choice quote:
> INFOWORLD: And you don't think IBM's Lotus Notes can get
> it because they have announced they plan to be on all
> the major platforms?
>
> ALLCHIN: No. They're not on all the platforms. But suppose
> they're on all of them? It doesn't matter. They don't
> use NT security. They don't use our directory! So you'll
> have to sit here and add users into the NT system if you
> want to have a printer on an NT system. You're going to
> have that environment. Yes, they put a layer there. They
> have a middleware layer, but it doesn't change anything.
> All it does is add complexity.
"Waaah! They don't use our OS! They must SUCK! Yeah!"
Rohit
------------------------------------------------------------------------------
Microsoft's Allchin on Windows NT, directories, and Exchange
By staff
InfoWorld Electric
Microsoft Corp. is expected to continue its drive to dominate corporate
computing by relying mightily on Windows NT servers. As a result, the role of
NT's directory structure has emerged as a major issue. Jim Allchin, vice
president of Microsoft's platforms division, recently outlined for the
InfoWorld news staff the company's reasoning on directories and the importance
of the Exchange messaging server to Windows NT sites. Exchange has now begun
shipping and is being trumpeted this week at the NetWorld+Interop show in Las
Vegas.
INFOWORLD: What role will the directories in Exchange play as we go forward
with Windows NT to the next generation of products?
ALLCHIN: The first thing to do is to understand what it is that we have
today. I'm talking about when Exchange is added onto the system. NT has a
directory system today. You can do a certain set of things in it, and there
are some things you can't do in it.
But what you do have is single log-in across the enterprise using it. You
also have all of the BackOffice applications using their single directory and
security model today. That is a huge thing. That's the number-one issue that
customers have raised to us. So you have the same directory for an SNA Server
as you do on an Exchange public folder or into an Internet Information Server
Web page; the same thing to a printer; the same thing to a file system, and
the like. When you load on Exchange, Exchange hooks into that directory and
adds a set of new messaging properties.
INFOWORLD: Will Exchange support X.500 services?
ALLCHIN: Well to be crystal clear, and this is where some confusion is,
there's an add-on to Exchange that we will also announce [at
NetWorld+Interop], which makes it compatible with the DNS environment, which
is a pure X.500 environment. The system that we ship is not a pure X.500
environment because our customers said they didn't want the complexity of the
pure X.500. But there is an add-on. So what it is is an extension of the NT
directory.
INFOWORLD: So will there ever be a single directory?
ALLCHIN: Before we move ahead, let's back up. We also have DNS that will be
in NT 4.0. DNS has been in the Resource Kit; now DNS is part of NT Server. So
we have been a believer in having different directory systems. So DNS is
certainly an important one. We believe X.500 is also an important one. That
has been our premise always. When Cairo [a next version of Windows NT] was
planned we planned to have DNS and the Exchange system. Exchange system
add-on, if you will for the NT directory was always going to ship in Cairo --
no ifs, ands, or buts. We need to do that because that was our
interoperability story, the X.500. So there has been no changes about shipping
that.
INFOWORLD: What is the relationship between DNS and the object file system
for Cairo?
ALLCHIN: Totally separate from that work going on in the file system. We
still have work going on in the file system. And that file system will ship in
Cairo. No questions. I should point out there's a great deal of confusion
about Cairo technology versus releases because we're shipping bunches of the
technology of Cairo all along.
The user interface that came in Windows 95 was originally a Cairo invention.
The network OLE is now shipping in NT 4.0. That's all Cairo. So it's now come
to a point where it might even be best if we don't even talk about the next
release, and talk about it as just that we're shipping the technology of Cario
in intermediate pieces. We did learn that it was easier to put out pieces
than have the miracle occur in one explosion. So we have been delivering all
the pieces all along.
INFOWORLD: Has this affected any of your file system plans?
ALLCHIN: We have an advanced file system that we're working on. We did play
around with the code bases, but everyone gets confused about that, so I'm not
going to talk about that. NTFS will get smarter over time.
These features that we talked about -- properties, indexing -- all of that
stuff is all happening. No features were dropped in being able to move that
ahead. The directory that we are working on always had the same thing. It was
part of protocol independent, DNS, X.500 or we are going to have a native ODSI
connector coming into it where ODSI was a directory, system-independent
interface. We made the decision. And that by the way was to layer directly
onto the file system. We made the decision that the importance of name space
integration, i.e. DNS name space integration, was really important.
Let me say something that Cairo wasn't going to do that we learned we needed
to do. We didn't know how to do global directories. Global is a loaded word
here. Let me say a worldwide directory based on what we were doing.
What we concluded was DNS was the answer to tie these directory systems
together. Within it there could be X.500s, there could be NDSes, there could
be X, Y, and Z -- but DNS was the building block of that. When we realized
that, we realized that, "Gee, probably the use of the storage the way we do it
is probably not necessary. We could probably delay on unifying that." What we
then said is we're going to take the pieces that we had up here and just
leverage them. So take DNS and we take this Exchange system and we do all the
same interfaces here. The storage that we used just doesn't use OFS or the NT
OFS.
INFOWORLD: You're saying you're shipping DNS with 4.0? But isn't DNS as it's
shipping with 4.0 a very limited form of DNS?
ALLCHIN: No, no. That's completely confused. We rewrote DNS in for 4.0
because it was in the Resource Kit and we wanted something that would be very
scalable. It supports the standard DNS protocols. There are some proposed
draft extensions of that, one in dynamic and one in secure, and the like. All
these are still tied to host addresses, though. They're not designed so that
you can put users in it. In a DNS database you put hosts, you may put MX
records, which are for mailers and the like, but you never get down to users.
So what we're putting in 4.0 is an interoperable DNS. We have some extensions
to it.
INFOWORLD: But it won't be dynamic in 4.0?
ALLCHIN: No, it actually is dynamic in the sense that when we started off to
do the dynamic stuff the proposals in IETF weren't very solid. Remember, we
have people on the Internet Advisory Board, and we did not feel that it was
going to stabilize. Remember, we have DHCP already in our product. We have a
dynamic way to map Net BIOS names. It's called WINS. So we said, "Why don't we
connect DNS to WINS?", which is what we did. We will support dynamic DNS. We
will support secure DNS.
For the end-user we solved the problem in 4.0 about having to assign
addresses inside of DNS, but everybody is very confused. Anyone can write a
draft standard, so you have to be very careful about when you say, "Well are
you supporting DNS or are you not?" The question is: "What RSCs are you
actually supporting?" I can't actually remember the RSC right off the top of
my head for DNS, but the base one is the one that we're supporting, and we do
have an extension for dynamic, which is tied to WINS.
INFOWORLD: So are other vendors jumping the gun on dynamic?
ALLCHIN: No, I wouldn't say, "jumping the gun." I believe that the IETF is
more solid now than when we did this. We did this work a long time ago and now
we're working on that particular RSC as well as the secure one. I happen to
think there's even more issues in the secure one, but as soon as those things
are accepted, we will implement them. But we are just trying to solve customer
problems. They said there's no way to make these assignments, so we added
them. But the DNS that's in there is as pure as an ybody else's DNS. No one
should get confused. Did I get it clear?
INFOWORLD: So does this mean DNS now solves a lot of the issues that people
are looking for in the directory?
ALLCHIN: No. DNS today addresses host-to-IP address mapping and there's also
reverse mapping. But that's what it solves. It has become over time the way
companies are going to glue these directories together, that's become very
clear. The probability, in my current view, that there's going to be an X.500
or an alternative NDS is zero. I believe that it's going to be DNS. So us
adopting in a deep way DNS for some glue between enterprises is very
important.
INFOWORLD: How does this affect the promise of unified storage?
ALLCHIN: What we decided is we wanted to unify storage. Directories have a
syntax for naming users, printers, or whatever. File systems have a naming
syntax. We decided that we wanted to unify that. That is the path that we've
been on for some time. We wanted to do in the original days of Cario in the
code we had running, we wanted to unify more than the naming; we wanted to
unify the storage that was physically around each of those.
What we learned is you already have a DNS address there. We said, "How in the
hell are we going to unify when DNS names are the defining standards? We
can't drive everybody to another naming syntax." Well, we made that decision,
which was late last year: "Okay, we're going to unify with DNS naming through
our system. If we do that you can't unify with the file system. It's
impossible to do that." So we have to give up on that unification right now.
INFOWORLD: So what will Microsoft do in this name space?
ALLCHIN: We wanted to do two things before -- unify the name space so that
users didn't have to see a difference between naming resources and file
systems. And at the same time we wanted to unify storage.
What has happened is between URLs and DNS mail addresses, the name space has
been set. We understand what the name space is. And the two, by the way, are
different. So what we said is: "Okay, we cannot unify the storage right now
because the two are different, but we can unify naming between the two." And
that's what we're doing. We're basically saying URLs and DNS names win.
Now under covers no one should get confused about what technology we're
using. We were always using parts of the Exchange system. We're using parts of
DNS, we're using parts of X.500 all to do this. So the change really is the
Internet won. All we're doing is recognizing that and doing the right thing.
Long-term, would I have unified storage? Yes. Are we going to? If I have my
way, eventually, yes. The file system is still there. It's still going to be
used for properties and indexing and there's things the directory service will
leverage on that. And we are always using the technology.
INFOWORLD: Wasn't unified storage planned for Cairo? Are you at the moment
saying you're going to have to put that out a bit further?
ALLCHIN: Yes, but the question is "unified between what? The directory system
objects in file storage?" Yes, I'm saying we're having to delay that.
INFOWORLD: But Cairo will still have an object file system?
ALLCHIN: Yes.
INFOWORLD: With all those properties?
ALLCHIN: Yes.
INFOWORLD: What would call this? We're not quite sure what to call it.
ALLCHIN: What we called it at the PDC was NT OFS. But frankly, we change
formats all the time in each system we ship. NTFS is what it's going to be
called. When we ship the product there's no new name. It's NTFS. So it might
even be best for you to just say that NTFS is getting enhancements. We
probably made a mistake calling it OFS because it created a complete new scope
for the thing. So people are getting confused. It is our fault. It is the
next version of NTFS and that's going to have new features like properties,
like content indexing. All the things you heard about before are in it.
INFOWORLD: If I'm still getting most of the things with anticipating a
unified naming structure, what am I going to be losing by not having a unified
storage?
ALLCHIN: That's the point: You lose nothing from an end-user. What we lost as
a vendor is that we couldn't reuse some common code. That's what we lost, but
from the client side they'll never know the difference.
We're trying to describe this, I think ... we're getting crucified for no
good reason. It is important that we clarify this because it is very, very
bad. Yes, we are saying the Internet as one environment; second, we're not
trying to foist proprietary technology; three, we think there's going to be a
lot of different protocols coming into directory systems -- DNS and X.500 and
other protocols. And that's why we've got things like ODSI. We don't think
there's one directory system. I think we're doing the right thing for the
customers in that regard.
INFOWORLD: So how will all this play out in terms of Exchange?
ALLCHIN: We integrate with NT directories, so you get this common security
interface. We have universal transfer. You find this messaging platform once
and it's used, whether it's replicating data, the directory or messages. It's
also a multiprotocol engine where it's got X.400 and SMTP as the main part of
it and centralized management. It's something that's not an add-on, you don't
have to pay thousands of dollars. It's just in this box.
This is a key differentiator: We build on NT Server. So you get the same
password management, you get the same intruder detection. If you don't
leverage the operating system you will then build in your application a
separate way for whether it's the messaging system or a database or whatever
-- it's simpler for the administration.
The directory system hooks onto the NT directory, lets you add users. It is
high-performance, it does have nice distributed list management, so you can
say, "You own this particular distribution list because you're into rock
music, or you're into mountain climbing, or scuba, or whatever ... and you're
going to manage all the people on that." And the IS group doesn't have to
think about it anymore. That's a unique feature and you can still do it with
the same security. They can control who can be added or whatever.
INFOWORLD: How sophisticated is this capability?
ALLCHIN: I talked a little bit about the stable storage. Another key thing
about replicas is that if you set up a replica here [in San Francisco] and
another one in New York, or perhaps a few others in different places in the
country, and then you fly around. When you dial-in and connect you'll find the
closest one to you automatically.
You don't have to say, "Connect to that database, that database, or that
database." You'll find the closest one and it's not pass-through or whatever,
if you've heard that term. We know where you are and we find the closest one,
we automatically lock you into that. So that's what we call Location
Transparent Replicas, which I also think is unique.
We also have Single Instance Storage. So if you send a video clip to a
hundred people on a single machine, it's only stored there once. Now other
people have added that onto their product, but what they haven't done is deal
with, if you will, the plumbing issues of how you do quotas, how do you do
integrity. What if one of those files gets blown away? What if you delete a
user? What happens? Do you clean up all the reference counts?
Or what if you're taking a backup and they're just stored as NT files and you
backup disk file and then a bunch of changes happen on this one before it's
written over here? See, then the backup comes through and gets this one, but
the two files are inconsistent. Then you load your backup on it, it's
inconsistent. It's transactional on all of that ... I think we're about the
only system that has 1984 and 1988 X.400 certification. And it's something
that's very nice. For example, you can tunnel X.400 through an SMP network. So
there's a lot of plumbing there and I won't spend more time on this thing,
but that's where we've spent our time.
INFOWORLD: You're pretty much limiting everyone to running on NT Server. Are
there are connector add-ons to Exchange that link to other environments?
ALLCHIN: Absolutely. Our perspective is for all the BackOffice things we have
made a choice. One of the alternatives is to port the application on all the
different operating systems. The other choice is to port the operating system
with the application to as many platforms as you can, which we have done.
If NT comes out on platform X, the BackOffice is there, and that's
insufficient. The other option is you have to have interoperability on the
wire with everyone else. And that's what we have done. However that's a very
difficult problem and we will never be completely done with that, but we've
spent more dollars doing NetWare integration interoperability and more dollars
on SNA. People don't think of Microsoft as being in the SNA business, but in
my opinion we have a vast SNA system.
Or take some of the Unix capabilities that we've put in this system. And in
the mail case, it's the same thing. So if we haven't done it, we've worked
with others. So, for example, we've worked with Attachmate on Prof gateways
and we have that running in production in places like Texaco where they're
interoperating with Prof systems.
INFOWORLD: But how are you going to have a simpler administration model if
you're working with NT and multiplatform environments? If you do have to
integrate the AS/400 with NT and you're using Exchange -- whenever you use
AS/400, you need a third party product to link those two?
ALLCHIN: That's not true. Let me give you my perspective on it. You will have
file servers, you will have printers in your environment. So you're going to
be adding users onto those systems with security. You've got an AS/400, so
you've got that. And you're going to manage that. So you've got those two.
Now you're going to have a third one? Or are you going to leverage one of
these? Our approach is to leverage the one on the file system space. If you
put a layer on top of this, you haven't solved the problem, you've added to it
because you had these things -- whether it's NetWare or Microsoft -- it
doesn't make any difference. You've got this thing and you'll have users that
you have to administer over here. And now you've added a layer on top that
doesn't integrate or tries to hide it, but can't hide it totally because it's
impossible to take full advantage of all the security for printers and other
resources on an AS/400 or whatever. So my opinion is that it actually made it
worse.
Only if it was pure seamless for all of the resources, which is I admit a
great dream -- that would be good for customers. No one has it today, no one
is going to have it. That is what customers would like. What we've tried to do
is try to take the simplest approach to that, though.
INFOWORLD: And you don't think IBM's Lotus Notes can get it because they have
announced they plan to be on all the major platforms?
ALLCHIN: No. They're not on all the platforms. But suppose they're on all of
them? It doesn't matter. They don't use NT security. They don't use our
directory! So you'll have to sit here and add users into the NT system if you
want to have a printer on an NT system. You're going to have that environment.
Yes, they put a layer there. They have a middleware layer, but it doesn't
change anything. All it does is add complexity.
I think it's very important because it's really easy to explain this so that
it sounds like the perfect panacea for customers, but it's only when somebody
sits down and sees that they already have a heterogenous environment they
already have to manage. DCE has a better shot at doing this, by the way, than
Notes does.
But the point here is that you already have this environment and you're going
to have to administer printers and other resources on these systems; again,
whether it's NetWare or us. And adding a layer on top of it doesn't do
anything, it doesn't take away from these because through Lotus Notes you
can't manage a printer, you can't manage a file. This isn't, by the way, a
statement against Lotus Notes. It's a statement against not taking advantage
of the operating system.
INFOWORLD: So what about DCE then? Should we just wait for DCE?
ALLCHIN: As I said, it has a better shot because it was trying to do a
broader thing, not just manage whatever today. Lotus is saying Notes manages.
I don't know what they're calling it today. DCE is trying to manage a lot of
things and if a customer wants DCE, I think it's great. I'm personally worried
about whether it will satisfy all of its claims in an efficient manner. The
question is how big is it?