Microsoft says its Windows Vista operating system will offer improvements in security, usability, stability and manageability - but is this enough to justify a costly upgrade? Cliff Saran reports
Later this year, Microsoft is planning to release the next version of its desktop Windows operating system, which it says will provide the ultimate in usability, stability and manageability. According to Microsoft, the Windows Vista operating system will sport a smart new user interface, designed to streamline the computing experience.
But it is not the look and feel that will attract IT directors. Security is a top concern and Microsoft has spent the past four years on its Trustworthy Computing initiative to improve the security of Windows.
Windows Vista will include a number of security enhancements, including protection of user data, lower-privilege execution of Internet Explorer and other key applications, and built-in firewall improvements.
One of the main security concerns is that end-users often remain logged in with full administrator privileges, when it is normally unnecessary to do so. User Account Control (UAC) is designed to help balance the flexibility and power of an administrator account, and the security of a standard user account. Users need to set administration rights only when they want to install a new program.
One emerging hardware technology that Vista will support is the Trusted Platform Module (TPM), a specification for hardware cryptography that will enable data on hard disks to be encrypted fully.
Microsoft's PC2005 specification, which defines the specification of hardware for Vista, outlines how machines running a TPM chipset can ensure features such as Secure Startup and Full-Volume Encryption can be implemented on a TPM-enabled machine that has the Vista logo.
"The main feature related to trustworthy computing is Safe Boot, which will provide TPM-protected full-disk encryption of Windows volumes," says industry analyst Burton Group.
Safe Boot is designed to ensure no one alters the operating system or its configuration files between the time the machine is powered down and when it is rebooted.
Microsoft is also including a tool called Windows Defender, which helps protect users against spyware and other potentially unwanted software. Back-up has been addressed with a feature called Windows Backup, and a related feature, Volume Shadow Copy, which was first introduced with the Windows Server product family and is now available for PCs.
Microsoft has attempted to make Vista a far more secure operating system than its predecessors, and according to Ovum analyst David Bradshaw, "Improving security will be an increasingly important issue due to the greater sophistication of hacking by organised crime."
Bradshaw recommends users put security as their top priority for upgrading to Vista. He believes many of the non-security features promised by Microsoft are likely to be bundled in a future service pack for Windows XP, making it less compelling to upgrade based on the new features in Windows Vista.
He says, "While Microsoft says Vista will be more secure, we will not know [for certain] until people start looking for vulnerabilities."
Besides security, Microsoft is also including in Vista a set of programming interfaces dubbed WinFX, the next version of its .net framework for developing web services applications, and Windows Communications Foundation, a programming model to help users link applications together.
Mark Quirk, head of technology at Microsoft UK's Developer & Platform Group, says the Windows Communications Foundation (formerly known as Indigo) will be the main programming interface for connecting applications. In the past, users have been offered a choice of approaches, such as .net, DCom (Distributed Common object model) and RPC (Remote Procedure Call).
"Now there will be one model," says Quirk. This is designed to handle both communications across the internet, where the applications communicate via XML web services, and direct connections, where two .net applications on the same machine need to exchange information.
Along with the Windows Communications Foundation, Microsoft is including in Vista an extension to .net called Windows Workflow Foundation, for building collaborative workflow into applications.
Other improvements are being made to desktop search functions and a new version of the browser, Internet Explorer 7.0, now offers tabbed browsing.
The cost of migration to Vista is likely to be high: users will need to test all applications on the new platform and factor in the cost of new desktop PC hardware when replacement desktops are needed.
Robin Bloor, partner at Hurwitz & Associates, says, "Right now, all that CIOs are doing is having Vista evaluated to assess the impact, so they can plan the speed and timing of migration. The costs of the desktop, and particularly desktop management, are regarded as high, and Vista is not viewed as making much of an impact on this."
In most companies, he says, there is no great enthusiasm to do more than run a gradual replacement strategy as and when the time seems right. To some extent, this depends on current licence arrangements with Microsoft.
While users will be driven by issues relating to the availability of software support and the improvements to security, some experts have questioned whether an operating system upgrade can really add business value.
Neil Macehiter, a partner at analyst firm Macehiter Ward-Dutton, says, "The features by themselves are not compelling enough to [make the case to] upgrade to Vista. It is the business processes that matter and these are delivered at a much higher level [in the company] than the operating system." For instance, he says, many businesses have already invested in improved processes and third-party software to enhance security.
Macehiter says very few users would see the benefit of bundling enterprise software capabilities in the operating system, and may already be using enterprise software that provides far greater functionality than Vista includes.
"The search capability could remove effort in finding files on the desktop, but users would be looking at tools like Autonomy and Verity to provide enterprise search," he says.
One of the key components that may make Vista compelling for corporate users is WinFS, and this will not be available when the operating system ships. WinFS is an essential piece of Microsoft's integrated storage strategy. It is designed to bridge the gap between file systems and databases and provides a unified programming platform for all data - structured, semi-structured and unstructured.
Mike Thompson, principal analyst at Butler Group, says that without WinFS there is "no reason for corporate users to upgrade to Vista". He suggests the main reason businesses would consider Vista is if they operate in a graphics-heavy environment, such as multimedia.
"Vista is all concerned with multimedia," he says. "If WinFS was included, it would be worth upgrading to Vista."
Thompson has noticed hardware manufacturers have been taking on more of the traditional responsibilities of the operating system, such as handling security and device management. "Chip makers are driving forward developments on the desktop," he says.
This means there is less emphasis on the operating system's management and security capabilities, two factors that can affect the cost of running desktop IT. Thompson adds, "Users can already buy some Vista functionality from third parties." For instance, Google already offers desktop search and companies like Autonomy specialise in enterprise search, which allows users to look for information across a company.
A recent study on users' migration plans conducted by Forrester Research found that enthusiasm for Vista has waned.
"Almost 33% of the large firms we surveyed told us they would start deploying Vista when available or when Service Pack 1 (SP1) is released - but that is down from about 43% in 2004," says Forrester Research senior analyst Simon Yates.
Forrester believes firms are more interested in stability and consistency in the PC environment than in new features, and Windows XP meets the vast majority of its users' needs. Yates says the replacement of PCs generally occurs in waves when firms either realise that the cost of supporting older systems is rising too quickly, or when hardware pricing becomes compelling.
The question IT directors must address is whether and when to upgrade. Those who have spent time and effort updating to Windows XP, then testing and installing the SP2 patch, may well decide to delay any decision to upgrade, say industry analysts.
Users running older operating systems, such as Windows 2000, will find an upgrade is essential to ensure they continue running a supported operating system, because mainstream support for Windows 2000 is set to end on 30 June this year.
But rather than skip a release, analyst firm Gartner is recommending businesses running Windows 2000 install XP before Vista. Gartner research vice-president Mike Silver says, "In order to skip XP and go straight to Vista, you will need to ensure [software providers] support Vista. This could prove risky, particularly with smaller suppliers that generally take more time to upgrade applications."
Silver expects most companies to bring in new PCs and run Windows XP while they test and pilot Vista for application compatibility. Gartner has predicted users will start deploying Vista during 2008.
Organisations running Windows XP can wait a little longer to start deploying Vista and can migrate as they buy new hardware, leaving older PCs running Windows XP until they are replaced, says Gartner.
"The reason we suggest migration through hardware attrition is that physically touching each PC and installing a new operating system is usually an expensive, manual task," the firm adds. Gartner warns that users need to take into account both the labour cost of installing the software and the cost of the Windows licence. "Only consider upgrading a PC that has more than half its useful life, or at least two years of useful life, left."
Users will need to decide whether the improved user interface, desktop search, .net programming interfaces and security enhancements will be enough to justify the effort required to certify applications and roll out Vista. Some may decide to upgrade as and when PCs are replenished and run a mixed Windows XP and Vista desktop infrastructure. Others may hold off, continue running XP, and take a "big bang" approach with a planned Vista upgrade in a few years' time.
Whichever approach is taken, the availability of applications will be a major factor in deciding when to upgrade to Vista. There are no guarantees of a seamless upgrade path. As always, extensive testing and pilot roll-outs will be key.
Upgrading to Vista: factors to consider
Firms are just completing their XP upgrades
The prospect of beginning another migration next year is not very appealing. For the first time in recent years, firms have a single version of the Windows operating system to support. Some are sticking with Windows 2000 for now.
Vista enthusiasm has waned
Forrester believes firms are more interested in stability and consistency in the PC environment than in new features, and Windows XP meets the vast majority of its users' needs. Regardless of the timing of PC upgrades, users should evaluate and test Windows Vista throughout 2006.
Aggressive PC refresh won't kick in until 2008
Despite efforts to standardise on three or four-year refresh cycles, corporate PC refresh is rarely a linear, predictable process, and Forrester expects a slowdown in 2006 and 2007. Refresh tends to occur in waves when firms either realise the cost of supporting older systems is rising too quickly, or when hardware pricing is compelling.
Plans to drop Software Assurance on the client
One side effect of upgrade apathy is that some firms that bought Software Assurance are thinking about dropping it. Microsoft has announced enhancements to Software Assurance, including expanded problem resolution support, proactive planning assistance, more training vouchers, and the waiving of annual fees and deadlines for Extended Hotfix Support Agreements covering products in the Extended Support phase. The big question is whether these additions are enough to overcome the apathy about PC upgrades.
Source: Forrester Research