Tomorrow’s Features in Today’s Tools

The toughcompetitors at Microsoft never easily admit the shortcomings of their ownproducts.

Exceptionsto this general premise tend to occur during the product testing cycle, thelimbo period when Microsoft officials begin to market new features that willenhance a current product before customers have anything but the old,in-need-of-enhancement product available to them.

This limboperiod is a good time for third-party tool vendors. The fortunate ones canpoint to utilities they provide and map them to features coming in theoperating system. For 12 months or more, those vendors offer the functionalityMicrosoft can only promise.

So it goeswith Whistler, the successor to Microsoft’s Windows 2000 operating system,.Whistler entered Beta 1 testing Oct. 31. Microsoft plans to ship the operatingsystem in late 2001, although many industry observers are already predicting aslide into 2002 based on the company’s track record with product schedules.

WhenWindows 2000 was in beta testing, the areas Microsoft targeted for improvementwere Windows NT’s reliability, scalability, and lack of directory services.

Microsoftachieved substantial progress on reliability and scalability from Windows NT toWindows 2000. Between Windows 2000 and Whistler, Microsoft’s primary goal onthe server side appears to be to mature Active Directory, the extensivedirectory services it offered for the first time in Windows 2000.

Many of theenhancements move into areas that third-party vendors had already rushed tofill functionality gaps.

One bigtool player is FullArmor, which identified the thorny problems of group policybehaviors in Active Directory as needing a tool. FullArmor’s Resultant Set ofPolicies (RSoP) approach in FAZAM 2000 is one of the first tools to be knightedby Microsoft for addressing a Windows 2000 issue Microsoft deems importantenough to begin fixing. Microsoft this month included a stripped-down versionof FAZAM 2000 in its Windows 2000 Server Resource Kit.

InWhistler, Microsoft is adding an RSoP wizard and user interface, a subset ofFAZAM 2000’s capabilities, as an addition to Group Policy.

Microsoft’sWhistler literature summarizes the problem: “RSoP address issues created when apolicy is applied on multiple levels -- i.e. site, domain, domain controller,and organizational unit -- as the result can be unexpected and if an unintendedpolicy has been set, it can be difficult to track down and change.”

WhatMicrosoft will introduce is a planning mode that allows administrators to run“what if” scenarios on groups of users to see what effect group policies haveon users without actually implementing them. A logging mode will allow users toreview existing policies to track down problems in existing policies.

Much of thework still to come in Whistler Beta 2 or later will be in improving themigration capabilities of users and objects across forests in Active Directory.Some of the capabilities are expected to include establishing inter-foresttransitive trusts, allowing for Kerberos authentication between forests. TheWhistler generation of Active Directory is also expected to include enhancementof the Active Directory Migration Tool to enable migration of passwords andsupport scriptable migration of users and computers between forests.

Theproposed enhancements to Active Directory speak to Microsoft’s willingness toacknowledge that the extensive upfront planning and later inflexibility of theActive Directory are issues in need of solutions.

Customershave shown that they need to be able to test Active Directory at thedepartmental level and extend and expand across the enterprise later, and thatthe directory needs to display the flexibility required to handle mergers andacquisitions that require the integration of another company’s foreststructure.

Vendorssuch as Aelita, BindView, FastLane, and NetIQ are working toward so-calledpruning and grafting capabilities that will allow more flexibility in ActiveDirectory, and several currently offer what are in effect workarounds to theproblem.

Forexample, NetIQ’s Directory and Resource Administrator has a feature calledActive Views that allows an administrator to create a virtual view ofinformation in the Active Directory, or in a predirectory Windows NT domain.Organizational Units for sales in London, New York, and Houston offices, forexample, could be centralized under an Active View and administered through thesoftware as a single entity.

In Beta 1at least, Active Directory management tools are less of a focus.

“Most ofthe stuff they’re doing in Whistler is related to Active Directory performanceand stability,” says Ed Galvin, program manager at Aelita. “They’ve put sometools in to handle the administration and management, but it was obvious --based on the [feature list] content -- that their focus is on the actualinfrastructure.”

Aelita andseveral vendors already are working on logging and synthesizing Windows 2000and Active Directory event information. BMC Software’s BMC Patrol for Windows2000 Server and the Heroix RoboMon Active Directory Intelligent Solution Setboth monitor Active Directory Replication and Trusts and provide trendinganalysis.

For moreWhistler coverage see:

TheWhistler footprint  
Whistler Aids Scale-Up Strategy          
Storage Enhancements in Whistler
Networking Enhancements in Whistler for a complete section on Whistler, including archived ENTstories and feature lists.

Microsoft Corp., Redmond, Wash.,
FullArmor Corp., Boston,

AelitaSoftware Corp., Powell,Ohio,