a rather 'quiet' launch of its 64-bit Windows 2003 Server,
Microsoft has again made promises to its customers.
Time will tell whether those promises will be kept or
not. Yasir Yousuf, Senior Marketing Manager, Windows
Server Platforms, talks about the pros and cons of this
new offering. by Rahul Neel Mani
Why has Microsoft
historically not bothered much about the security of
its server OSs?
Microsoft has always
been focused on security of its OSs. We're the pioneers
in the area of client-server security with technology
like integrated domains, NTLM, CHAP, and MS-CHAP. Security
is a unique area in IT where constant changes and reviews
are necessary to identify new threats and new types
In the last few
years, security threats, types of attacks and new market
realities have led us to develop Windows 2003 to be
the most secure server OS we have ever built. And Windows
2000 has one of the highest security certifications.
What are the
security features of the new product, that were not
in Windows NT and Windows 2000 server editions and upgrades?
IIS security has
been greatly enhanced. In the new version (IIS 6.0)
Passport authentication is available to authenticate
users on IIS-based web services/sites. IPSec is now
possible over NAT. Cross-Forest authentication on Kerberos
is a new feature that has been added to the Windows
2003. Microsoft has also ensured tighter security on
the Active Directory (AD) database.
The product has
also added restricted group policy mechanisms in the
AD. And strict software restriction policies have been
put in place to ensure that client computers cannot
run applications that they are not authorized to run.
history of security breaches, will companies be keen
to install this software?
when implemented correctly and following the best practices
outlined by Microsoft in the public Web sites and other
Microsoft documentation, are one of the most secure
products available. Security and protection against
attacks, as we know is not a one-time activity, but
a constant feature, which system administrators and
security administrators are always fighting.
No matter what
product being used, it is always prudent to follow the
best practices outlined by the vendor. And the person
who implements the solution should understand the product
very well to implement it.
Does it take
long to learn how to turn on and run IIS 6.0?
IIS 6.0 is a re-architected
product and is now world class in its performance, reliability
and security. If the organization requires any Web-related
applications or services, the systems administrator
has to take a conscious decision to turn on IIS and
then understand what features and services he/she wishes
Once the systems
administrator understands which components of IIS are
to be deployed, they can be turned on. Even though IIS
6.0 is very secure, there is still a lot of complexity
hidden under the covers. The reason we have made it
a little more complex to turn on, is that the systems
administrators need to fully understand what they wish
to do based on the business requirements before using
What are the
benefits compared to a Unix/RISC-based server architectures?
Windows 2003 64-bit
and SQL Server 64-bit are built with a basic design
principle and deliver huge benefits compared to RISC/UNIX.
The cost-per-transaction is much lower than RISC/Unix
systems, which implies that a customer pays less for
more. Cost of the hardware and OSs are much lower than
Unix/RISC-based systems. And many other large enterprise
applications can be consolidated onto the Wintel-based
What does the
revamped DFS promise to the users?
In Windows Server
2003, DFS uses AD site metrics to route a client to
the closest available file server for a given path.
A single Windows Server 2003 system can host multiple
DFS roots. In the past we were restricted this to just
one DFS root per server.
claims that this new initiative will focus on consolidation.
How will it do so?
Windows 2003 can
now support more CPUs, larger system memory, and more
nodes for clustering. The new architecture supports
larger loads that can run on a single server. This implies
that more applications, which used to run on distributed
individual servers, can now be consolidated onto the
same server with excellent performance and isolation.
New features like
Windows System Resource Manager (WSRM) allow the systems
administrator to allocate system resources like CPUs
and memory as a percentage of the total available. This
means that, according to business rules, applications
can be capped in the amounts of resources that they
can get depending on their criticality at the time of
the day or according to a schedule. These features let
more applications be consolidated onto lesser servers.
The Active Directory
is supposed to be mature according to Microsoft. How
will enterprises benefit from them?
have been added to the basic AD. AD offers cross-forest
authentication. When two companies merge, they have
their own domains and IT infrastructure. Windows 2003
AD allows cross-forest Kerberos-based authentication
without the overheads of the older Administrative Trust
relationships that existed with earlier products.
There is a 2x speed
improvement in authorization and authentication performance
over Windows 2000. The Active Directory Migration Tool
is now able to migrate complex NT 4.0 passwords to Windows
2003 AD. Users can automatically connect to the nearest
network printer and begin printing. They do not need
to search for one in the Active Directory. There are
several command line tools, which can be used to manage
AD. And the NTDS utility has also been substantially
Previously if the
company name changed, it was quite a task to rename
the domain and in many cases it was virtually impossible
to do without breaking associated applications that
operated under the AD. Now we have a new procedure to
seamlessly rename a domain, though Microsoft recommends
that a deep understanding of AD is required to do this.
Why are the
.Net Web services being pulled to this server architecture?
XML Web services
will be the future of enterprise computing and our server
products today are ready for them. Windows 2003 is the
foundation for such Web services and offers the .NET
framework and ASP.NET built into the basic server. This
implies that enterprises can be ready today for deploying
Do you think
that your new products can slow Linux's momentum?
The Windows 2003
Web server edition is targeted at customers who wish
to primarily run Web services and websites on their
servers. This provides a low-cost and powerful infrastructure
for the cost conscious and performance hungry customers.
The cost of
hardware to support this 64-bit initiative is high and
will increase in future. Will CIOs/CTOs still be keen
to adopt this technology?
costs arise due to new business requirements. If the
business requirements change and become more demanding,
the infrastructure would change accordingly. Windows
2003 server is built to cater to all types of requirements-ranging
from the small 5-10 PC organization to the very large
enterprises with tens of thousands of desktops accessing
We are uniquely
positioned in the market who can cater to all types
of customers from the home segment to the most demanding
businesses. That is the value that CXOs will realize
that we can deliver.
Rahul Neel Mani can
be reached at firstname.lastname@example.org