|
CIPS Connections -- Current Articles
2/7/2003
7:55:39 AM
Windows 2003 Server &
Industry Trends
An Interview with Don Jones
by Stephen Ibaraki, I.S.P., Capilano
College
This week, Stephen Ibaraki, I.S.P., has an exclusive interview with Don
Jones, an international technology consultant and a founding partner of
BrainCore.Net—a leader in technical certification and assessment development
and technologies. Don is a regular speaker at industry conferences such as
MCP TechMentor, Comdex, and more. He is currently living and working in an
RV, traveling across the country on various consulting jobs.
Discussion:
Q: Thank you for being with us here today. Your experiences and insights
would be of great interest to our audience.
A: Thanks very much, glad to be here.
Q: You are an expert in Microsoft’s Windows Server 2003. How does Windows
Server 2003 compare with Windows 2000 Server? Why would a company want to
move to 2003?
A: That’s a tough question for most companies. The switch from NT to 2000 was
a big, big change, and it was easy to see what was different. 2003, however,
is more like a minor revision in terms of additional features. Active
Directory, however, has seen some major changes. I think that companies
who’ve avoided moving to Active Directory thus far will see a lot to like in
2003. 2003 is also much, much more secure right out of the box. Companies
implementing Web sites and other easily attacked servers will also find a lot
to like in 2003.
All that said, companies who’ve already moved to Windows 2000 might not find
anything that really compels them. That’s especially true, I think, for
small- to medium-sized companies who’ve already gone through the pain of a
Windows 2000 and Active Directory migration. Larger companies will gain
tremendous benefits from the new Active Directory, which is really version
2.0 of that technology.
Q: What tips can you offer in implementing Windows Server 2003?
A: Planning, planning, planning. Windows 2000 introduced a new concept for
Microsoft operating systems: Don’t just click Setup and expect everything to
go smoothly. With 2000, you really had to plan your migration and deployment,
especially where Active Directory was involved, and that continues to be true
with 2003.
If you’re moving from 2000 Active Directory to 2003, in-place upgrades – as
opposed to migrations to a new server – are a great way to go. It’s a
painless process that works quite well. It’s also very easy to install 2003
domain controllers into a 2000 domain, and simply decommission your 2000
domain controllers one by one. When you’re finished, you can shift the domain
into 2003’s functional level and start taking advantage of new features.
This concept of functional levels is important, and it’s a great idea that
Microsoft’s offered. It allows a 2003 domain controller to act exactly like a
2000 domain controller, giving you as much time as necessary to get all of
your domain controllers upgraded. You won’t have many of the new Active
Directory features, but you won’t have compatibility problems, either. When
you’re completely upgraded, you raise the functional level to switch on the
new features.
Domains aside, another big area in which to be careful is IIS upgrades. IIS 6
is a complete rewrite over IIS 5. I don’t recommend just upgrading Web
servers willy-nilly; do some testing and make sure your applications will
work on IIS 6. IIS 6 offers backward-compatibility modes with IIS 5, but if
you run into problems you’d be better off investing to fix your application.
IIS 6’s native architecture is faster, more stable, and more secure, so it’s
wise to take advantage of it.
Q: Can you elaborate more of the security in Windows 2003?
A: In the past, Microsoft’s goal was to make it easy to get a powerful server
up and running with all it’s features enabled. That meant, for example,
installing IIS by default with all its features turned on. That turned out to
be a bad idea, as administrators wound up running IIS on computers without
really realizing it. When IIS was compromised by viruses like Code Red, it
ran rampant thanks to the wide IIS deployment.
Windows Server 2003 takes a different tack: To make the OS as secure as
possible out of the box. I’ve really been impressed at Microsoft’s efforts in
this. For example, the default file and share permissions now list the
Everyone group with Read-only permissions, rather than with Full Control as
has been the case since NT was first introduced. I think that’s a minor
change, but with major, long-overdue implications and consequences. 2003 also
leaves IIS out by default, and if you do install IIS, it installs in a very
locked-down fashion with reduced functionality. You have to turn on the
features you need, so there’s no way administrators can claim they didn’t
know those features were there.
The new security philosophy places a lot more responsibility on the
administrator. There’s no more “click and it’s done” setup in 2003; admins
have to take more time to understand how features work, and they have to sped
more time configuring those features for full functionality. That’s a good
thing, in my opinion. I don’t think we administrators are paid to just click
buttons. We’re paid to understand what we’re doing and to configure our
servers to be both functional and secure.
Q: What would be useful information to know about implementing and using each
of the Microsoft .NET Enterprise Servers?
A: That’s a big topic. Today, you’ve got ten to twelve .NET Enterprise
Servers, depending on how you define that brand name. Planning is crucial:
Understanding how each server works, how it interacts with the others, and
what the core administrative requirements are. I’ve actually written a book,
Special Edition Using .NET Enterprise Servers, which is coming out from Que
in February. It provides a planning and design chapter for each server
product, security chapters, and a chapter on administering each server
product.
Knowing, for example, that SQL Server runs best on a machine by itself and
that Exchange 2000 Server has a new multi-tier architecture that can reduce
servers and increase scalability – those are important things to know. The
.NET Enterprise Servers are so varied and complex that you really have to do
your homework before you dive in.
And, as always, Microsoft is constantly changing things on us. They just
shipped Content Management Server 2002, a whole new version and the first
version they’re totally responsible for. Keep in mind that they bought CMS
2001 and really just rebranded it. We know that a major realignment to the
.NET Enterprise Servers is coming in 2004 and 2005, with BizTalk Server, CMS,
and Commerce Server being collapsed into a product that’s code-named Jupiter.
Exchange, Mobile Information Server, and Internet Security and Acceleration
(ISA) Server are being recombined into two products. It’s a lot of work to
keep up.
Q: Can you describe the books you have written and share some tips from your
books?
A: My newest book, which will hopefully be out from Que in March or April, is
Windows Server 2003 Delta Guide, which I co-authored with Mark Rouse. It’s
targeted at experienced Windows administrators, and designed to help them
quickly become experts on 2003 by leveraging what they already know about
Windows. I think one of the coolest tips from that book is the new Resultant
Set of Policy (RSOP) feature from 2003’s new Active Directory Users &
Computers console. RSOP lets you play “what if” with Group Policy management.
You can pick policies and designate users and computers, and see what
policies a user or computer would get based on various scenarios in Active
Directory. It’s a fantastic planning and troubleshooting tool, one that used
to require third-party products.
Mike Danseglio, a Windows Server 2003 product team member, co-authored
Windows Server 2003 Security Administrator’s Companion with me. That’ll be
out from MS Press in April, I believe. It’s a complete walkthrough of
security in 2003, and provides a ton of example scenarios to help put things
into a real-world context. It’s also the first security book from Microsoft
that focuses on the whole security picture, including physical security and
human practices, not just the product. One of the most valuable chapters is
the one on smart card implementation, where we provide the first really
straightforward look at how to implement smart cards for user logons, from
start to finish. Very valuable stuff.
I’ve also written a handful of eBooks for Realtimepublishers.com. They’re
an awesome publisher, and they provide free eBooks on high-tech stuff. I’ve
got titles on SQL Server performance optimization and Windows 2000 Active
Directory Tips and Tricks, for example. They’re all top-quality books. I’ve
got a very close relationship with Realtimepublishers, and they’re very
committed to what they do. I love writing for them.
Q: Can you detail your personal history and how you came to write? What
personally prompted you to enter the computing field? What led you to
becoming a noted expert on servers?
A: One thing kind of led to another. My first IT job was with Electronics
Boutique, the small software retailer. I worked in register support at their
home office. By the time I moved on, I was running their AS/400 in the
evenings and I wrote a new register software package. It was actually the
first point-of-sale software written for Windows 95 when that first came out.
I was a network administrator for Bell Atlantic (now Verizon), a field
engineer for a couple of consulting firms, and a Microsoft Certified Trainer.
I’ve also been a director for a consulting practice, a senior Web developer
for a “dot com,” a little bit of everything. It’s given me a lot of exposure
to the business side of things. When I finally decided to go independent, I
got my first book deals, Microsoft .NET E-Commerce Bible and E-Commerce for
Dummies, with Hungry Minds (now Wiley). I turned out to love writing, and I’m
pretty fast at it. I’ve written about a dozen books in two years, and the
Delta Guide is actually the first in a new series that I’ve created with Que.
I think the key to my success thus far has been my willingness to really
spend time playing around with products. I have a half-dozen computers in the
RV, and I use Connectix Virtual PC a lot to give me even more computers to
work with. Anytime I’m writing a book, I probably install the product a dozen
times just because I’m messing with it so much, trying to find out what
breaks it and what works best. Speaking at conferences also helps keep me
relevant; when I’m not speaking, I can listen to folks like Dan Balter,
Jeremy Moskowitz, Derek Melber, and Mark Minasi – all great speakers, and
they really help give me new directions for study and experimentation.
Q: What are your personal goals 1, 3, and 5 years into the future?
A: Wow, everytime I try to guess that far out I wind up being surprised by
what actually happens. I’ve just become a contributing editor for MCP
Magazine, which is something I’ve wanted to do for a long time. I think my
biggest personal goals are probably company-related. BrainCore.Net produces
an amazing technology called Skillworks, which will let certification
programs like Microsoft’s deliver hands-on exams through their existing exam
delivery channel. It uses real products, not simulations, and provides
automated scoring for instant results. It’s really incredible technology.
We’re in the process of pitching it to folks like Microsoft, the Field
Certified Professionals Association, pretty much anyone who’ll listen to us.
It’s also got great applications as a hands-on pre-hiring assessment tool to
help companies hire professionals who are actually qualified for the job,
applications in training centers – the possibilities are unlimited, and I think
they’ll keep us working hard for the next three years or so.
Personally, there are a couple of books I’d really love to write. I do a talk
on VBScripting for Windows Administrators that’s hugely popular; I’m doing it
for MCP TechMentor (www.techmentorevents.com) in April. In fact, TechMentor
will be carrying the talk exclusively for the foreseeable future. I’d love to
write a companion book for that, something that shows administrators how to
take advantage of VBScript as an administrative tool, without requiring them
to become hardcore programmers in the process. I’m pitching that book to a
couple of publishers right now, and it’s looking promising. I’d also love to
write the Delta Guide for SQL Server Yukon whenever that ships, or even
co-author it with someone. That’s going to be a major, major change for
administrators and DBAs, and I think a Delta Guide title will help them get
their hands around it more quickly.
I’m also planning to settle down in 2004. I’ve bought land in Las Vegas and I
think it’s time to stop doing the RV-around-the-country thing!
Q: What ten career pointers would you provide specifically to people who wish
to enter the computing field?
A: First, pay attention to the business side of things. Don’t just implement
cool stuff, always focus on what the business needs and what will benefit the
business.
Stay on top of things. You should always be studying what’s coming next, even
if your company has no plans to implement it. You don’t know where you’ll be
next week, and you always need to be prepared.
Always do your best job. That seems so common sense, but you’d be surprised
how often my work is complimented simply because I don’t give my customers a
hard time – they get good results the first time.
Set expectations. Don’t promise things you can’t deliver, and always deliver
your promises. The worst impression people have of IT professionals is an
inability to deliver, and that’s because it’s easy for us to promise things
we can’t follow through on.
You get what you pay for. That’s true whether you’re hiring employees or
buying hardware; Compaq servers are expensive, for example, but they’re
unbeatable. Yeah, you can find trainers who’ll work for $400 a day, but you
wouldn’t work for that little money, so what makes you think a decent trainer
would?
Attend conferences. They’re the best educational value on the market, and
you’ll also get to network with your peers. In our industry, as in most
others, who you know is often just as important as what you know.
Always try to take a leadership role. Don’t force your way into it; just look
for things that need to be done and do them. Nobody ever expects that from IT
folks, so you’ll give them a pleasant surprise.
Be focused on details. Everything in IT is all about checking the right checkbox
or putting a server in exactly the right location for best effect.
Don’t be afraid to interview for new jobs. The best thing you can have in IT
is breadth; as you come to know more about more and more products and
technologies, you’ll find that you’re more valuable to the people who hire
you, and that more people will want to.
If you want to write books, get an agent. I’m with Studio B (www.studiob.com), and they’re invaluable in
helping me make smart decisions and negotiating good deals. Find a publisher
you like, too, and be loyal to them as much as you can. Que’s been great for
me, for example.
Q: Can you comment on the open source movement and where it’s heading?
A: Open source is interesting. I think it’s always going to have a place, but
I don’t think it’s going to take over from commercial software. I mean, you
can’t develop really solid, cool technologies with no budget, and open source
has no budget. I think we’ll see interesting new technologies come from open
source and get rolled into commercial products. Apple is a great example: Mac
OS X is based on BSD Unix, but has a fantastic Apple GUI for a really
top-notch product.
Linux really annoys me, though. Actually, I should say Linux zealots annoy
me. I’m a firm believer in “the right tool for the right job,” and I use a
Mac in a lot of my work, for example. There are folks, though, that I like to
refer to as the Linux religious right, who automatically believe that
anything Microsoft does is a conspiracy designed to enslave their children or
something. I think Linux can be a fine operating system for some purposes,
but it’s a terrible client operating system for the average non-technical
person, for example. Windows or Mac are much better.
The open source community needs to open its eyes, a little bit. For example,
Microsoft takes it on the chin from open source because they’re “just out to
make a profit.” At the same time, they’re praising Sun – because, I guess,
Sun isn’t out to make a profit, which must disappoint their stockholders.
Lots of the old-time open source guys don’t like Sun, because they’re not
really practicing the open source philosophy. Java’s still a proprietary
technology, remember, which Sun legally controls.
And all the fuss on open source things like Linux tends to detract from some
of the real, rock-solid long-term players in the field. BSD Unix, for
example, is simply the most stable operating system in the universe. That’s
why Apple built OS X on it. But you don’t hear about people flocking to BSD
Unix for their Web servers. Why not? Because it’s still all about marketing
and hype. Right now, Linux has the hype, and so that’s what people are
looking at. The distributors of Linux builds are in some ways doing to BSD
Unix what they accuse Microsoft of doing to everyone else. It’s ironic.
Q: What do your forecast as future hot topic areas or “killer apps” to start
researching now?
A: Well, security, obviously. New, smarter firewall products, smarter
routers, smarter everything that protects the network – those will be big in
the next few years.
Everyone keeps telling me that wireless – things like connected PDAs and cell
phones – will be the next big killer app for technology, but I don’t know.
Tablet PCs are making a comeback – remember the tablets of the early
nineties? – but it’s really hard to make a call on any of that.
I think the next big thing will be convergence. I’m a huge home theater fan;
I have one of those RCA/DirecTV Microsoft Ultimate TV boxes. It’s like a
TiVo, but with two DirecTV tuners built in, so I can record one show while
watching a second, or record two while watching a prerecorded show. It’s got
a built-in on-screen program guide and is really easy to operate. I’ve also
been looking at the Windows XP Media Center PCs – the idea of having a
combined MP3 jukebox, DVD player, and personal video records fascinates me. I
want all of those technologies to coalesce into one box. All the technology
exists; somebody just needs to squeeze it all into a single box for the
perfect small-footprint home theater.
Q: What would be your recommended top ten references for the serious IT
professional?
A: Well, for Group Policy you can’t beat Group Policy, Profiles, and
IntelliMirror by Jeremy Moskowitz. He’s a good friend and it’s a great book.
I’m a big fan of Windows 2000 Scripting Bible by William Stanek, too, and
anyone who’s into VBScript should pick it up. A subscription to MCP Magazine
or Windows & .NET Magazine is crucial for keeping up with the latest
technologies in the Microsoft arena. I don’t think any IT pro, even Unix
guys, can afford to ignore the Microsoft arena.
Mark Minasi wrote a book on Linux for Windows Administrators, and I think
it’s a must-read. I wish I’d written it! I don’t think Windows folks can ignore
the Linux/Unix side of things, either. I think we all need to be better at
picking the right tool for the right job, and not just sticking with what we
happen to know.
Obviously, Windows admins need to pick up a copy of my Windows Server 2003
Delta Guide. Aside from plugging my book, I think it’ll be the fastest way
for time-strapped administrators to get their hands around this new OS.
What else? It’s tough for me to say. I don’t have a lot of books on my shelf,
mainly because it’s so small in the RV! Oh, definitely a subscription to
Microsoft TechNet. Supporting a Windows environment without it is just
insane. And administrators who want to keep their skills up should invest in
a Microsoft’s MSDN Universal. I know they pitch it as a develop product, but
you get a copy of every server product that Microsoft makes. It’s a great way
to experiment and learn new things.
Q: You have done extensive research in a number of high-tech areas. Can you
describe the results of your research and tips you can pass onto the
audience?
A: IPv6 is the latest thing I’ve been working with. It’s a great new set of
protocols, but we’re still a long way off from implementation. I know
everyone hears about this from time to time and wonders when it’s going to
happen. I think the best thing anyone can do now is start evaluating future
hardware and operating system purchases for IPv6 compatibility. That way,
when times mature and we start using the protocol seriously, you’ll have all
the bits in place. Most router manufacturers have got IPv6 down, and Windows
Server 2003 supports it. There are Unix/Linux implementations out there too,
although the major commercial builds don’t always include it.
Q: Can you comment on the integration of mainframe, Unix, and Windows-based
technologies and how they all fit in large, complex, enterprise environments?
A: Don’t forget Mac! Integration is getting easier; I actually have an
article on that very subject coming out in MCP Magazine, in the April or May
issue, I think. I think all of these technologies definitely fit. Unix
systems make great, stable, cheap Web servers – especially BSD Unix and Linux
systems. Windows is definitely the client OS of choice, just because so many
people know how to use it. Windows also has a lot of killer apps that’ll keep
it running on servers, too, like Exchange. I also happen to think that SQL
Server is the best database system you can get for the money. Microsoft’s
done just amazing things to it over the past few years.
Microsoft’s starting to use more open protocols for everything, too. I
actually gave a talk at Comdex where a Sun guy was saying that Microsoft
wants to lock you into proprietary protocols like Kerberos. My jaw dropped.
Microsoft’s dropped their proprietary authentication protocol – NTLM – in
favor of the industry standard, Kerberos, which was invented at MIT, not in
Redmond. Because Microsoft’s been ditching their own protocols bit by bit,
it’s getting easier to integrate with Unix. Unix boxes can log on to an
Active Directory domain, for example, using a Kerberos client.
Q: What changes do you see for the future of computing, conducting business,
and the use of the Internet?
A: I think at some point soon we’re going to stop caring much about hardware.
Moore’s law has gotten us to a point where gigahertz and gigabytes just don’t
matter, anymore. That’s got to be Intel’s biggest fear – I forget how fast my
laptop’s processor is. It’s just fast enough.
I don’t think we’re going to see many more revolutions on the Internet. I
think we’ll see a lot of evolution: Slow changes that build on what’s come
before. It’s not that I think revolution is impossible; it’s just that so
many folks lost millions on the dot com boom and bust, that I don’t think
you’re going to see investment in revolution anymore, at least not for a
while. So companies will be slowly evolving. That’s actually better; it’s
more stable, and it gives business more time to evaluate what they’ve done
and make slow course corrections.
Q: It’s a blank slate, what added comments would you like to give to
enterprise corporations and organizations?
A: Focus on business, and not technology. When you do need to focus on
technology, don’t believe anything anyone tells you without checking it out
yourself. I hear misinformation on a daily basis about Microsoft products,
Microsoft strategies, Apple products, Unix products – everyone’s putting
marketing information out there. Don’t rely on the marketing to make
decisions. And don’t think that independents – even me – aren’t marketing;
Microsoft and Linux and everyone else has their fans, and they’ll do free
marketing for their favorite brand.
Do your research, too. People beat up on Microsoft’s licensing programs, for
example, without realizing that other major companies have been doing the
same things for years. IBM AS/400 people laugh when folks get upset about
Microsoft licensing, because they’ve been dealing with similar tactics their
whole careers. So again, ignore the hype and do your research.
Q: Thank you for sharing your valuable insights with us today and we look
forward to reading your books, and articles.
A: You bet! Thanks for the time!
|
