Windows 2003: Developer benefits

Tech Forum - Dr. Nitin Paranjpe

All customers are a bit apprehensive about new versions. And rightly so. Very often upgrades are sold indiscriminately by vendors without assessing real customer needs. It is quite common to see IT decision makers wondering "why did I ever make this version upgrade decision?"

"Do I really need to upgrade to Product X version current + 1, and when?" This is a common question. However, the answer to this question needs a full article by itself. I will cover it sometime in later articles.

Why this topic?

For now, I want to highlight specific features of Windows 2003. But why developer benefits? The natural topic to cover would have been administrative benefits.

The common perception is that Windows is a base OS. So why would it have any implications for developers? The reality is different. Windows 2003 has added many features that have great benefits for developers and architects.

The usual information available will typically harp on the administrative and deployment benefits. Hence I thought I will highlight the development benefits.

The problem

Most developers work with tools like case tools, databases, components, programming languages, Web scripting and so on. Although these run on top of the OS, developers rarely use the OS directly. Therefore, showing incremental benefits of a new version of an OS is more difficult. This is because the base developer benefits of Windows 2000 as a platform may not even be visible to a large number of developers and architects.

While consulting and auditing a large number of custom applications as well as packaged products, I have observed very little functionality of the underlying OS being used by developers.

This is an additional reason to talk about the new release. Being aware of features is the only way of ensuring effective utilisation.

So much for the introduction. Now let us dive into the functionality. There are a lot of features. Therefore, detailed explanations on each of these is not possible. However, I have tried to unearth features and provide a developer/architect perspective for each of these.

Active Directory

This is probably the most useful benefit to developers even within Windows 2000. However, a depressingly large number of applications are developed without Active Directory integration. I really wonder how to reconcile the huge gap that exists between the core developers who dedicate their lives to a particular feature set (like Active Directory) and the end users (developers) who simply ignore the possibility of using these features!

The only feasible way of making sure features are utilised is to make everyone aware about the potential usage benefits.

Ideally, Active Directory should be the default authentication and authorisation mechanism used across applications within an organisation. However, all of us still end up using local tables containing user passwords for authentication. Pathetic!

Deactivation of attributes / classes

A new feature is the ability to deactivate attributes and class definitions in Active Directory. Using this feature, it is possible to change the AD extensions without losing their identity.

LDAP features

Fast bind and connection reuse has now been added. Many Web applications use Active Directory as an authentication store. Fast binds allow a Web, or any other application, to request simple authentication verification from Active Directory without generating Windows-specific authorisation information resulting in increased performance of these applications. An application may also re-use an initial connection to the directory for multiple queries on behalf of different users. This also results in increase performance since the application does not have to re-establish a connection for each query.

Application Directory partitions

Some directory information does not need to be made globally available. This feature provides the capability to host data in Active Directory without significantly impacting network performance by providing control over the scope of replication and placement of replicas. Using this feature it would be possible to write application specific data to application specific partitions rather than writing it to a domain partition.

Active Directory Migration Tool (ADMT)

Migrating to Windows 2003 from Windows NT or Windows 2000 is a critical and massive task for large organisations. The processes involved in migrating users, rights, passwords, etc from older to newer system can now be scripted using VBscript or any other language that supports COM. This opens opportunities for developers/administrators to perform complex repetitive tasks automatically using the object model. It is also possible to perform most actions using command line switches either directly or in batch files.

Application services

Enterprise UDDI

Until now, we had to use third party UDDI services. Now, developers can setup and use organisation specific UDDI. This functionality is bundled with the base OS now. I would say, this is a great opportunity for creating and really reusing organisational code base.

COM was there for years and now it is gone. Now it is replaced with the great .NET. However, the componentisation and reuse of business logic across applications within organisations or within packaged applications is alarmingly low. Whether it is DCOM or Web services, the concept of identifying reusable logic/functionality and making it available for other consumers is the same.

If we goofed up during DCOM, never mind. It is anyway outdated now!!! But now let us use this opportunity to find reusable stuff within the organisation/application and actually reuse it in the right way.

Enterprise UDDI service is a boon for such reuse projects. As the organisation grows, more and more services would be listed. This makes further development potentially minimal.

.NET framework

Finally, the .NET framework is shipped as a part of the operating system. The ASP.NET Simple Web Service creation feature provides the ability to create an application without the need to add service infrastructure code to the application.

New developer APIs

Windows Server 2003 introduces a number of new Application Programming Interfaces (APIs), making it a more efficient and flexible development platform. These new APIs include:

COM enhancements

This enhancement of Common Object Model+1.x (COM+ 1.x) enables you to configure a COM+ server application as a service and implement the service as a COM+ server application. This provides more control over COM+ application startup. Marking the application to run as a service means that the component’s Dynamic Link Library (DLL) is loaded into memory when the system boots. This results in making a COM+ application highly available and enables it to be installed on a clustered server.

Process recycling

This enhancement enables you to configure process recycling administratively through the COM+ User Interface (UI), or programmatically through the COM+ administrative Software Development Kit (SDK). Processes can be shut down or recycled based on several criteria, including elapsed time, memory usage, number of calls, and the number of activations.

This is a great feature that ensures that misbehaving applications can now be automatically detected and shutdown.

Automatic backward compatibility mode

Compatibility Mode functionality provides an environment that more closely reflects the behavior of Windows 95, Windows 98, Windows NT 4.0, or Windows 2000 operating systems. These modes resolve several of the most common issues that prevent older applications from working correctly. Applications that experience problems after migration might benefit from being started in one of these compatibility environments. Advanced users can also take advantage of this technology to create solutions for their own applications.

ASP.NET integration with IIS 6

ASP.NET is integrated with the IIS 6.0 process model and leverages the support for multiple application pools. This means individual ASP.NET applications are isolated and communicate directly to the kernel mode http listener. This leads to reduced number of process hops and allows ASP.NET applications to leverage kernel mode file caching. In short applications are sturdier and have higher performance.

Passport integration

Now it is possible to integrate .NET Passport authentication with Active Directory. This means, the entire authentication code, logic, maintenance, performance management is now managed by .NET Passport mechanism. This also means you do not need to write and manage all this code.

Protocol transition capability enables any authentication on the front-end Web server to be transitioned to Kerberos in the backend.

IIS 6

IIS 6 fault tolerant application pool

IIS 6.0 is based on a new request processing architecture that provides an application isolation environment that enables individual Web applications to function within their own, self-contained Web service process. This environment prevents an application or site from stopping another and reduces the amount of time administrators need to spend restarting services to keep applications healthy. This capability enhances the availability of IIS by making the server harder to bring down. Scalability improvements and support include Network Attached Storage (NAS) support.

IIS WMI based programmability

Windows 2000 introduced a new means of configuring the server and gaining access to important pieces of data such as performance counters and system configuration – Windows Management Instrumentation (WMI). To leverage WMI capabilities such as query support and associations between objects, IIS 6.0 now has a WMI provider that provides a rich set of programming interfaces that offer more powerful and flexible ways to administrate your Web server. The IIS WMI provider provides similar functionality to the IIS ADSI provider for editing the metabase.

Dynamic content caching

Earlier, content caching was applicable to static content. IIS 6 now implements of a kernel mode cache for dynamic content. The benefit to this feature is that many customers have programmatically created content that doesn’t change. In previous versions of IIS, the requests had to transition from kernel mode to user mode for every dynamic request and the responses had to be regenerated. Eliminating this transition and pulling the cached content from the kernel mode cache results in a substantial performance improvement.

Unicode ISAPI support

Multilingual applications are becoming more and more common. Due to the non-Unicode structure of the HTTP protocol, IIS 5.0 limits the developer to the system code page. With UTF-8 encoded URLs, Unicode becomes possible. IIS 6.0 allows customers to get to Server Variables in Unicode and adds two new ServerSupportFunctions to allow developers to get to the Unicode representation of an URL. Developers working with multi-language sites benefit from this feature and improved development experience.

Security

Windows Installer digital signature support

Digital signature support enables Windows Installer packages and external cabinets to be digitally signed. This lets IT administrators provide a more secure Windows Installer package, which is especially important if a package is sent over the Internet. This also allows Windows Installer Packages to honor the new Software Restriction policy settings for specifying what applications can be used.

Impact of file system security tightening

Although this is not a developer feature, it impacts application development and setup. Therefore, there is a need to highlighting it specifically. Windows 2000 provided Full Control to the ‘Everyone’ group in the root directory of hard disks. Like this there were many areas where the impact of the access rights of the currently logged user was never a cause for concern.

In Windows 2003, all these vulnerable areas have been tightened. Moreover, the setup and logo requirements are also more stringent.

For example, the only place where you can assume a typical user to have full control is the profile directory! Nowhere else.

Similarly, a user can have read write registry access only in HKEY CURRENT USER.

These things can impact the setup as well as running of your applications. There are test tools available to validate the compliance. More information on this topic is available at the Windows 2003 site on .

Cross-Forest trust

If you’re working with a partner or company that has an Active Directory forest deployed, you can use Windows Server 2003 to set up a cross-forest trust between their forest and yours.

This allows you to explicitly trust certain, or all, users or groups in the other forest. You also have the capability to set permissions based on user or groups that are resident in the other forest. Cross-forest trusts make it easy to conduct business with other companies using Active Directory.

Users can securely access resources in other forests, using either Kerberos or NTLM, without sacrificing the single sign-on and administrative benefits of having only one user ID and password maintained in the user’s home forest.

Evaluating your own scenario

There are a lot more features. But due to space constraints it is impossible to cover each of them. Now that I have highlighted the most relevant features for developers, here is your checklist:

1. Ask yourself if you have evaluated the benefits of your current OS platform. If the answer is no, analyse it now. I am sure you will find some features within existing platform (Windows 2000 typically) that are beneficial to you.

2. Think of your business and application context. Read up on all features of Windows 2003 and try to think whether that feature is useful for you. If yes, you need to also document the business benefit, administrative benefit or developer benefit for each of the features.

3. Then analyse the list and quantify the business benefits.

4. If this analysis makes business sense, go ahead and prepare for the upgrade as well as migration of specific features of your application.

About the Author:Dr Nitin Paranjape is the Chairman and MD of Maestros (Mediline). He is a consultant with many organisations, covering appropriate technology utilisation, business application of relevant technology, application architecture and audit as well as knowledge transfer. He has authored more than 650 articles on various technology-related subjects. He can be contacted at nitin@mediline.co.in