Conceding that Microsoft's .Net strategy may be confusing for IT managers and CIOs - and not amenable to 'the 30-second elevator pitch' - Microsoft CIO Rick Devenuti insists that the platform has potential to extend the life of large-scale enterprise applications.
Speaking in Sydney this week, he described .Net as a development framework that's not about 'rip and replace'. He cited a customer support application that was having trouble scaling to meet growing demand for 24x7 support worldwide.
"Options were to replace the system or develop Web-based services, which allowed Microsoft to use the rich processes and workflows of that application, but use Web services to remove the issues such as scale," Devenuti said. The work has involved using XML to extract the user 'contracts' component of the support application and making that available as a Web service' via a browser. Dealing with the number and regional variation in user contracts was one of the bottlenecks to scalability for the support application.
Devenuti also outlined some security measures the organisation has taken since security lapses early this year saw Microsoft's own Web sites brought down by denial of service attacks. At the time, the company faced questions about having all four of its Domain Name System (DNS) servers on a single network, a setup that observers said was an inviting target for attackers.
"It was a case of us not having good practices in distributing our DNS [but] that particular attack could not happen again because of changes we have made in our DNS architecture," he said.
"Think about security as three things - people, technology and processes," he said. "We have training in place about the need for passwords to be strong, are now rolling out smartcards to 2500 people (and to the enterprise within six months), we have implemented 802.1X (authentication) for our access points to the wireless LAN, and have segmented parts of the network with IPSec to protect servers from unauthorised use," he said.
"Application designers [and] IT organisations need to think about what's a secure application and how do you build a secure application," he said.
In-house processes with a security emphasis which have been rolled out to customers include the Federated Windows Update Model and the Stay Secure initiative, Devenuti added.