Microsoft is developing versions of its Windows operating system with only a subset of the Windows code base, designed for specific server tasks, in a move that could reduce maintenance costs for customers and create products that are less vulnerable to attack.
The "role-based" products may appear in 2007, when the server version of Longhorn is scheduled for release.
Offering a smaller code base would mark a significant technical shift for Microsoft and could help it to better address the competitive threat posed by Linux. But it also presents significant engineering challenges for the company, industry analysts said.
The proposed changes to Windows come as Microsoft is increasingly challenged by Linux. The open-source operating system has been gaining traction among governments and businesses, in part because some view it as a cheaper and more secure alternative.
One advantage of the Linux source code being publicly available is that customers - or more commonly systems integrators or resellers - can take the kernel apart and use only the components they want, said Neil Macehiter, a research director at analyst company Ovum.
"They need to move to this model of having role- or function-based servers to compete better with Linux," he said.
Microsoft already sells two role-based versions of Windows - one for storage and one for web serving. They essentially conceal from users the parts of Windows that are not needed for the task at hand, making them easier to install and use. But those products still are based on the entire Windows code base.
With its Longhorn release, Microsoft hopes to offer role-based versions of Windows for tasks such as storage, file- or print-serving that include only a part of the Windows code, said Martin Taylor, Microsoft general manager for platform strategy.
"We want to get to a model of role-based deployment where you might just have the bits you need for that function. It's one of our design goals for Longhorn."
Many enterprises separate tasks such as e-mail and web hosting, assigning them to individual servers or groups of servers. Microsoft would continue to sell the full version of Windows for use as a general purpose operating system, but could offer the role-based products for servers assigned to particular tasks, he said.
Such a move could benefit customers in two primary ways: better security and lower maintenance costs, said Michael Cherry, lead analyst at research company Directions on Microsoft.
Reducing the amount of code on a server would reduce the "attack surface area", Cherry said, meaning hackers would have less code to aim at with their viruses. A virus last month that targeted a component for viewing Jpeg image files affected Windows Server 2003, he noted, even though customers managing their servers remotely don't need that component on their servers.
Having less code should also mean lower maintenance costs, in part because customers will not have to apply patches to the parts of Windows that do not exist on their servers. "If you have a server whose role is definable and distinct and you only load enough [code] to carry out that role, it's got to bring the total cost of ownership down," he said.
A Microsoft spokeswoman confirmed that the goals of providing a smaller Windows footprint are to cut maintenance costs and provide a reduced surface attack area.
Taylor did not say whether the role-based server editions would be cheaper than the full versions of Windows. The role-based products it sells today - Windows Storage Server 2003 and Windows Server 2003 Web Edition - are cheaper than the full versions of Windows Server 2003, although restrictions to their use apply.
Removing parts of Windows presents engineering challenges. For starters, Microsoft must ensure that independent software suppliers can continue to write applications for its operating system without worrying about which components are available to them, Taylor said.
Microsoft is also keen not to limit the software's management capabilities. For example, the current Web Edition of Windows cannot serve as a domain controller, which means it cannot be used to manage group policies, internet authentication services and other tasks.
"You have trade-offs in cost and trade-offs in manageability, so it's a fine balance," Taylor said. He gave no exact timetable for the products, but said development work is "pretty far down the path".
James Niccolai writes for IDG News Service