Q&A: Muglia Outlines Channel Opportunities For Security, SMS 2003, MOM 2004
CRN: How important is security to Microsoft, relative to the Linux threat?
Muglia: It is our top priority right now. Linux is not our top priority. Securing Windows is our top priority.
CRN: Microsoft is taking a public beating because of the viruses and worm that have exploited vulnerabilities in Windows. What's the status of Microsoft's security story?
Muglia: We're pretty far along. We have a lot [of products and features] today. The big mistake is [not] getting people to use them. The firewall in every copy of Windows [XP] is not turned on, but we did that right after Blaster and told OEMs to do that. That's going to happen quickly. Those that had ICF turned on didn't get Blaster.
CRN: What has Microsoft learned about security through its ordeal this summer?
Muglia: You need multiple levels of defenses, including some configuration and profile [defaults], [to] issue patches, and additional defenses such as countermeasures you can put around [Windows].
CRN: What is Microsoft's 'Securing the Perimeter' initiative about? Is it just market-ecture?
Muglia: Securing the perimeter is how you put in place countermeasures beyond patch management. While we continue to make the operating system more secure at its core and issue patches, it's not the only thing we're focusing on. You need to have multiple levels of security in a corporation, multiple levels of defense. It's like a gated community. You need additional levels of security, doors locked and alarms turned on, and additional defenses--countermeasures, such as putting up a fence--to be protected. A year from now you'll see additional countermeasures in place, as well as better firewalls.
CRN: Will we ever see the day when the security problem goes away?
Muglia: I don't think you'll ever get pure security. We'll make it difficult for the hacker, though. I don't think there's enough recognition that the hacker is a criminal who causes a substantial amount of damage.
CRN: Is Windows less secure than other operating systems?
Muglia: The severity of [attacks] has increased. But all [operating systems] have security vulnerabilities.
CRN: Some suggest that Intel's 64-bit architecture and 64-bit Windows will close up a good deal of the vulnerable areas hackers target and will vastly reduce virus and worm attacks. Is that true?
Muglia: Problems will always exist. There are attributes of 64-bit architecture where it gets better. 64-bit has the ability to detect if code is executing in the heap, and that's a plus [for stopping malicious code]. It will be in future 32-bit processors and we'll take advantage of it.
CRN But to what extent does the heap represent a vulnerability today?
Muglia: It is a vulnerability right now, and certainly something good to close.
CRN: What is the status of Microsoft's firewall?
Muglia: ISA 2004, code-named Stingray, went into beta at the end of July. We think every customer needs a firewall.
CRN: Does Microsoft plan to acquire an enterprise firewall vendor that can support multiple server platforms?
Muglia: Not to my knowledge. We develop the [Stingray] code in our Israeli lab so it's all done internally. We're not going to do a Linux firewall.
CRN: What is patch management, and how do Microsoft's management server-- especially Systems Management Server 2003--enable it?
Muglia: They're all very integrated, but patch management is a core part of management and a core part of security. There is a relationship between management and security, but they are different. Patch management is a specific form of [software] deployment, and SMS is a deployment platform. We're looking at a common infrastructure for patch deployment, and SMS is an important component. SMS 2003 is a great step forward. You need a mechanism to know when an update is required and then have policies through the system.
CRN: What are the ways businesses can implement Microsoft's patch management services?
Muglia: It feeds into three funnels: Windows Update, Software Update Service in the Windows server and SMS. Windows Update is for those consumers who need minimal control and most machines in very small businesses that are updated with patches. Then for midsize businesses, they want to use the Software Update Service (SUS) feature of the Windows Server. It's a business update service. There's a major update of SUS coming out in the first half of 2004. If customers care about control, then they use SMS and the future Windows System Center, so administrator has control. There will be future development within Windows.
CRN: How will Microsoft's next-generation management servers better enable security and patch management?
Muglia: We already tie SMS very clearly to Windows Update and SUS. We had a security accelerator released [for SMS] in December, and we've updated it for SMS 2003. [The most significant new feature of SMS 2003] is its effectiveness in delivering software updates to larger numbers of people and systems, from Office to security patches.
CRN: What about in 2004?
Muglia: We'll ship MOM 2004 and System Center so it's easier for people to manage their systems. The next generation of management packs for MOM 2004 will have a broad understanding of security events. They ship with the application. We'll have SMS 2003 out there so there's a better tool for deploying software and the next release of SUS for the Windows server for companies that don't require SMS.
CRN: How important is the channel in helping Microsoft solve security and management problems?
Muglia: Very important. The channel supports so many computers in small and midsize businesses, and as enterprises do more and more outsourcing. The security solution accelerators [for SMS and SUS] are handbooks for the VAR channel.
CRN: What are the major new features of MOM 2004, and how does it pertain to the channel?
Muglia: Ease of use. Management packs for security. MOM is a pretty dramatic change, with ease of use and deployment features to drive it more into the midmarket space. It's more applicable for the channel. One of the key things we're announcing now is that MOM 2004 will support Web services management so [customers] can manage the distributed applications across networks. There will be management packs for the Common Language Run-Time, IIS, ASP.Net, UDDI and others. We also have partnerships with Web service management companies like Actional and CA's Adjoin in the [near term].
CRN: Are there any standards yet for Web services management?
Muglia: There are no clear standards around Web management, but there will be. We're [IBM, Microsoft, BEA and others] are still in the very early stages. All vendors are moving up to [Web services management], but it's still in its infancy. Certainly the proposals on the table are quite different, but companies like HP, Microsoft and IBM will drive consensus.
CRN: Can you provide an update on Systems Center--Microsoft's plan to integrate SMS and MOM into one server?
Muglia: The first release of System Center will ship with MOM 2004 in the summer of 2004--SMS 2003 and MOM 2004. We will provide them together as a bundle, but we're integrating them over time. The first generation of the integrated [management] suite will have a higher level of integration than other suites. There will be a common installation system and common configuration repository. MOM 2004 will introduce a data warehouse that will collect data from MOM and SMS. Data gets stored in a common database and used for either software distribution or monitoring. Each [server] has it own database now. [The common database] will be built on Yukon and [the next] WinFS file system [in the next Windows version].
CRN: What is the Dynamic Systems Initiative?
Muglia: [It's about] how we create an environment where the application can be developed and deployed and managed from conception to retirement so that applications are designed to be managed. The application can be operated from beginning to end in a secure way. So problems associated with an application get back to the software vendor and third parties.
CRN: How does Microsoft's vision of DSI differ from IBM's On-Demand Initiative and Sun's N1?
Muglia: On Demand is IBM's new term for outsourcing IT. IBM is trying to turn it into news. We call ours DSI. The biggest difference is that we're looking at the life-cycle process and reducing the people costs. The issue of allocating computing resources is only one part of what DSI is about. The life cycle of an application through deployment to retirement [is another]. Autonomic computing is important, such as the dynamic reallocation of resources. But our focus is different, focusing more on saving people resources by ensuring that they leverage all data associated with an application and make sure all of it gets fed back to administrators and developers. It's less about computing resources, the key issue is people resources.
CRN: What's the status of Microsoft's storage initiative?
Muglia: We're working on ways to simplify the management of SANs. In Windows 2003, we shipped the VDS API, and it's the first API that provides visibility into what is happening at the storage layer. What is missing is management tools to simplify the creation of SANs.
CRN: What's the challenge for the channel?
Muglia: The key challenge for the channel is how to reduce the learning curve. The tools for managing SANs are all proprietary, with cryptic commands. We want to build Windows-based tools for lower-end SANs. We're working with hardware vendors and now ISVs in the industry. We've had success--gone from 0 percent to 41 percent market share in the NAS market. We're gaining share against Linux in the NAS market.