CIPS logo

Canadian Information Processing Society

 

CIPS logo

 

 

 

 

CIPS Connections -- Current Articles

2/7/2003 7:55:39 AM
Windows 2003 Server & Industry Trends
An Interview with Don Jones
by Stephen Ibaraki, I.S.P., Capilano College

This week, Stephen Ibaraki, I.S.P., has an exclusive interview with Don Jones, an international technology consultant and a founding partner of BrainCore.Net—a leader in technical certification and assessment development and technologies. Don is a regular speaker at industry conferences such as MCP TechMentor, Comdex, and more. He is currently living and working in an RV, traveling across the country on various consulting jobs.


Discussion:
Q: Thank you for being with us here today. Your experiences and insights would be of great interest to our audience.
A: Thanks very much, glad to be here.


Q: You are an expert in Microsoft’s Windows Server 2003. How does Windows Server 2003 compare with Windows 2000 Server? Why would a company want to move to 2003?
A: That’s a tough question for most companies. The switch from NT to 2000 was a big, big change, and it was easy to see what was different. 2003, however, is more like a minor revision in terms of additional features. Active Directory, however, has seen some major changes. I think that companies who’ve avoided moving to Active Directory thus far will see a lot to like in 2003. 2003 is also much, much more secure right out of the box. Companies implementing Web sites and other easily attacked servers will also find a lot to like in 2003.

All that said, companies who’ve already moved to Windows 2000 might not find anything that really compels them. That’s especially true, I think, for small- to medium-sized companies who’ve already gone through the pain of a Windows 2000 and Active Directory migration. Larger companies will gain tremendous benefits from the new Active Directory, which is really version 2.0 of that technology.


Q: What tips can you offer in implementing Windows Server 2003?
A: Planning, planning, planning. Windows 2000 introduced a new concept for Microsoft operating systems: Don’t just click Setup and expect everything to go smoothly. With 2000, you really had to plan your migration and deployment, especially where Active Directory was involved, and that continues to be true with 2003.

If you’re moving from 2000 Active Directory to 2003, in-place upgrades – as opposed to migrations to a new server – are a great way to go. It’s a painless process that works quite well. It’s also very easy to install 2003 domain controllers into a 2000 domain, and simply decommission your 2000 domain controllers one by one. When you’re finished, you can shift the domain into 2003’s functional level and start taking advantage of new features.

This concept of functional levels is important, and it’s a great idea that Microsoft’s offered. It allows a 2003 domain controller to act exactly like a 2000 domain controller, giving you as much time as necessary to get all of your domain controllers upgraded. You won’t have many of the new Active Directory features, but you won’t have compatibility problems, either. When you’re completely upgraded, you raise the functional level to switch on the new features.

Domains aside, another big area in which to be careful is IIS upgrades. IIS 6 is a complete rewrite over IIS 5. I don’t recommend just upgrading Web servers willy-nilly; do some testing and make sure your applications will work on IIS 6. IIS 6 offers backward-compatibility modes with IIS 5, but if you run into problems you’d be better off investing to fix your application. IIS 6’s native architecture is faster, more stable, and more secure, so it’s wise to take advantage of it.


Q: Can you elaborate more of the security in Windows 2003?
A: In the past, Microsoft’s goal was to make it easy to get a powerful server up and running with all it’s features enabled. That meant, for example, installing IIS by default with all its features turned on. That turned out to be a bad idea, as administrators wound up running IIS on computers without really realizing it. When IIS was compromised by viruses like Code Red, it ran rampant thanks to the wide IIS deployment.

Windows Server 2003 takes a different tack: To make the OS as secure as possible out of the box. I’ve really been impressed at Microsoft’s efforts in this. For example, the default file and share permissions now list the Everyone group with Read-only permissions, rather than with Full Control as has been the case since NT was first introduced. I think that’s a minor change, but with major, long-overdue implications and consequences. 2003 also leaves IIS out by default, and if you do install IIS, it installs in a very locked-down fashion with reduced functionality. You have to turn on the features you need, so there’s no way administrators can claim they didn’t know those features were there.

The new security philosophy places a lot more responsibility on the administrator. There’s no more “click and it’s done” setup in 2003; admins have to take more time to understand how features work, and they have to sped more time configuring those features for full functionality. That’s a good thing, in my opinion. I don’t think we administrators are paid to just click buttons. We’re paid to understand what we’re doing and to configure our servers to be both functional and secure.


Q: What would be useful information to know about implementing and using each of the Microsoft .NET Enterprise Servers?
A: That’s a big topic. Today, you’ve got ten to twelve .NET Enterprise Servers, depending on how you define that brand name. Planning is crucial: Understanding how each server works, how it interacts with the others, and what the core administrative requirements are. I’ve actually written a book, Special Edition Using .NET Enterprise Servers, which is coming out from Que in February. It provides a planning and design chapter for each server product, security chapters, and a chapter on administering each server product.

Knowing, for example, that SQL Server runs best on a machine by itself and that Exchange 2000 Server has a new multi-tier architecture that can reduce servers and increase scalability – those are important things to know. The .NET Enterprise Servers are so varied and complex that you really have to do your homework before you dive in.

And, as always, Microsoft is constantly changing things on us. They just shipped Content Management Server 2002, a whole new version and the first version they’re totally responsible for. Keep in mind that they bought CMS 2001 and really just rebranded it. We know that a major realignment to the .NET Enterprise Servers is coming in 2004 and 2005, with BizTalk Server, CMS, and Commerce Server being collapsed into a product that’s code-named Jupiter. Exchange, Mobile Information Server, and Internet Security and Acceleration (ISA) Server are being recombined into two products. It’s a lot of work to keep up.


Q: Can you describe the books you have written and share some tips from your books?
A: My newest book, which will hopefully be out from Que in March or April, is Windows Server 2003 Delta Guide, which I co-authored with Mark Rouse. It’s targeted at experienced Windows administrators, and designed to help them quickly become experts on 2003 by leveraging what they already know about Windows. I think one of the coolest tips from that book is the new Resultant Set of Policy (RSOP) feature from 2003’s new Active Directory Users & Computers console. RSOP lets you play “what if” with Group Policy management. You can pick policies and designate users and computers, and see what policies a user or computer would get based on various scenarios in Active Directory. It’s a fantastic planning and troubleshooting tool, one that used to require third-party products.

Mike Danseglio, a Windows Server 2003 product team member, co-authored Windows Server 2003 Security Administrator’s Companion with me. That’ll be out from MS Press in April, I believe. It’s a complete walkthrough of security in 2003, and provides a ton of example scenarios to help put things into a real-world context. It’s also the first security book from Microsoft that focuses on the whole security picture, including physical security and human practices, not just the product. One of the most valuable chapters is the one on smart card implementation, where we provide the first really straightforward look at how to implement smart cards for user logons, from start to finish. Very valuable stuff.

I’ve also written a handful of eBooks for Realtimepublishers.com. They’re an awesome publisher, and they provide free eBooks on high-tech stuff. I’ve got titles on SQL Server performance optimization and Windows 2000 Active Directory Tips and Tricks, for example. They’re all top-quality books. I’ve got a very close relationship with Realtimepublishers, and they’re very committed to what they do. I love writing for them.


Q: Can you detail your personal history and how you came to write? What personally prompted you to enter the computing field? What led you to becoming a noted expert on servers?
A: One thing kind of led to another. My first IT job was with Electronics Boutique, the small software retailer. I worked in register support at their home office. By the time I moved on, I was running their AS/400 in the evenings and I wrote a new register software package. It was actually the first point-of-sale software written for Windows 95 when that first came out.

I was a network administrator for Bell Atlantic (now Verizon), a field engineer for a couple of consulting firms, and a Microsoft Certified Trainer. I’ve also been a director for a consulting practice, a senior Web developer for a “dot com,” a little bit of everything. It’s given me a lot of exposure to the business side of things. When I finally decided to go independent, I got my first book deals, Microsoft .NET E-Commerce Bible and E-Commerce for Dummies, with Hungry Minds (now Wiley). I turned out to love writing, and I’m pretty fast at it. I’ve written about a dozen books in two years, and the Delta Guide is actually the first in a new series that I’ve created with Que.

I think the key to my success thus far has been my willingness to really spend time playing around with products. I have a half-dozen computers in the RV, and I use Connectix Virtual PC a lot to give me even more computers to work with. Anytime I’m writing a book, I probably install the product a dozen times just because I’m messing with it so much, trying to find out what breaks it and what works best. Speaking at conferences also helps keep me relevant; when I’m not speaking, I can listen to folks like Dan Balter, Jeremy Moskowitz, Derek Melber, and Mark Minasi – all great speakers, and they really help give me new directions for study and experimentation.


Q: What are your personal goals 1, 3, and 5 years into the future?
A: Wow, everytime I try to guess that far out I wind up being surprised by what actually happens. I’ve just become a contributing editor for MCP Magazine, which is something I’ve wanted to do for a long time. I think my biggest personal goals are probably company-related. BrainCore.Net produces an amazing technology called Skillworks, which will let certification programs like Microsoft’s deliver hands-on exams through their existing exam delivery channel. It uses real products, not simulations, and provides automated scoring for instant results. It’s really incredible technology. We’re in the process of pitching it to folks like Microsoft, the Field Certified Professionals Association, pretty much anyone who’ll listen to us. It’s also got great applications as a hands-on pre-hiring assessment tool to help companies hire professionals who are actually qualified for the job, applications in training centers – the possibilities are unlimited, and I think they’ll keep us working hard for the next three years or so.

Personally, there are a couple of books I’d really love to write. I do a talk on VBScripting for Windows Administrators that’s hugely popular; I’m doing it for MCP TechMentor (www.techmentorevents.com) in April. In fact, TechMentor will be carrying the talk exclusively for the foreseeable future. I’d love to write a companion book for that, something that shows administrators how to take advantage of VBScript as an administrative tool, without requiring them to become hardcore programmers in the process. I’m pitching that book to a couple of publishers right now, and it’s looking promising. I’d also love to write the Delta Guide for SQL Server Yukon whenever that ships, or even co-author it with someone. That’s going to be a major, major change for administrators and DBAs, and I think a Delta Guide title will help them get their hands around it more quickly.

I’m also planning to settle down in 2004. I’ve bought land in Las Vegas and I think it’s time to stop doing the RV-around-the-country thing!


Q: What ten career pointers would you provide specifically to people who wish to enter the computing field?
A: First, pay attention to the business side of things. Don’t just implement cool stuff, always focus on what the business needs and what will benefit the business.

Stay on top of things. You should always be studying what’s coming next, even if your company has no plans to implement it. You don’t know where you’ll be next week, and you always need to be prepared.

Always do your best job. That seems so common sense, but you’d be surprised how often my work is complimented simply because I don’t give my customers a hard time – they get good results the first time.

Set expectations. Don’t promise things you can’t deliver, and always deliver your promises. The worst impression people have of IT professionals is an inability to deliver, and that’s because it’s easy for us to promise things we can’t follow through on.

You get what you pay for. That’s true whether you’re hiring employees or buying hardware; Compaq servers are expensive, for example, but they’re unbeatable. Yeah, you can find trainers who’ll work for $400 a day, but you wouldn’t work for that little money, so what makes you think a decent trainer would?

Attend conferences. They’re the best educational value on the market, and you’ll also get to network with your peers. In our industry, as in most others, who you know is often just as important as what you know.

Always try to take a leadership role. Don’t force your way into it; just look for things that need to be done and do them. Nobody ever expects that from IT folks, so you’ll give them a pleasant surprise.

Be focused on details. Everything in IT is all about checking the right checkbox or putting a server in exactly the right location for best effect.

Don’t be afraid to interview for new jobs. The best thing you can have in IT is breadth; as you come to know more about more and more products and technologies, you’ll find that you’re more valuable to the people who hire you, and that more people will want to.

If you want to write books, get an agent. I’m with Studio B (www.studiob.com), and they’re invaluable in helping me make smart decisions and negotiating good deals. Find a publisher you like, too, and be loyal to them as much as you can. Que’s been great for me, for example.


Q: Can you comment on the open source movement and where it’s heading?
A: Open source is interesting. I think it’s always going to have a place, but I don’t think it’s going to take over from commercial software. I mean, you can’t develop really solid, cool technologies with no budget, and open source has no budget. I think we’ll see interesting new technologies come from open source and get rolled into commercial products. Apple is a great example: Mac OS X is based on BSD Unix, but has a fantastic Apple GUI for a really top-notch product.

Linux really annoys me, though. Actually, I should say Linux zealots annoy me. I’m a firm believer in “the right tool for the right job,” and I use a Mac in a lot of my work, for example. There are folks, though, that I like to refer to as the Linux religious right, who automatically believe that anything Microsoft does is a conspiracy designed to enslave their children or something. I think Linux can be a fine operating system for some purposes, but it’s a terrible client operating system for the average non-technical person, for example. Windows or Mac are much better.

The open source community needs to open its eyes, a little bit. For example, Microsoft takes it on the chin from open source because they’re “just out to make a profit.” At the same time, they’re praising Sun – because, I guess, Sun isn’t out to make a profit, which must disappoint their stockholders. Lots of the old-time open source guys don’t like Sun, because they’re not really practicing the open source philosophy. Java’s still a proprietary technology, remember, which Sun legally controls.

And all the fuss on open source things like Linux tends to detract from some of the real, rock-solid long-term players in the field. BSD Unix, for example, is simply the most stable operating system in the universe. That’s why Apple built OS X on it. But you don’t hear about people flocking to BSD Unix for their Web servers. Why not? Because it’s still all about marketing and hype. Right now, Linux has the hype, and so that’s what people are looking at. The distributors of Linux builds are in some ways doing to BSD Unix what they accuse Microsoft of doing to everyone else. It’s ironic.


Q: What do your forecast as future hot topic areas or “killer apps” to start researching now?
A: Well, security, obviously. New, smarter firewall products, smarter routers, smarter everything that protects the network – those will be big in the next few years.

Everyone keeps telling me that wireless – things like connected PDAs and cell phones – will be the next big killer app for technology, but I don’t know. Tablet PCs are making a comeback – remember the tablets of the early nineties? – but it’s really hard to make a call on any of that.

I think the next big thing will be convergence. I’m a huge home theater fan; I have one of those RCA/DirecTV Microsoft Ultimate TV boxes. It’s like a TiVo, but with two DirecTV tuners built in, so I can record one show while watching a second, or record two while watching a prerecorded show. It’s got a built-in on-screen program guide and is really easy to operate. I’ve also been looking at the Windows XP Media Center PCs – the idea of having a combined MP3 jukebox, DVD player, and personal video records fascinates me. I want all of those technologies to coalesce into one box. All the technology exists; somebody just needs to squeeze it all into a single box for the perfect small-footprint home theater.


Q: What would be your recommended top ten references for the serious IT professional?
A: Well, for Group Policy you can’t beat Group Policy, Profiles, and IntelliMirror by Jeremy Moskowitz. He’s a good friend and it’s a great book. I’m a big fan of Windows 2000 Scripting Bible by William Stanek, too, and anyone who’s into VBScript should pick it up. A subscription to MCP Magazine or Windows & .NET Magazine is crucial for keeping up with the latest technologies in the Microsoft arena. I don’t think any IT pro, even Unix guys, can afford to ignore the Microsoft arena.

Mark Minasi wrote a book on Linux for Windows Administrators, and I think it’s a must-read. I wish I’d written it! I don’t think Windows folks can ignore the Linux/Unix side of things, either. I think we all need to be better at picking the right tool for the right job, and not just sticking with what we happen to know.

Obviously, Windows admins need to pick up a copy of my Windows Server 2003 Delta Guide. Aside from plugging my book, I think it’ll be the fastest way for time-strapped administrators to get their hands around this new OS.

What else? It’s tough for me to say. I don’t have a lot of books on my shelf, mainly because it’s so small in the RV! Oh, definitely a subscription to Microsoft TechNet. Supporting a Windows environment without it is just insane. And administrators who want to keep their skills up should invest in a Microsoft’s MSDN Universal. I know they pitch it as a develop product, but you get a copy of every server product that Microsoft makes. It’s a great way to experiment and learn new things.


Q: You have done extensive research in a number of high-tech areas. Can you describe the results of your research and tips you can pass onto the audience?
A: IPv6 is the latest thing I’ve been working with. It’s a great new set of protocols, but we’re still a long way off from implementation. I know everyone hears about this from time to time and wonders when it’s going to happen. I think the best thing anyone can do now is start evaluating future hardware and operating system purchases for IPv6 compatibility. That way, when times mature and we start using the protocol seriously, you’ll have all the bits in place. Most router manufacturers have got IPv6 down, and Windows Server 2003 supports it. There are Unix/Linux implementations out there too, although the major commercial builds don’t always include it.


Q: Can you comment on the integration of mainframe, Unix, and Windows-based technologies and how they all fit in large, complex, enterprise environments?
A: Don’t forget Mac! Integration is getting easier; I actually have an article on that very subject coming out in MCP Magazine, in the April or May issue, I think. I think all of these technologies definitely fit. Unix systems make great, stable, cheap Web servers – especially BSD Unix and Linux systems. Windows is definitely the client OS of choice, just because so many people know how to use it. Windows also has a lot of killer apps that’ll keep it running on servers, too, like Exchange. I also happen to think that SQL Server is the best database system you can get for the money. Microsoft’s done just amazing things to it over the past few years.

Microsoft’s starting to use more open protocols for everything, too. I actually gave a talk at Comdex where a Sun guy was saying that Microsoft wants to lock you into proprietary protocols like Kerberos. My jaw dropped. Microsoft’s dropped their proprietary authentication protocol – NTLM – in favor of the industry standard, Kerberos, which was invented at MIT, not in Redmond. Because Microsoft’s been ditching their own protocols bit by bit, it’s getting easier to integrate with Unix. Unix boxes can log on to an Active Directory domain, for example, using a Kerberos client.


Q: What changes do you see for the future of computing, conducting business, and the use of the Internet?
A: I think at some point soon we’re going to stop caring much about hardware. Moore’s law has gotten us to a point where gigahertz and gigabytes just don’t matter, anymore. That’s got to be Intel’s biggest fear – I forget how fast my laptop’s processor is. It’s just fast enough.

I don’t think we’re going to see many more revolutions on the Internet. I think we’ll see a lot of evolution: Slow changes that build on what’s come before. It’s not that I think revolution is impossible; it’s just that so many folks lost millions on the dot com boom and bust, that I don’t think you’re going to see investment in revolution anymore, at least not for a while. So companies will be slowly evolving. That’s actually better; it’s more stable, and it gives business more time to evaluate what they’ve done and make slow course corrections.


Q: It’s a blank slate, what added comments would you like to give to enterprise corporations and organizations?
A: Focus on business, and not technology. When you do need to focus on technology, don’t believe anything anyone tells you without checking it out yourself. I hear misinformation on a daily basis about Microsoft products, Microsoft strategies, Apple products, Unix products – everyone’s putting marketing information out there. Don’t rely on the marketing to make decisions. And don’t think that independents – even me – aren’t marketing; Microsoft and Linux and everyone else has their fans, and they’ll do free marketing for their favorite brand.

Do your research, too. People beat up on Microsoft’s licensing programs, for example, without realizing that other major companies have been doing the same things for years. IBM AS/400 people laugh when folks get upset about Microsoft licensing, because they’ve been dealing with similar tactics their whole careers. So again, ignore the hype and do your research.


Q: Thank you for sharing your valuable insights with us today and we look forward to reading your books, and articles.
A: You bet! Thanks for the time!

 

Copyright © 2000 - 2002 Canadian Information Processing Society All rights reserved.