CIPS logo

Canadian Information Processing Society

 

CIPS logo

 

 

 

 

CIPS Connections -- Current Articles

2/7/2003 7:55:39 AM
Windows 2003 Server & Industry Trends
An Interview with Don Jones
by Stephen Ibaraki, I.S.P., Capilano College

This week, Stephen Ibaraki, I.S.P., has an exclusive interview with Don Jones, an international technology consultant and a founding partner of BrainCore.Netóa leader in technical certification and assessment development and technologies. Don is a regular speaker at industry conferences such as MCP TechMentor, Comdex, and more. He is currently living and working in an RV, traveling across the country on various consulting jobs.


Discussion:
Q: Thank you for being with us here today. Your experiences and insights would be of great interest to our audience.
A: Thanks very much, glad to be here.


Q: You are an expert in Microsoftís Windows Server 2003. How does Windows Server 2003 compare with Windows 2000 Server? Why would a company want to move to 2003?
A: Thatís a tough question for most companies. The switch from NT to 2000 was a big, big change, and it was easy to see what was different. 2003, however, is more like a minor revision in terms of additional features. Active Directory, however, has seen some major changes. I think that companies whoíve avoided moving to Active Directory thus far will see a lot to like in 2003. 2003 is also much, much more secure right out of the box. Companies implementing Web sites and other easily attacked servers will also find a lot to like in 2003.

All that said, companies whoíve already moved to Windows 2000 might not find anything that really compels them. Thatís especially true, I think, for small- to medium-sized companies whoíve already gone through the pain of a Windows 2000 and Active Directory migration. Larger companies will gain tremendous benefits from the new Active Directory, which is really version 2.0 of that technology.


Q: What tips can you offer in implementing Windows Server 2003?
A: Planning, planning, planning. Windows 2000 introduced a new concept for Microsoft operating systems: Donít just click Setup and expect everything to go smoothly. With 2000, you really had to plan your migration and deployment, especially where Active Directory was involved, and that continues to be true with 2003.

If youíre moving from 2000 Active Directory to 2003, in-place upgrades Ė as opposed to migrations to a new server Ė are a great way to go. Itís a painless process that works quite well. Itís also very easy to install 2003 domain controllers into a 2000 domain, and simply decommission your 2000 domain controllers one by one. When youíre finished, you can shift the domain into 2003ís functional level and start taking advantage of new features.

This concept of functional levels is important, and itís a great idea that Microsoftís offered. It allows a 2003 domain controller to act exactly like a 2000 domain controller, giving you as much time as necessary to get all of your domain controllers upgraded. You wonít have many of the new Active Directory features, but you wonít have compatibility problems, either. When youíre completely upgraded, you raise the functional level to switch on the new features.

Domains aside, another big area in which to be careful is IIS upgrades. IIS 6 is a complete rewrite over IIS 5. I donít recommend just upgrading Web servers willy-nilly; do some testing and make sure your applications will work on IIS 6. IIS 6 offers backward-compatibility modes with IIS 5, but if you run into problems youíd be better off investing to fix your application. IIS 6ís native architecture is faster, more stable, and more secure, so itís wise to take advantage of it.


Q: Can you elaborate more of the security in Windows 2003?
A: In the past, Microsoftís goal was to make it easy to get a powerful server up and running with all itís features enabled. That meant, for example, installing IIS by default with all its features turned on. That turned out to be a bad idea, as administrators wound up running IIS on computers without really realizing it. When IIS was compromised by viruses like Code Red, it ran rampant thanks to the wide IIS deployment.

Windows Server 2003 takes a different tack: To make the OS as secure as possible out of the box. Iíve really been impressed at Microsoftís efforts in this. For example, the default file and share permissions now list the Everyone group with Read-only permissions, rather than with Full Control as has been the case since NT was first introduced. I think thatís a minor change, but with major, long-overdue implications and consequences. 2003 also leaves IIS out by default, and if you do install IIS, it installs in a very locked-down fashion with reduced functionality. You have to turn on the features you need, so thereís no way administrators can claim they didnít know those features were there.

The new security philosophy places a lot more responsibility on the administrator. Thereís no more ďclick and itís doneĒ setup in 2003; admins have to take more time to understand how features work, and they have to sped more time configuring those features for full functionality. Thatís a good thing, in my opinion. I donít think we administrators are paid to just click buttons. Weíre paid to understand what weíre doing and to configure our servers to be both functional and secure.


Q: What would be useful information to know about implementing and using each of the Microsoft .NET Enterprise Servers?
A: Thatís a big topic. Today, youíve got ten to twelve .NET Enterprise Servers, depending on how you define that brand name. Planning is crucial: Understanding how each server works, how it interacts with the others, and what the core administrative requirements are. Iíve actually written a book, Special Edition Using .NET Enterprise Servers, which is coming out from Que in February. It provides a planning and design chapter for each server product, security chapters, and a chapter on administering each server product.

Knowing, for example, that SQL Server runs best on a machine by itself and that Exchange 2000 Server has a new multi-tier architecture that can reduce servers and increase scalability Ė those are important things to know. The .NET Enterprise Servers are so varied and complex that you really have to do your homework before you dive in.

And, as always, Microsoft is constantly changing things on us. They just shipped Content Management Server 2002, a whole new version and the first version theyíre totally responsible for. Keep in mind that they bought CMS 2001 and really just rebranded it. We know that a major realignment to the .NET Enterprise Servers is coming in 2004 and 2005, with BizTalk Server, CMS, and Commerce Server being collapsed into a product thatís code-named Jupiter. Exchange, Mobile Information Server, and Internet Security and Acceleration (ISA) Server are being recombined into two products. Itís a lot of work to keep up.


Q: Can you describe the books you have written and share some tips from your books?
A: My newest book, which will hopefully be out from Que in March or April, is Windows Server 2003 Delta Guide, which I co-authored with Mark Rouse. Itís targeted at experienced Windows administrators, and designed to help them quickly become experts on 2003 by leveraging what they already know about Windows. I think one of the coolest tips from that book is the new Resultant Set of Policy (RSOP) feature from 2003ís new Active Directory Users & Computers console. RSOP lets you play ďwhat ifĒ with Group Policy management. You can pick policies and designate users and computers, and see what policies a user or computer would get based on various scenarios in Active Directory. Itís a fantastic planning and troubleshooting tool, one that used to require third-party products.

Mike Danseglio, a Windows Server 2003 product team member, co-authored Windows Server 2003 Security Administratorís Companion with me. Thatíll be out from MS Press in April, I believe. Itís a complete walkthrough of security in 2003, and provides a ton of example scenarios to help put things into a real-world context. Itís also the first security book from Microsoft that focuses on the whole security picture, including physical security and human practices, not just the product. One of the most valuable chapters is the one on smart card implementation, where we provide the first really straightforward look at how to implement smart cards for user logons, from start to finish. Very valuable stuff.

Iíve also written a handful of eBooks for Realtimepublishers.com. Theyíre an awesome publisher, and they provide free eBooks on high-tech stuff. Iíve got titles on SQL Server performance optimization and Windows 2000 Active Directory Tips and Tricks, for example. Theyíre all top-quality books. Iíve got a very close relationship with Realtimepublishers, and theyíre very committed to what they do. I love writing for them.


Q: Can you detail your personal history and how you came to write? What personally prompted you to enter the computing field? What led you to becoming a noted expert on servers?
A: One thing kind of led to another. My first IT job was with Electronics Boutique, the small software retailer. I worked in register support at their home office. By the time I moved on, I was running their AS/400 in the evenings and I wrote a new register software package. It was actually the first point-of-sale software written for Windows 95 when that first came out.

I was a network administrator for Bell Atlantic (now Verizon), a field engineer for a couple of consulting firms, and a Microsoft Certified Trainer. Iíve also been a director for a consulting practice, a senior Web developer for a ďdot com,Ē a little bit of everything. Itís given me a lot of exposure to the business side of things. When I finally decided to go independent, I got my first book deals, Microsoft .NET E-Commerce Bible and E-Commerce for Dummies, with Hungry Minds (now Wiley). I turned out to love writing, and Iím pretty fast at it. Iíve written about a dozen books in two years, and the Delta Guide is actually the first in a new series that Iíve created with Que.

I think the key to my success thus far has been my willingness to really spend time playing around with products. I have a half-dozen computers in the RV, and I use Connectix Virtual PC a lot to give me even more computers to work with. Anytime Iím writing a book, I probably install the product a dozen times just because Iím messing with it so much, trying to find out what breaks it and what works best. Speaking at conferences also helps keep me relevant; when Iím not speaking, I can listen to folks like Dan Balter, Jeremy Moskowitz, Derek Melber, and Mark Minasi Ė all great speakers, and they really help give me new directions for study and experimentation.


Q: What are your personal goals 1, 3, and 5 years into the future?
A: Wow, everytime I try to guess that far out I wind up being surprised by what actually happens. Iíve just become a contributing editor for MCP Magazine, which is something Iíve wanted to do for a long time. I think my biggest personal goals are probably company-related. BrainCore.Net produces an amazing technology called Skillworks, which will let certification programs like Microsoftís deliver hands-on exams through their existing exam delivery channel. It uses real products, not simulations, and provides automated scoring for instant results. Itís really incredible technology. Weíre in the process of pitching it to folks like Microsoft, the Field Certified Professionals Association, pretty much anyone whoíll listen to us. Itís also got great applications as a hands-on pre-hiring assessment tool to help companies hire professionals who are actually qualified for the job, applications in training centers Ė the possibilities are unlimited, and I think theyíll keep us working hard for the next three years or so.

Personally, there are a couple of books Iíd really love to write. I do a talk on VBScripting for Windows Administrators thatís hugely popular; Iím doing it for MCP TechMentor (www.techmentorevents.com) in April. In fact, TechMentor will be carrying the talk exclusively for the foreseeable future. Iíd love to write a companion book for that, something that shows administrators how to take advantage of VBScript as an administrative tool, without requiring them to become hardcore programmers in the process. Iím pitching that book to a couple of publishers right now, and itís looking promising. Iíd also love to write the Delta Guide for SQL Server Yukon whenever that ships, or even co-author it with someone. Thatís going to be a major, major change for administrators and DBAs, and I think a Delta Guide title will help them get their hands around it more quickly.

Iím also planning to settle down in 2004. Iíve bought land in Las Vegas and I think itís time to stop doing the RV-around-the-country thing!


Q: What ten career pointers would you provide specifically to people who wish to enter the computing field?
A: First, pay attention to the business side of things. Donít just implement cool stuff, always focus on what the business needs and what will benefit the business.

Stay on top of things. You should always be studying whatís coming next, even if your company has no plans to implement it. You donít know where youíll be next week, and you always need to be prepared.

Always do your best job. That seems so common sense, but youíd be surprised how often my work is complimented simply because I donít give my customers a hard time Ė they get good results the first time.

Set expectations. Donít promise things you canít deliver, and always deliver your promises. The worst impression people have of IT professionals is an inability to deliver, and thatís because itís easy for us to promise things we canít follow through on.

You get what you pay for. Thatís true whether youíre hiring employees or buying hardware; Compaq servers are expensive, for example, but theyíre unbeatable. Yeah, you can find trainers whoíll work for $400 a day, but you wouldnít work for that little money, so what makes you think a decent trainer would?

Attend conferences. Theyíre the best educational value on the market, and youíll also get to network with your peers. In our industry, as in most others, who you know is often just as important as what you know.

Always try to take a leadership role. Donít force your way into it; just look for things that need to be done and do them. Nobody ever expects that from IT folks, so youíll give them a pleasant surprise.

Be focused on details. Everything in IT is all about checking the right checkbox or putting a server in exactly the right location for best effect.

Donít be afraid to interview for new jobs. The best thing you can have in IT is breadth; as you come to know more about more and more products and technologies, youíll find that youíre more valuable to the people who hire you, and that more people will want to.

If you want to write books, get an agent. Iím with Studio B (www.studiob.com), and theyíre invaluable in helping me make smart decisions and negotiating good deals. Find a publisher you like, too, and be loyal to them as much as you can. Queís been great for me, for example.


Q: Can you comment on the open source movement and where itís heading?
A: Open source is interesting. I think itís always going to have a place, but I donít think itís going to take over from commercial software. I mean, you canít develop really solid, cool technologies with no budget, and open source has no budget. I think weíll see interesting new technologies come from open source and get rolled into commercial products. Apple is a great example: Mac OS X is based on BSD Unix, but has a fantastic Apple GUI for a really top-notch product.

Linux really annoys me, though. Actually, I should say Linux zealots annoy me. Iím a firm believer in ďthe right tool for the right job,Ē and I use a Mac in a lot of my work, for example. There are folks, though, that I like to refer to as the Linux religious right, who automatically believe that anything Microsoft does is a conspiracy designed to enslave their children or something. I think Linux can be a fine operating system for some purposes, but itís a terrible client operating system for the average non-technical person, for example. Windows or Mac are much better.

The open source community needs to open its eyes, a little bit. For example, Microsoft takes it on the chin from open source because theyíre ďjust out to make a profit.Ē At the same time, theyíre praising Sun Ė because, I guess, Sun isnít out to make a profit, which must disappoint their stockholders. Lots of the old-time open source guys donít like Sun, because theyíre not really practicing the open source philosophy. Javaís still a proprietary technology, remember, which Sun legally controls.

And all the fuss on open source things like Linux tends to detract from some of the real, rock-solid long-term players in the field. BSD Unix, for example, is simply the most stable operating system in the universe. Thatís why Apple built OS X on it. But you donít hear about people flocking to BSD Unix for their Web servers. Why not? Because itís still all about marketing and hype. Right now, Linux has the hype, and so thatís what people are looking at. The distributors of Linux builds are in some ways doing to BSD Unix what they accuse Microsoft of doing to everyone else. Itís ironic.


Q: What do your forecast as future hot topic areas or ďkiller appsĒ to start researching now?
A: Well, security, obviously. New, smarter firewall products, smarter routers, smarter everything that protects the network Ė those will be big in the next few years.

Everyone keeps telling me that wireless Ė things like connected PDAs and cell phones Ė will be the next big killer app for technology, but I donít know. Tablet PCs are making a comeback Ė remember the tablets of the early nineties? Ė but itís really hard to make a call on any of that.

I think the next big thing will be convergence. Iím a huge home theater fan; I have one of those RCA/DirecTV Microsoft Ultimate TV boxes. Itís like a TiVo, but with two DirecTV tuners built in, so I can record one show while watching a second, or record two while watching a prerecorded show. Itís got a built-in on-screen program guide and is really easy to operate. Iíve also been looking at the Windows XP Media Center PCs Ė the idea of having a combined MP3 jukebox, DVD player, and personal video records fascinates me. I want all of those technologies to coalesce into one box. All the technology exists; somebody just needs to squeeze it all into a single box for the perfect small-footprint home theater.


Q: What would be your recommended top ten references for the serious IT professional?
A: Well, for Group Policy you canít beat Group Policy, Profiles, and IntelliMirror by Jeremy Moskowitz. Heís a good friend and itís a great book. Iím a big fan of Windows 2000 Scripting Bible by William Stanek, too, and anyone whoís into VBScript should pick it up. A subscription to MCP Magazine or Windows & .NET Magazine is crucial for keeping up with the latest technologies in the Microsoft arena. I donít think any IT pro, even Unix guys, can afford to ignore the Microsoft arena.

Mark Minasi wrote a book on Linux for Windows Administrators, and I think itís a must-read. I wish Iíd written it! I donít think Windows folks can ignore the Linux/Unix side of things, either. I think we all need to be better at picking the right tool for the right job, and not just sticking with what we happen to know.

Obviously, Windows admins need to pick up a copy of my Windows Server 2003 Delta Guide. Aside from plugging my book, I think itíll be the fastest way for time-strapped administrators to get their hands around this new OS.

What else? Itís tough for me to say. I donít have a lot of books on my shelf, mainly because itís so small in the RV! Oh, definitely a subscription to Microsoft TechNet. Supporting a Windows environment without it is just insane. And administrators who want to keep their skills up should invest in a Microsoftís MSDN Universal. I know they pitch it as a develop product, but you get a copy of every server product that Microsoft makes. Itís a great way to experiment and learn new things.


Q: You have done extensive research in a number of high-tech areas. Can you describe the results of your research and tips you can pass onto the audience?
A: IPv6 is the latest thing Iíve been working with. Itís a great new set of protocols, but weíre still a long way off from implementation. I know everyone hears about this from time to time and wonders when itís going to happen. I think the best thing anyone can do now is start evaluating future hardware and operating system purchases for IPv6 compatibility. That way, when times mature and we start using the protocol seriously, youíll have all the bits in place. Most router manufacturers have got IPv6 down, and Windows Server 2003 supports it. There are Unix/Linux implementations out there too, although the major commercial builds donít always include it.


Q: Can you comment on the integration of mainframe, Unix, and Windows-based technologies and how they all fit in large, complex, enterprise environments?
A: Donít forget Mac! Integration is getting easier; I actually have an article on that very subject coming out in MCP Magazine, in the April or May issue, I think. I think all of these technologies definitely fit. Unix systems make great, stable, cheap Web servers Ė especially BSD Unix and Linux systems. Windows is definitely the client OS of choice, just because so many people know how to use it. Windows also has a lot of killer apps thatíll keep it running on servers, too, like Exchange. I also happen to think that SQL Server is the best database system you can get for the money. Microsoftís done just amazing things to it over the past few years.

Microsoftís starting to use more open protocols for everything, too. I actually gave a talk at Comdex where a Sun guy was saying that Microsoft wants to lock you into proprietary protocols like Kerberos. My jaw dropped. Microsoftís dropped their proprietary authentication protocol Ė NTLM Ė in favor of the industry standard, Kerberos, which was invented at MIT, not in Redmond. Because Microsoftís been ditching their own protocols bit by bit, itís getting easier to integrate with Unix. Unix boxes can log on to an Active Directory domain, for example, using a Kerberos client.


Q: What changes do you see for the future of computing, conducting business, and the use of the Internet?
A: I think at some point soon weíre going to stop caring much about hardware. Mooreís law has gotten us to a point where gigahertz and gigabytes just donít matter, anymore. Thatís got to be Intelís biggest fear Ė I forget how fast my laptopís processor is. Itís just fast enough.

I donít think weíre going to see many more revolutions on the Internet. I think weíll see a lot of evolution: Slow changes that build on whatís come before. Itís not that I think revolution is impossible; itís just that so many folks lost millions on the dot com boom and bust, that I donít think youíre going to see investment in revolution anymore, at least not for a while. So companies will be slowly evolving. Thatís actually better; itís more stable, and it gives business more time to evaluate what theyíve done and make slow course corrections.


Q: Itís a blank slate, what added comments would you like to give to enterprise corporations and organizations?
A: Focus on business, and not technology. When you do need to focus on technology, donít believe anything anyone tells you without checking it out yourself. I hear misinformation on a daily basis about Microsoft products, Microsoft strategies, Apple products, Unix products Ė everyoneís putting marketing information out there. Donít rely on the marketing to make decisions. And donít think that independents Ė even me Ė arenít marketing; Microsoft and Linux and everyone else has their fans, and theyíll do free marketing for their favorite brand.

Do your research, too. People beat up on Microsoftís licensing programs, for example, without realizing that other major companies have been doing the same things for years. IBM AS/400 people laugh when folks get upset about Microsoft licensing, because theyíve been dealing with similar tactics their whole careers. So again, ignore the hype and do your research.


Q: Thank you for sharing your valuable insights with us today and we look forward to reading your books, and articles.
A: You bet! Thanks for the time!

 

Copyright © 2000 - 2002 Canadian Information Processing Society All rights reserved.