The last two days kind of blend together so I'll cover in one post. I went to several sessions on virtualization that were outstanding. The first dealt with Microsoft's recently closed acquisition of Softricity. This technology is very interesting in that it deals with application virtualization. With typical products like Microsoft Virtual Server or VMWare, the entire OS is virtualized. In the case of Softricity, each application's run time environment is virtualized. Think virtual registry, virtual DLLs, etc. The idea being that by running the app in a virtual environment, you can have multiple apps the might normally conflict with eachother run side by side on the same machine with no issues. Now the most interesting part is their application streaming technology. It turns out that even a large complex app like Microsoft Office only required 10-20 MB of files to start and run. As you then use the app and access more features more files are required. With Softricity, you can deploy an icon to a users desktop and when the user clicks the icon, the application is streamed to the users desktop and runs in the virtual environment. As an example if you deploy the Word icon, when you click it the first time the initial 10-20 MB are streamed and the app launches while in the background it continues to download the rest. The app is never actually installed on the system, it runs in a virtual container. The download is cached so the next time you run there is no delay. The part that makes this scenario very cool is that the app is never installed but unlike when using terminal server, the app actually runs on the local machines physical hardware. At this time they are still exploring how this technology will be integrated with existing Microsoft solutions but even before the acquisition Softricity was tightly integrated with SMS.
Another session I went to was about the architecture and operations of the Microsoft.com website including Microsoft Update. The scale is unbelievable. Microsoft.com is the third largest website in the world in terms of usage. It's comprised of over 2000 servers and runs at 120Gb/s outbound. There are several case studies on the website in the IT Showcase with some very interesting ones on how the move to 64bit had a dramatic positive impact. For anyone with doubts on whether Microsoft infrastructures can be scalable, available, and secure this site obviously runs exclusively on Microsoft technologies: W2003, IIS, SQL. It is also tied as the most highly available web site of all major web properties with AOL.
Finally, this morning there was a great presentation to the full TechReady audience by Dr. Steve Squyers of Cornell University who is the lead manager of the Mars Rover program. Spirit and Opportunity are still plugging away on Mars years beyond their design specification. Dr. Squyers was a very entertaining presenter and had some amazing images from the rovers. He talked about how the project was managed, how the team worked together, and some of the lessons learned and how the apply to large technical projects.
Day 3 turned out to be even more interesting than I thought. There were keynotes again this morning, but they were very demo heavy which is always good. The first was Kevin Schofield from Microsoft Research. After some great stats about Microsoft being the largest spender on pure R&D and being a leader in annual patents granted, he showed some amazing demos of visualization and image processing projects our researchers are working on. One of them you can see as well at this link. After this, Jim Allchin and some of his team did some great demos of Vista and Office 2007.
Later in the day I went to a great session on Active Directory in Longhorn. The biggest changes are targetted toward branch office scenarios with the introduction of the read only domain controller (RODC). As hopefully most people know, physical security of domain controllers is a critical requirement. Typically in branch office scenarios this is not the case. With the RODC, even if it is compromised, there is not a full account database on the server and it is prohibited from replicating back to full domain controllers. This role can run on Longhorn Server Core so you can have a very secure branch office directory server.
Finally, at the end of the day I went to a session on System Management Server, soon to be called System Center Configuration Manager. The session focused mostly on OS deployment and Network Access Protection (NAP) which were the two biggest areas of investment. Finally we will have a unified and robust method for deploying both client and server operating systems. There are some great improvements to the image based deployment process. In terms of NAP, this is going to be one of the biggest areas to improve security. There are many options for checking, quarantining, and remediating non-compliant systems. It's also extensible so ISVs and even customers can create their own health checks.
Day 3 continued the themes of security and manageability across the board.
Day 2 at TechReady lived up to expectations. Today I attended several sessions on Unified Communication (UC), and Identity Management. While there has been a fair amount of press lately on our UC efforts, I don't think it has sunk in yet how much Microsoft is focusing on this space. The investments are primarily in Office Communication Server (the new version of Live Communication Server) and in Exchange 2007. Microsoft is going to be a player in the VOIP space. Much better support and scalability around A/V conferencing, Telephony, etc. So much capability is going to be coming next year that it is going to be a challenge to assimilate it all. I would pay attention to these two very closely. For the publicly available information and a goofy but very interesting demo, look for our UC announcements on the web site from about a month ago.
Identity Management is a focus area of mine and another area of big investment for Microsoft. As demonstrated with our acquisition of Alacris, we realize that there is still a ways to go in terms of providing a robust, end to end identity management solution. It's still going to take some time to get there but I've been in discussions this week with some of the top product managers in AD, MIIS, etc. and they definitely get it. These are not easy problems to solve but the product groups are finally getting aligned to go after them with a coherent strategy.
On to Day 3!
Day 1 at TechReady was great. There were several keynotes in the morning ending with one by Steve Ballmer who always revs up the audience. As for technical content, that started in earnest in the afternoon sessions. I attended sessions on RMS, ADFS, and a great session on Longhorn.
For those of you who have not looked at ADFS yet, I highly recommend checking out the whitepapers and training available on the web. This technology provides many options for federating identity between business partners. While I can't disclose specifics, there is a real push to extend the abilities of ADFS and have other products such as RMS and Sharepoint leverage it even more than they currently do. This is an area of significant investment. Also, for the skeptics out there, the current version of ADFS can interoperate with several of our competitors products so you don't need to have AD on both ends.
Next, I attended a whirlwind session on Longhorn features. This was a heck of a session. Many of the features have been discussed publicly but this is the first time I saw a bunch of them in action. Server Core, the stripped down version of Longhorn that fits into a couple hundred meg with no GUI is a big deal. Substantially reduced attack surface. My guess is that Server Core will be very high performance for the dedicated roles it serves like AD, DNS, etc. Roles are a theme that you will continue to hear a lot about. In an effort to reduce complexity and increase consistency, detailed server roles and management are a big part of longhorn. The roles tie together configuration, management tasks, security, events, etc. Big changes to terminal server will make it much more usable, particularly from outside the firewall. There are a large amount of other changes as well such as network stack improvements, IPSec improvements, a great server management console.
All in all it was a great day, looking forward to Day 2!
TechReady is an internal conference for Microsoft employees that packs a huge amount of presentations, training, labs, and a few parties into a single week. It's similar to TechEd except that it focuses primarily on future products instead of what is currently shipping. As such, on the infrastructure side this one is focused on Longhorn, Office 2007, Exchange 2007, etc. I'll be attending as many sessions as I can on AD and all the 2007 servers. Check back this week as I'll try to get a post or two in each day with any info I'm able to publish
I came out to Seattle early, arriving yesterday so that I could attend a full day of training on Rights Management Service (RMS) which is a server and client technology available today for Windows Server 2003 and Office which allows you to protect email and office documents with both encryption and restrictions on the actions you can perform on the protected content. Some of the most powerful examples are:
There are many other possibilities with this technology. The key differentiator from traditional security mechanisms such as access control lists is that in the case of RMS, the security restrictions are part of the document or message itself and thus effective even if the document has propagated outside the organization.
Efforts are currently under way to extend this technology to better support extranet and federation scenarios. I'll be attending several sessions this week on RMS.