.net benefits?

Microsoft has shipped its latest Windows Server operating system. But, asks Danny Bradbury, does it solve enough of Windows...

Microsoft has shipped its latest Windows Server operating system. But, asks Danny Bradbury, does it solve enough of Windows 2000's problems to persuade users to pay for the upgrade ride?

Server software from Microsoft is like London buses - if you miss one release, there will be another one along in a minute. The first release candidate of .net Server has just turned the corner, metaphorically speaking. This is the next major operating system upgrade from Windows 2000 Server. Unfortunately, if market watchers are to be believed, there are few users in the queue waiting to get on.

What is putting them off jumping on .net Server? One of the biggest issues is the frequency of product releases. NT Server 4.0 was originally released in 1996, with the enterprise edition shipping in 1997. Users faced a three- or four-year gap until the release of Windows 2000 Server. Now, just two years later, Microsoft is offering a new product. Its success will depend largely on how many people have upgraded to Windows 2000, says Peter Bradley, honorary member of The Infrastructure Forum, a representative body for blue-chip IT users. "People are still suffering from capital hang-ups. The sort of thing I have heard [them say] is that it looks nice, but we're not going to rush," he says.

The signs are that many users have upgraded to Windows 2000 or are in the process of doing so. Ratmir Timashev, chief executive officer of Windows migration tools supplier Aelita Software, estimates that half of his customers, with fewer than 3,000 staff, have upgraded to Windows 2000 Server. Of those with more than 3,000 employees, 25% have successfully migrated, with another 30% in the planning or deployment stage.

This last statistic should not be underestimated, says Adrian Polley, technical director at IT consultancy Plan-Net, because size of company is linked to the time taken for deployment. "The larger the organisation, the greater the inertia. We know of some very big companies that started migrating [to Windows 2000 Server] two years ago. They still haven't completely finished. Most people are trying to get that job finished before they start to think about .net Server," he says. Furthermore, many companies which have migrated successfully have not rolled out Active Directory, Polley adds.

This key feature of Windows 2000 and future Windows releases allows businesses to manage security, applications and privileges over the company network. It was notoriously difficult to implement under Windows 2000, because of the planning needed. Users were unable to roll back changes, so the IT department had to get everything right first time.

Microsoft has addressed this with the .net Server implementation, says Stuart Kwan, group programme manager for Active Directory for Microsoft. It is now possible to rename domains, for example, as long as they are part of a well-formed forest: if your company is reorganised or merged with another firm, you can go back in and change your naming structure. You can also rename domain controllers without demoting and repromoting them.

Other improvements include the ability to implement trust relationships between forests and the ability to create logical application partitions for the storage of volatile application data. However, such partitions cannot be replicated to the global catalogue.

One area where Microsoft has worked hard to improve Active Directory is in replication. Replicating directories for large companies takes up a vast amount of bandwidth. Now, administrators who want to set up a remote directory server for the first time can take a state back-up from an existing domain controller, physically ship the media to the destination, and then conduct a "restore to alternate location". This extracts the records from the back-up file without completing a full system restore. Even copying the back-up file over the network could be quicker than compiling a replication to set up a remote directory server, because it copies everything as one file, explains Kwan.

Once the remote directory server has been set up, you can now replicate using linked-value replication, so only individual changes to a directory - rather than the whole membership - is replicated.

The drawback to many of these features is that you have to upgrade all of your domain controllers to .net Server to take advantage of them. Once the administrator has manually advanced the version number on all the domain controllers to open up what Microsoft calls "forest-level functions" to the whole forest, there is no going back: the network will block the addition of any other legacy Active Directory domain controllers. It is an all-or-nothing deal if you want access to such functionality. On the other hand, with so many companies having avoided using Active Directory at all thus far, this may not be as much of a problem after all.

Perhaps the most annoying issue for potential .net Server users is that Exchange 2000 will not work on .net Server, and there will not be a service pack for Exchange 2000 that will make it .net Server-compliant. If you want to upgrade your whole server infrastructure, you will have to wait for Titanium - the next version of Microsoft Exchange - which ships after the .net Server product. The alternative is to leave your Exchange servers running Windows 2000 Server.

Clearly, .net Server offers a lot of benefits, but companies which have just completed or are still struggling with Windows 2000 migration are unlikely to take the plunge with .net Server. Microsoft's licensing policies have also angered many organisations, which are consequently reassessing their dependence on Microsoft technology. This, in combination with the flat global economy, is going to make .net Server a difficult proposition for IT directors wanting funding for the upgrade from the board.

New security features in .net Server
Security is the most interesting aspect of Microsoft's Internet Information Server (IIS) strategy, because it pervades everything. Dave Thompson, vice-president for Windows Server development, says that the security push (part of Bill Gates' trustworthy computing initiative), saw 8,500 people trained during the software development freeze that the company introduced earlier this year. During that time, it has been trying to fix the security flaws in its software, while building security into future products.

Andrew Cushman, Microsoft's group manager for IIS, says that when administrators make the decision to switch on IIS 6, it serves static content by default until it is changed. Such security decisions are made using an application management console that has been in .net Server since the third beta version. "We now run as a network service, with a low-privilege account similar to a guest account," Cushman says. IIS also features more aggressive time-outs, so that it is harder for hackers to exploit open sessions.

Microsoft has also attempted to solve the buffer overflow problem that it experienced with IIS 5 in which hackers could flood the buffer with malicious code, causing it to feed that code into the executable memory space. A special marker has been built onto the stack which causes a program to automatically terminate if it disappears.

Unfortunately, the demand for Microsoft to resolve security flaws in its operating system could have some unwelcome side effects. "It will break some applications," says Bill Veghte, vice-president of the Windows Server product group. Nevertheless, there will be switches to turn on the features necessary to make applications run, he adds.

Of course, turning on features that are turned off by default as security risks in a bid to get your applications to work puts you back at square one. The best thing would be to get software developers to reconfigure their code to support the new system in its default stage. Is this likely? Adrian Polley, technical director at IT consultancy Plan-Net, is not so sure. "Developers are not that smart about the infrastructure that they roll stuff out on," he alleges. "What happens is that when people develop software, they roll it out live and start doing hacks to make it work."

.net Server delivers easier management and greater scalability
Microsoft .net Server release candidate one will offer administrators a smoother ride than Windows 2000 Server did. In continuing its enterprise push with the operating system, Microsoft has put several management features into .net Server. For example, the company has beefed up its Remote Installation Services software with support for the one-time, rapid installation of a small number of servers and desktops and the remote installation wizard Riprep only offers installation images that are compatible with the hardware abstraction layer.
Michael Dennis, lead programme manager for Windows server management at Microsoft, says the company is also improving the group policy snap-in to its management console. The new user interface, which will be released at about the same time as .net Server, will be based on scriptable interfaces developed following user feedback.
In its group policy documentation for Windows 2000, Microsoft says it will be providing group policy information in a standard schema, using the Windows Management Instrumentation (WMI) to hook into it, and this will be in .net Server; WMI can be used to filter and report on group policy information. "You can do 'what-if' scenarios to see what the resultant policy set will be," says Dennis.

Crash recovery and reliability
Other management improvements include an emergency management service function to recover the system when Windows blue-screens and there is no keyboard or monitor available to unfreeze it. While on the subject of bringing back machines from the dead, the company is doing its best to ensure that they don't die in the first place.

Customer analysis of support calls showed how much reliability varied, even among users running the same operating system with the same service pack, says Jim Livingston, lead programme manager for Windows Datacentre Server. "It's people, procedures and processes that are the issue. If we didn't address that with .net we would be missing the point."

There will be a reliability service in .net Server which was not present in Windows 2000. It gathers data from users' servers, producing a custom reliability and availability report. It will also provide Microsoft with feedback in the event of system failure. Other reliability features include hot-pluggable PCI facilities and "hot-addable" Ram, so that you do not have to take down a PC to upgrade it. Unfortunately, it is still impossible to remove Ram while the system is running, Livingston admits.

Scalability and iis applications
The enterprise edition of the .net Server system will also scale to eight nodes in a box, rather than Windows 2000's four, and the company has provided wizards to assist with the setting up of clustered servers, in addition to scripting facilities for non-cluster-aware software. "The major applications are cluster-aware, but there are a lot of others that people want to run mission critical. Scripts can now make them failover-aware," explains Livingston.

What does all this mean? Microsoft is claiming that non-clustered TPC-C benchmark figures carried out in June are 190% higher than those released in April - and they will improve further, Livingston says. On the other hand, the non-clustered benchmark figure shows a transaction-per-minute cost of $21.33 (£13.52) - up substantially from $8.70 in April. The reason for this is that in previous tests, Microsoft used an eight-way Dell server. In the latest tests, the company used a 32-way Unisys box (presumably running the datacentre version of .net Server, that scales to 32 nodes).

Some of these reliability and availability improvements carry into Internet Information Server (IIS), which has been switched off by default in .net Server as a security measure. There is an application recycling model that monitors applications by pinging them to check if they have hung and testing for criteria such as memory consumption and the number of hits that they are processing. The service can restart applications if they show signs of instability. Applications can also request a restart themselves.

In IIS 6.0, applications have their own memory spaces, with multiple "application pools" all running their own applications. The alternative (multiple applications running in a single space) is known as a "web garden". Either way, such application spaces are controlled by a new piece of code, called the Web Administration Service. This responds to calls made from HTTP.SYS, which is a request handler for external sessions.

Glossary of .net terms
Buffer overflow -
a situation in which the buffer (a software stack used for holding data while it waits to be transferred) becomes flooded with code that then leaks into a system's main memory. This can result in the code being executed
Domains - Active Directory works by creating domains within a company. A domain is defined by a security boundary, and can span several physical sites
Domain controller - a .net Server operating system responsible for controlling a local domain
Forests - domains in Active Directory can be structured into hierarchies called trees. A forest is a collection of domain trees. Ideally, it will cover a whole company
Forest-level functionality - features within Active Directory that can only be accessed after all domain controllers in a forest have been upgraded to .net Server
Group - a collection of users with something in common (eg people that work in the same department or on a single team)
Group policy - a Microsoft Management Console snap-in used for defining desktop behaviour for users in a group
Hardware abstraction layer - an isolated memory space that programmers can use to write device-independent applications
Microsoft Management Console - a software application that can be used to hold various administrative snap-ins for Windows 2000 Server and .net Server
RiPrep - a remote installation wizard for Windows server operating systems
Schema - in the context of Windows Server operating systems, a description of the classes and their necessary attributes stored within Active Directory.

Read more on Operating systems software