Microsoft security push cost $100m for .Net server alone

The fruits of Microsoft's new focus on security are coming through, but it has cost money, says vice president in a .Net server preview

Microsoft's much-publicised security push has cost real money -- $100m of person-hours went into the two-month hiatus in development of .Net server, according to David Thompson, vice president of Microsoft's Windows server products group.

Close to 5000 people in the development team spent all of February and March learning security, Thompson told the Microsoft Tech Ed conference in Barcelona. This alone cost Microsoft $100m, as well as putting back product schedules. Other product development teams will incur similar costs, he said.

"Every developer feels it is now a matter of pride that they have to write secure code," said Thompson, denying that Microsoft developers might have found it hard to adjust from writing "cool" code to writing "secure" code. "The team was remarkably excited, at being given the chance to focus on an area that has a lot of public visibility."

Issues of security and management are to the fore in Microsoft's .Net server demonstrations at Tech Ed, as Microsoft makes an effort to convince users it "means business". Unlike previous new operating systems from Microsoft, demos of .Net server focus heavily on issues such as authentication and policy administration.

Even Web services was presented as a management issue, to be solved with UDDI (universal description, discovery and integration) to be included in .Net server. "You will have hundreds or thousands of web services before you know it," said Andy Thompson. "A platform to publish them is really significant."

Managing security will be emphasised in .Net server, with public key infrastructure (PKI) and other tools becoming easier to manage. "PKI will be easier to deploy with auto-enrolment," said Thompson.

And a lengthy part of Thompson's keynote was taken up by a demonstration of group policy management console, which improves over Windows 2000's handling of user environments, which Thompson admitted was clumsy.

Thompson showed a .Net server feature which will give users the ability to revert to previous versions of a document --- a remote equivalent of recovering a document from their desktop's trashcan. The file system in .Net server will store incremental changes so that a "snapshot" of the file system is available, similar to those used by backup and recovery products.

The .Net snapshot will not conflict with third party products, as developers will be encouraged to fit their products into a structure of applications and providers, using common services from "providers", said Thompson.

A demonstration of the forthcoming version 6 of Internet Information Server (IIS), which will be built into .Net server, likewise concentrated on tools to manage and re-use parts of web servers.

ZDNet UK's Developer News Section delivers the latest headlines together with the best UK jobs, right to your browser.

Have your say on all developer topics. From j2ee, to C++, from Visual Basic to Javascript plus much more. Share your experience with others on the Developers Forum.

Let the editors know what you think in the Mailroom.