Active Directory: Microsoft’s new unfair advantage

Okay, so the title does sound provocative. But it really isn’t. If you’re starting a new company and you go the venture route, the first thing an investor should ask you is what is your unfair advantage? An unfair advantage is also known as a sustained competitive advantage. The phrase is self-explanatory and there are a zillion books on entrepreneurship that will tell you about SCA. Hopefully at the end of this piece, you’ll agree with me that Active Directory is a great SCA  to have.

In the mid 80’s Microsoft invested heavily in building the Windows desktop franchise. Yes late 80’s, think about it, by Windows 3.1 Microsoft had significantly dominated the desktop  OS business. By the early 90’s Apple made significant missteps with not having its next generation OS ready. Jobs had left to go build NeXT. Microsoft follows up in ‘95 with Windows 95 for the consumer and Dave Cutler’s NT team has released Windows NT 3.1 in ‘93 – by ‘96, there is Windows 95 for the consumer and Windows NT 4.0 for business now share the same desktop look and feel. In fact Windows NT 4.0 was internally referred to as SUR – the Shell Update Release. Some even know it as Tukwila – much closer to home (Redmond) than Cairo.

Point: by ‘96 – the desktop operating system is Microsoft’s SCA – its sustained competitive advantage. There is no other prevailing operating system. Microsoft owns 99% of the world-wide desktop operating system business.

1996 is a good point to mark time. A new battle is brewing. The war for directory services. Directory Services is not really a new idea – they’ve been directory services for a while. A lot of neat directory services were built in the ’80s, but what makes the ’90s the decade of directory services is that they are about the enter into mainstream (PC) computing consciousness.

In the ’80s through the early ’90s, Sun had already come out with yellow pages – what we all know as NIS today. Novell had dominated the ’80s with Netware. Netware 3.12’s bindery based architecture had users and groups and all that good stuff. Banyan comes out with StreetTalk – that was a real directory server. The OSF announces its  Cell Directory Service. Microsoft and IBM have released Windows for workgroups and LanManager. Windows NT 3.1 introduces domain controllers and a rudimentary replication model for them. Novell now releases Netware 5.0 and NDS – Novell Directory Services. Guess what we’re getting to closer to today – NDS is eDirectory. And in 1990, Microsoft begins its ill-fated Cairo adventure.  In 1997 Microsoft begins Windows 2000 development – it is probably the most influential version of Windows to have shipped.  The 1997 Professional Developers Conference has the tag line “The Rennaissance of Distributed Systems” – a slew of technologies that dominate todays corporate networks emerge – a distributed security infrastructure that  used kerberos for authentication, a Directory Service which served as the backbone for the KDC, a Distributed File System, a Radius Infrastructure, a  centralized policy distribution mechanism, a DNS service, a DHCP service, a certificate server infrastructure,. I haven’t even scratched the surface  and I’m still talking only about the core Windows server infrastructure.

Windows 2000 ships February 1999 and it immediately competes with a host of other directory products. Netscape has their Directory Server,  Novell continues with NDS, Sun has its own and then licenses Netscape’s Directory Server as iPlanet.

Fast forward 8 years – Windows Active Directory is the preeminent NOS directory for corporate intranets in 93% of the Fortune 1000. The numbers are the same for the Global 2000. The rest of the directory players have less than 7% market share.

So why is Active Directory such a superb “unfair” advantage for Microsoft? Let list how it affects the average corporate knowledge worker.

1) The average knowledge worker pretty much still goes to the office everyday. She still logs into her computer every day using her username and password. She is now authenticating to her company’s Active Directory domain controller

2) She then needs to access some files. Let’s say she still connects to a file share from her browser. She is issued a service ticket to that file server from her Active Directory domain controller. It happens  unobtrusively; she doesn’t have to enter her credentials again – she is granted access to the file server

3) Her company has a Sharepoint file server. She points her browser to the sharepoint server and magically she is granted access to content on the server. Again, under the covers her system has just talked to the DC requesting a ticket to talk to the Sharepoint server

4) And now the biggie. Exchange. Exchange and Active Directory are a matched pair. There are estimated around 250 million CALs of Exchange. Everyone of those clients is tightly integrated with Active Directory. First every Outlook client seamlessly authenticates to AD to talk to its Exchange server and every Exchange server’s routing information and users and groups and distribution lists are all stored in AD. In fact, there is no Exchange server deployment without an Active Directory backend,

5) But let’s get back to our user. She goes home and now wants to access her computer at work. She needs to VPN into the corporate network and guess what she has to enter her Active Directory credentials irrespective of whether she uses L2TP/IPSec or PPTP. Again she uses the same user name and password she has for logging into the corporate network when she is on the corporate premises.

6) Once she’s on the corporate network, she wants to use establish a remote desktop session. Again she has to enter her Active Directory credentials to get access to her desktop. Does it ever stop? no..

7) She now is back at the office and she is using a laptop. But because her company uses a secure wireless network, and her company uses WPA security, she will have to enter her AD credentials again before she can connect to the access point.

This is just the tip of the iceberg. This is the nature of a Windows centric corporate network in circa 2008. Every activity performed by a user is intrinisically controlled by Active Directory.
This should give you an idea of  how completely the everyday activities of a corporate knowledge worker are controlled by Active Directory. On my next posting, I’ll start looking at other non-Windows operating systems and show you how they have a hard time getting adopted within a corporation when they fail to seamlessly integrate in with Active Directory.

June 4, 2008 - Posted by kganugapati | Uncategorized | | No Comments Yet