Microsoft's much-publicized security push has cost real money--$100 million of person-hours went into the two-month hiatus in development of .Net server, according to David Thompson, vice president of Microsoft's Windows server products group.
Close to 5000 people in the development team spent all of February and March learning security, Thompson told the Microsoft Tech Ed conference in Barcelona. This alone cost Microsoft $100 million, as well as putting back product schedules. Other product development teams will incur similar costs, he said.
"Every developer feels it is now a matter of pride that they have to write secure code," said Thompson, denying that Microsoft developers might have found it hard to adjust from writing "cool" code to writing "secure" code. "The team was remarkably excited, at being given the chance to focus on an area that has a lot of public visibility."
Issues of security and management are to the fore in Microsoft's .Net server demonstrations at Tech Ed, as Microsoft makes an effort to convince users it "means business". Unlike previous new operating systems from Microsoft, demos of .Net server focus heavily on issues such as authentication and policy administration.
Security holes led Microsoft Chairman Bill Gates in January to promise to make security the company's top priority.
Even Web services was presented as a management issue, to be solved with UDDI (universal description, discovery and integration) to be included in .Net server. "You will have hundreds or thousands of web services before you know it," said Thompson. "A platform to publish them is really significant."
Microsoft last month also announced it is developing new security software it hopes will make Web services and its entire product lineup more appealing to big companies.
Managing security will be emphasized in .Net server, with public key infrastructure (PKI) and other tools becoming easier to manage. "PKI will be easier to deploy with auto-enrolment," said Thompson.
And a lengthy part of Thompson's keynote was taken up by a demonstration of group policy management console, which improves over Windows 2000's handling of user environments, which Thompson admitted was clumsy.
Thompson showed a .Net server feature which will give users the ability to revert to previous versions of a document--a remote equivalent of recovering a document from their desktop's trashcan. The file system in .Net server will store incremental changes so that a "snapshot" of the file system is available, similar to those used by backup and recovery products.
The .Net snapshot will not conflict with third party products, as developers will be encouraged to fit their products into a structure of applications and providers, using common services from "providers", said Thompson.
A demonstration of the forthcoming version 6 of Internet Information Server (IIS), which will be built into .Net server, likewise concentrated on tools to manage and re-use parts of Web servers.
