Microsoft provides a comprehensive summary of why web hosting providers should offer Microsoft Windows hosting. Key points include that Windows offers a complete hosting platform, can help increase revenue per user, and has strong brand recognition and customer preference. Microsoft also outlines their hosting roadmap, platform capabilities, security improvements, and partnerships to support web hosting providers.
1. Why Microsoft ® Windows ® Web Hosting? Laurent Bonnet Hosting Solutions Architect Microsoft Corporation [email_address]
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16. The Platform Is Ready! Microsoft Active Directory ® Streaming Media Services Microsoft ASP.NET Microsoft Windows Terminal Services Microsoft .NET Framework Microsoft Windows File, Windows SharePoint Services Internet Information Services (IIS) Virtual Private Network (VPN), Remote Access Service (RAS), DNS, Dynamic Host Configuration Protocol (DHCP) Microsoft Windows Server ® 2003 - Server Platform Microsoft Office Server Microsoft Virtual Server 2005 Microsoft Office Live Communications Server 2005 Microsoft Windows Storage Server 2003 Microsoft Exchange Server Microsoft SQL Server Microsoft Operations Manager (MOM) Application Services Platform Infrastructure Operations Infrastructure
17.
18.
19.
20.
21.
22. Microsoft As Your Partner Partners Solutions Licensing Technical Training Marketing Tools Increasing Margin Reducing TCO Building Markets Sharing Risk/Reward Sharing Knowledge Investment protection Cost reduction Help partners sell Time-to-market
Introduction The purpose of this presentation to articulate the value proposition for a hoster for adding to their Web hosting platform. The presentation starts with a value proposition for Web hosting in general and then delves into shared hosting.
This slide and the following slide highlight the changes in how the industry is advertising – from selling technology to selling capabilities. Use these two slides as a segue into slide four.
Why do I care about Windows-based Hosting? Why work with Microsoft? And what does a partnership with Microsoft have to offer me? To answer these questions we’re going to talk for about 30 minutes and then leave time for questions. We’re going to start with an overview of the opportunity that we see today for hosters, and specifically, where we think the demand for Windows-based hosting is coming from. Then we’re going to talk about the readiness of Microsoft Windows Server™°2003 as a platform for hosting. Many of you might be familiar with Windows NT ® Server°4.0/Windows°2000 Server so we’re going to highlight some of improvements we’ve made with Windows Server 2003. Lastly, we’re going to cover some of the things that Microsoft brings to the table for Web hosters including technical guidance, special licensing programs and partnership programs.
In the past 2-3 years we’ve seen a lot of major hosting providers launch Windows-based hosting services. As a result, the hosting group at Microsoft gets many questions from partners who are interested in hosting on Windows. Some of these partners are pure Linux hosters today who are looking for opportunities to diversify and grow their business, others have mixed Microsoft Windows/Linux environments and are looking at ways to get more efficient at hosting on Windows, others are companies who are looking to get into the application hosting business. We thought we’d try and address these key questions as well as any other questions that you have. The Windows-based Hosting solution is designed to answer each of the hoster’s key requirements in terms of operations, service offerings, and marketing. Hosting Windows products on Windows is now a more attractive option than ever for you and your customers.
<<Use these notes to talk to this and the following two slides>> One of the things we monitor closely in the hosting group at Microsoft is the market opportunity for hosting in general, as well as the opportunity for hosting on Windows. We’ve notice a few trends: Key Points Marketing is growing. Demand for Windows is strong and a great way for hosters to grow their business. To grow, businesses must have an aggressive cost structure (to meet price points) and be able to innovate new features and offers quickly. More Details The hosting market overall is growing very strongly, especially considering the challenges in the IT services market overall. Servers, sites, and revenue all seem to be growing based on our discussions with hosters and the outlook from many of the analysts. Interestingly, the revenue is not growing as fast as the servers and sites, which seems to support one of the challenges we see regarding downward pricing pressure. But the market is growing, and the potential is exciting as well. Registered domains are growing rapidly, each providing a potential opportunity to up-sell services such as hosting. Additionally, having a Web presence is proving to be a successful venture for many small businesses, but many of them (maybe as much as 40%) still are not on the Web. Bringing these small to midsize businesses (SMBs) online and providing them with a full range of services is an exciting area for growth. We see the same growth and potential for Windows-based hosting. We see growth in Windows that is equal to that of the market overall. PIPEX is a good example of a hoster that saw this market demand, realized they should have a Windows offer, and now are putting 33% of their new customers on Windows. But, of course, there are still some big challenges in the market, including the aforementioned pricing pressure. We have seen some crazy offers in the market – 1, 3, 12, or even 36 months free. 0.99 and 1.99 per month offers. Clearly the low-end and even middle of the market has gotten highly price-sensitive and hosters need to be able to do more with less. A second area of challenge in the market overall is innovating new offerings very quickly. As a hoster grows, it is important that they be able to provide compelling price points and differentiating features; otherwise they will not be able to sustain the growth. So really, we’re looking at a very similar set of challenges for service providers that we have targeted for the last four years, since the beginning of the Microsoft Solution for Windows-based Hosting. Providers must get more and more operationally efficient and must find new services to drive revenue with existing customers as well as capture new ones.
Another example of a company that saw the potential for Windows-based hosting was GoDaddy.
The driver we see for increased hosting demand is from consumers and small businesses. Generally, these customers don’t actively seek a specific operating system when choosing a hosting account – they’re more interested in the features that the account provides. However, we have seen that when Windows and Linux hosting are offered side by side, all other factors held equal, customers will pick Windows most of the time. What’s the reason for this? Well, we speculate that it’s because they recognize the Microsoft brand and the Windows brand. It’s something they’re familiar with on their desktop, so they are more comfortable with choosing it as a server operating system.
The Microsoft brand is readily recognized and Microsoft’s operating systems are widely preferred. Brand recognition makes Windows by far the leading choice.
Within that platform is a family of products we call the Windows Server System. Products in the Windows Server System are designed to comply with a set of technical standards called the Common Engineering Criteria, which specify how the products should work and that work well together to improve the security, reliability and performance, and reduce the complexity of IT infrastructure (http://www.microsoft.com/windowsserversystem/cer/report.mspx). At a base level the Windows Server System includes Windows Server 2003, which includes functionality like Web serving, etc. Above that, there are a series of products designed to address the needs of modern IT organizations. For Web hosters this means that you can start off by offering basic web hosting using Windows Server 2003, and then optionally grow your business to offer more comprehensive hosting solutions with the other products in the Windows Server System family. ############################################ So, this slide shows you all of the breadth of the server products in Windows Server System and as you look at that, I want to mention that, on November 16, 2004, we took the next step in our Common Engineering Roadmap. We published on our public webpage, http://www.microsoft.com/windowsserversystem, our Common Engineering Report. So you can go up and see all of the criteria which I’ve been showing you and see how each server is implementing each criteria. And so you can see if the server has already implemented the criteria and it’s green or, if the server has not yet implemented the criteria, you’ll have a more information buttons that you can hover over and it’ll tell you exactly what the issues are around implementing the criteria and when it will be implemented for that server. So we launched that report on November 16, 2004. The first four products that were published up there were the 2005 products: MOM 2005, Virtual Server 2005, Live Communication Server 2005, and then publishing SQL Server 2005 as well. And we are committing to you that every product as it comes out will publish their Common Engineering Report before or, at the latest, when they hit final beta. So, we hope that this information will help you better plan your investments and be able to really give you the information you need to know what integration you’re going to be getting when you consider a new investment in Windows Server System. I also want to point out that Windows Server System is part of an integrated platform from Microsoft and I highlight that here. The integrated platform also includes Windows Mobility, Office, and Microsoft Business Solutions. ########################### Common Engineering Criteria: The criteria for 2005 are the items that you see here on the list. I’ll highlight a couple of these. We’ve, for instance, committed that every server that comes out – that’s the 2005 model – will have a MOM management pack when it launches, and I’ll give you a quick example of the power of that. If you’re running Windows, for instance, and you’re running Notes as a messaging server, you’ve got a great server platform and you’ve got a solid messaging environment. If you then add Exchange on top of that, you’ve reduced the complexity in your environment because you have an integrated directory. You don’t have separate directories for messaging and overall server platform. Now, you can monitor Windows Server and Exchange, using Tivoli OpenView, Unicenter and other tools, and they’ll show you that Exchange Server is either up or down. And so we support all of the standard interoperability protocols, SMMP and so forth. However, if you make an additional investment in Windows Server System and monitor that environment with MOM, you get the additional benefit of having all of our knowledge about Exchange built into the MOM management pack that comes with Exchange. So, not only can you look at it remotely and see, oh geez, my Exchange Server is down for instance, you could also see why it’s down. We can tell you that based on our knowledge base, 99.9% of the time this particular issue is caused by this corruption and we can give you the remote fix that you can do to fix that issue. The impact that has is huge. Here at Microsoft, we used to have a ration of alerts to trouble ticket of basically 1:1. Every time we raised an alert, we’d have to issue a trouble tickets, someone’s pager would go off – one of you I’m sure will be familiar with that – and you have to walk over the server and figure out what’s going on. Since we implemented the new MOM 2005 management pack for Exchange, we’ve changed that ratio to 35:1. 34 out 35 alerts can be solved remotely without having to create a trouble ticket or having to have a person intervene. That’s an example of what I mean by increasing automation and reducing complexity. And that’s really our goal for Windows Server System. We want to compete and be the best of breed on each one of our individual workloads. We want to have the best messaging system, the best database. And to do that, each of our workloads will also have key interoperability features and support key standards. And so we have a database that does replication with Oracle and DB2 and messaging system that can be managed by any management system. But, at the same time, when you make multiple investments in Windows Server System, we want the whole to be greater than the sum of the parts. 1+1=3 if you will. So, with each new investment that you make in Windows Server System, we want to lower the complexity of your IT environment and the Common Engineering Criteria for 2005 is our key investment and key roadmap to do so. ########################### Each key requirement for a hosted platform is addressed by the Windows-based Hosting solution, based on the secure, reliable, and scalable Windows Server System.
<This slide will build automatically> The Windows Server System Common Engineering Criteria focus on the Fundamentals: Reliability, Availability Security etc. Highlight improvements in Site density (we’re hearing from service providers that with Windows Server 2003 they’re able to get 2000 sites on a box etc.) Key Competitive Points : Windows Server 2003 delivers dramatic reliability improvements over previous versions --many reliability perceptions are based on legacy NT4 (7 years old and now 2 generations old) and IIS 5.0 comparisons and it is important that customers make decisions based on the latest versions and reliability data. Improved Performance NILE Benchmark: (Hardware: 8P 50 MHz PIII Xeon, 2xGB NICs, 16GB RAM) Using E-commerce benchmark from Doculabs Measures the overall performance of scenarios commonly used by E-commerce sites Static (72.4%) and dynamic (27.6%) requests Logon, browse items, search, shopping cart operations, check out Static file caching, dynamic response caching, data-base operations, session state mgmt Hosting sites: Able to host more sites (up to 50,000 sites with 2GB RAM) Better throughput (310% better at 10,000 sites) Startup times dramatically lower Centralized logging 20% better with 10,000 sites (larger improvement with more sites) Improved Reliability and Availability Next, let’s consider another key customer need: increasing reliability and uptime . WS03 delivers dramatic reliability improvements over previous versions of Windows- --WS03reduces downtime by 8x over Windows NT and 4x over Windows 2000. Many reliability perceptions are based on legacy NT4 (7 years old and now 2 generations old) and IIS 5.0 comparisons and it is important that customers make decisions based on the latest versions and reliability data. Several new or improved features make a big contribution to greater reliability: For example, to mitigate the effects of faulty device drivers—the single largest cause of unplanned downtime—can have on server reliability, WS03 includes features like: Driver verifier . Tests kernel-mode and graphics drivers for illegal function calls and other behaviors that may cause corruption, including enhanced tests for asynchronous I/O errors, surrogate IRP errors, user mode buffer overwrite errors, and potential deadlock behaviors. Windows Driver Protection . Drivers with known problems are prevented from installing and integration with the Help and Support Center in Windows Server 2003 points customers to upgraded driver versions. Device Driver Rollback. Drivers can be rolled back to a previous version when a newly-installed driver version negatively affects performance or stability of the server. Driver Signing. All drivers are checked for digital signatures prior to installation, and drivers with improper or missing signatures can be prevented from installing. WS03 also significantly reduces reboots that are required for common maintenance system tasks—for example: Multiple operating system updates can be installed with a single reboot, and an estimated 40 percent of all critical updates can now be installed without a reboot. Reboots are no longer required for common reconfiguration tasks and the number of reboots is reduced for other operations, such as renaming a domain controller. When downtime does occur, WS03 includes built-in features to understand and correct the causes of downtime like: Windows Error Reporting, a configurable feature in Windows that can transmits information on operating system and application crashes to Microsoft, where it is used to drive product improvement. Shutdown Event Tracker (SET) which provides a way to consistently track why a server is shut down or rebooted. System administrators can choose to have the information forwarded to Microsoft to be used to further understand customer environments and root causes of downtime. Microsoft Reliability Service (MRS), a hosted business intelligence service for the IT community. The results of analysis are presented through an intuitive, secure, Web-based interface. Features like Automated System Recovery, a one-step process that can be used to restore operating system, system state, and hardware configuration in disaster recovery situations cut downtime as well. Customers tell us they need to increase reliability and decrease downtime: in keeping with Microsoft’s commitment to integrated innovation, WS03 includes rich diagnostic, system restore, and prevention tools that span the Windows Server platform. <Backup details for graph>: RTM bar represents a prediction based on observed customer improvement; NT4 SP4 – 12 customers, 35 years of total runtime, May 2001 to October 2001; W2K SP2 - 5 customers, 34 years total runtime, October 2002 to April 2003; WS3 RC1 - 5 customers, 27 years total runtime, October 2002 to April 2003 This information is for those who are familiar with previous versions of Windows Server and want to see how performance of specific interest to hosters has been boosted with Windows Server 2003.
Non-Windows–based hosters are interested in Windows Server 2003 security improvements. Windows has dramatically ramped-up security through Microsoft’s company-wide security effort, while competitive platforms are falling behind. Time: 2-3min [ Note: the Security messaging has been updated to the latest from the security team – scroll down for notes ] [ Note: I added some copy about SP1 below. You can get more background on SP1 enhancements here: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/overview.mspx ] Throughout this period of rapid adoption our investment in security has paid off. There have been zero IIS6 security vulnerabilities in the two years since launch. But we’re not stopping there. SD3: Security by Design, by Default and in Deployment: [ see below for notes on the Windows Security Push ] Microsoft has adopted a simple set of strategies called SD 3 . The SD3 framework has three core concepts: Secure by Design, Secure by Default, and Secure in Deployment. These concepts have shaped the development process to help deliver secure systems. Secure by Design means that you have taken the appropriate steps to ensure that the overall design of the product is secure from the outset. Include threat modeling at the design phase and throughout the project to identify potential vulnerabilities. Use secure design, coding, and testing guidelines. Secure by Default means that the product is released so that it is secure out of the box. If features are optional, and you can turn them off by default. If a feature is not activated, then an attacker cannot use it to compromise your product. Ensure that only the least amount of privilege is required by user accounts to run your application. Then a compromise can have less serious consequences than if an attacker is able to run malicious code under an account with administrator privileges. Ensure that effective access controls are in place for resources. Secure in Deployment means that the system is maintainable after installation. If a product is difficult to administer, it makes it more difficult to maintain protection against security threats as new ones evolve. Ensure that users are educated to use the system in a secure manner. If a security vulnerability is discovered and a patch is necessary, ensure that the fix is fully tested internally and then issued in a timely manner. The SD3 security framework has proven an effective tool for encouraging the adoption of secure development practices. IIS6 Results Key Benefits: Major reduction in attack surface area, More secure Web infrastructure, Tighter security for Web applications Server locked down by default: IIS 6.0 is “locked down” out of the box with the strongest time-outs and content limits set by default. For example, IIS 6.0 serves only static files by default, and other file extensions must be turned before they work. In addition, IIS 6.0 runs as a low privileged account (NetworkService, with only 7 privileges) by default. These measures have significantly reduced the attack surface in a hostile environment. Fault tolerant architecture: Other security enhancements in IIS 6.0 includes the fault-tolerant worker process architecture with process isolation and application health monitoring, rapid fail protection, Security for applications: enhanced SSL implementation, constrained delegation, protection against buffer overflows (memory-overflow protection ensures that once a buffer or memory overflow has been detected in a particular worker process, the worker process will be shut down so that it cannot affect other worker processes.), protection against DOS attacks (can be configured so that if an application pool fails too often within a short amount of time, its processes will be automatically disabled. Rapid-fail protection places the application pool in &quot;out of service&quot; mode, and IIS 6.0 immediately returns a “503 Service Unavailable” error message to any new or queued requests to the Web sites and applications that are in the application pool.) SP1 Enhancements Reduced security administration costs: Attack surface reduction is a fundamental security best practice, yet it is too difficult for most resource-constrained administrators to find the time to properly secure, test, and deploy a Windows server without breaking required functionality. The Security Configuration Wizard (SCW), one of the new features added to Windows Server 2003 in Service Pack 1 (SP1), uses an intuitive, role-based process to guide administrators through reducing the attack surface. <Optional> With SCW you can disable unused services easily and quickly, block unnecessary ports, modify registry values, and configure audit settings. Don’t be fooled by the term “wizard”. The SCW uses a roles-based metaphor driven by an extensible XML knowledge base that defines the service, port, and IIS requirements for over 50 different server roles including roles for applications such as Microsoft Exchange and SQL Server. The SCW also allows you to rollback previously applied policies and is accompanied by a full-blown command line tool that allows you to perform configuration and compliance analysis en-masse. The SCW also integrates with Active Directory to support deployment of SCW-generated policies through Group Policy </Optional> Improved auditing to maintain network security: Monitor and audit your Internet Information Services (IIS) configuration settings. The metabase is the XML-based, hierarchical store of configuration information for Internet Information Services 6.0. The ability to audit this store allows network administrators to track what, when, who and how a metabase change has been made. Support for new HW-based security technology: Bolster your defenses with &quot;no execute&quot; hardware support and software. Data execution prevention (DEP) is a set of hardware and software technologies that performs additional checks on memory to help protect against exploitation of your system by malicious code. Windows Server 2003 SP1 fully utilizes the DEP capabilities built into servers by many manufacturers and further augments those capabilities with DEP software of its own. ############################## Windows security push As part of the Trustworthy Computing Initiative, Microsoft has significantly increased its focus on security. For example, in early 2002, the development work of all Windows engineers, more than 8,500 people, was put on hold while the company conducted intensive security training. Once the training was completed, the development teams analyzed the Windows code base, including HTTP.sys and IIS 6.0, to implement the new learnings. This represents a substantial investment to improve the security of the Windows platform. In addition, during the design phase of the product, Microsoft conducted extensive threat modeling to ensure that the company’s software developers understood the type of attacks that the server might face in customer deployments. HTTP.sys code was compiled at a high compiler warning level before being checked in, and was scrutinized using advanced source code analysis tools before being checked into a build. We also improved security test coverage, running software tests at much higher stress levels than was previously the case, and developing tests that specifically target HTTP.sys,. Finally, the development team included a group of testers who performed penetration testing against all components of IIS including HTTP.sys. </ end optional long intro >
The Microsoft Solution for Windows-based Hosting was created to empower hosting service providers to lower operational costs through automation, while propelling revenues through the deployment of enhanced, managed services. The solution was built to address some of the operational challenges faced by hosters. We started with the first version about 5 years ago, and since then, it has evolved significantly. Talk from outside in; “when you look to offer services, you need to be able to provision, monitor, manage updates, manage users etc”. Solution designed to help you address those concerns. Solution also allows you to move beyond basic web hosting, and offer services such as Hosted Exchange, Hosted Windows SharePoint Services, etc. This is modular. You can deploy only the pieces you need in your business. Platform This slide illustrates all of the components used in the hosted solutions for service providers. Based on the Windows Server System, the solution offers platform components that enable you to offer different services to your customers. Services Using our server platform, we offer you the ability to grow your offerings through different services as appropriate to your business. Some of the additional services that we offer as part of the solution are: Hosted Messaging and Collaboration Live Communications Server 2005 Web Hosting Data Hosting Windows SharePoint ® Services Hosting This is not an all or nothing solution. Microsoft has created an integrated set of solutions designed to meet the needs of various types of service providers. As we continue to talk about Microsoft’s commitment to Web hosters and service providers today, you will get a more detailed introduction to our solution road map and to how we can work together for mutual success.
We’ve talked a bit about the market opportunity, the demand for Windows-based hosting, and the suitability of Windows as a platform for hosting, now we’re going to discuss some of the technical guidance and partnership programs that Microsoft offers for solution providers. The hosting group at Microsoft is focused on four key areas to help hosters build their businesses on Windows: Solutions Licensing Technical Training Marketing Tools Microsoft partners: Have access to exclusive member content Are eligible for the Services Provider License Agreement (SPLA) Receive notification of new webcast sessions, classroom-based technical training events, online information resources, and one-to-one feedback opportunities as they are made available. Have support from a growing technical community – Hosting Evangelists who have experience hosting on Windows and other platforms << Highlight future webcasts >>
Microsoft ® SPLA is a pay-as-you-go process, aligning your software investment with your monthly revenue streams. What does this mean for you? 1. Avoid upfront costs. 2. Map your licensing costs to your business model. 3. Pay only for what you use. Can be used to buy popular Microsoft server software Ideal for hosted and software as a service (SaaS) offerings Example: $18 / month will get you a Windows box. Add $50 / month to get SQL Workgroup. So for $68 you could offer Windows and SQL hosting on an unlimited Web user basis. Built on your ideas and input. This licensing model was created in response to the direct feedback from you, our service provider partners, and it delivers the benefits you asked for: The latest software versions. Your SPLA provides you access to the latest versions of Microsoft software at one convenient price point. A global reach. You can deliver services to your customers around the world without licensing limitations. No term commitments. Because you only pay for licenses actually used in any particular month, there are no term commitments, and no risk of paying for unused licenses. You only pay monthly license fees for the amount of service provided in the previous month—and there are no minimum license requirements. Free demos, tests, and evaluations. You can provide limited demos, tests, and evaluations to your customers free of charge
Internal use: Default allows for internal use if such use is less than 50% of the total use of product (calculated product by product) each month [Sect. 3(e)]. Alternative allowed: Waiver of 50% limitation during first 6 months of SPLA term. Customer demonstrations: Allows service provider to dedicate 50 active user IDs in order to demonstrate software services to prospective customers without need to report use. Customer evaluations: Allows free use of product by end customer on a trial basis for up to 30 days. Evaluation and testing: Default allows service provider to test and evaluate software product without need to report use for up to 90 days. Server administrators: Default allows 20 server administrators per data center.
SPEAKER: Review this quickly as this topic is covered in other presentations in this series. The notes are good background material, but not necessary to review for this presentation. Speaker Notes: The Microsoft Partner Program is a single integrated program that brings together all previous partner offerings into an integrated framework focused on partners’ customers and business. The Microsoft Partner Program: Recognizes expertise through competencies. Partners can define their expertise and map that expertise to their customers’ needs. Rewards partners for impact in the marketplace. Partners can attain points through a number of activities including certification, sales of Microsoft products, customer references, and joining the Small Business Specialist Community. Delivers value to help partners be more successful through tools, benefits, and resources that support all stages of the business cycle and help partners maximize potential revenue-generating opportunities. There are three main ways the Microsoft Partner Program can benefit a partner’s business. First, it can help a partner to r ealize business potential through innovative Microsoft technologies, a stronger relationship with Microsoft, and the global partner community. The Microsoft Partner Program can also help strengthen a partner’s position and extend a partner’s market reach through innovative Microsoft technology and Microsoft Partner Program assets to build revenue, sales momentum, and prominence while increasing partner’s market impact. Finally, through the Microsoft Partner Program a partner can reduce operating costs throughout all areas of their business using valuable software, targeted training, and support assets that improve operational efficiency and increase profitability. Simply put, the value of participating in the Microsoft Partner Program is that it will help partners meet the needs of customers.
Microsoft really does offer a one-stop-shop partnering opportunity. Presentations later in the day will provide more detail on each of these points. If there is one URL to remember – www.microsoft.com/hosting.