This implies that enterprises can be ready today for deploying Web services.

Do you think that your new products can slow Linux's momentum?

The Windows 2003 Web server edition is targeted at customers who wish to primarily run Web services and websites on their servers. This provides a low-cost and powerful infrastructure for the cost conscious and performance hungry customers.

The cost of hardware to support this 64-bit initiative is high and will increase in future. Will CIOs/CTOs still be keen to adopt this technology?

New infrastructure costs arise due to new business requirements. If the business requirements change and become more demanding, the infrastructure would change accordingly. Windows 2003 server is built to cater to all types of requirements-ranging from the small 5-10 PC organization to the very large enterprises with tens of thousands of desktops accessing these servers.

We are uniquely positioned in the market who can cater to all types of customers from the home segment to the most demanding businesses. That is the value that CXOs will realize that we can deliver.

Rahul Neel Mani can be reached at rahul@expresscomputeronline.com