Products and Services: Redefining Mainframe Computing
August 2001
Aberdeen Group, Inc. One Boston Place Boston, Massachusetts 02108 USA Telephone: 617 723 7890 Fax: 617 723 7897 www.aberdeen.com AberdeenGroup Unisys: Redefining Mainframe Computing
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup i C O N T E N T S Preface 1 How Aberdeen Evaluates Windows 2000 Suppliers 1 Aberdeens Approach 1 Feedback 2 Additional Resources 2 Chapter One Executive Summary 3 Chapter Two Defining Enterprise Class: Windows 2000 in the Enterprise 5 Is Windows 2000 Enterprise-Ready? 5 Scalability 5 Reliability/Availability 7 Manageability 7 Security 7 Directory Services 7 Interoperability 8 Enterprise Expertise 8 Overall Conclusions 8 Chapter Three Unisys Strategy for Building Enterprise-Class Windows 2000 Systems: CMP Architecture 9 Chapter Four Unisys and Windows 2000 Scalability 11 Scaling for Performance 11 Applications and Database Scaling 13 Windows 2000 Performance: Near-Term Directions 15 InfiniBand: Offloading I/O Tasks 15 AberdeenGroup Unisys: Redefining Mainframe Computing
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup ii C O N T E N T S
More Processing Power with 64-bit Computing 16 Load Balancing/Partitioning 17 Scaling out with ES7000 Clustering 18 Aberdeen Findings 19 Chapter Five Unisys and Windows 2000 Systems Reliability/High Availability 20 Three Factors Contribute to Windows Operating Environment Instability 23 Windows 2000 Reliability/Availability: State of the Market 24 Ensuring Hardware High Availability 25 Windows 2000 Reliability/Availability: Near-Term Futures 27 Aberdeen Findings 27 Chapter Six Unisys and Windows 2000 Systems Management29 Windows 2000 Systems Manageability Today 30 Manageability Enhancements for Windows 2000 31 Active Directory 31 Microsoft Management Console and the Common Object Model 33 Systems Management Server and IntelliMirror 33 Other Important Improvements in Windows 2000 Manageability 34 What Unisys Offers to Augment Windows 2000 Manageability 34 Chapter Seven Unisys and Windows 2000 Security 37 Windows 2000 Security Today 37 Microsofts Kerberos Implementation 39 Microsoft, Windows 2000, and Public Key Infrastructure 40 AberdeenGroup Unisys: Redefining Mainframe Computing
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup iii C O N T E N T S
Unisys Windows 2000 Security Extensions 41 Aberdeen Findings 42 Chapter Eight The Role of NT/Windows 2000 Professional Services Resources 44 Who Are the Windows 2000 Professional Services Providers? 44 Which Windows 2000 Professional Services Are Available? 45 Unisys Windows 2000 Professional Services Offering 45 Aberdeen Findings 45 Chapter Nine The Competitive Scenario 47 Unisys Strengths 47 Chapter Ten Summary Observations 49 Author Profile 51 Appendix A Lexicon of Acronyms and Abbreviations 52 Appendix B Related Aberdeen Research 55
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup iv F I G U R E S
Figure 1: The Benefits of 36-Bit Memory Addressing 14 Figure 2: Windows Server OS-Related Planned Technology Events 17 Figure 3: Windows NT/2000 HA Clustering and Partitioning 26 Figure 4: Windows 2000 Manageability Framework 32 Figure 5: Unisys Enterprise Server Software Management Architecture 35 Figure 6: Unisys IT Security Architecture 41
T A B L E S
Table 1: Achieving Windows 2000 System-Level Scalability 12 Table 2: Windows 2000 Reliability Six-Month Moving Average 20 Table 3: Categorizing High Availability 21
Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 1 Preface The primary purpose of this Aberdeen research report is to describe various product extensions and developments that make Unisys Corpo- rations Windows 2000 platform and service offerings unique and dif- ferent from those of its competitors Compaq, Dell, Hewlett-Packard, and IBM. Contrary to the common belief that all Windows 2000/Intel-based serv- ers are essentially all the same because they use the same operating en- vironment and underlying commodity Intel processors, Aberdeen re- search suggests that there are clear and distinct differences between and among the products, software, and service offerings of the leading Win- dows 2000 server providers. IS (Information Systems) buyers need to be aware of these differences in order to choose the best product and ser- vices providers to meet the computing needs of their respective enter- prises. How Aberdeen Evaluates Windows 2000 Suppliers Aberdeen evaluates Windows 2000 suppliers including Unisys ac- cording to the following five categories: 1. Scalability; 2. Reliability/availability; 3. Systems management; 4. Security; and 5. Professional services. Aberdeens Approach In order to fully appreciate how Unisys Windows 2000 offerings allow IS buyers to meet new enterprise needs, we also describe the key new and upcoming features of Windows 2000 itself: The improvements in scalability, reliability/availability, systems management, and security now available in the Windows 2000 operating environment; How Windows 2000, Windows.NET, and Intels Itanium chip set will evolve over the next 12 to 18 months particularly in the areas of scalability, reliability/availability, and manageability; and Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 2 The types of professional services that enable the deployment of Windows 2000 applications and infrastructures. Feedback As always, Aberdeen Group welcomes feedback and comments on the material presented in this report; e-mail comments to Research Director Tom Manter at manter@aberdeen.com. Additional Resources To assist readers, weve included two appendices: Appendix A lists ac- ronyms and abbreviations used throughout this report; Appendix B of- fers relevant Aberdeen research for further review. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 3 Chapter One
Executive Summary Unisys Windows 2000 platforms and services can be clearly differenti- ated from those of other top-tier Windows 2000 systems and services providers in the following areas: Scalability: Unisys offers an impressive Windows 2000 scale-up solution the ES7000 server which is capable of being con- figured with up to 32 Intel processors in a single system. Cur- rently, the ES7000 represents the industrys leading greater- than-8-way Windows 2000 server technology platform. Reliability/availability: Unisys offers mainframe-class partition- ing, clustering failover, comprehensive system management software, independent service processors, and hot pluggable everything. Security: Unisys offers specific security services that provide an integrated solution, including Unisys and third-party security components. Professional services: Unisys offers a unique combination of long experience in mainframe/data-center-class environments and a strong focus on Windows 2000 environments; it places particular emphasis on specialized consulting engagements for NT to Windows 2000 migration, Directory Services planning and deployment, designing high availability infrastructures, as well as enterprise applications such as SAP and CRM. Aberdeens overall assessment is that Unisys is particularly strong in providing a scale-up platform capable of taking the best advantage of Microsofts Windows 2000 Datacenter Server operating system (OS) and delivering Datacenter-class Windows 2000 services. Unisys strength in this area is due to its mainframe/data center heritage making it one of the few companies outside IBM able to draw from years of experience delivering mainframe computing solutions to mission-critical computing environments. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 4 Overall, Aberdeens research suggests that IS buyers should consider purchasing products and services from Unisys if they require the follow- ing: Reliable, highly vertically scalable, and flexible enterprise-class Windows 2000 platforms particularly for the purpose of con- solidating a large number of smaller Intel-based servers into fewer larger systems; An architecture that delivers investment protection by providing a simple upgrade path to Intels upcoming IA-32 and IA-64 processor technology; Windows 2000 design, deployment, and lifecycle management services; Assistance in integrating Windows with other, disparate operat- ing environments including Unix/RISC, Intel, Unisys proprietary, and other mainframe proprietary OSs; and Professional services expertise especially for large custom engagements. The subsequent sections of this report closely examine Unisys Windows 2000 product offerings, developmental directions, and support strate- gies. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 5 Chapter Two
Defining Enterprise Class: Windows 2000 in the Enterprise Aberdeen defines an enterprise-class system as a combination of hard- ware, software, and services that delivers attributes necessary to run a large enterprises business-critical and mission-critical applications. Combining feedback from IS executives and our own research, Aberdeen has determined that there are seven elements that contribute to building an enterprise-class system: 1. System scalability; 2. System reliability/availability; 3. System/subsystem manageability i.e., system, storage, and net- work; 4. System security; 5. Directory services; 6. Interoperability; and 7. Availability of qualified resources to design, deploy, and manage NT/Windows 2000 environments in an enterprise-class setting. Is Windows 2000 Enterprise-Ready? Over the last year, Aberdeen research has shown that increasing num- bers of Windows 2000 implementations are achieving enterprise-class characteristics in the real world. In fact, our research report Is Micro- softs Windows NT/Windows 2000 Enterprise-Ready? (January 2001) shows that some implementations are even achieving five nines, or 99.999%, reliability which translates into continuous uptime over the course of a year for all but a few minutes. An evaluation of NT/Windows 2000s enterprise-readiness based on those seven elements yielded the following conclusions: Scalability Although Intel/Windows 2000 servers still have to catch up to main- frames in per-processor performance, the technology is gaining ground Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 6 fast. In 1998, 4-way NT-based servers reached their performance limit in the 20,000 transactions-per-minute (tpm) range in the Transaction Proc- essing Councils TPC-C benchmark, but todays Windows 2000 SMP servers achieve 50,000 tpm-C in a single 8-way system and more than 600,000 tpm-C in a scaled-out clustered configuration. Aberdeen ex- pects single-server SMP (symmetrical multiprocessing) systems based on the Cellular Multiprocessing (CMP) Architecture to approach 150,000 tpm in the near term. As a high-performance back-end database server, the industry is already beginning to witness impressive Wintel (i.e., Windows running on an Intel-based server architecture) results delivering strong performance at a fraction of the cost compared to other SMP operating environments. As an example, the scalability and performance of Windows Datacenter Server on a Unisys ES7000 32-way server is demonstrated by a series of mySAP.com Sales and Distribution (SD) standard application benchmarks delivering an impressive price/performance advantage over alterna- tive platform choices (20,000 SD users at $44.16 per user compared with 19,360 SD users at $127.51 per user on a Sun E10000). Aberdeen also notes that Microsoft has also made significant advances in 64-bit-technology by 64-bit-enabling certain applications and its SQL Server database and that a 64-bit version of Windows 2000 (a special edition of Advanced Server) has been made available to support Intels mid-2001 release of the companys first Itanium 64-bit architecture. Moreover, 64-bit computing and the use of very large memory (VLM) configurations will dramatically increase the amount of data that can be held in main memory and thereby increase the processing power and scalability of Windows 2000-based applications, servers, and databases. Aberdeen research shows that certain hardware and software advance- ments are key to enabling these Windows 2000-based systems to reach enterprise-class performance and scalability levels, such as: Dynamic load balancing to improve quality of service (QoS) and deliver reliable performance expectations for a mix of mission- critical enterprise applications; CMP Architecture a hardware and software design that deliv- ers traditional mainframe capabilities to the Windows 2000 computing environment; The advent of greater than 8-way Intel servers and more effi- cient SMP scaling; and New switch-oriented system designs, as opposed to bus- oriented systems designs. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 7 Reliability/Availability Windows 2000 has involved dramatic client-side and server-side ad- vances in OS reliability. Aberdeen research has also shown that Windows 2000 can achieve even greater availability improvements, provided that: Applications meet the design and test criteria outlined by Microsoft; The systems management portfolio included with the NT oper- ating environment is enhanced through the use of third-party management software, tools, and utilities; and Proper datacenter operations management practices are observed. Manageability In Windows 2000, Microsoft has added several manageability extensions to simplify and automate previously manual management tasks. Espe- cially noteworthy is the Windows 2000 addition of Windows Manage- ment Instrumentation (WMI), which enables management to be per- formed via scripts. Further, Microsoft has improved its Microsoft Man- agement Console (MMC) and added IntelliMirror, Zero Administration for Windows (ZAW), and additional storage management features. Our research suggests that in order to qualify Windows 2000 as an en- terprise-class operating environment in a heterogeneous environment that includes non-Windows systems, Windows 2000 needs to be en- hanced with manageability products that allow for improved software distribution, lights-out backup/restore, better storage management, and better cross-platform manageability services. Security Windows 2000s Kerberos and PKI (Public Key Infrastructure) security scheme does not qualify by itself as an enterprise-class security environ- ment (i.e., one that comprises both Windows and non-Windows systems, with access supported from outside the enterprise). However, Aberdeen research shows that by supplementing Windows 2000 with third-party outside-the-firewall solutions, users can achieve enterprise-class security, especially if the security supplier provides integration between Windows 2000 security and outside-the-firewall products. Directory Services Windows 2000s Active Directory, when fully implemented, provides en- terprise-class directory services. Aberdeen research shows, however, that Active Directory implementation is a complex and time-consuming Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 8 process that can be dramatically improved by using third-party-supplier systems integration services. Interoperability Windows 2000s overall interoperability has improved to the point that it can operate effectively in a heterogeneous datacenter environment with the few exceptions noted previously. Effective use of third-party tools and services can overcome these last obstacles to full inter- operability. Enterprise Expertise The availability of enterprise-experienced, enterprise-savvy Windows 2000 design, deployment, and management personnel will be a major issue for years to come. Aberdeen expects that finding people with Ac- tive Directory experience, 64-bit Windows 2000 application design knowledge, or knowledge about how to deploy and operate Windows 2000-based servers in a lights-out data center environment will be espe- cially difficult in the near term until skilled professionals are able to be- come retrained and certified, as well as gain real experience with these new products. IS managers focus on the migration from NT 4.0 to Windows 2000 is further exacerbating this staffing and expertise avail- ability problem. Overall Conclusions Aberdeen concludes that, based on these factors, the successes of vari- ous Microsoft customers in installing and managing Windows NT/2000 in mission-critical computing environments, and feedback from Micro- soft partners and OEMs (original equipment manufacturers), todays Windows 2000 Datacenter Server is capable of being successfully de- ployed in enterprise, mission-critical computing environments but only if certain third-party tools and services are employed. Furthermore, we find that system suppliers possessing years of experience in deliver- ing mainframe and data center solutions e.g., Unisys are particu- larly well qualified to deliver Microsofts Windows Datacenter Server to- gether with special knowledge, tools, and skilled services.
Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 9 Chapter Three
Unisys Strategy for Building Enterprise-Class Windows 2000 Systems: CMP Architecture In 2000, Unisys launched a strategy aimed at bolstering the growth of its ES series (Unisys brand name for its Intel-based server product line) in the business-critical and mission-critical market segment. This strategy involved a number of initiatives focused on extending Windows 2000 beyond its traditional SME (small to medium enterprise) market and into the midsize and large enterprise. To achieve that goal, Unisys lever- aged its experience and knowledge of the Datacenter from years of serv- ing this segment of the industry, to deliver its CMP Architecture per- haps the first mainframe-capable platform architecture for Windows 2000. Additionally, in an effort to extend the value chain and establish the CMP Architecture as an industry standard, Unisys created the Unisys Strategic Partners and Technology Alliances program to broaden distribution and to deliver a total infrastructure solution to customers. Today, some of those partners include: Intel demonstrating a strong commitment to continue to de- liver the CMP architecture based on industry-standard IA-32 and IA-64 processor technologies; Microsoft working closely with Microsoft to deliver increas- ing performance and mainframe reliability for todays and to- morrows 32- and 64-bit Windows server OSs and key software applications; Oracle to ensure ongoing fine-tuning and performance op- timization of Oracles software tools, applications, and database technology in large scale-up ES7000 Windows Datacenter Server environments; SAP ongoing certification and performance optimization for one of the top ERP application solutions in the world; NetIQ and Computer Associates affording ongoing reliability and customer convenience associated with a comprehensive system and network enterprise management solution; Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 10 BEA combined Unisys and BEA solutions integrate Windows applications and architecture with Tuxedo/Java/Corba (Compo- nent Object Request Broker Architecture) environments on the ESx000 series; EMC, StorageTek, and DSI partnering with these storage technology providers allows Unisys to deliver, deploy, and im- plement a portfolio of storage and retrieval solutions designed for the availability and performance requirements of the busi- ness-critical and mission-critical enterprise-computing environ- ment; and Avanade a new company created by Microsoft and Accenture (formerly Andersen Consulting) to deliver leading-edge tech- nology and Internet-based solutions based on the Microsoft en- terprise platform. The partnership strengthens Unisys ability to deliver mainframe-class enterprise capabilities of the ES7000 and the Microsoft Windows 2000 Datacenter Server OS, as well as Microsoft .NET Enterprise Server applications. Finally, Unisys initiative to establish the CMP architecture as an industry standard is further advanced through OEM relationships that allow key Windows OEM suppliers Dell, Hitachi, and ICL to sell, support, and add unique value to the CMP server architecture under their own labels. Unisys offers an impressive Windows 2000 scale-up solution the CMP- based ES7000 server which is capable of being configured with up to 32 Intel processors in a single system. Currently, the ES7000 represents the industrys leading greater than 8-way Windows 2000 server technol- ogy platform. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 11 Chapter Four
Unisys and Windows 2000 Scalability As noted previously, IS buyers should look for certain key technologies when assessing the ability of a Windows 2000 system to scale: Performance clustering; CMP an innovative hardware design based on Unisys scalable crossbar interconnect technology capable of 20 gigabytes (GB) per second sustained memory bandwidth and bringing main- frame-like characteristics to the industry-standard Intel-based Windows platform; The advent of greater than 8-way Intel-based servers and more efficient SMP scaling; and New switch-oriented (rather than bus-oriented) system designs. Unisys has designed an impressive Windows 2000 scale-up architecture CMP, specifically the ES7000, server that can be configured with up to 32 Intel processors in a single system. Currently, the ES7000 server represents the industrys leading greater-than-8-way Windows 2000 server technology platform. The ES7000 offers the following: Up to 32-way SMP scaling within a single system taking a leading role in delivering vertical scalability technology; The Unisys CMP architecture supporting greater scalability for high-end Windows 2000 servers with multiple-purpose loads; A switch-oriented interconnect structure designed to deliver higher performance and improved load balancing compared to todays bus-oriented design; and Clustering for scale-out scalability. In the following section, we discuss why these Unisys ES7000 servers should therefore deliver exceptional scalability. Scaling for Performance Systems designers achieve system scalability particularly by using SMP, clustering, CMP, NUMA (non-uniform memory access), and a distributed clustering approach often called scale-out. Scaling-out enables the Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 12 performance aggregation of a collection of industry-standard servers to achieve the highest possible scalability levels. Scale-out is frequently compared with the scale-up approach that relies on larger, more pow- erful single systems to deliver the scalability needed for very large data- base workloads or scientific applications requiring massive computa- tional resources. Table 1 describes the differences in each approach to system scalability. As Table 1 indicates, there are multiple approaches to scaling a systems architecture, and each approach has advantages and disadvantages. IS buyers and strategic planners should note that Microsofts Windows 2000 operating environment, at this juncture, supports both SMP and CMP scaling approaches. Table 1: Achieving Windows 2000 System-Level Scalability CMP Architecture Multiprocessing Options CMP Architecture CMP SMP Single Bus SMP cc NUMA Performance Clustering CMP Shared- Memory Clustering Single OS/DBMS/ application Single OS/DBMS/ application Single OS/DBMS/ application Multiple OS/DBMS/ application Multiple OS/DBMS/ application Uniform memory access Uniform memory access Non-uniform memory access No visibility of other memories No visibility of other private memories 64 GB of memory Single memory SCSI-connected CPUs and memories LAN-connected CPUs and memories Shared-memory connect CPUs and memories 4 to 32 CPUs Typically four CPUs (capable of more) Up to 256 CPUs Typically two to four nodes of four or eight CPUs Typically two or four nodes of four or eight CPUs 8-way partitionable Single system only Partitionable Nodes can be separated Nodes can be separated Failed 4 can be isolated Little resiliency Failed 4 can be isolated Failed node can be isolated Failed node can be isolated Standard for multiprocessing applications Standard for multiprocessing applications Requires OS of application knowledge of NUMA Applications may need to change to compensate for LAN latency Reduced latency may prevent need for applica- tion change Source: Aberdeen Group, August 2001 Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 13 Unisys CMP Architecture has several features that allow industry-leading scale-up: The ability to scale past 8-way SMP to 32 processors using Intel-processor-based quad building blocks (4-processor modules) instead of single processors. Up to 64 GB of uniform access main memory, with 20 GB of system bandwidth for up to 16 GB memory storage units (MSUs). Up to 256 MB of third-level cache (16 MB for IA-32 and 32 MB for IA-64, per quad). Crossbar switching a mainframe-proven scale-up technology used to communicate between memory, processors, and I/O components instead of the traditional PC-server bus. Up to 96 PCI (Peripheral Component Interconnect) buses for I/O. Static hard partitioning such that each quad (or group of quads) can operate as a separate system with its own copy of the OS software; soft partitioning to enable optimization of resources within a partition, which can occur through scripts or be initiated by an operator through MMC; and (when Mi- crosoft adds support in Windows Datacenter Server) dynamic partitioning, enabling assignment, reassignment, and the shar- ing of system resources as the requirements of an application changes without interruptions to processing. (Dynamic parti- tioning is already designed into the Unisys ES7000 hardware.) Applications and Database Scaling Industry criticism regarding NT/Windows 2000 application/database- scalability limitations has been largely focused on database sizing. How- ever, the real issue in NT versus Unix, AS/400, and mainframe database scalability has more to do with the ability to address VLM. Before the advent of the Pentium II Xeon, Intel processors limited the ability of any operating environment to address more than 4 GB of main memory. Since the advent of Intels new Physical Address Extension (PAE) feature, the new processors are now capable of 36-bit addressing. The PAE change in Intel processors increases the memory addressing ability from 4 GB to 64 GB. Although PAE 36-bit addressing is a change in processor technology, an OS must be designed to support it in order to take advantage of this ca- pability. Microsoft has built 36-bit addressing support into the Windows 2000 kernel. This feature, however, is only active in two versions of Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 14 Windows 2000. The Advanced Server edition will support up to 8 GB of main memory, whereas the upcoming Datacenter Server edition will al- low the maximum capability of 64 GB enhancing the performance of Unisys ES7000 series, which already provides 64 GB. By making use of 64 GB of memory, Windows 2000 is able to place a much greater amount of data in memory. This ability allows for more expeditious processing of large volumes of data and other workloads in memory that are closer to the processor rather than having to do many read/writes to disk to process a given workload (Figure 1). Microsoft finds that the current 1 GB cache gives the SQL Server a transaction per- formance boost of 21% and estimates that using 64 GB of memory would provide a 100 times performance boost in some applications a conjecture backed up by other suppliers testing. Figure 1: The Benefits of 36-Bit Memory Addressing
Source: Aberdeen Group, August 2001 4GB Main Memory 32-bit Addressing 200 GB for Most; 1-2 Terabytes in DataWarehouses up to 64 GB Main Memory 36-bit Addressing 5-50 or more Terabytes 4GB Main Memory 32-bit Addressing 200 GB for Most; 1-2 Terabytes in DataWarehouses up to 64 GB Main Memory 36-bit Addressing 5-50 or more Terabytes Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 15 Windows 2000 Performance: Near-Term Directions IS strategic planners need to be aware of several important architectural and product enhancements that will affect Windows 2000 scalability over the next 18 months: The amount of processing power that can be harnessed (by off- loading the CPU from having to handle communications and networking tasks); The amount of data that can be processed in main memory; and How workload can be balanced across multiple processors to increase overall system performance while making maximum use of an enterprises investment in processing power. InfiniBand: Offloading I/O Tasks One method for increasing overall systems performance is to design a systems architecture that frees the CPUs from having to handle commu- nications and networking tasks. By front-ending communications and networking tasks, back-end processors can be dedicated to number crunching, transaction processing, batch processing, and other comput- ing tasks. This concept is not really new. It was first introduced decades ago and has evolved into a powerful input/output (I/O) architecture built into todays Unisys mainframes. In 1998 and 1999, various industry consortia set out to define a com- mon standard for front-ending Intel-based Windows environments in other words, they set out to create a common standard for handling communications and networking I/O. The consortia Next Generation IO (backed by Intel, Dell, and Sun) and FutureIO (backed by IBM, Com- paq, and HP) have chosen to combine their efforts into one common new standard, initially called System I/O, but now known as InfiniBand. InfiniBand is a new-generation I/O architecture that will transition the industry from the prevailing PCI-bus-oriented technology to a new stan- dard. Using a technique called switched fabric, the InfiniBand archi- tecture will carry traffic from server CPUs to peripherals and other serv- ers. This new high-bandwidth scheme uses up to 12 separate wires, each transferring data at 2.5 GB per second. Standard configurations use 1, 4, or 12 wires for up to 30-GB/second transfer rates. The tech- nology will provide a faster, more reliable method to connect peripher- als to servers and to connect servers to each other, providing up to three levels of redundancy. Besides increasing the transfer data rate, the bene- fits of the InfiniBand architecture are twofold: It removes the I/O sub- systems from inside the main system unit, allowing suppliers to design Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 16 rack systems with much higher density form factors; and its inherent de- sign will allow bandwidth to increase as the number of I/O ports in- creases a shortcoming with todays PCI technology. When incorporated into servers in late 2001, InfiniBand will be deployed first into large enterprise data centers where the greatest need exists for expanded I/O bandwidth and performance headroom. IS strategic plan- ners, managers, and buyers should understand that this type of I/O archi- tecture could feasibly increase the amount of processing power available in a typical Intel server by 30% to 100% (application dependent). That enables IS buyers to realize a significant performance gain without having to upgrade their enterprises computer systems. Unisys anticipates sup- porting InfiniBand when it arrives. More Processing Power with 64-bit Computing Like Windows NT, the current release of Windows 2000 is a 32-bit oper- ating environment and, as such, the processing power of Windows NT/2000 systems today is limited compared to that of more powerful 64- bit RISC processor architectures such as Compaqs Alpha, IBMs Power, HPs PA, MIPS, and Suns Sparc. Meanwhile, Unix, AS/400, and main- frames can make use of 64-bit computing power. As a result, these 64- bit systems can process more data faster giving these systems the abil- ity to potentially process petabytes of data in main memory. Full production OS-level 64-bit computing will not be available until Microsoft releases its 64-bit Windows.NET server editions expected in the first half of 2002 with the release of Intels IA-64 processor, code- named McKinley. Ultimately, the advantage of 64-bit computing is two- fold: First, it allows for faster processing of instructions and data due to its ability to handle larger word lengths (32-bit versus 64-bit) and its ability to look ahead and also execute instructions simultaneously; and, second, its architectural design makes it a much better multiproces- sing computing environment. In the meantime, Microsoft has made available a 64-bit version of Win- dows Advanced Server Limited Edition to support enterprises working with Intels release of its IA-64 Itanium processor in mid-2001. Windows 2000 64-bit application programming interfaces (APIs) will be supersets of Windows NT 32-bit APIs. Microsoft is engineering a 32-bit subsystem within 64-bit Windows 2000 to allow the function of 32-bit applications on Intels IA-64 architecture. Three key technologies will converge, im- pacting IS managers in the enterprise computing arena over the next two years: Windows.NET for 64-bit computing, Intels IA-64 architec- ture, and InfiniBand (Figure 2). With its large main memory support, Unisys is well positioned for these developments. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 17 Load Balancing/Partitioning A critical element to delivering mainframe-like scalability and flexibility is providing support for load-balancing and dynamic-partitioning fea- tures. Load balancing and dynamic partitioning are important consid- erations from a scalability perspective because they allow Windows to scale by assigning and reassigning compute resources without interrupt- ing the system to garner more processing power on demand. Today, Windows 2000 provides only static and soft partitioning capabilities. Aberdeen expects that future versions of Microsofts Windows Server OS will allow for dynamic load balancing and partitioning of server envi- ronments. By scaling-out, load balancing allows Windows 2000 users to garner ad- ditional processing power by automatically finding additional processing capacity located within a given Windows 2000 clustered environment. Dynamic partitioning within a scale-up environment allows a burdened partition to locate additional processing power within the same system rather than on another system within the cluster. Aberdeen finds that Unisys is working closely with Microsoft to imple- ment dynamic partitioning features into Windows Datacenter Server us- ing the Unisys CMP-architecture-based ES7000 32-way as the develop- ment platform. Until full dynamic partitioning becomes available on a Figure 2: Windows Server OS-Related Planned Technology Events Source: Aberdeen Group, August 2001 Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 18 future release of Windows, OEM suppliers like Unisys are able to deliver a certain degree of partitioning capabilities by implementing a combina- tion of static hard partitioning and soft partitioning. Static partition- ing enables assignment of key resources within a server (limited, of course, by the size of the server). Soft partitioning enables the on-the- fly assignment and reassignment of available resources within a parti- tion (limited by what has already been assigned by static partitioning). In todays environment, OS platforms need to be capable of providing load balancing for all tiers of these Web-based applications. By the end of 2001, Aberdeen expects Windows 2000 to be capable of providing load balancing for incoming TCP/IP (Transmission Control Protocol/ Internet Protocol) client connections with network load balancing and component load balancing for COM+ objects, which will further en- hance Windows 2000 scalability. Unisys ability to provide static parti- tioning puts it in an especially good position to support dynamic parti- tioning when Microsofts load balancing and partitioning technologies arrive. Scaling out with ES7000 Clustering When Microsoft Cluster Services (MSCS) was first introduced, systems were typically clustered to provide higher availability by providing failover backup. (An application would fail over to a reserved backup server if the primary server failed.) Today, with special software, compa- nies like Unisys can offer cluster configurations that are also able to in- crease scalability by allowing additional systems to be added as more processing power is needed. Whether clustering discrete systems or clustering processors on a parallel machine, clustering can provide the following benefits: Workload balancing among systems in the cluster; Access to data and shared devices in the cluster; Communication between systems in the cluster; A single point of control and management for the cluster; and High availability of the applications by monitoring for failures and initiating recovery mechanisms. Unisys provides clustering both within the box (between partitions) and out of the box (lashing several ES7000s together to achieve more-than- 32-processor scalability). Thus, Unisys ES7000 series can offer excep- tional scale-out capabilities when its clustering is combined with up-to- 32-processor SMP. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 19 Aberdeen Findings As a result of interviews conducted with IS managers, Aberdeen has found that many IS managers charged with running back-end, enterprise computing environments prefer to use vertically scaled systems rather than distributed, clustered systems to run their mission-critical comput- ing environments. The logic behind the desire for a single-box, large system is that vertically scaled systems tend to present IS managers with a single systems image that is more easily managed than multiple, dis- tributed systems. In addition, vertically scaled systems have all re- sources located in one place rather than geographically distributed in a cluster. But Aberdeen observes that these IS managers scalability requirements can be satisfied by implementing a cluster architecture like Unisys, con- figuring all the nodes in a rack cabinet conveniently located in a single location, and deploying systems management software like Unisys cluster management software designed to simplify management of a cluster environment and present a single system view to the administra- tor. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 20 Chapter Five
Unisys and Windows 2000 Systems Reliability/High Availability IS managers have told Aberdeen that, in the past, the greatest obstacle to Microsofts NT operating environment ascendancy in the enterprise was the reliability of the operating environment. Under certain conditions, Windows NT was known to issue the infamous blue-screen-of-death to let users and administrators know that an application or system service had terminated sometimes resulting in lost data, but almost always re- sulting in user inconvenience. And, due to the potential for system fail- ure, many IS organizations shied away from using Windows NT in mis- sion-critical application environments. But, Windows 2000 is showing impressive out-of-the-box reliability figures (Table 2). Table 2: Windows 2000 Reliability Six-Month Moving Average
Customer
Uptime
Runtime (years) Average Downtime (hours per year) 1 99.949% 33.9 4.47 2 99.949% 8.7 4.47 3 99.955% 162.0 3.94 4 99.992% 5.4 0.70 5 99.969% 15.9 2.72 6 99.988% 10.6 1.05 7 99.936% 73.2 5.61 8 99.935% 18.2 5.62 9 99.996% 4.1 0.35 10 99.967% 4.5 2.89 Totals 99.964% 33.65 3.19 Source: Aberdeen Group and Microsoft, January 2001 Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 21 These figures are especially interesting because most of the enterprises that were surveyed: Had not fully optimized Windows 2000 for availability; Used multiple versions of Windows 2000 (release candidates one and two, then the release to manufacturing version); and Were still building expertise and familiarity with the product. In other words, initial adopters are achieving solid reliability/availability results on out-of-the-box Windows 2000 using the raw OS. As IS buyers gain more experience with Windows 2000 and confidence that the Windows 2000 OS is indeed inherently more reliable than pre- vious versions the demand for even higher levels of Windows 2000 high availability (HA) will increase. Aberdeen has already seen several cases in which Windows IS buyers are insisting on 99.999% system avail- ability to run mail-and-messaging applications; in years past, mail-and- message was not necessarily considered a mission-critical application that required HA on the back-end (Table 3). Due to several HA enhancements in Windows 2000, and new uses for Windows operating environments in mission-critical scenarios, it is im- portant that Windows 2000 systems suppliers be able to articulate their Windows 2000 HA plans in order to meet expected market demand. Table 3: Categorizing High Availability System Availability Average Downtime per Year Off-the-shelf Windows 2000 Server 99.9% 8 hours Passive Redundancy (e.g., failover clusters) 99.99% 50 minutes Active Redundancy (standard components) 99.999% 5 minutes Source: Aberdeen Group, August 2001 Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 22 OEM system designers generally augment Windows 2000 platforms from an availability/reliability perspective in one or more of five ways: 1. By clustering systems using a secondary system for failover pur- poses; 2. By building hardware redundancy within a single system enclo- sure such that if one component fails, another component in the same system can replace the failed component an ap- proach known as hot failover; 3. By building redundant modules that are also hot-swappable, which makes it possible to replace failed hardware while the system is still operating (examples include hot-swappable PCI cards, power supplies, and cooling fans); 4. By instituting extensive systems integration and testing certifica- tion programs to ensure complete hardware and software com- patibility and reliability; and 5. By integrating hardware and software solutions with services such as planning, installation and setup, technical support, and an upgraded warranty for a complete, integrated solution (dis- cussed in Chapter Eight), and by providing software to manage multiple clusters from a single console (discussed in Chapter Six). Unisys wraps solutions around its ES7000 to offer an exceptionally strong suite of HA features that improve availability in all five ways, in- cluding: Redundant configurations that allow rapid SMP-based switch- over to a running processor, memory module, or storage component from a failed one; N+1 power and cooling as well as multiple power domains to ensure continued operation even if a single power supply fails; Full hot pluggability that allows users to swap components or pods (four-processor systems) while the rest of the system continues to run; ECC and data path checking; In-box and out-of-box clustering and clustering-based failover; and Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 23 Independent service processors, dedicated processors that per- form recovery actions, maintenance, and remote call-home in- vocation of Unisys service experts automatically (a redundant second independent service processor can also be configured). Three Factors Contribute to Windows Operating Environment Instability From Aberdeens perspective, three factors contribute to instability in Windows NT and Windows 2000 operating environments: 1. Applications design; 2. Systems management and security enhancements; and 3. Improper data center operations management practices. In a January 2000 research report, Is Windows NT/Windows 2000 Enter- prise-Ready?, Aberdeen found that application conflicts were one of the biggest reasons that NT-based systems failed. These conflicts were caused by failure of program designers to write to spec, i.e., follow the application design conventions Microsoft recommends. And this prob- lem applies to both designers of custom code as well as to designers of packaged code for instance, packaged ERP or Customer Relationship Management (CRM) applications, or even device drivers. Aberdeen also found that another critical element in Windows NT and Windows 2000 system availability is related to how systems are managed, secured, and maintained. In Is Windows NT/Windows 2000 Enterprise- Ready?, Aberdeen recommended that Windows NT and Windows 2000 be augmented with additional systems management and security soft- ware to bring the operating environment into the enterprise class. Moreover, Aberdeen recommends that IS managers observe proper op- erational practices in order to avoid catastrophic systems failures (for instance, IS administrators must not be given the right to load unquali- fied code on production systems, as the chances of system failure rise dramatically). Aberdeen suggests that if (1) applications are written and tested properly; (2) the Windows operating environment is augmented with additional management and security packages; and (3) proper op- erational procedures are observed, IS managers would find the Windows operating environment fully capable of performing in the 99.999% range from an availability perspective. Unisys finds that its ES7000 Windows 2000 systems can achieve 99.9% availability out of the box by proper preconfiguration. Unisys inde- pendent service processor applications aim to augment Windows with Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 24 additional administrative tools, and Unisys HA service aims to improve operational procedures and advise users on Windows 2000 application development. Windows 2000 Reliability/Availability: State of the Market Aberdeen discussions with Microsoft indicate that the company has made considerable efforts to ensure that Windows 2000 can run reliably. First, the company has redesigned elements of the OS to handle con- flicts better enabling applications to recover transparently and ele- gantly. Microsoft has put forward considerable effort in qualifying de- vice drivers to eliminate or minimize device driver conflicts. And the company has worked closely with its OEM partners to better qualify sys- tems and peripherals to help reduce failures and ensure high degrees of system availability. Improvements in the operating environment that help yield greater reli- ability include enhancements to Windows file protection, Windows in- staller, and dynamic system configuration. Under Windows NT, each application is able to run in its own memory space. The Windows 2000 operating environment not only allows applications their own memory space, but it also affords additional protection for applications by pre- venting users from deleting or changing system files. And Windows 2000 can also repair system files if they are inadvertently damaged by deleting accidental changes, retrieving a correct version of the file from cache, and restoring the corrected version to the system folder. In Windows NT, if an application had been installed improperly it could damage or destabilize an entire system. Under Windows 2000, the en- hanced version of Installer will self-repair (on the fly) applications that are being loaded. For instance, if a newly loaded application creates a conflict with an existing data link library (DLL), Windows Installer will correct the problem and insert the newer DLL in a new folder. With respect to improvements in system configuration, Windows 2000 helps reduce the number of system restarts by improving how hardware and software are installed: Systems administrators no longer need to restart their systems after new software is installed; and, because Micro- soft has instituted a certification program for hardware drivers, the number of failures and complications related to dynamic system con- figuration can be reduced. In the past, adoption of improperly qualified device drivers was a major source of system conflicts that usually com- promised overall systems availability perhaps accounting for up to 25% Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 25 of all system failures. In addition, security applications such as virus checkers were also major contributors to Windows NT system crashes. Second, to improve system reliability and ensure that applications and device drivers will work with Windows 2000, Microsoft has taken at least two major actions. One is that Microsoft has added a new feature in the Windows 2000 operating environment that searches for a signature and certifies that Microsoft has tested and approved a particular device driver. This feature should help eliminate many device driver- and ap- plications-related failure issues. The other is that Microsoft has imple- mented the Windows Datacenter Program a strict, rigorous server cer- tification program for systems suppliers seeking to offer Windows 2000 Datacenter Server systems. This program requires that major systems suppliers like Compaq, Dell, HP, IBM, and Unisys configure hardware and preload all of the software that an IS manager needs, and then cer- tify the complete system. Naturally, this effort requires a considerable investment in process and continued support by a supplier, which no doubt limits the number of system configurations they will certify. Ensuring Hardware High Availability A clustering environment essentially consists of a redundant server and potentially redundant network/storage connections, as well as OS-level software that allows for systems/application failover should the primary server fail. Systems can go down through either unplanned outages or planned outages. Clustering can address both. As systems become more complex, planned outages come into play with OS upgrades, ap- plication upgrades, and preventive maintenance. A cluster allows a business to keep going during a planned outage, so an IS manager can consciously take one of the nodes out of the equation. That might have an impact on the performance of the overall cluster, but not the avail- ability. People can continue working on the nodes that are still up while IS managers perform whatever work is needed on the downed system. Applications requiring HA range from those that enable core business services to those that provide analysis and insight for business growth. These processes, once reserved for high-end systems with proprietary OSs, are increasingly supported on Windows NT/2000-based intranets and enabled for Internet access. From a systems architecture perspective there are, at present, two Microsoft-sanctioned approaches to building HA Windows NT and Win- dows 2000 systems architectures: high-availability clustering and parti- tioning (Figure 3). Most systems suppliers have developed expertise in HA clustering today; partitioning will allow suppliers of single system environments to ensure system HA in the future. Unisys ES7000 offers Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 26 notable functionality in both HA clustering and partitioning, as de- scribed previously. A HA or fault-tolerant clustering environment essentially consists of a redundant server (and potentially redundant network/storage connec- tions) and OS-level software that allows a failed system to fail over to backup server. A clustering environment can be configured to fail over between separate servers or to fail over between partitions within the same physical server. A partition is a designated area within a single server that allows applica- tions to run as if on a dedicated computer. A partition can create a logi- cal alternative system should a failover need to occur, but does not re- quire the IS buyer to purchase a completely redundant system to ensure failover. Partitions have been used in mainframe computers for decades and on some Unix servers of late to deliver high system availability to provide system resource assignment flexibility. Aberdeen notes that Mi- crosoft Windows Datacenter Server provides static partitioning capabil- ity, allowing partitions to be defined within a single physical server. Naturally, the more compute resources available in a server (i.e., proces- sors and memory) the greater the flexibility partitioning a system (and the more partitions that can be defined). Figure 3: Windows NT/2000 HA Clustering and Partitioning
Source: Aberdeen Group, January 2001 Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 27 Windows 2000 Reliability/Availability: Near-Term Futures Aberdeen notes that for years Microsoft has directed its customers and OEMs toward clustering architecture as the means to address system- level HA. Every major supplier of NT-based systems/servers including Compaq, Dell, Hewlett-Packard, IBM, and Unisys now offers Windows 2000 HA clustered solutions. The upside is that HA Windows 2000 clus- ters work well though, at present, they require a lot of intricate script- ing and are complicated to install; the downside of this approach is that it requires users to purchase another Windows 2000-based server to be used primarily as a backup server. In the future, it is expected that the complexities of installing HA clustered systems will be reduced signifi- cantly. IS buyers need to be aware that some of the previously mentioned sup- pliers already offer HA extensions that simplify the installation of Win- dows 2000-based servers. Unisys, for instance, provides its customers with access to numerous prequalified scripts, while IBM has moved some of its HA code from other operating environments and uses it to augment Windows 2000 availability. Other suppliers such as Compaq and Dell have standardized the most popular configurations by pre- packaging HA Windows 2000 cluster solutions so that IS managers can more easily choose and deploy NT-based HA clusters. But each supplier has a special approach, technologies, and scripts for simplifying cluster systems installations. Microsoft is working on creating standard ap- proaches to rapidly deploy systems and clusters and is being pushed especially hard by application service providers (ASPs) in order to enable those ASPs to rapidly deploy large server farms of Windows 2000 servers. In future revisions of NT/Windows 2000, IS managers can expect OEMs and Microsoft to turn their attention to Windows 2000 partitioning, thereby making it possible to create a Windows 2000 HA operating envi- ronment that can run in a large, single-server environment and elimi- nate the need to purchase multiple, redundant systems to architect HA Windows 2000 clustered solutions. Aberdeen Findings Because of the companys industry roots, Unisys has long experience in the data center and, therefore, possesses tremendous enterprise exper- tise in architecting highly available, enterprise-class systems. Aberdeen notes that the ES7000 server product line has benefited favorably from Unisys program to bring those technologies from its mainframe systems Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 28 resulting in enterprise-class reliability and improved flexibility through partitioning. Specifically, Unisys HA features differentiate ES7000 solu- tions in the degree of hot swappability, ability to fail over more rapidly across partitions, and independent service processors that provide an extra layer of ability to detect problems with minimal overhead (and, again, fail over rapidly). Furthermore, Unisys delivers a strong enter- prise management infrastructure a critical prerequisite to achieving HA providing value-add management software linked into Microsoft Management Console and NetIQ. The company also leverages enter- prise management frameworks from leading industry suppliers (Com- puter Associates Unicenter, IBMs Tivoli, HPs OpenView, and BMCs PATROL). Moreover, Unisys has the depth of engineering, breadth of product line, heritage, experience, and commitment to the enterprise and data center, as well as a professional services organization that understands and can deliver a Windows 2000 HA solution to the marketplace. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 29 Chapter Six
Unisys and Windows 2000 Systems Management Aberdeen observes that as networks expand and become more complex, managing them becomes increasingly difficult. System and network ad- ministrators are overwhelmed as they find they need to support new network services and capabilities. Aberdeens research indicates that IS managers identify three criteria as prerequisites for managing their en- terprise-computing environment: 1. Centralized administration and control over all things within the enterprise computing environment, i.e., servers, clients, network hardware, storage devices, users, application software; 2. Implementation of a directory that integrates the entire enter- prise; and 3. A common graphical user interface (GUI) console with tools that give administrators the ability to work across a heterogene- ous environment. Driven by the belief that improved manageability lowers total cost of ownership (TCO) for Windows-based servers and thereby results in an even more appealing value proposition to IS buyers, Microsoft has ex- pended considerable effort and invested heavily in research and devel- opment related to improving the overall manageability of Windows op- erating environments. From Aberdeens perspective, with the release of Windows 2000, Micro- soft has made huge strides in improving Windows manageability espe- cially in the areas of change and configuration management, group pol- icy, support for roaming users, and centralized administration. But, de- spite these improvements, in order to deploy Windows 2000-based sys- tems in an enterprise business-critical environment, most IS managers will still need to augment the basic operating environment with addi- tional tools, utilities, applications, scripts, suites, and/or framework products. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 30 Additional products, tools, and utilities that augment Windows 2000 manageability can be found in three places: 1. Tools, utilities, and scripts are available in packaged form on the open market from third-party independent software vendors (ISVs). 2. Management applications, scripts, and tools are available from some OEMs. For instance, Compaq offers Insight Manager, HP has TopTools, IBM provides IBM Director, Dell offers its Open- Manage management solutions, and Unisys provides Unisys Server Director bundled with all ES5000 and ES7000 servers. 3. On a grander scale, some management solutions can be found in the form of enterprise suites in products such as Bulls Inte- grated Systems Management, Computer Associates Unicenter, HPs OpenView, and IBMs Tivoli. Windows 2000 Systems Manageability Today In the past, Microsofts Windows NT-based management focused primar- ily on the management of Windows-based environments over a LAN. Some useful utilities were provided through the MMC and systems man- agement server (SMS), primarily aimed at helping to manage desktops, distributed servers, and networks. But most critics agree that the tools and utilities that Microsoft offered were not very sophisticated, nor were they flexible; and the NT-based systems management tools did not lend themselves to easy customization for automating repetitive administra- tive tasks. Finally, tools, utilities, and applications for effectively manag- ing remote systems were lacking. Compounding this scenario, Microsofts hierarchical DNS directory ser- vices required a high degree of administrative support, and much of the workload involved in maintaining this directory was repetitive in nature. Due to the lack of a powerful, object-oriented database, it was difficult to enable Windows environments to manage other devices, peripherals, and user rights and privileges (or establish policies and procedures for managing groups of people). With the release of Windows 2000, Microsoft introduced multiple man- ageability improvements that help to alleviate the previously mentioned problems. These improvements can be found in: 1. Systems Management Server 2.0, which now allows for more granular file and software distribution along with other en- hanced systems management features; Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 31 2. Active Directory, which enables Windows 2000 to manage peo- ple, policies, and procedures using object technology; 3. TermServer, now part of the standard operating environment (it delivers functionality that allows for better remote systems management); and 4. IntelliMirror, which provides the ability to establish profiles that follow roaming users. These technologies are at various levels of maturity. But, taken as a whole, they represent a significant advance in overall systems manage- ment capabilities and accordingly should help to lower significantly the TCO for Windows 2000-based systems, servers, and desktops. Manageability Enhancements for Windows 2000 As Figure 4 illustrates, IS managers can now manage a wide range of Windows 2000 objects (e.g., servers, desktops, peripherals, networks, and applications). Figure 4 depicts a conceptual framework within which any management infrastructure can be modeled. Further, the il- lustration makes use of a standard, published convention known as the Common Information Model (CIM) to provide a basis for management application development. CIM is an object-oriented information model defined as a standard within the Distributed Management Task Force (DMTF). As an industry standards organization, the purpose of the DMTF is to lead the development, adoption, and unification of man- agement standards and initiatives for desktop, enterprise, and Internet environments. CIM is a conceptual information model for describing management that is not bound to any particular implementation. This framework also allows for snap-in scripts to automate manage- ment tasks, and it provides all of these additional features through a common user interface. Within Windows 2000, a management tool, util- ity, or application can make use of the MMC. Active Directory As NT evolved and entered into enterprise computing environments, its NT manageability came under close scrutiny by the consultant, analyst, and press communities and with good reason. The more sophisti- cated management facilities needed for the management of Windows NT, and now Windows 2000, servers as data-center-class devices have not been included in previous revisions of the operating environment. However, until recently, NT servers lacked the power and scalability to wield a major influence as enterprise-class servers. All of that has changed as the combination of more power and headroom meets with Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 32 significantly better manageability associated with Windows 2000 and its Active Directory Service. Probably the most significant change in Microsofts Windows 2000 man- ageability is the addition of Microsofts Active Directory. In Windows NT, IS administrators were limited to using a labor-intensive, flat file direc- tory schema known as DNS to manage devices within a Windows-based network. Active Directory offers an extensible, scalable directory service with hierarchical views and distributed security. Active Directory can store information such as user names, passwords, phone numbers, and other data in a structured database called a data store, which is repre- sented by objects that have attributes or properties. For example, a user account can be an object in an Active Directory, and the users name, password, and phone number stored as attributes of that user. Active Directory gives IS administrators the ability to query an object da- tabase to learn about individuals and devices that use the network. It also provides an access control list (ACL) that determines permissions and protects access to objects in the Active Directory database. In short, Active Directory offers far greater control and knowledge about devices, users, and privileges than under NDS (Netware Directory Services). Figure 4: Windows 2000 Manageability Framework
Source: Aberdeen Group, August 2001 Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 33 Microsoft Management Console and the Common Object Model Aberdeen has long contended that Windows NT is quite adequate for managing populations of Windows PCs attached via a LAN. But the MMC lacked customization capabilities; in short, it did what it did, and thats all. Windows 2000 allows systems administrators to employ Mi- crosofts Common Object Model (COM) objects to create snap-ins i.e., scripts that allow the MMC essentially to be customized to perform certain management functions automatically for systems managers and administrators. From Aberdeens perspective, this is a huge improve- ment for Windows systems manageability administrators can now more easily automate functions that previously have been manual. Systems Management Server and IntelliMirror Microsofts Systems Management Server 2.0 provides a broad array of new capabilities and more granular control over file and software distri- bution aimed at providing a richer systems management environment for a Microsoft Windows-only system. (The one exception is its support for Netware Directory Service environments.) A key feature in SMS 2.0 is that it has been designed to collect data in a CIM format. That means SMS 2.0 has access to data from many sources, including Win32, SNMP (Simple Network Management Protocol), and DMI (Desktop Manage- ment Interface), and systems administrators now have a much richer col- lection of inventory information available. SMS 2.0s tight integration with Windows 2000 means that it uses both Windows Management In- strumentation and the MMC as core services. The addition of SMS 2.0 brings a heightened level of systems management sophistication to Win- dows 2000, providing software distribution/application publishing, in- cluding scheduled distribution/metering with synchronized rollback and reporting across heterogeneous Windows environments. Microsofts IntelliMirror technology for Windows 2000 makes it possible for administrators to define a consistent desktop environment for groups of users and automatically maintain that environment by policy. However, indications suggest that administrators will find implementa- tion of Active Directory group security difficult. To aid in this effort, Microsoft is offering Group Policy Templates. Likewise, IntelliMirror allows users to implement roaming user support whereby as in the case of network computers, an end-user can move from machine to ma- chine and be able to use the same customized desktop environment, files, and applications. IntelliMirror technology can support swapping out a failed machine rapidly to minimize loss of end-user productivity. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 34 Other Important Improvements in Windows 2000 Manageability Other important initiatives include WBEM (Web-based Enterprise Man- agement) and Windows Management Instrumentation (WMI). Compaq, BMC Software, Cisco, Microsoft, and Intel first introduced the WBEM proposal several years ago, and it is now a formal program driven and managed by the DMTF industry standards organization. The WBEM initiative is based on a set of emerging Web-based technologies devel- oped to unify the management of enterprise computing environments. The DMTF has developed a core set of standards that make up WBEM, which include a data model, the CIM standard, an encoding specifica- tion, and a transport mechanism. Windows 2000 also contains a structured set of instrumentation ser- vices, one of which is WMI. WMI provides a bi-directional access mechanism that brings together management data from hardware, driv- ers, and applications, passing the data into a consistent management in- formation store following the DMTFs WBEM standard and CIM frame- work. Thus, WMI can serve as a management core and management data-access mechanism for multiple administrative tools, much as SNMP and management information base (MIB) serve as common glue for Unix systems administration. This functionality will make life simpler for ad- ministrators seeking to coordinate NT and Windows 2000 administrative tools from multiple suppliers. What Unisys Offers to Augment Windows 2000 Manageability Unisys provides systems management designed to deliver out-of-the-box simplicity and consolidated views of Windows 2000 and its third-party management software partners. The Enterprise Server Software 3.0 (ESS) includes Unisys Server Director and extends the power of its own tools by leveraging NetIQ technology and integrating it with the NetIQ AppMan- ager, IBM Tivoli, HP OpenView, and CA TNG and NetworkIT administra- tive tool sets. ESS supports centralized event management, historical data analysis, automated remote responses and alerts, and strong administra- tive-scripting capabilities, built on a standard Microsoft-management- compatible framework that supports rapid development of third-party administrative applications. Unisys Server Director is included with every ES5000 and ES7000 server that ships and features: A common GUI based on NetIQ AppManager that ties together NetIQ technology and Unisys MMC snap-ins; Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 35 MSDE (Microsoft database engine) or SQL database repository for data and event collection and reporting; A host of specially developed Windows 2000 scripts that extend management functionality and control (more will be available in the future); A seamless upgrade path to Windows 2000 applications man- agement with NetIQ AppManager; and Integration with CA Unicenter TNG framework, Tivoli, or HP OpenView; The Unisys ESS solution provides a standardized framework for third- party administrative tools (Figure 5). Unisys services support key admin- istrative functions, such as monitoring, security, and implementation and maintenance of Active Directory. Microsoft has made great strides in improving its systems management capabilities by introducing SMS 2.0, IntelliMirror, and core services like WMI and MMC in Windows 2000. For IS managers and administrators Figure 5: Unisys Enterprise Server Software Management Architecture
Source: Unisys Corporation, August 2001 Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 36 who are looking to manage a Microsoft-only information infrastructure, the newly introduced Windows 2000 tools will go a long way toward improving overall systems manageability. Furthermore, these tools and utilities are highly integrated with the underlying operating environ- ment. However, for IS managers looking to manage a heterogeneous comput- ing environment on a grand enterprise scale, products from Microsoft partners such as CA or Unisys should be closely evaluated to see how they provide management support across multiple system and applica- tion environments. Likewise, products such as Unisys administrative tools play an important role in augmenting the basic management func- tions that are now available in Windows 2000. Together, these tools can help to improve operational planning and efficiency. When used effec- tively with other tools, products from Microsoft partners and Unisys can lead to decreased downtime by telling IS managers what to fix not just what is wrong. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 37 Chapter Seven
Unisys and Windows 2000 Security To judge its readiness in an enterprise-computing scenario, administra- tors should examine Windows 2000 security from both a systems/ software-level perspective as well as from an operational perspective. Most Windows 2000 OEMs agree, because most offer both products and services that augment the Windows 2000 security environment. They also provide testing and verification services to ensure that Windows 2000 security products are properly installed and configured, and that proper operational practices are being observed to ensure that Windows 2000 environments operate in an ongoing, secure manner. The traditional approach of building a secure computing environment has changed from deploying secure application nodes to building an overall secure infrastructure framework. The Public Key Infrastructure (PKI) security standard is gaining industry momentum and now has a strong presence in financial, government, and service provider industry segments. Due to the complexity, cost, and risk associated with imple- menting a secure computing environment, users should continue to rely on third-party security providers and system integrators for their security needs. Unisys approaches IT security from an overall secure infrastructure per- spective, offering a PKI solution for certification authority, validation au- thority, and time-stamping systems; smart card management and biomet- rics software; a wide range of services for remote monitoring, auditing, and best practices; and management/security hosting services. When compared to other OEMs, Unisys is well positioned to respond to the security needs of todays marketplace, given its long experience in en- terprise security across multiple platforms, its broad offering of security hardware, and its Datacenter-experienced professional services organiza- tion. Again, to ensure that Windows 2000 computing environments are properly secured (independent of a secure hardware and software infra- structure), it is imperative that operational best practices be observed. Windows 2000 Security Today Microsoft has greatly improved security in Windows 2000 by adding the following key security technologies: Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 38 Kerberos version 5 protocol, authentication, and authorization services; PKI technology supporting standard X.509 certificates; A Security Configuration Editor (SCE) for modifying security policies and configurations; An Encrypting File System (EFS); Single Sign-On (SSO); Integrated support for Smart Card for Windows; Integrated support for the BIO API standard; and Integrated support for Internet Protocol Security (IPSEC)-based virtual private network (VPN) services. The two most important improvements are Kerberos v5 and the new PKI. With Kerberos v5, Windows 2000 clients and servers are able to participate in a secure, heterogeneous enterprise information environ- ment. With Kerberos authentication, IS managers can protect data by tracking and verifying each users activity on a corporate network. For example, with the new Windows 2000 PKI in which public keys allow users to authenticate the origin of information they receive IS adminis- trators will be able to use keys to secure data communication over a public network, like the Internet, for executing electronic transactions. These two improvements are discussed in detail later in this section. Microsoft has also added support for IPSEC-based VPN service into Win- dows 2000. In addition, Microsoft will support the Point-to-Point Tun- neling Protocol (PPTP) based on the Layer 2 Tunneling Protocol (L2TP) specification and Remote Access Dial Up User Service (RADIUS) to pro- vide remote users with access to Windows 2000 systems. Microsoft also supports Secure Sockets Layer (SSL) for Web-based communications and IPSEC for VPN connections with Windows 2000. The net effect of these additions is that they allow for easier creation of VPNs by supporting Kerberos v5, smart card authentication, public key cryptography, and the IPSEC. From an administrative perspective, IS managers and systems adminis- trators can select the appropriate level of security and protection for their systems, applications, and databases. Using the Windows EFS part of Windows NT/2000 NTFS (NT file system) IS administrators can encrypt files on a systems hard drive with a randomly generated key. This encryption/decryption process is transparent to the end-user com- Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 39 munity. By using encryption, Windows 2000 can protect data in Win- dows environments regardless of whether that data is located on local or remote systems over a network, the Internet, or on an enterprise intra- net. Enterprises can now choose from multiple password authentication methods, including Microsofts NT LAN Manager (NTLM), as well as the industry standards PKI and Kerberos. Support for Kerberos an authen- tication standard that first emerged in Unix is entirely new for Micro- soft in Windows 2000. PKI and Kerberos standards most often are used when companies open their systems environment either to the public over the Internet or to partners, customers, and suppliers via the extra- net. Hard drive encryption is also an attractive security feature that en- hances data security in a network environment, making files indecipher- able to any network intruder. Microsofts Kerberos Implementation In Windows 2000, Microsoft replaces NT LAN Manager with Kerberos v5 as the default authentication security service for user access. Fortu- nately, existing NT LAN Manager authentication services embedded in NT 4 and NT 3.51 will continue to be supported on Windows 2000, in addition to the default Kerberos security services. As a result, Windows 2000 security users on Microsoft Windows clients (Windows 3.1x, 95, 98) will be able to access Windows 2000 servers in the network. However, by relying on Kerberos as the default authentication and au- thorization service for Windows 2000, Microsoft seems to be missing the move by most enterprises toward PKI-based digital certificates. For Mi- crosoft, the painful lesson is that the market has moved on to Public Key- based digital certificates as the standard authentication system for use in the age of the Internet. Worse, IS buyers deciding to move forward with Net-centric digital certificates will find in Windows 2000 an incomplete certificate authority system that is plugged in on top of a non-Internet Kerberos understructure. Until Microsoft standardizes on a single, Net- centric authentication scheme for Windows 2000, IS managers deploying embedded security services in Windows 2000 will be forced to go through a series of upgrades. From this data, Aberdeen draws two conclusions: 1. The non-Internet Kerberos security services that act as Windows 2000s security foundation will create an additional effort for IS to configure, maintain, and upgrade; and Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 40 2. If IS implements Windows 2000 security in a mixed-platform environment, it must keep separate NT and non-NT security schemes another source of additional administrative effort. Microsoft, Windows 2000, and Public Key Infrastructure Aberdeen notes that Microsoft relies on the combination of Active Direc- tory and its new Certificate Server for other security-related services, in- cluding management of user profiles and access rights; synchronization of user and object access rights among multiple Windows 2000 servers; and issuance, revocation, and management of digital certificates. Micro- soft will be supporting X.509 version 3 certificates with the Certificate Server currently embedded in Windows 2000. Because the keys to the Certificate Server and critical administrative ac- cess pass-phrases are protected only by the NT Registry, Aberdeen rec- ommends that IS planners use add-on Hardware Storage Modules to avoid the likelihood of a business catastrophe should these critical keys become compromised or stolen. Once compromised or stolen, all Certificate Authority-enabled applications, data, systems, and networks are accessible to anyone with the keys. To integrate the management of user accounts established through Ac- tive Directory with the public keys stored in the Certificate Server, Cer- tificate Server verifies local SQL Server repositories that contain user ac- cess rights by using underlying Kerberos services. Although Microsoft is shipping a Certificate Server with Windows 2000, the state-of-the-market for Certificate Authority solutions includes multi- tiered Certificate Authority trees; multi-tiered registration services; key generation services; hot-site backup and recovery services; automated renewal, revocation, and validation services; VPN services; cross-linked root signing services; and batch user account-loading and user- enrollment software. As a result, Aberdeen recommends that, until Mi- crosoft delivers a demonstrably competitive PKI solution, buyers should look to third-party vendors who specialize in providing security solu- tions. Moreover, until Microsoft migrates the core Kerberos foundation over to a pure PKI foundation, Aberdeen advises IS planners to consider using Microsoft security services on internal LANs whose users will not require cross-certification services among certificate authorities other than Microsofts. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 41 Unisys Windows 2000 Security Extensions Unisys is a technology leader in providing smart card and biometrics secu- rity support on Windows 2000 platforms. It offers strong services-led support for Microsofts PKI approach and additional features such as certi- fication authority. Unisys has a clear focus on hardware and software products and services designed to help IS managers secure their systems and establish proper operating procedures to ensure that their computing infrastructure remains secure (Figure 6). Unisys provides services that enable IS managers to: Secure network access through the use of firewalls and intrusion-detection systems; Put the right practices and disciplines in place to ensure that users do not create new, unauthorized access points into a given networked environment; Install and maintain the right disciplines to ensure that applica- tions are written in a manner that ensures security; and Exercise constant vigilance to search for points of entry. Figure 6: Unisys IT Security Architecture
Source: Unisys Corporation, August 2001 Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 42 Furthermore, Unisys has long established key partnerships with leading third-party security solutions providers. These relationships enable Uni- sys to deliver a comprehensive, secure infrastructure solution combining leading industry products with Unisys platform certification and expert professional services. These partnerships include: Baltimore Technologies products include a wide range of PKI systems, wireless security solutions, cryptographic tool kits, se- curity applications, and hardware cryptographic devices; Check Point Software Technologies provides firewall and VPN technologies; Cisco Systems provides services to design, implement, sup- port, and manage Cisco solutions and is currently only one of four Cisco Global Support Partners; Elron Software a leading provider of award-winning Internet Policy Management products; Indentrus enables businesses to manage their business-to- business (B-to-B) e-Commerce risks through a trusted relation- ship with a financial institution; RSA Security plays a major role in delivering key technologies that provide secure electronic commerce and communication on the Internet today; and ValiCert a leading provider of secure e-Transaction infra- structure products. Aberdeen Findings In interviews conducted with IS managers in 1998 and 1999, Aberdeen learned that many IS executives were concerned about the lack of so- phistication of Windows NT security. And, though it is true that security flaws were found in the Windows NT operating environment over its lifetime, from Aberdeens perspective the NT operating environment may have received unfair criticism for security flaws that are not neces- sarily germane to the OS but rather are the result of operational or ap- plication-related issues. Window NT was often blamed for security prob- lems that are not directly related to the NT operating environment itself, but rather to applications that carried viruses e.g., the Melissa e-mail virus or the latest ILOVEYOU virus. In fact, these viruses were deliv- ered in e-mail content and are the result of improper mail-and- Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 43 messaging downloading practices not operating environment security flaws. The point is that Windows operating environments can be run in a secure manner and sometimes press reports incorrectly refute this statement. Major security improvements have been made in Windows 2000. Espe- cially important for enterprise environments are the improvements in administering and configuring security rights. Tasks associated with configuring security rights can now be assigned in a more granular manner to individual users, whereas Windows NT took more of an all- or-nothing approach. Another big improvement for portable notebook users is the addition of hard disk encryption along with support for password authentication through portable smart cards. IS managers need to understand that if they operate mixed platforms on the enterprise network any combination of any version of NT, Net- Ware, Unix, OS/400, and OS/390 Aberdeen recommends relying on se- curity suppliers such as Compaq, HP, IBM, or Unisys rather than just Mi- crosoft. For mixed-mode Windows environments, such as NT 3.5x, NT 4.0x, and Windows 2000, Aberdeen recommends that buyers consider using Windows 2000 for business-critical applications and carefully plan how IS operations will manage these different computing environments. IS managers should also note that, to take full advantage of the benefits of security services embedded in Windows 2000, they must deploy Win- dows 2000 on desktops, as well as on servers. This requirement means that users must rebuild each desktops file system while migrating to Windows 2000 Professional. As a result, deploying Windows 2000 secu- rity will almost certainly require substantial immediate IS time and ef- fort, not to mention cost, including upgrading PCs by adding memory and disk to accommodate the minimum configuration requirements of the new operating environment. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 44 Chapter Eight
The Role of NT/Windows 2000 Professional Services Resources Growing and leveraging the companys professional services organiza- tion have become key components in Unisys strategy to deliver main- frame computing to the Windows marketplace. Unisys has decades of extensive experience working in complex enterprise environments and can apply that experience and best practices to assist IS managers with deploying Windows 2000 in critical-computing environments. Who Are the Windows 2000 Professional Services Providers? Aberdeen has identified four reliable sources for Windows 2000 profes- sional services expertise: 1. OEMs computer-makers that build Windows 2000 platforms and also provide Windows 2000-related services/support. 2. ISVs software suppliers that have built a professional services organization to support the deployment of their software on Windows 2000-based desktops and servers. These suppliers of- ten use IPSPs and computer systems resellers to deliver their service offerings. 3. IPSPs often called systems integrators, independent profes- sional service providers do far more than integrate systems. There are thousands of small to midsize consulting groups that can provide specific, focused Windows 2000 point-product so- lutions such as services related to the deployment of Windows 2000-based/Internet-based Web servers. Larger firms can pro- vide a broader range of services, including strategic planning and technology implementation, and training on a grand scale. 4. Computer systems resellers VARs (value-added resellers) and PC/server platform distributors that have now entered the Windows 2000 systems design/deployment business. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 45 Which Windows 2000 Professional Services Are Available? Aberdeen has identified four Windows 2000-related service categories: 1. Windows 2000 systems design/integration services usually consisting of an initial assessment followed by architectural de- sign and deployment services. This phase of systems design can also include the services related to the integration of Windows 2000-based system with other platforms and non-Windows 2000 applications, most frequently with Unix-based environments. 2. Windows 2000 systems/application project management ser- vices such as scheduling, tracking, and troubleshooting related to the implementation and deployment of Windows 2000 sys- tems, applications, and databases within the enterprise. 3. Windows 2000 lifecycle management services designed to ac- commodate the ongoing monitoring, maintenance, and man- agement of the installed Windows 2000 environment. 4. Training services related to the use and understanding of Windows 2000-based systems, applications, and management. Unisys Windows 2000 Professional Services Offering Unisys offers an extensive portfolio of services in areas such as network services, systems integration, e-Workflow, Outsourcing, Technology Ser- vices, Security, and Windows 2000 itself. Unisys service organization includes almost 4,000 service and support personnel dedicated to Win- dows and approximately 1,000 Microsoft-certified engineers. Aberdeen Findings Aberdeen views Unisys professional services offerings in the Windows NT and Windows 2000 space as the most Windows-2000-focused in the industry. Aberdeen finds that Unisys is very strong in the following areas: Providing highly scalable load-and-go packages customized to users needs; Supplying outsourcing lifecycle management services to IS managers of large enterprise businesses who prefer to have all or part of their Windows 2000 IT requirements fulfilled by an external organization; and Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 46 Delivering customized planning, design, development, and im- plementation services to Web-enable large enterprise firms. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 47 Chapter Nine
The Competitive Scenario Unisys Strengths Unisys is notable both for its technology strengths and its ability to avoid typical weaknesses of other suppliers product offerings. Unisys is lever- aging its enterprise-class engineering strengths (gained from the devel- opment of mainframe-class computer systems) to build highly scalable Windows 2000-based systems, while augmenting these systems with numerous infrastructure and application services. Unisys is the only company at this juncture capable of driving the Windows operating en- vironment on 16- or 32-way single system environments, thus creating a highly scalable Windows architecture within a single system environ- ment. Weaknesses for most suppliers include a failure to push the envelope in Windows 2000 vertical scalability greater than eight processors in a single system as well as a failure to grow the size of their Windows 2000 professional services organizations to meet anticipated market demand for Windows 2000 deployment services. Only Unisys (and soon IBM) is the exception to this rule. Another weakness of some Windows 2000 systems suppliers is platform conflict: IBM has four systems architectures that provide overlapping so- lutions in certain parts of an infrastructure; HP has a conflict regarding when to sell an HP/UX system versus Windows 2000 systems (until full implementation of HPs IA-64 Multi-OS strategy occurs in late 2002); and Compaq has two versions of Unix, Windows 2000, Novell, and Linux platforms that it sells and supports. Platform conflict tends to confuse field sales organizations as well as customers and channels, and hence is regarded by Aberdeen as a weak- ness. With a strong focus on its CMP architecture and Windows for the mission-critical enterprise, Unisys exhibits relatively little platform con- flict. The company is demonstrating a commitment to advance the Win- dows operating platform into mission-critical enterprise computing en- Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 48 vironments; while keeping its proprietary ClearPath installed base in mind Aberdeen finds that the Unisys CMP Architecture is an architecture evolving to become common for Windows and the companys proprie- tary MCS and OS 2200 operating environments. Ultimately, the com- panys CMP Architecture yields benefits to both Unisys and its custom- ers: Unisys can focus its entire supply chain (sales, marketing, dis- tribution, engineering, and manufacturing) on a common goal of continuing technology innovation and delivery of a single platform capable of serving both its ClearPath and Windows cus- tomers; Unisys ClearPath customers can leverage a common architecture that facilitates their migration to a standard Wintel platform ca- pable of satisfying their mission-critical computing require- ments; and Unisys customers can leverage the same platform to simultane- ously satisfy their ClearPath and Windows application require- ments (e.g., a single ES7000 allows multiple OSs to run inde- pendently and simultaneously within separate partitions). Note, however, that many suppliers contend that the availability of mul- tiple platforms is a strength one that offers customers greater choice and additional flexibility. A final weakness found with most suppliers of Windows-based system is in the size of each suppliers Windows-trained-and-certified workforce most have fewer than 1,000 fully certified Windows experts as well as the breadth of professional services packages that they offer. Many Win- dows server makers have few packaged, turnkey Windows system and application deployment offerings. In contrast, Unisys has 4,000 experts and a strong, broad set of professional services packages. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 49 Chapter Ten
Summary Observations Although most Windows 2000 server suppliers use the same basic hard- ware and the same operating environment, substantial differences re- main between their product offerings. A close look at Unisys reveals that the company is making some significant investments to advance Win- dows in the enterprise. These advancements have been particularly ro- bust in the areas of scalability demonstrating a scale-out balanced clus- ter approach with a promise of greater vertical scalability next year; se- curity; systems manageability; and services directly related to the design, deployment, and lifecycle management of Windows environments. Unisys therefore does well according to Aberdeens key Windows 2000 system criteria: Scalability: Unisys offers an impressive Windows 2000 scale-up solution the ES7000 server based on the CMP Architecture that is capable of being configured with up to 32 Intel proces- sors in a single system, plus scale-out clustering both in box and out of box. Currently, the ES7000 represents the indus- trys leading greater-than-8-way Windows 2000 server technol- ogy platform. Reliability/availability: Unisys offers mainframe-class partition- ing, clustering failover, comprehensive system management software, independent service processors, and hot pluggable everything. Security: Unisys offers security services that leverage Microsofts offerings to provide more support for heterogeneous environ- ments, including strong PKI support. Professional services: Unisys offers a unique combination of long-term experience in mainframe/data-center-class environ- ments and a strong focus on Windows 2000 environments. IS buyers need to be aware that, although all Windows 2000 servers ap- pear to be created equal, there are significant and substantial differences between all leading Windows 2000 suppliers. For high-end, large- enterprise-level Windows 2000 computing environments, Unisys is ex- tremely well positioned offering the right mix of products, services, Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 50 and level of commitment to become a dominant player in enterprise- level Windows 2000 computing environments. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 51 Author Profile Tom Manter Research Director Tom Manter has extensive experience in the high-tech industry, including a unique combination of engineering, sales, and product marketing with several leading industry systems suppliers. For the past 10 years, he has worked closely with Windows-based platforms managing total product lifecycle projects and developing and direct- ing marketing and product strategy programs. At Aberdeen, Manter closely follows the advance of Windows 2000 tech- nologies and architectures particularly in the mission-critical enter- prise computing arena and the new, evolving Internet architecture. Manters background provides him with a keen understanding of the is- sues and challenges facing todays systems suppliers, component ven- dors, and IS managers. Manter provides an objective perspective on the emerging technologies and industry factors that influence the deploy- ment of Windows 2000 in the enterprise, and his research aims to help systems suppliers deliver compelling product value and prepare effective product marketing strategies. In 2000, Manter focused on helping suppliers understand the dynamics involved in positioning Windows 2000 for the enterprise. His practice is geared toward speaking engagements, customized consulting and re- search, and publishing. Manter holds an MBA from the Babson F.W. Olin Graduate School of Business, where his studies concentrated on Global Marketing and Man- agement Strategy, and a B.S. in Finance from Northeastern University. Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 52 Appendix A
Lexicon of Acronyms and Abbreviations ACL access control list APIs application programming interfaces ASPs application service providers B-to-B business-to-business CA Computer Associates CIM common information model CMP cellular multiprocessing COM common object model Corba Common Object Request Broker Architecture CPUs central processing units CRM Customer Relationship Management DIMM direct inline memory module DLL data link library DMI desktop management interface DMTF Distributed Management Task Force DNS Domain Name Server EFS Encrypting File System ERP Enterprise Resource Planning ESM Enterprise System Management ESMT Enterprise Services for Microsoft Technologies FTP File Transfer Protocol GUI graphical user interface HA high availability HTTP Hypertext Transfer Protocol I/O input/output IPSEC Internet Protocol Security Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 53 IPSPs independent professional service providers IPX Internetwork Packet Architecture IS Information Systems ISVs independent software vendors L2TP Layer 2 Tunneling Protocol LAN local area network LVDS low-voltage differential signaling MCSE Microsoft Certified System Engineer MIB management information base MMC Microsoft Management Console MSCS Microsoft Cluster Services MSDE Microsoft database engine MSU memory storage unit NDS Novell Directory Services NTFS NT/2000 file system NTLM NT LAN Manager NUMA Non-Uniform Memory Access OEMs original equipment manufacturers OS operating system PAE physical address extension PC personal computer PCI peripheral component interconnect PIN personal identification number PKI Public Key Infrastructure PPTP Point-to-Point Tunneling Protocol QoS quality of service R&D research and development RADIUS Remote Access Dial Up User Service RIO remote I/O RISC reduced instruction set computer SCE Security Configuration Editor Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 54 SD sales and distribution SLIP Serial Line Internet Protocol SME small to medium enterprise SMP symmetrical multiprocessing SMS Systems Management Server SNA Systems Network Architecture SNMP Simple Network Management Protocol SQL Structured Query Language SSL Secure Sockets Layer SSO single sign-on TCO total cost of ownership TCP/IP Transmission Control Protocol/Internet Protocol TPC Transaction Processing Performance Council tpm transactions per minute tpm-C transaction-per-minute Class C UM universal manageability VARs value-added resellers VLDBs very large databases VLM very large memory VPN virtual private network WBEM Web-based Enterprise Management WMI Windows Management Instrumentation ZAW zero administration for Windows
Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 55 Appendix B
Related Aberdeen Research Aberdeen Group has produced several publications that provide com- plementary market research and strategic market information relating to Windows 2000 deployment across the enterprise. January 1999 Customer Perceptions of Intel Server Reliability and Performance Benchmarks SAP R/3 on Windows NT and Intel Servers: Pumping Iron in 1998 and Bulking Up in 1999 Unisys Aquanta ES5000 Solutions: Value Added for NT Scaling and Server Consolidation Windows NT Server for Billing and Customer Care: Emerging Telecommunications February 1999 NCR: Adding Value to Multi-User NT Enterprise Solutions NCRs LifeKeeper: Keeping Enterprises, Business-Critical Applications Highly Available Unisys Technology and Services for Enterprise-Ready SAP Solutions on Windows NT April 1999 Data Generals Termserver-in-a-Box: Simplifying the Complexity of Multi-User NT-based Computing IBMs Start now for e-business: Using Software/System/Services Bundles to Create Foundation Servers for e-Business Microsoft NT and Windows 2000 Multi-User Computing May 1999 Compaqs SQL Server 7.0 Strategy: A Crucial Leg Up for Business- Critical Applications Unisys: Redefining Multi-User NT (Thin-Client/Server-Centric) Computing June 1999 Unisys Offers the PeopleSoft Market an Enterprise-Ready NT Solution Unisys Windows 2000 Products and Services
All print and electronic rights are the property of Aberdeen Group 2001. AberdeenGroup 56 July 1999 Inside Intels Merced: A Strategic Planning Discussion August 1999 Compaqs ProLiant 8500 and 8000: Setting the Standard for Enterprise Intel Servers Intels Eight-Way Architecture: Moving Standard High-Volume Servers Toward Handling Enterprise Application Requirements September 1999 AMD Tests the Workstation Waters with Athelon October 1999 Multiplicity: Filling the Gap for Capacity Planning and Management of Multi-User Windows NT Systems January 2000 Is Microsofts Windows NT/Windows 2000 Enterprise-Ready? February 2000 Proving the Point: Interviews with Next-Generation Windows 2000 dot.coms June 2000 Marathon Technologies Endurance 6200: Providing Dial-Tone-Quality Service to Windows Users at the Right Place, Right Time Stratus Reborn: The Traditional Fault-Tolerant Company and a New 247 Technology Licensing Company Compaqs ProLiant DL360 Server: Providing the Expandability of a 2U Server in a 1U Form Factor July 2000 Intel Multiprocessor Workstations: Why Continue to Use One Processor? September 2000 Intels Itanium: Who Benefits from Early Adoption? Microsofts Windows Datacenter Server: Why You Should Buy or Not Buy January 2001 Proving the Reliability Point: Interviews with Next-Generation Windows 2000 dot.coms Information on these and any other Aberdeen publications can be found at www.aberdeeen.com or by e-mail at info@aberdeen.com. THIS DOCUMENT IS FOR ELECTRONIC DELIVERY ONLY
The following acts are strictly prohibited: Reproduction for Sale Posting on a Web Site Transmittal via the Internet
Copyright 2001 Aberdeen Group, Inc. Boston, Massachusetts
Terms and Conditions
Upon receipt of this electronic report, it is understood that the user will and must fully comply with the terms of purchase as stipulated in the Purchase Agreement signed by the user or by an authorized representative of the users organization.
This publication is protected by United States copyright laws and international treaties. Unless otherwise noted in the Purchase Agreement, the entire contents of this publication are copyrighted by Aberdeen Group, Inc., and may not be reproduced, stored in another retrieval system, posted on a Web site, or transmitted in any form or by any means without prior written consent of the publisher. Unauthorized reproduction or distribution of this publication, or any portion of it, may result in severe civil and criminal penalties, and will be prosecuted to the maximum extent necessary to protect the rights of the publisher.
The trademarks and registered trademarks of the corporations mentioned in this publication are the property of their respective holders.
All information contained in this report is current as of publication date. Information contained in this publication has been obtained from sources Aberdeen believes to be reliable, but is not warranted by the publisher. Opinions reflect judgment at the time of publication and are subject to change without notice.
Usage Tips
Report viewing in this PDF format offers several benefits: Table of Contents: A dynamic Table of Contents (TOC) helps you navigate through the report. Simply select "Show Bookmarks" from the "Windows" menu, or click on the bookmark icon (fourth icon from the left on the standard toolbar) to access this feature. The TOC is both expandable and collapsible; simply click on the plus sign to the left of the chapter titles listed in the TOC. This feature enables you to change your view of the TOC, depending on whether you would rather see an overview of the report or focus on any given chapter in greater depth. Scroll Bar: Another online navigation feature can be accessed from the scroll bar to the right of your document window. By dragging the scroll bar, you can easily navigate through the entire document page by page. If you continue to press the mouse button while dragging the scroll bar, Acrobat Reader will list each page number as you scroll. This feature is helpful if you are searching for a specific page reference. Text-Based Searching: The PDF format also offers online text-based searching capabilities. This can be a great asset if you are searching for references to a specific type of technology or any other elements within the report. Reader Guide: To further explore the benefits of the PDF file format, please consult the Reader Guide available from the Help menu. Aberdeen Group, Inc. Aberdeen Group is a Boston-based computer and communications consulting and market- research organization. Aberdeen Group performs specific projects for a select group of domestic and international clients. Each project requires a combination of strategic advice and pragmatic, experience- based action plans. Assignments range from corporate and product positioning and organizational planning to in-depth market segment research. Aberdeen consults on mergers and acquisitions, corporate positioning and investor relations, and transaction- processing benchmarks; in addition, it offers special expertise in software and midrange computer markets. In carrying out assignments, Aberdeen uses a proprietary, comprehensive, analytical framework providing fresh insight into the complex future of computing and communications, both from technological and market-dynamics perspectives. Aberdeen also offers retainer-fee programs to a group of continuing clients. Aberdeen principals and staff are recognized industry figures with hundreds of years of combined high-tech industry, research, and financial community experience among them. They are quoted extensively in industry trade and business publications. Each staff member is a frequent conference and seminar speaker. In addition to client-related research and consulting, Aberdeen publishes several periodicals, Aberdeen Viewpoints, and Profiles, which summarize its analysis and research findings.