Windows Server Reference Guide

Microsoft on the Other Side of the Barrier

Last updated Feb 27, 2009.

Now that Web services—the protocols that govern how applications communicate with other applications over the Internet—have at least somewhat more hardened standards, and now that virtualization has so rapidly evolved from an experiment to a standard component of the network, businesses are no longer forced to choose the one operating system that best fits all their needs. This means Microsoft can’t sell Windows Server as the solution, and sell it whole and completely as it used to (try to) do, but rather sell the operating system as a solution for certain circumstances...while hoping that businesses appreciate the manageability of the system and adopt it as their networks’ primary OS for that reason.

This fact of marketing actually changes the architecture of Windows networks somewhat, because Microsoft’s original value proposition for Windows Server was that it can and must absorb a company’s network domains into a kind of superstructure that it would not only come to rely upon, but eventually require: a domain of domains.

Beginning in 2001 and premiering in Windows Server 2003, Microsoft introduced the concept of the forest. Here, companies would continue to have multiple domains, with each domain organized around a job function rather than some arbitrary business department—an innovation I’ve touted here in the Reference Guide repeatedly. But the superstructure was designed to become dependent upon Windows services (Active Directory, for one) in such a way that businesses would grow dependent upon Windows. And because the conveniences of the superstructure were supposed to be self-evident, businesses were expected to want to adopt Windows across-the-board in order to manage that superstructure.

But that’s not what happened, mainly because Microsoft failed to simultaneously develop every class of application to the level necessary for it to substantiate the premise that Windows is needed throughout the entire enterprise. Sure, everyone needa Office, but Office doesn’t necessarily do everything that everyone in an office needs to do, to run their business.

The biggest case in point is the Web itself. Only in 2007 did Internet Information Server seriously begin to break down the wall put forth by Apache, still the world’s pre-eminent Web server. Around October 2007, Apache’s installation share dropped to near the 50% according to Netcraft, versus about 35% for IIS, after having spent most of 2006 stuck at around 23%. The surge in share for Microsoft coincided in lock-step with the release of WS2K3 R2; once IIS essentially solved its (in-) security problem, businesses began accepting it once again.

That split remained about the same going into 2009, according to Netcraft, although at the beginning of the year it appeared that Apache was beginning to regain some momentum. Nearly 97 million of the world’s Web servers run Apache—about 52% and growing—while just under 33% of servers run some version of IIS. Fixing the security crack in IIS did enable it to permeate further into the enterprise, but this is the limit of how much it has managed to spread.

You don’t often think of “barriers to entry” applying to Windows outside the wall, but in today’s enterprise networks, the need for business continuity has presented Microsoft with at least a barrier to ubiquity. And now, there’s a security reason for not adopting Windows homogenously among servers: Each heterogenous network presents such a unique architecture to the outside world, that the chances of deliberate outside incursion are greatly reduced when a network runs both Windows and Linux. Whereas either OS on its own would present an attacker with a template he can follow for just about any homogenous network.

So while Microsoft has been making the point that heterogenous networks are intrinsically more difficult to manage and secure, an entire industry has sprung forth since 2006 devoted to heterogenous systems deployment and management. Now, even Microsoft has reluctantly joined the fray with the acquisition of several small tools management companies in 2006 and ’07, and the rollout of heterogeneous administration features in its System Center product line.

Microsoft continues to apply its dominance in the Office field to apply leverage to wedge its server software into the enterprise—even when it’s something of a stretch, as may be the case with Office Live Communications Server. But there are too many options on the table for enterprises to commit to any one system across-the-board, and both Microsoft and the Linux vendors may have to accept this as the standard state of affairs, perhaps throughout 2009.

Meanwhile, the premise for the existence of forests—a way to establish a server farm based on functional delegation among domains rather than geographical or job-related, and to maintain Microsoft’s management over these meta-domains—is rapidly fading into history. Whether you choose Apache or IIS as your Web server no longer applies nearly as much leverage over the architecture of the rest of your network, as it once did.

Books and ebooks

• Convery, Sean. Network Security Architectures. Cisco Press, 2004. Preview “Homogenous and Heterogenous Networks” from Chapter 18, “Conclusions,” on Safari.
• Morimoto, Rand; Guillet, Jeff. Microsoft Windows Server 2008 Hyper-V Unleashed. Sams Publishing, 2008. Preview “Heterogenous VM Management” from Chapter 8, “System Center Virtual Machine Manager Technology Primer,” on Safari.

Online Resources

• “Optimizing Data Center Performaance and Building ROI: The TeamQuest Approach” by Tim Grieser. PDF-based white paper from IDC, published June 2005.