Realizing the Potential—Partnering with Microsoft into the Future
Evaluating Platforms for Business: Linux Compared to Microsoft Windows
White Paper January 2004 Abstract The purpose of this white paper is to provide accurate information to corporate decision-makers on the pros and cons of the Linux and Windows operating systems to facilitate making an educated choice when considering a platform for business. The report will offer Microsoft’s perspective on Linux. It will also give several reasons why Microsoft believes Microsoft® Windows® is a better platform for the enterprise. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
©2003 Microsoft Corporation. All rights reserved.
Microsoft, Windows, Windows NT, Windows Server, Active Directory, Visual Studio, and Biztalk are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Introduction...... 3
Choosing a Partner to Support Your Business...... 4
The Challenge of Controlling Costs...... 5
Increasing Business Competitiveness through Innovation...... 14
The Business Imperative to Improve Security...... 19
Business Challenges and Risk for Linux...... 27
Windows 2003 Server Enhancements...... 29
Realizing Potential: Partnering with Microsoft into the Future 2 Introduction
Many corporations are looking to migrate from mainframes and UNIX-based computers to new Intel-based solutions that provide equal or greater power at a fraction of the cost. While the hardware decision might come easy, which operating system to run is an even more important decision for corporate leaders. A platform is much more than just an operating system. It also includes an application server, security services, transaction processing, and a resource directory. When integrated together, these features deliver operational efficiencies, simplified administration, and significant business benefit. The decision of which platform to use is critical, because the platform will determine whether a business can run the latest applications, manage IT resources securely and efficiently, and deploy advancing business applications to gain a competitive edge. This decision can impact a corporation’s agility – its ability to compete and to respond quickly to the new challenges of a digital economy. There are several factors that can make choosing a platform difficult. During the present economic downturn, many corporations have tightened their IT spending. Some corporations have large investments in mainframe and UNIX-based computers. This investment is in the form of computer equipment, modified and/or custom applications, and support personnel. The service contract that may be required by the hardware/software vendor can often be a large expense. Given all of this, it is understandable why decision-makers are tempted to look to options to lower there operational and support costs. With fewer dollars to spend on technology, some corporations have been considering Linux, a UNIX-based operating system, as a migration path from more expensive proprietary UNIX systems. Many versions of Linux are available for free, or for the cost of a CD. It is popular among certain developers and has growing support among hardware manufacturers. The irony is that choosing Linux may be much more expensive to the company in the long run. Emerging data from industry experts such as Gartner, IDC, Foresters, Aberdeen, etc. as well as documented customer experiences, indicate corporations spend more for additional software, labor, and consultant costs when they choose Linux. More importantly, companies take on significant additional risk when using Linux for critical applications due to the lack of vendor accountability, incompatibilities between different distributions of Linux, and the long-term viability of the Linux business model.
Discussion roadmap
In the sections that follow, the white paper will build on the main value propositions offered by Windows: Integrated Innovation, Lower Overall Cost, and Stronger Security. Focus areas in this paper are sections on how Windows helps control costs, helps businesses compete, and is more secure. Issues specific to Linux will also be covered, with Microsoft’s perspective on questions that decision-makers should ask when considering a choice of platform. Finally, progress made since Windows NT 4.0 in the areas of reliability, security, scalability, and manageability will be discussed.
Realizing Potential: Partnering with Microsoft into the Future 3 Choosing a Partner to Support Your Business
Business today is extremely competitive requiring managers to be more adept at change and market vision then ever. Information Technology provides many businesses with the data they need to make informed decisions and take proactive measures to succeed against their competition. Time to market, receiving high value relative to cost, the ability to integrate with legacy systems, and providing a roadmap on how technology will support the growing needs of a business are key factors in deciding on which technology partner to choose.
Microsoft’s philosophy is to provide business based solutions that allow customers to focus on solving their business problems. Toward that end, Microsoft has created a server platform designed to support common business scenarios out-of-the-box with minimal additional expense and effort required to satisfy business challenges and provide significant business benefit.
Microsoft’s Windows Server is more than just an operating system it’s an inherently rich set of technologies, features and services that are engineered to work as a comprehensive and integrated platform. It is fundamentally scenario based to deliver an integrated experience out-of-the-box. This dramatically reduces the amount of additional software that must be purchased, and the amount of services needed to build and deploy solutions to common business problems. Less software and fewer consulting services result in faster time-to-market and greater out-of-box value, productivity, efficiency and manageability. The Microsoft approach integrates both ‘horizontally’ between features within Windows as well as ‘vertically’ to the client operating system, development tools and other applications that run on Windows. Customers benefit from this “Integrated Innovation” though developments such as: common management interfaces, seamless identity and security administration, single sign-on across applications, and more, all of which save time and money for your organization
Realizing Potential: Partnering with Microsoft into the Future 4 The Challenge of Controlling Costs
Economic pressure forces companies to do more with less, while attempting to solve business problems that will give them an edge over competitors. Microsoft provides customers with a platform that focuses on solving key IT problems out of the box, improves productivity, and simplifies IT administration. These benefits allow companies to focus resources where they can provide the most business value to its customers.
Support for Key Business Scenarios
Microsoft believes it is important to provide a platform built with key scenarios in mind. The Windows family was designed to deliver solutions to common business problems with minimum or no additional software add-ons. This approach enables rapid deployment, giving customers a time- to-market edge over their competitors. The scenarios supported include: Applications for building an IT infrastructure with features such as an integrated directory service, for single point administration of user accounts, rights, and resource management for the entire enterprise. Roaming user policies to assure mobile professionals have access to their key data anywhere they go through-out the corporate environment. Integrated security based on industry standards assuring account security, resource and device security, and authentication controls to guarantee protection of corporate assets. Built-in communication capability allows business professionals to securely access to their company email, data, and line-of-business applications while on the road or working from home. Advanced collaboration through integration with portal applications, productivity suites, Web services, and streaming media. Increasing information worker productivity with powerful applications that allow on-line meetings and sharing of information with co-workers and customer around the world. Maximize Productivity
Windows Server supports hundreds of thousands of business applications, provides built-in tools to simplify IT management and end-user support, and applications to maximize professional productivity. The Windows user interface is a standard known by millions of end-users and developers around the globe. It continues to set the bar for ease of use in areas such as accessibility for the physically challenged and compatibility between applications. Other features include enterprise-ready directory services that are important for managing security and resources, such as storage servers, on the network. There are also desktop management tools, support for mobile and remote users, and real-time communication and collaboration capabilities that make it easy to hold virtual meetings and access computers and data sources from home or in the field. On the desktop, Windows XP simplifies core tasks, such as working with files and folders, customizing the desktop to personal work styles and tastes, and managing open applications. Windows XP allows multiple users to share a single computer, such as at a hospital nursing station, with their own passwords and secure access to their own folders.
Realizing Potential: Partnering with Microsoft into the Future 5 Windows XP also offers sophisticated file protection to prevent system files from being overwritten, and system restore to return the computer to its original state, if needed. With Windows 2000 and Windows Server 2003 with Active Directory, administrators can easily lock-down desktops to prevent users from changing settings or installing unauthorized applications, or to implement an enterprise-wide change to their security policy.
Ease of Deployment
Deploying new operating systems, drivers, applications, and patches are tasks that occur on a regular basis, regardless of the underlying operating system.
Deployment of patches and applications on Windows Server 2003 is greatly enhanced through the use of Microsoft Systems Management Server (SMS) 2003. SMS 2003 provides a comprehensive solution for change and configuration management for the Microsoft platform, enabling organizations to provide relevant software and updates to users quickly and cost-effectively. SMS 2003 also improves application deployment capabilities by delivering critical business productivity applications reliably and easily to users in the right place at the right time. Security patch management for the Microsoft Windows environment with reliable targeted delivery of updates is also handled with SMS 2003 along with many other improvements designed to make your deployment as effective as possible.
Ease of Management
Microsoft has made huge investments, with a dedicated development team, to make Windows 2000 Server and Windows Server 2003 much easier to manage. There are many built-in tools and services to do everything from remotely managing a server to enabling a help desk person to take over a troublesome desktop and fix the problem for the user remotely. Customers are automatically notified of software updates and, if they choose, have the ability to have updates automatically deployed throughout their IT organization. For UNIX enthusiasts used to a minimal user interface, Microsoft has invested in implementing support of a command line interface for common administrative tasks. All of these capabilities are built into Windows XP and Windows Server.
Vision for the Future
Microsoft has always been a company driven by making big bets on future technology trends. As a company, Microsoft leads the software industry with over $6B and over 35,000 employees dedicated to research and development in 2003. Microsoft is dedicated to driving generational technology advances that empower customers to attack challenges in new and exciting ways. Examples of this include support for digital media, built-in wireless support, and next generation information worker technologies, such as tablet PC’s and online collaboration. Microsoft’s track record of innovation means that customers who choose the Microsoft platform are assured of achieving and maintaining an ongoing business advantage, while benefiting from the latest technological advances. Decision-makers should clearly understand the differences in the business and development models between commercial and non-commercial software. Microsoft does not believe that non- commercial software, by its very nature, will be able to innovate and bring new capabilities to the marketplace at the speed in which Microsoft does today. The success of Microsoft products can be attributed to a single entity capable of coordinating and driving a clear, forward-looking vision for product development and assure our customers commitment to deliver on the vision.
Realizing Potential: Partnering with Microsoft into the Future 6 Businesses Need Systems with Lower Overall Cost
For most enterprises the initial cost of software is minor compared to the costs of customizing, deploying, supporting, and maintaining the software. For many IT projects the ratio of consulting costs to software license fees can run as high as 8 consulting dollars for every 1 dollar spent on licensing. This compounded by the common trend of CFO’s looking for projects to show a positive return within a 12 month period make it all the more critical that software used on a project run out of the box with little or no changes. At Microsoft we believe that the value of a platform can be measured not only by the traditional Total Cost of Ownership, but more importantly, by increased business value from ownership.
Total Cost of Ownership
Leading analysts caution that the initial price of the operating system is only a small part – often less than ten percent (10%) – of the total cost of ownership (TCO) for an entire solution. Staff recruitment, training, and consulting services need to be considered as well. To get an accurate picture of what TCO can be realized over a 5 year period, administration, operations, application development, support, and managing software updates, should be taken into account. IDC Study on Linux and Windows Server Total Cost of Ownership
It’s been difficult to find public comparative data on using Linux versus Windows in a real IT environment. Studies that have been made are often based on varying assumptions about the hardware configurations and the requirements to install, configure, deploy, and manage the IT infrastructure. Users who enthusiastically report great Linux savings typically ignore important ongoing costs that are incurred by less functional operating system such as Linux or the higher support overhead associated with it. To get a better comparison, Microsoft asked respected market research firm International Data Corporation (IDC) to interview customers and calculate the real world costs of using Linux and Windows in the enterprise over a five year period. The study compared the TCO for five typical workloads: Web serving, security, file sharing, print serving, and network infrastructure. More than 100 businesses were surveyed. Among the cost considerations were hardware and software deployment, downtime, number of full-time employees required to maintain servers with each operating system, and staff training costs. Overall, Windows had a lower TCO on 4 out of 5 workloads. The table below compares the overall TCO by workload, normalized per 100 employees, between the Windows 2000 Server environment and Linux. International Data Corporation: Windows 2000 Server and Linux Server Operating Environment five- year total cost of ownership by Workload ($)
Workload Windows Linux Windows Advantage Networking $11,787 $13,263 $1,476
File $99,048 $114,381 $15,333
Print $86,849 $106,989 $20,140
Web $32,305 $30,600 -$1,705
Realizing Potential: Partnering with Microsoft into the Future 7 Security $70,495 $90,975 $20,480
Data normalized per 100 users. Source: IDC research paper: Windows 2000 verses Linux in Enterprise Computing http://www.microsoft.com/windows2000/migrate/unix/tco.asp Although Linux appears to be lower in cost for Web servers than Windows, the report revealed that the Web servers studied did not include large-scale Web hosters, nor did it include Web pages as front ends for back-end line of business (LOB) or database applications, or any applications requiring integrated security. However, the Web server staffing cost was nearly 30% higher for the Linux platform than for the Windows platform. The lower TCO cost resulted in the difference on the cost of the software. The most significant finding of the study was the significantly higher labor cost for Linux. Overall, Linux required almost three times more support staff than Microsoft Windows. Linux required more developers to support the network, servers, desktop, helpdesk, and applications development. In addition to the IDC, a study by Forrester Research called “Linux is not ready for the Enterprise”, Jun 18, 2003 (source: http://www.forrester.com/home/0,6092,1-1,FF.html ), reveled that “while Linux is technically a very competent product, it still lacks the necessary maturity for a mission critical enterprise deployment. It does have a place as solution for small companies who, themselves, occupy cottage industries and where a handshake is all the contract you really ever need. In an enterprise, unfortunately, cost controls and solid policies that put the business first must take precedence and place Linux off the list of consideration, possibly forever, for many enterprises.” Rob Enderle, Forrester Research
Gartner Study on Total Cost of Ownership for the Desktop
The IDC study described previously, focused on servers. The Windows desktop scenario also shows advantages over Linux. In a perfect world, there would be a side by side comparison of a customer’s experience with both Linux and Windows XP deployed on the desktop. To date, there hasn’t been a customer who has done a large-scale deployment of desktop Linux who is willing to be studied. However, Microsoft identified some trends from studies done for customers based on the Gartner TCO model. TCO study results comparing an upgrade to Windows 2000 and Windows XP with Office XP versus Linux and Open Office (a free version of Star Office) showed that the choice for Microsoft resulted in approximately 30% savings per year per PC. The major savings were achieved from the built-in management capabilities of Windows XP and lowered service interruptions. Looking specifically at Linux and Open Office, the report noted, “There are no standard features for “Enterprises with a large installed base of managing large quantities of workstations, such as Windows applications should ask directory-based management (for example, Novell themselves, ‘Is there sufficient value and NDS or Windows 2000 and Windows 2003 Active return on investment to use Linux as a Directory). Because the above mentioned feature is client OS?’ In most cases, we believe missing, and systems management is not part of other options can reduce costs and standard infrastructure, thus needing new and reliance on Microsoft without as much overlapping investments (for example, Tivoli), disruption.” management costs arise later for several different environments” (Source: Pohjala, Janne, “Gartner – ZDNet article “Linux on TCO Study for European City Government,” the Desktop: where’s the December 2001). Two other European governments ROI?” conducted studies using the same methodology and Source: ZDNet, “Linux on the Desktop: Where’s the saw similar outcomes. ROI?”, August 2002. Available at http://techupdate.zdnet.com/techupdate/stories/main/0,141 An August 2003 Gartner report, states “IS 79,2878232-3,00.html organizations should avoid Linux deployments for
Realizing Potential: Partnering with Microsoft into the Future 8 productivity desktops. The lack of standards in the Linux community, coupled with a lack of key productivity applications and with UNIX complexity, makes Linux a poor choice for the horizontal business productivity user.” Enterprises that want to migrate their desktop computers to the Linux operating system (OS) must first weigh several factors that go beyond Linux hype, myths and anti-Microsoft sentiment. These factors include the composition of your application portfolio, the requirements of your users and the all-important migration cost and return on migration investment. Spending money on a massive migration that won’t show a return on investment (ROI) within two to three years usually does not make sense.
To understand how Linux and Windows compare in the area of desktop deployment, Microsoft commissioned a study by eTesting Labs to determine the deployment time of Linux and Star Office on desktops versus Windows XP and Office XP. While the goal was simply to study the deployment time, it was discovered that 67% of experienced IT administrators were unable to finish a successful deployment of Linux and Star Office. Those who did finish took an average of 57% longer (source: eTesting Labs, “Microsoft Windows XP/Office XP versus Red Hat Linux/Star Office Migration Study,” July 2002).
Application Compatibility Challenges
The enterprise computing environment is complex and heterogeneous. To realize the greatest amount of choice and value out of IT businesses benefit from having a large number of Independent Software Vendors(ISV) and System Integrators(SI) that create and support applications for the platforms they have. Added value comes when the same ISVs and SIs continue to invest in product development and support to lengthen the life, and commercial viability, of those platforms.
In a study Gartner did titled “Linux Operating System Technology: Prospective” dated March 2003 Gartner stated, “Even though applications are being ported to Linux, there is no guarantee that they will run on all Linux distributions. This is because each distribution may have a different version of the same library, making it difficult for developers to know which one to use when porting their application from one Linux platform to another. For example, Linux distributions often include different versions of libraries used to invoke standard functions and utilities, such as glibc, pthreads, libm Xt and ncurses. Applications compiled to run with one version, such as glibc 2.1, will probably not run under a distribution that uses a different version (such as glibc 2.0 or glibc 2.2). What is more, an application that requires one version of a library may overwrite an established library with a newer version that may be incompatible with established applications that rely on the former library.”
Enterprise Support and Services
The availability of qualified professional support is an important consideration when choosing the IT platform. For the corporation, a viable software ecosystem provides affirmative answers to questions, such as, “Can we get help when we need it?” and “Can we get the services we need to deploy new systems to meet competitive pressures cost effectively?” Most importantly, is there a defined escalation process in place that guarantees I can get the fixes and patches needed for flaws in the operating system and related components in a time critical fashion.
Realizing Potential: Partnering with Microsoft into the Future 9 Building software ecosystems to support its products has been Microsoft’s corporate strategy for over 20 years. Entire industries have sprung up around Microsoft products. Microsoft’s business model enables customers to realize lower costs via competitive prices, and to have greater flexibility in choosing applications, training, and services partners. It also ensures that there is considerable opportunity for people around the world to be successful by choosing to build on the Windows platform. Independent Software Vendors (ISVs) build applications that complement and extend the Thousands of reliable, trustworthy Windows platform. Small businesses and professionals, ready to help when you need community colleges offer multitudes of training it. programs for the Microsoft Certified Systems Largest number of ISVs. Microsoft software Engineers (MCSE) and other certifications. Publishers provide reference books. A recent boasts the largest number of ISVs worldwide search of a major online bookseller for books who support Microsoft applications and build about Windows 2000 yielded over 1,700 results certified custom applications on Windows, further demonstrating the overall size and offering Microsoft customers more choices. opportunity of the marketplace for ancillary Device support. Windows supports 19,000+ services and products for Microsoft devices out of the box, and is testing 41,000 technologies. There are Microsoft training more. courses, conferences, and events for support. This large ecosystem ensures that Microsoft Certified solutions. Windows has thousands customers have many choices for their IT of certified hardware drivers and software needs. applications from third-party ISVs, so it’s easy To provide complete enterprise-class solutions to add new devices and applications. for its customers, Microsoft partners with Plentiful services. Microsoft is supported by leading hardware and software manufacturers, over 450,000+ Microsoft certified such as Dell, Unisys, Compaq/HP, SAP, JD professionals (MCSEs) worldwide and Edwards and others, as well as highly qualified 750,000+ partners, providing plentiful choices. service providers like EDS, IBM Global Services, and Avanade. Thorough documentation. Windows includes context-sensitive help files to guide users Microsoft Certified Partners - over 34,000 through tasks. organizations and 450,000+ experts certified by Microsoft can help design, build, deploy, and Training options. Microsoft offers a wide maintain Microsoft-based solutions for range of IT training, so customers’ IT staffs businesses of any size. can continue to develop their skill sets at a reasonable price. When support is required to resolve problems, there is a defined support and escalation system in place to help minimize downtime. Both our Microsoft customers and partners have access to Microsoft’s Incident Support system for resolution of critical issues that can cause downtime on key business systems. The severity incident reporting system classifies catastrophic incidents into three category’s per below:
1– Catastrophic- Immediate response goal System, Network, Server, or Critical Application down catastrophically impacting production and/or profitability. Major negative business impact to customers, partners, or Microsoft. It is catastrophic in both Scope and Exposure A – Critical – Immediate to 1 hour response goal High-impact problem in which production, operations, or development are severely impacted; or where production and/or profitability will be severely impacted within days Any issue that has a serious negative business impact to customers, partners, or Microsoft
Realizing Potential: Partnering with Microsoft into the Future 10 B – Urgent – 2 hour response goal Significant Problem where production is proceeding, but in a significantly impaired fashion Time sensitive issue important to long-term productivity, but is not causing an immediate work stoppage. C – Important – 4 hour response goal Important issue, but does not have significant current productivity impact for the customer - most common level Critical issues causing LOB system downtime will follow a defined escalation path to include the development group that wrote the code, if necessary, to create a fix or patch and allow the customer to regain operations. This is the type of response a large commercial software development company can and must provide customers that are running mission critical systems on its operating system. This highly responsive, effective, escalated support process is not possible with software developed by community effort. Even if the Linux distribution installed is supported by a reputable company such as IBM. The same guaranteed level of support is not possible, since IBM developers did not write the core code and the customer might have added in several addition components to the original distribution to provide the functionality needed. See additional information in section titled “The Truth about Security” about support challenges for Red Hat.
Application Development Cost Comparison
Complexity in developing applications to solve business problems adds costs in the following ways: increased costs of hard to find, specialized, development staff; increased costs performing quality assurance tasks for a less common environment, issues with timeliness deploying a complex solutions, costs associated with staffing to maintain a complex customized application. Understanding the complete costs involved in developing a solution is key to making an informed decision. As a result of this, customers have asked Microsoft for credible, evaluative data to assist them in making value-based IT decisions as the cost trade-off of developing custom applications using J2EE on Linux versus .NET on the Windows platform. Microsoft commissioned Giga Research to examine the relative benefits of Linux and Windows by comparing the costs incurred and benefits achieved by two sets of organizations: those using Linux as the basis for their applications and those using Microsoft Windows. Source: Forrester/Giga Total Economic Impact Study Overview last updated on September 8, 2003: http://download.microsoft.com/download/7/3/e/73e77129-db34-4c95-b182- ab0b9bd50081/TEICaseStudy.pdf .
The primary conclusion of the study is that Microsoft offers a substantial cost advantage over J2EE/Linux as a development platform for the applications considered. Interviews with organizations using Linux quickly indicated that J2EE was their development and deployment platform of choice. As such, a J2EE/Linux environment has been used as the basis for comparing a Linux to Windows environment in this study.
Based on the study findings, the primary sources of Microsoft’s cost advantages are:
1. The J2EE application server and Unix-based database software used in the Linux development and deployment stack drive up product costs and development complexity relative to the comparable Microsoft products. 2. Microsoft’s tools simplify development of applications like those profiled in the study when compared to the J2EE/Linux products in the study. This simplification translates into lower labor costs for development.
Realizing Potential: Partnering with Microsoft into the Future 11 The findings in this study are based on interviews conducted with seven organizations that use the Microsoft .NET-generation platform to develop and deploy custom applications within their enterprises, and five organizations that use Linux. The analysis extrapolates from these user experiences to create two composite organizations a large enterprise and a medium-size enterprise — that are developing and deploying custom applications using either J2EE/Linux or the Microsoft platform.
The comparison of the two platforms shows large to medium-size organizations that develop, deploy, support, and maintain custom applications on the Microsoft .NET platform can expect to experience 25 percent to 28 percent less cost during a four-year life cycle than if the J2EE/Linux platform was used.
The following are the findings based on the model of the sample large-size enterprise:
• For J2EE/Linux, the total costs associated with the initial development and deployment, plus three years of support and maintenance, were $2,289,041. • For Microsoft, the total costs associated with the initial development and deployment, plus three years of support and maintenance, were $1,643,112. • Giga found that for the large sample organization, the total costs associated with the initial development and deployment, plus three years of support and maintenance, were $645,929 less using the Microsoft platform. Microsoft’s total costs were 28.2 percent less than the total costs for J2EE/Linux. The primary driver of this difference is a shorter time to deployment for Microsoft nine months vs. 12 months for J2EE/Linux.
The following are the findings based on the model of the sample medium-size enterprise:
For J2EE/Linux, the total costs associated with the initial development and deployment, plus three years of support and maintenance were $881,455. For Microsoft, the total costs associated with the initial development and deployment, plus three years of support and maintenance were $661,012. Giga found that for the medium-size sample organization, the total costs associated with the initial development and deployment, plus three years of support and maintenance, were $220,443 less using the Microsoft platform. Microsoft’s total costs were 25 percent less than the total costs for J2EE/Linux.
Each of the models is based on an application scenario that was common among the interviewees. Both are portal applications. Both composites assume the same application development scenarios to allow for comparability. The report presents both the financial and the non-financial factors evident in choices made between Linux/J2EE and the Microsoft platform by the interviewees.
Among the interviewees, Microsoft’s development tools were shown to be highly productive for the target applications. In addition, Microsoft’s software prices were shown to be generally lower than those of application servers, databases and related products associated with the J2EE/Linux platform.
It is only when the low prices of Linux are put into a larger IT context that their true impact on IT costs becomes evident. In a head-to-head comparison, the list price for Red Hat 9 (the Linux version chosen for this study) is lower than the price of Microsoft Windows Server 2003. However, the key cost factor in the study’s Linux cases was the J2EE environment, not the operating system. Although the cost of Linux is low, the impact of that lower cost on the overall economics of application development project is small. The full development and deployment environment and the labor associated with the development project are the larger costs. Comparisons of individual elements within the stack of software products required to build and deploy a complete application tell only part of the story and can be misleading.
Realizing Potential: Partnering with Microsoft into the Future 12 Summary
Even though the Linux operating system can be acquired for free or low cost, Windows on the server and desktop provides better TCO for enterprise customers. The studies cited above do not account for lost opportunities and other qualitative factors resulting from making a Linux choice versus a Windows choice. A lack of a stable ecosystem that includes enterprise support, availability of applications, and other key components, limits Linux’s current potential as a long-term, cost- effective solution for large enterprises. When comparing products, decision-makers need to make a price-to-value assessment. They also should consider whether they are getting a rich platform solution or a basic operating system that requires many add-ons to be truly useful in their business.
Realizing Potential: Partnering with Microsoft into the Future 13 Increasing Business Competitiveness through Innovation
Enabling businesses to effectively compete is a key requirement for IT. As the competitive landscape changes the requirements for IT change as well. The development and deployment of robust, scalable, reliable, secure software is a comprehensive organizational effort requiring the contributions of professionals from a multitude of disciplines: software engineers, test engineers, product and project management, research, architects, and many more. The Windows Server System, and all Microsoft products, have a proven track record, dedicated resources behind it, and are engineered as a sustainable, cost-effective business investment over the long term.
Resources to Do It Right
Developing enterprise-ready software is a difficult undertaking. The discipline of engineering a comprehensive platform such as Windows is a complex one, requiring years of proven experience, tight orchestration between component development groups, such as networking, security, and an overall focus on the user experience. The software components must be developed, tested separately, tested together, and then tested in compatibility labs that contain literally thousands of devices and popular third-party applications. Add to this the requirement to account for functioning in mixed environments, and support for prior versions of the operating system that require older protocols, and the undertaking quickly escalates into a project whose scope is beyond the capabilities of most commercial software companies, let alone a community of developers. On average, for every 3 months of code development, there’s a corresponding 9 months of testing performed. Microsoft has been engineering operating systems for over 20 years. Experience has shown that in addition to having a large number of highly skilled software developers on staff, an equal or greater amount of resources needs to be focused on testing, user experience, and managing the development cycle. For example, the Windows business division overall has a ratio of 1.2 test engineers for every developer. In more challenging areas such as Windows management technologies, the ratio increases even further to 1.7. In contrast, the Linux community has not really moved beyond features implementation to the harder problems of testing such as backward compatibility testing, integration testing, and usability testing. As an example, in the area of compatibility, the Linux Standards Base (LSB) group exists to try to manage version problems for Linux kernel releases. In spite of this effort, it is likely that an application will still face challenges as new versions of Linux are released. The LSB specification does not attempt to manage differences in utilities and add-on packages, nor does it cover extensions to the kernel, which are commonly made to differentiate vendors. When changes in are made in the kernel, there is no thought given to the effect on all the add-on product for the many independent development sources. This includes the multiple user interface choices for Linux.
“It’s about options and choices. By choosing the Microsoft Windows platform, customers have a wide selection of choices in support and training for their own IT staff. Another benefit of the widespread popularity of Microsoft solutions is that it is not difficult to find experienced and qualified technicians and developers to support the products we use. This familiarity and Windows’ famous ease of use mean that extensive training is unnecessary.” --Helen Li, director of Café de Coral Group. Source: http://www.microsoft.com/asia/crp/search2.asp?CaseID=91
Customers may have to either pay for services to modify the application to work around the kernel changes or do it themselves. Even with IBM in the picture, in the end, the Linux kernel developers still rely on a community of loosely-affiliated developers to think about how to solve compatibility
Realizing Potential: Partnering with Microsoft into the Future 14 problems and test software updates and changes. The following account comes from a Microsoft customer that deployed a retail Internet site on Linux and experienced challenges.
Virtual retailer bows out of Linux/Apache solution “The biggest mistake we made was thinking we needed to build everything ourselves, rather than taking advantage of the wealth of functionality and expertise already built into the Microsoft platform,” says Jalem Getz, president of BuySeasons, a major Internet retailer that switched to the Windows platform after losing an estimated $1 million in sales. BuySeasons launched its first virtual storefront after eight months of development with Linux and Apache, the most popular Open Source software for delivering Web pages to Internet browsers. “The software was really only up to beta quality at the time,” Getz said. BuySeasons sells high-margin seasonal merchandise through branded e-commerce sites. It makes most of its money in the three months preceding Halloween. As the season progressed, the company’s systems were unable to keep up with the 62,000 customers visiting the site daily. “We were not able to scale,” Getz recalled. Customers experienced poor site performance and were unable to make purchases. The demand on customer service representatives required the firm to increase its staffing by 300 percent. After their Linux solution failed to scale up, BuySeasons switched to the Microsoft platform. Getz said the Microsoft platform provided “all the functionality we wanted” and some additional features “we hadn’t thought of” that provided additional benefits to the business. Four months after developing functional specifications, BuySeasons deployed a new solution a month ahead of schedule. According to Getz, the company now has the agility to launch new virtual storefronts in a matter of weeks rather than months, and can easily handle additional shoppers as business grows. Source: http://www.microsoft.com/resources/casestudies/casestudy.asp?CaseStudyID=10833 Eliminating Islands of Data, Creating Enterprise Interoperability
Windows Server is more than just an operating system – rather, it is an inherently rich set of technologies, features and services that are engineered to work as a comprehensive, integrated and easy-to-use ‘platform’. One of Windows Server’s greatest attributes is its ability to reach out into the enterprise and integrate with legacy technologies. By doing so, we can effectively have a two way data exchange with legacy systems and bridge the “information gap” many systems in organizations experience. As you’ll see from the picture below, Windows Server is made to integrate in and add value to the enterprise. The Linux kernel is best suited for the functions of an “edge server”. Edge servers provide single purpose solutions. An example of this would be; DNS servers, Routers, phone switches, building automation systems. Edge servers have no need to integrate with anything else in the enterprise and are built to serve a single function. In addition there is no defined roadmap for enterprise integration with Linux.
Realizing Potential: Partnering with Microsoft into the Future 15 System Integration
Consider the graphic shown below. The graphic on the left shows what customers are telling Microsoft they want from an operating system platform. Of course, there’s the ‘kernel’ – the core of any operating system. On top of that are a collection of important services needed to deliver the basic functions of a modern network operating system, such as file services, web services, etc. Then, there are additional components such as data management services, development tools, and management products needed to build, deploy and manage enterprise-class applications. Finally, there are the applications or the solutions themselves. Most important, customers expect and demand that all of the “parts” are engineered to work as an integrated platform. When systems are fully integrated, there are numerous platform features that deliver benefit to the business such as single sign on between applications, a common management infrastructure, and consistent user interfaces between applications and other components. The middle graphic shows that Windows Server provides a powerful kernel, a comprehensive and integrated set of distributed computing services and application frameworks. The Microsoft approach is to integrate both horizontally within Windows (i.e. between features of Windows) as well as vertically to the client operating system. Development tools and other applications that run on Windows delivering value-added integration benefits that save time, effort and money for an organization. Any application that is designed to run on the Windows operating system platform will see platform benefits such as single sign on, common user interfaces, and a common set of management tools. Windows Server is complimented by state of the art tools such as Visual Studio.NET, the industry’s leading database (SQL Server™) and a set of management products designed to integrate with, and extend the core manageability features of, the Windows operating system platform. Ultimately, it’s Microsoft’s perspective that customers are trying to get to the same state, which is one of having a comprehensive and integrated environment that they can depend on – the choice they need to make is whether they want to pay a premium for services, additional software, and additional IT staffing, and custom coding to get there and maintain that state with the Linux/NCS.
Realizing Potential: Partnering with Microsoft into the Future 16 Sustainability Over the Long Term
Microsoft believes that operating system choices have an inherently long life cycle – longer than most other types of IT investments. As such, not only does Microsoft invest in technology to help with version-to-version migration challenges, it has also established a strong track record for making continual improvements on the fundamentals of reliability, scalability, security, and core operating system platform manageability – all in an effort to deliver lower long-term cost of ownership, dependability, and a sustainable investment. Microsoft customers can be assured that an investment in Windows technology today is supported by a long-term product roadmap well into the future. Microsoft remains highly committed to continually making improvements in its products and understands that the ability to be successful means being resourced to meet the highly complex demands that accompany the delivery of version-to-version technologies. In contrast, the multitudes of Linux distributions and workgroups raise concerns about any one choice having a long enough lifecycle. Each Linux vendor attempts to differentiate its own distribution in such a way that compatibility can still be a challenge, and few vendors are focused on long term technology issues while they continue to define their business models. Additionally, it is unlikely that every Linux vendor will remain in business as consolidation naturally begins to occur.
Mitigating Risk on Your Technology Investment
Recently the origin of some of the code for the Linux Operating System Kernel has come into question. The SCO Group based in Lindon, Utah has filled suit against IBM for $3 Billion in damages due to Intellectual Property infringement. SCO has since then created a license for corporations that would license the use of the code, but for a fee of $199 per desktop and introductory price of $699 per processor on a server. This is a steep price to pay for a “Free Operating System”. SCO’s CEO, Darl McBride said businesses that continue using Linux without a SCO license can expect legal action. "We're absolutely, 100 percent going to fight for our intellectual property rights," he said. "If we don't get there with licensing, we will have to move to enforcement actions."
Realizing Potential: Partnering with Microsoft into the Future 17 It is important to note that this litigation may take years to resolve and even if SCO does not prevail, the very fact that these Intellectual Property issues exist at all should cause any corporation to consider its use with extreme caution.
Summary
Microsoft believes Windows is a safer investment when one considers its maturity, the rigorous engineering processes behind it, and comprehensive features that free customers and developers from reinventing the wheel. This is the type of focus and commitment a commercial company can bring to bear in solving hard business problems through automation of systems and processes.
Realizing Potential: Partnering with Microsoft into the Future 18 The Business Imperative to Improve Security
In this section, the paper will review the progress Microsoft has made on securing the Windows platform from outside attack and providing the tools and processes to allow out customers to respond quickly.
Company-wide Focus on Security
The Security Landscape and Trustworthy Computing Trustworthy Computing means helping ensure a safe and reliable computing experience that is both expected and taken for granted. Computing technology has become ubiquitous, from global applications to miniscule embedded devices. Trust in computing is vital to help protect public safety, national security, and economic prosperity. For Microsoft, Trustworthy Computing is also a company-wide initiative that is changing how business is done. Craig Mundie, Senior Vice President of Advanced Strategy and Policies at Microsoft, has explained the aim of Trustworthy Computing in this way: "Almost anyone in the developed world can go buy a new telephone and plug it into a phone jack without ever worrying about whether it will work or not. We simply assume we'll get a dial tone, that the person or machine on the other end will answer, and that our neighbors or anyone else won't be able to listen in on our conversation. A combination of engineering, business practices, and regulation has resulted in people taking phone service for granted. And that's where we have to take computing." We are working with hardware and software companies, as well as academic and government research institutions, and policy leaders in this journey. Scott Charney, as Microsoft's Chief Trustworthy Computing Strategist, is leading the company's efforts toward Trustworthy Computing. "While there is important short-term work to be done and we can measure the progress we have made, our Trustworthy Computing Initiative is a long-term commitment to a vision that may take a decade or more to fully realize. Achieving our goals will take fundamental research and advances in engineering, as well as changes to business culture and business processes."
The Goals of Trustworthy Computing Trustworthy Computing involves addressing the multidimensional set of issues that affect the level of trust that people place in computing: Security, Privacy, Reliability, and Business Integrity. The following table identifies the factors that define a trust relationship.
Trustworthy Computing Goals: The Basis for Customer's Trust
Security The customer can expect that systems are resilient to attack, and that the confidentiality, integrity, and availability of the system and its data are protected.
Privacy The customer is able to control their information and feel confident it is not only safe and used appropriately, but in a way that provides value to them.
Reliability The customer can depend on the product to fulfill its functions.
Business The vendor of a product behaves in a responsive and Integrity responsible manner.
Realizing Potential: Partnering with Microsoft into the Future 19 Microsoft Trustworthy Computing Framework After extensive feedback from customers, Microsoft has developed a framework to focus efforts and measure progress toward the goals of Trustworthy Computing. The framework has four components: By Design: Building security, privacy protection, reliability, and integrity into our products, services, and relationships. By Default: Optimizing security, privacy, and reliability options and settings when we deliver products or services. In Deployment: Providing guidance to help our customers make the best use of our products and services. Communications: Listening to our customers and communicating clearly, openly, respectfully, and honestly. These aims are more than slogans; individual employees and groups at Microsoft will be measured against them in their performance reviews. Security Security is a crucial area of importance not only for Microsoft but the software industry as a whole. Several news reports have appeared lately saying that no software, whether proprietary or Open Source, will ever be completely secure (source: Aberdeen Group Perspectives, “Open Source and Linux: 2002 Poster Children for Security Problems, November 2002 http://www.aberdeen.com/ab_abstracts/2002/11/11020005.htm ). As the world’s leading software firm, Microsoft often receives major media attention when security breaches occur. Established in 1988, the CERT Coordination Center (CERT/CC) http://www.cert.org is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. A recent report from Aberdeen Group based on CERT advisories states that “contrary to popular wisdom, UNIX- and Linux-based systems are just as vulnerable to viruses, Trojan horses, and worms" (source: Aberdeen Group Perspectives, “Open Source and Linux: 2002 Poster Children for Security Problems, November 2002 http://www.aberdeen.com/ab_abstracts/2002/11/11020005.htm ) The same report notes that CERT did not issue any advisories for Windows 2000 during the focus of the report, which was the first 10 months of 2002. Even Sun has been plagued by a number of serious attacks. On September 16, 2003, iDefense, an Internet security service, announced that it had discovered a major security vulnerability in Sun's Solaris and Trusted Solaris operating systems. A weak set of administration tools — the sadmind(1M) Daemon, which is enabled by default — allows an attacker using a forged identity to take complete control of a Solaris or Trusted Solaris system over port 111. Sun has not offered a patch but has published a set of corrective configuration measures http://sunsolve.sun.com/pub- cgi/retrieve.pl?doc=fsalert%2F56740&zone_32=category%3Asecurity . Sun says that the next version of Trusted Solaris will disable the vulnerable service by default. This flaw rates as High Risk according to the Gartner Internet Risk Vulnerability Ranking method — mainly because exploit code for the flaw has already appeared on the Internet. Microsoft recognizes that it is judged differently because of the sheer number of its customers – and Microsoft is committed to not only minimizing security problems caused by technology, but educating customers about best practices as well. In the next several sections, this white paper will explore the major investments Microsoft is making to minimize security risks for customers and the industry.
Realizing Potential: Partnering with Microsoft into the Future 20 Minimizing Risk with Secure Software and Processes Microsoft has a dedicated Security Business Unit. Its goal is to ensure that all Microsoft products are secure by design, and that all systems are now hardened to improve security. It also helps ensure that deployments are secure, and that the right communication about security takes place with Microsoft’s customers and partners. The Security Business Unit, with over 200 dedicated employees, addresses customer needs with guidance, tools, and products to help them maintain a secure environment. In early 2002, Microsoft took the unprecedented step of temporarily stopping the work of all Windows engineers, testers, product managers, others, —more than 8,500 people—while the company conducted intensive security training. Once the training was completed, the development teams analyzed the Windows code base to improve on existing security techniques and implement what was learned in training. Later that year, Microsoft undertook similar security pushes for the .NET common language runtime, Microsoft Visual Studio.NET, Microsoft Office, Microsoft SQL Server™, Microsoft Exchange Server, Biztalk® Server, Systems Management Server, Host Integration Server, Commerce Server, and Content Management Server. These efforts, accompanied by design and test reviews, will continue through future versions of Microsoft products. Vulnerabilities are neither the only nor the best measure of the security of a product. Software must provide the tools to mitigate common business risks rather than simply avoid creating them itself. One certification that gives a measure of how software reduces business risk is the Common Criteria Certification. This is a widely accepted standard for evaluating the security features and capabilities of information technology products with the intent of helping the customer select IT products that meet their security requirements.
The Linux operating system recently achieved certification from Common Criteria evaluation, but only at the Evaluation Assurance Level 2 (EAL2). Level 2 is defined as follows: Requires the cooperation of the developer in terms of the delivery of design information and test results, but should not demand more effort on the part of the developer than is consistent with good commercial practice. As such it should not require a substantially increased investment of cost or time. EAL2 is applicable in those circumstances where developers or users require a low to moderate level of independently assured security in the absence of ready availability of the complete development record. Such a situation may arise when securing legacy systems, or where access to the developer may be limited.
The Common Criteria Certification level 2 Linux certification is for a specific IBM hardware deployment where Suse is the only certified Linux distribution. Source http://www.commoncriteria.org/docs/EALs.html#EAL2 Windows 2000 is certified at Evaluation Assurance Level 4, + Flaw Remediation, which is a more stringent evaluation (Windows 2003 Server is currently under evaluation). This level is the highest protection profile that is mutually recognized by all the participants in the Common Criteria arrangement.
EAL4 permits a developer to maximize assurance gained from positive security engineering based on good commercial development practices. Although rigorous, these practices do not require substantial specialist knowledge, skills, and other resources. EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line. It is applicable in those circumstances where developers or users require a moderate to high level of independently assured security in conventional commodity TOEs (Target of Evaluation), and are prepared to incur additional security-specific engineering costs.
Realizing Potential: Partnering with Microsoft into the Future 21 An EAL4 evaluation provides an analysis supported by the low-level design of the modules of the TOE, and a subset of the implementation. Testing is supported by an independent search for vulnerabilities. Development controls are supported by a life-cycle model, identification of tools, and automated configuration management.
Comparing security processes Microsoft’s rapid response to security vulnerabilities helps minimize potential damage to the enterprise. Customers receive notification of vulnerabilities and security patches automatically. Enterprises can minimize their risks by selecting products that offer integrated security features that have been tested under real-world conditions. Microsoft is a known, established vendor with processes in place to respond to and resolve problems that might arise with its products. Customers know who to call when a problem occurs, and they can count on Microsoft to address the problem promptly and systematically. The market research firm, Aberdeen Group, commends Microsoft for having “a good track record” of resolving security problems. Microsoft offers an abundance of resources to help businesses develop secure IT environments and applications. In contrast, the community model may introduce a delay in receiving security patches. With Open Source software, it is not clear to whom businesses can specifically go for help when security vulnerability is identified. The idea of getting help from a global community of volunteers is appealing, but the customer assumes primary responsibility for making sure the code is secure and for finding patches and modifying them when the patches are for different versions of the source code. Another option is for customers to enter into a services agreement with a System Integrator to provide new features and support the Open Source code, however this adds cost and complexity to the initial project. Efforts to educate customers about processes and best practices, coupled with solid security response programs, have helped reduce the “attack surface” for Windows. CERT’s information on scanning and probing activity on known vulnerabilities shows that there were thirteen different categories of scanning on Linux systems versus only four against Windows (source: http://www.cert.org/current/scanning.html ).
The Truth about Security Universal access to the source code does not mean it is more secure. Meaningful comparisons between operating systems and related applications can be made by looking at specific vulnerabilities, or those deemed most serious. An objective measure is the standard developed by CERT, which releases advisories for serious vulnerabilities threatening the Internet’s infrastructure or large numbers of Internet users. As stated earlier, vulnerabilities for which CERT issues advisories should be patched immediately. In an analysis of CERT data, Aberdeen Group found that security advisories for Linux and other Open Source software accounted for one-half of all CERT advisories (16 out of 29) issued in the first 10 months of 2002. The Aberdeen Group concluded that “Open Source software, commonly used in many versions of Linux, UNIX, and network routing equipment, is now the major source of elevated security vulnerabilities for IT buyers.”
Realizing Potential: Partnering with Microsoft into the Future 22 Below is an updated chart that shows CERT Bulletins for Jan03 – Sept03.
All bulletins to date: Jan-Sept 2003 By Operating System OpenBSD 14 SunLinux 21 Trustix 22 EnGarde 27 Microsoft (all Windows versions combined) 30 SuSE 39 Sun 47 Mandrake 95 RedHat 97 Debian 166 Source: CERT Web site: http://www.cert.org/advisories
Decision-makers need to keep an open mind and carefully consider the facts available on not just vulnerabilities by operating system, but also vendor responsiveness and vendor training capabilities. Supporting customers through the issue of timely maintenance releases is of importance to every software vendor. Open Source vendors have additional risk as they partly rely on developers they do not employ for coding key features and on-going maintenance activities. Open Source vendors such as Red Hat recognize this dependency on outside developers as a potential issue and identify it as a “Risk Factor” in their 10 K Report (source: http://media.corporate- ir.net/media_files/NSD/RHAT/reports/10-K2003.pdf ). Commercial software companies, and their customers, benefit from developer efforts focused on whatever requirements best benefit the customer, whether those requirements are for new features or expediting work on maintenance releases. Improved Manageability
Reaction Time is Key An annual computer crime and security survey conducted by the Computer Security Institute and the U.S. Federal Bureau of Investigation tallied more than $201 million in quantified financial losses for the first six months of calendar year 2003. Ironically, the vast majority of successful attacks by individual hackers and by fast-spreading worms rely on the presence of known bugs in the target computers—bugs for which patches are already available (see table below).
Realizing Potential: Partnering with Microsoft into the Future 23 Source: http://www.itbuynet.com/Pdf/0703-securitywatch.pdf Deploying patches to thousands of computers manually is not an option. In the past, however, the processes, tools, and techniques for deploying and managing patches have not always been readily available. Software vendors and customers alike must meet the challenge of security patch management to counter the escalating cost of security breaches and to enable companies to further leverage the Internet for integrating business processes with partners and customers. Cooperation among software vendors and customers can greatly reduce the quantity of successful attacks and the staggering costs associated with them. Microsoft has made keeping customer environments secure and reliable a priority. As part of Microsoft’s Trustworthy Computing initiative the company leads the way in meeting the challenge of keeping computing environments up-to-date and secure while addressing the equally important issues of cost and stability. Microsoft has produced a suite of free automation tools for identifying unpatched computers and rolling out updates. These tools are described in the Microsoft Guide to Security Patch Management http://www.microsoft.com/technet/treeview/? url=/technet/security/topics/patch/secpatch/ , a comprehensive guide to implementing a security patch management process for the entire Window environment. Below is a discussion of some of the tools and methodologies Microsoft has developed to help customers manage patches and updates, not only for security patches but for patches and updates to applications as well as the operating system.
Phases of Patch Management
Change Phase For the “change” or deployment phase, integrated tools make it easy to be notified of and install new software using a variety of convenient methods. Windows also makes it easy to roll back a change if any issues are uncovered. And, having a single, integrated source for updates is important to maintaining control of the environment. When installing new servers, desktops, and other devices, the right drivers are required, or they simply will not work. Microsoft continues Linux distributions ship with to be an industry leader with over 12,000 certified devices, 200 100’s and sometimes 1000’s of mobile devices, and more support coming as 41,000 additional utilities, each from different submittals are being tested in the Windows Hardware Quality Lab. vendor. For example, over 100 are installed by default by Red Operate Phase Hat’s version 8.0. Each of these utilities may have Once software has been installed, the “operate” phase involves tasks, patches to be discovered, such as setting up security policies for specific groups of users, downloaded, tested, and creating a backup of important data, and setting up restore deployed. processes. This is where the Active Directory service (an LDAP directory service) has made tremendous improvements. Windows Server integrates directory services with standards-based security services to simplify identity management and enable single sign-on across an enterprise. Administrators desiring the use of terminal services or the built-in Web server need only to click a check box to enable them. These capabilities are now built into the Windows platform as simple, integrated, out of the box tools with the same look and feel.
Support Phase Support is important to ensure that, should trouble arise, 24x7 help is available from a choice of sources. To prevent problems in the first place, Microsoft offers prescriptive guidance as part of its
Realizing Potential: Partnering with Microsoft into the Future 24 responsibility to customers. For example, the Prescriptive Architectural Guide is available to help IT administrators design their infrastructure the right way, utilizing best practices. http://www.microsoft.com/windows2000/server/evaluation/business/relavail.asp Training is offered by a global ecosystem of certified partners. Microsoft’s product support has a proven track record of helping customers to minimize downtime and to resolve problems quickly. There is a community of thousands of developers and other IT administrators available to help answer questions. Examples of community style support options include 2,200 user groups on the Internet that are focused on Microsoft technologies.
Optimize Phase Another major improvement to Windows is the ability to track how the servers and desktops in the infrastructure are performing and to have the means to fine tune them. This “optimize” phase is key to getting the most out of an IT investment. With built-in performance monitoring and tuning Whyissues, such as resource consumption. Microsoft also offers tools, such as Microsoft Operations Manager (MOM), Application Center, and Systems Management Software, for managing a variety of applications, hardware, and even Web server farms. For customers running a mixed environment, Windows integrates well with popular third-party management consoles, such as Computer Associate’s Unicenter.
Executive Support The need for a well planned, strategic security patch management process is imperative. Today, many companies use a bottom-up approach for development and support, in which the IT department develops a security plan without executive sponsorship. To address business needs and to be successful, upper management must appreciate the importance of security patch management and ownership of the process must be clearly defined. If you don’t have upper management support or clear ownership of the process, political obstacles will sometimes defeat champions of patch management, coverage will be spotty, and the overall patch management process will fall out of alignment with your organization’s larger business objectives.
Is Linux more Manageable? In their study on comparing the total cost of ownership between Windows and Linux, IDC states that the lower TCO costs for Windows are in part because of the “relative immaturity of management tools for Linux.” While it is possible to purchase, or perhaps download, Open Source tools that help with some of these challenges, they are not well-integrated and require additional time and effort to deploy. An alternative is to purchase commercial add-ons. Some, such as IBM’s Tivoli product, can cost upwards of $150,000, which quickly starts to mitigate the acquisition cost advantages of Linux.
“On Linux, our developers and engineers had to practically develop everything from scratch. That made it really costly for us.” -- Henry Kho, Chief Technology Officer, Earth9 Source: http://www.microsoft.com/asia/crp/search2.asp?CaseID=126
Summary
In this section, Microsoft’s progress on the fundamentals of reliability, scalability, security and manageability have been explored. With its relentless drive to improve products and customer
Realizing Potential: Partnering with Microsoft into the Future 25 satisfaction, Microsoft believes it has overcome the objections commonly associated with Windows NT 4.0 and, in fact, has raised the bar on the fundamentals for the software industry.
Realizing Potential: Partnering with Microsoft into the Future 26 Business Challenges and Risk for Linux
Open Source Business Model
The Open Source model of developing software uses over twelve different licenses. The most common license (and the one used for Linux) is the GNU (GNU is a recursive acronym for "GNU's Not Unix"; it is pronounced "guh-NEW") General Public License (GPL), which requires that “any modifications made to GPL code that is distributed must be made available to the community” (source: Fink, Martin, “The Business and Economics of Linux and Open Source,” Prentice Hall PTR, pg. 46). In essence, an independent software vendor would find it difficult to generate revenue by charging typical fees for software licenses if the product included GPL’d source code, because customers could download it for free off of the Internet. To be fair, it is possible to create products that work with Open Source software but are not under the GPL license, when the intricacies of the license are understood and measures are taken to separate source code from products. Another challenge of abiding by the Open Source model "The conflict between MandrakeSoft of software development is the spirit of it, which and UnitedLinux reflects a dilemma generally means sharing software improvements back faced by many Open Source to the community, and to offer products at little or no companies amid a prolonged cost. At the same time, Linux vendors must generate economic downturn: whether to stick revenue to stay in business. To date, Linux vendors rely to what many see as the Open Source largely on other sources of income, such as hardware, services, or add-on software, that bring the basic spirit, or to impose some restrictions functionality of Linux to the level required by on the way their products circulate in businesses. order to boost revenues" This has been the approach of IBM in particular. There —ZDNet UK News 7/3/2002 is no IBM Linux distribution, but rather, IBM resells Source: ZDNet UK News. “Mandrake Takes distributions from vendors such as Red Hat. IBM’s UnitedLinux to Task” strategy is to surround Linux with their global consulting http://news.zdnet.co.uk/story/0%2C%2Ct269- services, middleware software, and proprietary s2118443%2C00.html hardware such as the mainframe. The outcome of such a strategy is still uncertain. IBM’s recent earnings report for the year 2002 showed that software, and especially middleware offerings, were flat to declining. Hardware sales have also declined. Other vendors such as Red Hat support Linux because they feel they can differentiate their particular Linux distribution with support and training. Red Hat has the leading distribution of Linux with over 50% of the worldwide market share. In spite of their enviable market position, they have struggled until only recently to generate a profit. Another major Linux vendor is MandrakeSoft, which has also enjoyed some success in the Linux market, yet has recently filed for reorganization similar to the United States Chapter 11 (source: http://www.mandrakesoft.com/company/press/briefs?n=/mandrakesoft/news/2405 ) protection. Linux vendor Caldera has retrenched by changing its name back to The SCO Group and focusing on its UNIX line of servers. Its Linux operations are in the red. Turbolinux has sold its Linux operations to Japanese software company SRA to focus on its own proprietary software business. For customers, the continuing financial difficulties of Linux vendors leave an open question: will the version of the Linux distribution they use still be available in the near future, and will there be a vendor who can support it?
Risks of “Mixing and Matching” Open Source Software
The Linux operating system is a core set of functions that require additional application packages and services to meet the business needs of most customers. For example, transaction services (as required for systems processing airline reservations and financial activities) are not included.
Realizing Potential: Partnering with Microsoft into the Future 27 Customers requiring guaranteed transactions must purchase add-ons, such as BEA’s transaction processing monitor. For file serving, SAMBA is needed. Security services, such as Kerberos support, are also add-ons, as is an LDAP directory. While Linux supporters would point to the benefit of choice, decision-makers must bear in mind the consulting services, complexity introduced and additional time to market when piecing together software from multiple vendors (or the Linux community).
Addressing the Multitudes of Linux Distributions
To achieve greater competitive strength and to address the problem of compatibility among hundreds of Linux distributions, second-tier Linux vendors SCO, Conectiva, Turbolinux, and SuSE created a UnitedLinux movement to make the different versions more compatible. Red Hat and MandrakeSoft have not joined the effort. This continuing lack of unity may possibly drive the various distributions of Linux further apart technically. It is still uncertain how vendors can generate revenue through differentiation without causing customers to be locked in to a single distribution as the kernel and surrounding middleware and utilities become customized (source: Broersma, Matthew. “Linux Vendors Stand Behind UnitedLinux.” ZDNet News.com, May 30, 2002. Available http://zdnet.com.com/2100-1104-928518.html ).
The Bottom Line
Microsoft believes there are inherent problems with the Open Source model of software development for the reasons outlined throughout this document. Innovation is difficult with a loosely affiliated group of volunteer developers, even with assistance from IBM and other vendors; there is no clear roadmap for the future direction of Linux, leaving customers with some uncertainty about their investment; and finally, the resource intensive work of rigorous engineering and integration falls outside the scope of the Linux community. In addition to the development model challenges, Microsoft believes the acquisition and services costs of Linux must increase to enable the surviving players to gain financial stability. The price increase is likely to eliminate the acquisition cost advantage of Linux.
Conclusion
Windows is a comprehensive platform, not just an operating system, which will continue to evolve as it has since 1990. Windows offers many useful features that increase productivity in the IT environment and to users on the desktop, giving corporations the agility they need to operate efficiently and effectively. Windows integrates well with other systems, including UNIX, as well as with other Microsoft products and offers an abundance of choices in business applications. Windows supports key scenarios out of the box, enabling rapid time to market with fewer services and less customization required. Emerging quantitative data indicate that Windows offers lower TCO in many situations. All of these features together provide greater value than Linux. Partnering with Microsoft has value over the long term. Microsoft is a stable business that offers a network of support through its affiliates and partners, and educational support for IT. Vendor accountability and responsibility are important to the continued improvement of the product in areas such as security, performance, reliability, ease of use, and manageability. Microsoft’s business model is to invest heavily in innovation and rigorous engineering processes to create the best business platform possible, offer it at a reasonable price, and surround it with an ecosystem of high quality applications, services, and training choices. Microsoft believes that Windows provides customers with a safe investment that will grow with them in the future.
Realizing Potential: Partnering with Microsoft into the Future 28 Windows 2003 Server Enhancements
Summary
Microsoft Windows continues to provide industry-leading productivity features, better manageability, the ability to maximize existing investments and a clear vision for the future with the funds and commitment to deliver on the vision. The standard Microsoft Windows interface minimizes the learning curb of new applications by standardizing on common ways to accomplish specific tasks, regardless of the application. IT administrators benefit from the ease of deployment and manageability of Microsoft Windows with its built-in directory services and ability to lock down desktops. UNIX staff can easily become productive on Windows using familiar commands. And most importantly, the ability of Microsoft Windows to support key business scenarios without requiring major consulting and expensive, complex add-ons will boost the value of IT while holding costs down. All of these capabilities lead to business advantage for customers. Many of the studies and analysis cited in this paper were against Windows 2000 Server and not Windows Server 2003. This section will cover the improvements made in Windows Server 2003 over the previous version.
Microsoft Windows Server 2003 is a comprehensive, integrated, and dependable server operating system designed to help IT do more with less by reducing costs and increasing the effectiveness of computing operations. There is an edition of Windows Server 2003 to meet the needs of every size organization.
The core infrastructure services provided by Windows Server 2003 enable better server consolidation, identity management, and more secure network access than earlier versions of Windows Server. The foundation of these services is the high reliability, availability, scalability, manageability, and security enhancements that Windows Server 2003 provides. It is also easy to deploy, manage, and use.
Key enhancements include:
Availability. Provides improved availability through enhanced clustering support for up to 8 nodes.
Scalability. Provides scalability through scale-up, enabled by up to 64-way symmetric multiprocessing (SMP) and scale-out, enabled by clustering. It supports both 32-bit and 64-bit processors.
Manageability. Reducing day-to-day maintenance through automation is key to reducing operating costs. Windows Server 2003 contains several important and enhanced management tools including Active Directory and Group Policy, command line scripting support, and server configuration wizards to help automate deployment and simplify tasks.
Security. A secure computing infrastructure is a strategic business asset. As a leader in the computing industry, Microsoft is working to deliver secure products and to help its customers deploy and efficiently maintain them in a more secure state. A result of this commitment is Windows Server 2003 which enables businesses to provide more secure access anytime, anywhere, with any device, while helping to protect information assets against unauthorized access. Windows Server 2003 features a redesigned Internet Information Services (IIS), strong authentication protocols such as 802.1x and PEAP, and the common language runtime to create a safer computing environment.
Having a strong foundation enables businesses to deliver cost saving services while increasing the effectiveness and helping to improve the security of each customer’s unique computing environment.
Realizing Potential: Partnering with Microsoft into the Future 29 Windows Server 2003 provides a powerful and integrated application platform that delivers both a stable and scalable architecture. It also lays the foundation in which applications can easily be developed and managed. Scalability and performance enhancements mean existing applications will run faster. Application services include the Microsoft .NET Framework, Message Queuing, COM+, and other application server options give developers and administrators an integrated toolbox that enhances productivity so they can quickly build connected solutions.
Key enhancements include:
IIS 6.0. Redesigned with security, reliability, and performance in mind, IIS is locked down by default, now capable of process isolation and is over 100% faster in many cases.
Microsoft .NET Framework. By integrating the .NET Framework into the Windows Server 2003 application development environment, developers are freed from writing “plumbing” code and can instead focus their efforts on delivering business value.
Enterprise UDDI. Enables companies to run their own internal UDDI service for intranet or extranet use. Developers can easily and quickly find and re-use the Web services available within the organization. Support for existing services. Because XML Web services are deeply integrated into Windows Server 2003, existing services like COM+ and Microsoft Message Queuing (MSMQ) can readily take advantage of them. Administrators can allow existing COM+ applications to be called using XML/SOAP by simply checking a configuration box.
User productivity begins with data. Windows Server provides the keys to data availability and integrity. Intelligent File Storage protects end-user data, eases access to complex networks, and provides a scalable storage architecture.
Key enhancements include:
Shadow Copy Restore. Allows end-users to recover previous versions of documents without interrupting their work process. Once the Shadow Copy schedule has been established, (on a volume by volume basis), end-users can revert to previous, point-in-time copies of their files & folders.
MyDocuments redirection. Redirects the “MyDocuments” folder from a user’s local machine to a server.
Distributed File System (DFS). Enables administrators to assign a single namespace that provides users with a virtual view of logically grouped shares, even though they reside in different physical locations.
Encrypting File System (EFS). Encrypting user data is made even easier and now includes encryption of offline files and folders.
Powerful communication and collaboration services help individuals and are an integral part of the Windows Server 2003 platform.
Key enhancements include:
Windows SharePointTM Services. Delivers effective virtual teaming, version control, and document management.
Windows Media 9 Series. Enables elearning and executive broadcast to be facilitated easily and cost-effectively.
Terminal Services. Delivers Windows based applications, or the Windows desktop itself, to virtually any computing device.
Realizing Potential: Partnering with Microsoft into the Future 30 Intelligent printer sharing. Enables fault tolerant, discoverable, server-based printing. Windows Server 2003 is the server platform for increasing user productivity. Installing it will enable employees to have better visibility into critical business information. Their ability to anticipate, manage, and respond to changes will be dramatically improved.
Summary The family of Windows Server 2003 products enables companies to choose the solution that best fits their needs. The strong combination of a solid IT infrastructure, a robust application platform, and unparalleled end-user productivity are all provided in Windows Server 2003 helping organizations do more with less.
Realizing Potential: Partnering with Microsoft into the Future 31