Applications suppliers are being asked to jump through hoops to
ensure that their back-office applications are Windows
2000-compliant. Danny Bradbury finds out why so few of them have
got the MS stamp of approval
With Windows 2000 now gaining support, everyone is busy trying to
find out what back-office products they can confidently use with
the Server edition of the system. Yet suppliers have been strangely
quiet about certification of their products for use on Windows 2000
servers.
When Microsoft revamped the system, it initiated a certification
programme that enables applications suppliers to display a Windows
2000 certification logo on their products. The company released the
most up-to-date version of the Server application specification on
9 December 1999. Microsoft's partner, VeriTest, which acts as the
independent testing body for third-party applications, started
testing service software for compliance with the spec on 31
January.
So, why have so few people been able to push their products
through the Windows 2000 certification process? Microsoft's Web
site shows that fewer than 30 companies have had their applications
certified for use with Windows 2000, but it does not specify which
edition of the operating system the certificates were granted for:
Professional, for the desktop; Server, where the back-office
products will run; or Advanced Server, the high-performance,
clustered server-based version of the operating system.
Certification results at VeriTest's site reveal that only 11
companies have had applications officially certified for the Server
edition of the operating system.
Mark Zasada, vice-president of IT product certification
programmes at VeriTest in the US, argues that many companies have
opted for Windows 2000 Ready approval instead. Microsoft launched
this initiative in a bid to provide a less strict compatibility
process. Just because a software supplier's application is not
Windows 2000-certified does not mean that it has to turn its back
on the operating system altogether.
Attaining Windows 2000 Ready approval means you have tested your
product for compatibility with Windows 2000, and it also guarantees
that you provide your customers with the same level of support for
Windows 2000 applications as for other versions of Windows.
Companies can register their product by signing a statement of
compatibility. If neither Certified nor Ready approval has been
achieved, you can sign a statement of intent. The difference
between a Windows 2000 Certified application and a Windows 2000
Ready one is that the former will utilise the new features in
Windows 2000 such as the Active Directory, while the latter avoids
crashing.
"Certification is a high standard that requires extensive
testing and lays down some stringent rules and good practices,"
says Zasada. "It takes time to digest the requirements and make
adjustments." The bottom-line is that while many companies claim
their applications are Windows 2000-compatible, few of them have
external proof.
Peter Ollodart, group product manager at Microsoft US, argues
that subscribers to the Windows 2000 Ready programme should sign a
legal form on the Web, indicating their products work as well under
Windows 2000 as they would under Windows NT, and guaranteeing they
will provide any patches or workarounds necessary to make an
application work with the operating system. He remains unconcerned
by the relatively low number of certified applications.
"There are 86 applications out there that are super-important to
us, of which we will get half in the next two years on the server,"
he says, discussing certification for Windows 2000 Server. "I'm not
concerned with getting 500 server applications because I don't
think the world exists on that."
Software suppliers that want to certify their applications for
use with Windows 2000 have a number of hoops to jump through.
Microsoft's Server-level Windows 2000 Application Specification
document focuses on six main areas (see box).
All this might look simple on paper, but in practice it can be
difficult to comply with the specifications. Oliver Thierry,
vice-president at application performance management software
supplier NetIQ, explains that his company was working on software
that would exploit Windows 2000 as early as a year before the
specification was finally released.
"We thought we had a Windows 2000-exploited application even
before the specification was published," he says, but adds that it
still took three months to iron out the bugs after the company
received the specification document. "We found that when we tested
things, they didn't exactly work as the specification had lined
them up," he recalls.
In particular, some Active Directory implementation, with
support for the Microsoft Management Console (MMC), a key feature
in Windows 2000, needed tightening up.
It is no wonder, then, that so few companies have managed to get
their applications certified under the strict Windows 2000
programme. Some of the companies that have made it to certification
have done so by cutting corners, according to industry insiders.
Zasada protests that the guidelines are very specific, and that the
test plan runs to 400 pages. "When we execute the test plan, we
note any variations," he says. "Those variations are discussed with
Microsoft sometimes, and sometimes the company will allow certain
variations. Each of those are documented on the Web site."
Sumir Karayi, managing director of specialist IT services
company 1E, says this practice is endemic. For example, he claims
that developers will often go through processes that are not
documented in order to increase performance. "Certain things are
faster if you just bypass everything else," he says. As an example,
Karayi explains that officially you should go through Microsoft's
Windows Management Instrumentation (WMI) interface when making SQL
questions, but points out that it is better from a performance
perspective to make the query directly.
Thierry admits to taking some shortcuts when building in support
for the MMC. Instead of implementing a true 32-bit MMC client on
the desktop, he did it using Dynamic HTML. "I considered that to be
borderline to the specification, but now if we ever need
alterations to the MMC, we just ship out some ASP pages," he
explains.
Microsoft has to get its server-based products Windows
2000-certified just like everyone else, and the company has taken
the opportunity to revamp its back-office product line, rebranding
it under the generic Microsoft Servers umbrella, as part of the
process. The company is rushing to get Windows 2000 certification
for the new versions. Exchange 2000 Server and SQL Server are at
the top of its list, explains Ollodart. Exchange is currently in
the laboratory, while SQL Server will go through shortly - it was
in its second beta release at the time of writing.
Other products due certification include Commerce Server,
Microsoft's electronic commerce back-end, and Small Business Server
2000, which was not released at the time of writing. Similarly,
Host Integration Server 2000, the follow-on from Microsoft's
Systems Network Architecture Server, went into its second beta test
in May.
Companies that use existing Microsoft Back Office products may
have to download service packs to get their products working
effectively with Windows 2000. One example of this is Back Office
Server 4.0. Users must download the Back Office Server 4.5
Readiness Kit for Windows 2000 Server, which will resolve some
problems, including Web administrator incompatibilities. Systems
Management Server 2.0 also needs a service pack to run on Windows
2000, but the service pack was in beta-testing at the time of
writing. Users of Microsoft's Proxy Server 2.0 also need a
patch.
The company is also planning some new Back Office products for
Windows 2000, in the form of Biztalk Server 2000 and Application
Center 2000. Biztalk server will enable companies to send and
receive extensible markup language-based electronic trading
documents, complete with business rules, for business-to-business
e-commerce. The Application Center is designed to make application
software more scalable, supporting load balancing across a number
of servers, and rendering distributed software applications
viewable as a single logical image.
It is essentially Microsoft's offering in the Internet
application server market, and will appeal to developers of
e-commerce applications that want to use the company's DNA
development architecture. Neither of these products has been
released, and Biztalk server has slipped a long way from its
original 1999 release date.
Microsoft, like everyone else with a large enough market share,
is trying to get Windows 2000 certification for its back-office
products. Like other suppliers, however, the company has to go
through a set of stringent tests to ensure that its software uses
the new features of Windows 2000 Server properly. While the Windows
2000 Ready programme may give end-users some peace of mind, it is
not foolproof, and it doesn't necessarily mean that such products
will make full use of the features within Windows 2000. Yet the
features are the primary reason why many customers will want to
migrate to this system.
What programs need to get certificated
Windows fundamentals
This certification area covers issues such as verification
testing for kernel-mode drivers, basic stability requirements,
provision of 32-bit components and correct Windows version
checking.
Install/uninstall
This area of the document handles the installation and
uninstallation process for server-based Windows applications. It
dictates that you do not attempt to replace files that are
protected by Windows file protection. It also requires support for
the add/remove programs function.
Graphical User interface
This is relevant only if a graphical user interface is presented
as part of the server application, and covers issues such as
documented keyboard access tool features, compatibility with the
Windows high-contrast option and the support of standard systems'
colour, font and input settings.
Active Directory
This will cause software suppliers the most headaches.
Microsoft's Active Directory is a very object-oriented,
hierarchical network directory structure. It covers issues such as
the appropriate use of the directory, documentation of an
application's use of objects and attributes in the directory, and
documentation of the impact on your application of the directory
service.
Security services
Client applications addressing the server application must
support Single Sign-On, meaning that one password is used to access
all applications. This can be a tough nut to crack for application
developers.
Cluster service
This part of the certification process is required for Advanced
Server and Data Centre edition approval. It covers installation on
two or four nodes (depending on which edition of Windows you are
using), and the support of failover services.