Why we 'banned' Windows Vista

Q&A The National Institute of Standards and Technology has put a moratorium on using Windows Vista, but that's business as usual, says agency's CIO.
Written by Joris Evers, Contributor
The prestigious National Institute of Standards and Technology has put a ban on Windows Vista, but that's standard procedure, according to NIST's chief information officer.

NIST, which does research and sets standards for things like cryptography for government use, is among several federal agencies that have put a moratorium on the use of Vista. The agencies are taking some time to make sure that the new Microsoft operating system meets their needs.

It is not unusual that large organizations aren't rushing to install major software updates. These organizations tend to do a lot of testing before upgrading. The same happened when Microsoft released Windows XP, and again with Service Pack 2 for Windows XP. Microsoft widely released Vista in late January.

Simon Szykman, chief information officer at NIST, was slightly irked by some of the media reports on his agency's move, which painted the ban as a major slap in Microsoft's face. In fact, Szykman said, this is business as usual. Ultimately, NIST expects many of its PCs will run Vista. Still, Microsoft has predicted a swift adoption of Vista by businesses.

NIST, based in Gaithersburg, Md., employs about 2,900 people and has an additional group of about 1,800 visiting researchers who complement the staff. Szykman spoke with CNET News.com about his organization's plans for Vista.

Q: What is your current position on Windows Vista?
Szykman: Our policy states that we're not allowing users to install or deploy Windows Vista for the time being. We consider this to be an interim policy to give us the time to do the adequate testing of Vista before we deploy it. We don't expect to have any obstacles that would prevent us from eventually deploying Vista.

Does the same go for Office 2007 and Internet Explorer 7?
Szykman: For Office 2007, there is no policy to prevent individual users from purchasing and installing it, but we are not proactively rolling it out. On the issue of Internet Explorer 7, we have advised users not to upgrade to IE7 and are blocking downloads and automatic updates of IE7, again as an interim measure pending interoperability and compatibility testing. It is known that not all Web-based applications that run under IE 6 will function under IE 7, so we need to ensure that our critical business applications work, or are updated if initially they don't work, before deploying it internally.

How long does this process to test typically take?
Szykman: That is hard to say in advance. It can take several months to do all of the various types of testing that are needed. And also depending on what happens, it may be necessary to wait for Microsoft to issue fixes or updates before it is functional enough to use operationally.

What kind of things do you look for?
Szykman: We look at a variety of issues. We look at interoperability testing, whether Vista works well with our existing networks and other machines on the network. We look at application testing, to make sure that the critical business applications that we have will actually run under Vista. We look at the ability for us to adequately secure machines that are running Vista.

We don't expect to have any obstacles that would prevent us from eventually deploying Vista.

We also need to ensure, in addition to the applications, that there are drivers available for legacy equipment that we already have in place. We also need to ensure adequate training of not only the user community but our CIO staff so that we're prepared to respond to various troubleshooting and help requests, and the people here are also trained to do the deployment.

These are the kinds of issues that we need to be concerned with. It's not just having some music-ripping software on a computer that stops working in case of incompatibilities. We have business-critical applications, and if those stop working it gets in the way of doing our job.

Is there anything in particular in Vista that you like?
Szykman: The encryption capabilities that are built into Vista are potentially useful from the perspective of federal government mandates. It is hard to say until we've adequately looked into its functionality and effectiveness, but there is currently a mandate for encryption of certain types of information and the use of encryption on laptops, so that's potentially something that will be helpful.

Is there anything in Vista that might make you postpone upgrading to it?
Szykman: Nothing that I'm aware of in advance. We'll have to see what happens with the testing, and interoperability, and availability of drivers and our applications to run on it and so on. But at the moment, we're not anticipating any specific obstacles.

Do you have any particular concerns that you're going into the test with?
Szykman: I don't think there are any predispositions or any particular hot issues. We're going into it with a relatively open mind as well as just looking forward to seeing what comes out of it.

Do you have a lot of homegrown applications?
Szykman: We have some, but for the most part we deal with commercial off-the-shelf software whenever we can. There are some applications that are tailored to our requirements.

In the past, how long have your testing cycles been for a new operating system update?
Szykman: I haven't been through an equivalent testing cycle here. What I can say from common practices is that it is typical for this to take some months. Sometimes the deployment will wait until after a service pack is released. In cases where people do decide to wait for a service pack, it's because they're expecting the service pack to address issues that they view as holding up their deployment.

This is just part of the way business is done. It is part of a cycle and lifecycle of management of IT.

Do you feel that Microsoft is helping you out? Are they involved at all with what you're doing?
Szykman: Our testing is internal, but Microsoft certainly has expressed a willingness to work with customers both at NIST and across the federal government. We don't see any difficulty in working with them.

Microsoft is not pressuring you into upgrading sooner?
Szykman: Not at all. They're fully respectful of customers making these types of choices and they certainly understand the need for testing before deployment when you're talking about large, managed organizations.

Have you used Vista yourself?
Szykman: I have not.

What operating systems do you use mostly at NIST?
Szykman: Primarily Windows, but not exclusively. We also have Linux users, Macintosh users, and people who use other flavors of Unix.

Would you ever consider moving to a predominantly Linux, Mac OS or other operating system environment?
Szykman: There's nothing in place that would prevent that from happening. It really depends on what the business requirements are and what people choose to use. There's no obstacle to more people using other operating systems. People are able to use the operating systems they choose.

Are you happy with what Windows XP does for you today?
Szykman: So far that is supporting a majority of our population and it has been working fine.

Does it make sense to upgrade to Vista if XP is not broken?
Szykman: That's true, except that it's just part of a natural refresh cycle, and we expect Vista to start coming into our infrastructure in an increasing way as part of the natural refresh cycle. This is just part of the way business is done. It is part of a cycle and lifecycle of management of IT. Hardware gets refreshed, software gets refreshed, applications get upgraded, and operating systems get upgraded. Certainly there are hiccups here and there, but that's the case with every instance or every step in the process.

Editorial standards