Microsoft's Most Valuable Asset
padgeblog.com"In fact, so many people I work with don’t use Windows as their host OS."
Then the people you work with are a edge case minority.
Windows absolutely and completely dominates the desktop computer landscape in both enterprise and home. Most estimates have it at 90-95% penetration worldwide vs mac/nix.
For anyone who may say macs are now selling more than ever before and that MS is losing market share fast, remember that apple is not even in the top 5 for computer manufacturers. For every Mac computer sold, there is 90+ Windows equipped computers.
While MS may be in trouble in the phone/tablet market, they still are on extremely solid footing in the desktop market. The question just becomes, what will become a desktop computer in 5 years. Will we all abandon what it is currently and move to tablets?
By this reasoning, programmers and software developers are an edge case minority. Yes, they are only a small chunk of the people who buy computers, but they have tremendous influence over the future direction of the field.
Which is to say, paying attention to the mass of office workers does not tell you something about the direction of the software world, it tells you about what dogfood is being forced onto the workers at this moment in time.
I largely agree with what you're saying, but at some point some of the workers eating the dogfood become the managers buying the dogfood. Sometimes (hell, maybe the majority of the time) their decisions are self-serving and uninformed; but sometimes their decisions really are based on making the organization as successful as possible under their current circumstances.
It's at this point that we look at what the majority of dogfood buyers are buying and realize that the influence of software developers is probably less than the influence of the people buying the software (sorry for restating the obvious there).
Anyway, the point, if I have one, is that the mass of office workers probably does tell you something about the direction of the software world -- and in fact, if we consider the net worth of IBM, Oracle, SAP, CSK, MSFT, Intuit, Autdesk, etc.; we might find we are at odds about where the 'tremendous' influence is coming from, if there is any such thing as 'tremendous' influence at all.
This being HN, here's the obligatory disruption remark.
> "IBM, Oracle, SAP, CSK, MSFT, Intuit, Autdesk"
Ripe for disruption.
Go, HN, go - disrupt the dinosaurs.
I'd like to add ESRI to that list if I may.
If you have accurate stats for programmers/developers showing their desktop choice, by all means.
I would bet on Windows being well over 90% still. Remember Microsoft sells worldwide, not just to silicon valley. How many programmers in China do you think use Macs?
Could not agree more
What also people seem to ignore is the current surge of workstation users switching from mac pros to cheaper and more powerful workstations with windows
Not quite. For every Mac sold ~16 Windows computers are sold. 2004 was Apple's worst year VS Windows and even then the ratio was 55:1. It is not now, nor has it ever been close to 90:1. The numbers are easy to find, and there's no excuse for pulling numbers out of thin air as you did above.
If you include tablets with computer sales (a line MS seems eager to blur) then Apple is the #1 computer manufacturer in the world at 14.6% of market share. HP is #2 with 14.1% of combined computer and tablet market share.
Sorry, but this is completely inaccurate. Normally I would let it sit here as this post is over and nobody will see it, but those figures are not worldwide data. In some areas Mac certainly has higher penetration but it is absolutely not the case in worldwide sales. Again, for every 1 mac sold, there are 95 computers loaded with windows sold worldwide.
Latest peer-reviewed stats I could find:
In August 2011, Gartner estimated Apple's PC market share in US as 10.7% for Q2 2011. Apple's worldwide market share is not listed, because it is not in the list of top 5 computer manufacturers, and is inferred to be 5% or lower.
That suggests a lower than 1:90 ratio for worldwide, at 1:95
Im sure that there are many mac-fanboy stat posts showing more penetration but the fact is, they simply are -not- shipping anything near the levels you are talking about. Apple is a public company and you can simply see their numbers vs just one or two US shippers (HP/Dell) - Never mind the overseas producers.
Of course this is purely anecdotal, but I've seen a few Windows-only places become mixed Windows and Mac. Yes, it may only be 10% Mac today but that's from 0% two years ago. And the macs are seen as desirable, so I wouldn't be surprised if it increases, especially as the IT department processes for integrating them have been worked out.
In 2006 I helped put in an OpenLDAP server in a medium-sized company (150 users). Once we'd gotten past the initial hump of configuring everything to work with it, it was really nice to have single sign-on and a list of users and permissions accessible from any computer on the network.
Since we could access the directory from perl it was easy to make a simple UI for the support team to make changes.
Maybe I'm missing something, but I don't see Active Directory as being that big of an advantage over OpenLDAP. If your company is small, you'll do fine without any central directory. If it's large, the cost of implementing and supporting OpenLDAP should be less than the cost of the CALs for Active Directory.
The OP is bang on - I started work at Netscape in 1996, went over to Oblix in 1999 (A pure play LDAP management company) and then spent the next 2-3 years in a startup (Loudcloud) in which we tried to run our entire infrastructure off of Netscape Directory Server (Still, one of the finest engineered products I ever worked with - only had issues when you ran out of disk space).
Eventually, after I started managing IT, with all of the Windows Systems, and Exchange Servers, and Users - AD just infected us, and it's really hard to get out of your life. For a while, it was Blackberry Enterprise Server (BES), but being able to control whether people can login to their laptop/desktop/VPN/Email/etc... through AD is just so much easier when you have a lot of windows systems. Also - Group Polices, ACLs on things like Printers, File Systems, and other Resources - and now with Lync starting to pop up....
If you can live without Microsoft Exchange, and you don't have a lot of windows laptops, you can probably avoid it - but, AD really is the competitive weapon that Microsoft continues to be able to wield to keep themselves in the heart of a lot of IT environments.
Would love to go run an environment/company that had a pure-play LDAP server like OpenLDAP, Netscape/Fedora/389 Directory server, or, OpenDS.
For 150 users (which is a pretty small company in the grand scale of things) in one location and without too complicated authentication/authorization needs OpenLDAP is fine. Active Directory really comes into its own when you have lots of users, lots of locations, lots of admins (each responsible for a different area) and a more complex authentication/authorization structures (assuming you are running a fairly pure Microsoft stack).
The problem is that the initial hurdle of configuring it, when considering the time spent, is expensive in face of AD licensing.
LDAP goes out of the way to be complicated. Ad is nicely packaged, clicky, clicky, and "anyone" can manage it.
That's where MS makes its money. People are expensive.
In the corporate space I'd agree, but the Xbox brand isn't to be discounted. The Halo series is a money printing machine.
"All in all, the Halo franchise has made nearly $3 billion from sales."
"Halo: Reach, Halo creator Bungie's last Halo game, made more than $200 million in sales in the US and Europe in the first 24 hours of release. This figure eclipsed all previous 2010 US entertainment launches, including the three-day opening weekends of Iron Man 2, Alice in Wonderland and Toy Story 3."
http://www.eurogamer.net/articles/2012-10-31-more-than-46-mi...
http://www.reuters.com/article/2012/11/12/us-microsoft-halo-...
That is $3bn in revenue for the whole series. The first of 5 (?) titles has been released 10 years ago. While this revenue for a game series is impressive, its insignificant given MSFT makes >$70bn in revenue per year.
My dayjob is as a business process consultant, specialising in the Atlassian application stack among other things.
Almost every single hour of my time working with an enterprise customer involves dealing with AD or related Microsoft products in some fashion.
In the enterprise, I almost always deploy to windows products, over the preferred linux+postgres+apache stack, because the business has already invested in resources to manage Windows Server, Microsoft SQL Server, and IIS, in conjunction with AD. Configuration tends to be more platform agnostic, as the applications are Java based, however the number of gotchas that seem to crop up around the Microsoft products make it a big enough pain.
It's unfortunate that the link to AD so often blossoms out to the entire infrastructure stack, as the products are in many ways inferior to their open source relatives, but the momentum, support and resources are already there and it doesn't look like changing anytime soon.
While I've certainly seen firsthand the importance of AD in enterprise, and I agree that it will continue to sell a lot of Server and SharePoint licenses for MS - I think Office is probably a stronger most valuable asset for a variety of reasons. Among them, Office actually is MSFT's most profitable product and it actually currently doesn't face any noteworthy competition (not that AD does, mind you).
Also, I had to check to see if 'blogosphere' was coined prior to 2001, and found that indeed it was.
Office has strong competition. I've seen businesses switch to LibreOffice under the threat of BSA. And Google Apps is just awesome ... being an online service it doesn't have all the features of Office, but it's within reach 24/7 on whatever device, wherever you are, the only requirement being an Internet connection.
Being able to make changes to a document (collaboratively too) from an iPad or an Android device, while commuting, is the definition of awesomeness.
I like Google Apps, but at the enterprise level there hasn't been much traction. Now MSFT has answered with SkyDrive and OfficeLive. It might be a stretch to suggest that Google Apps isn't competition, but I don't think it has competed very well at all to the present. Also, it doesn't look like LibreOffice is doing much better than OpenOffice ever did. Orgs try it, but often end up going back to Office - and every time it happens, it provides negative feedback for other Orgs who are thinking about switching.
So I haven't seen big Orgs switching to Libre/OpenOffice - since they have the resources necessary for whatever licensing and because they get special deals too and because MS Office is a lot better than Libre/OpenOffice, then they have no real reason to switch.
However, the big problem Microsoft faces is that one reason Office is popular is because of piracy, which is like this freakishly big elephant in the room. I can bet that most home users that use Office do not have a license for it - I've seen this happening with small to medium businesses too in my country at least.
And for a small to medium business, what makes more sense? Shelling out the cash for Office licenses or going with a completely free and legal alternative? Considering most such businesses don't actually need Exchange integration or other niceties that MS Office provides, the choice is pretty obvious under the threat of being caught.
And this is the big problem for MS Office - it's an awesome software package, but judging relatively to its upfront cost to home users or small/medium businesses? Well, the extra value provided starts to fade in comparison to a $0 price tag.
Beyond Google Apps, Office faces major "competition" just from less of what people do with computers being about Office-like documents and more about less formally structured web activity.
This could ultimately be the end of Office, but at the moment, Rich Text docs and spreadsheets still rule the enterprise. And as far as that goes, with strong Excel-SQL Server (or other database), integration for data analysis, Excel may be the strongest product in the suite (and Excel might very well be the reason Office is so strong in enterprise).
I think this situation could change rapidly, but MSFT has the momentum, and I could also see Office remaining out in front. It's difficult to imagine someone coming along and supplanting Excel with something superior at the moment.
Office too, has a strong dependency on AD. AD is how Office documents are protected (rights management), how they're synced to Office 365 (WS-Federation -> AD), and how they allow multi-person, simultaneous/real-time editing. Amongst other stuff.
AD is probably much more entrenched though. Office is a tool; AD is an infrastructure.
This guy is spot on. I've done quite a bit of time in the corporate environment running middleware systems such as LDAP and AD.
Google Apps does not have a viable solution because it is not in house. There is no easy way to extend the schema and integrating with Google Apps is actually quite difficult. There are tools to help you integrate from Active Directory to Google Apps but not the other way around.
Also Active Directory is actually pretty awesome from a management standpoint. Suppose today you wanted to have 50k linux boxes with all the same logins. You would probably use LDAP (which is essentially AD under the hood). But how about automatic package management per user? How do you configure that? AD has all this built in and more.
> LDAP (which is essentially AD under the hood)
This is false. LDAP itself is nothing more than a protocol (that's what the P stands for). There are very popular implementations of this protocol (OpenLDAP being just one) but even they are not "AD under the hood".
AD = LDAP + Kerberos + Microsoft proprietary extensions
So if anything, under the hood of AD you will find LDAP, but not the other way around.
I had that reversed. AD is at its base LDAP.
I worked for a company with 25,000 office employees worldwide and can say that they won't be leaving Microsoft anytime soon for this reason.
They were using IE6 all the way up until 2010, finishing the deploy of IE8 two years after it was released. :/
So, what I'm taking from this is that the author feels Microsoft should pull an IBM and basically completely withdraw from the consumer market. While it's true that Microsoft's best domain is in the enterprise market, I have to imagine there's more to it than them "wasting money" on IE, Bing, etc. AD is great, but even in the server space Microsoft has a lot more to offer than just one product.
I like the author's main point and I agree with it without hesitation, but I can't support the supporting arguments. Especially considering Microsoft is still a huge success in the desktop market (a market that isn't quite as dead as some seem to call it).
This is probably only of historical interest but: in 2001 I started building a Linux-based Active Directory replacement, XAD. I first demonstrated it in 2003 and I think we shipped around 2005. The underlying technology was OpenLDAP and Heimdal, but obviously with a lot of homegrown code (many RPCs, support for multimaster replication, etc).
XAD was sold to Novell in 2007 and was rebranded Domain Services for Windows. I haven't really followed its progress since; of course, Samba4 is also now an effective Active Directory replacement.
Great call out on a reasonable strategy for Microsoft to remain successful, albeit less relevant in the consumer market. (There is another comment alluding to taking the route of IBM, cementing their place in enterprise but sacrificing the consumer market a bit). AD is definitely a great asset that is probably not thought of as much as it should be given its usage, as you point out.
I would say, though, that claiming that IE and Bing advertising is "wasted" is pretty bold. Sure, OSD hasn't started turning a profit yet, but there is something to be said about Bing having ~30% market share and the fact that if Bing did not exist, Google would almost certainly have a complete monopoly on search today. The data generated from Bing and the Bing ecosystem is incredibly valuable, but Bing Ads have yet to unlock the full revenue potential unfortunately. Consider, though, that Google and Microsoft are the only two companies that have the unbelievably valuable asset that is an index of the entire (within reason) web.
Yeah. People seem to forget that MS has a larger share of the search market than Apple does of the PC market. And search has given the market leader (Google) a 200bn+ market cap!
So not exactly throwing money down the drain.
The difference is that on PCs, Apple takes a far higher profit margin than other manufacturers.
On Search, Bing has a lower profit margin than Google.
Apple's model is good for making money as a smaller player. Bing's is not.
Not really a well written piece. In fact, it's pretty poorly written.
But yes, AD is king in most enterprises. Definitely one of Microsoft's most important assets.
And that can be said with way less text. Like I just did.
Please someone create a cool, cheaper alternative to AD that runs on Linux and does not suck!
Insert below mandatory answer about how great existing open-source solutions are.
I happen to know of two CIOs of very large enterprises who went with LDAP instead of AD with a very clearly stated goal of not being locked into a single vendor.
So it's happening, even if it's just a trickle at the moment.
But to me, comparing LDAP to AD is like comparing an engine to a car, isn't it?
LDAP is a protocol, it is not a standalone service. Don't you also need a client-side authentication mechanism and server-side sharing system that is seemlessly compatible with LDAP?
Corporate directories aren't something I'm familiar with, so forgive me if this question seems naive:
Does Google Apps for Business (i.e. http://www.google.com/enterprise/apps/business/ ) have a viable solution for the corporate directory, or do they just expect you to use a third-party solution like Microsoft Active Directory?
> I could care less
I couldn't care less
Yup, my pet hate too.
I stopped reading at "I could care less".
Yes, me too. This is so irritating. The proper usage surely must be "I couldn't care less."
"I could care less." - There is room for you to care less than you care now. This phrase is meaningless as a way to describe how much you care about something.
Well, as a matter of fact, I would understand 'I could care less' when someone has been taken with something too much and realizes it. Obviously, it seems the OP's meaning was not this...
Yes, its irritating, like not using the apostrophe correctly :-)
At the risk of intentionally misunderstanding the OP's definition of the word 'asset', aren't their developers supposed to be their most valuable asset? I'm not saying they are, just that if they aren't (anymore), I'd worry about that instead.
It's now on an interesting fork right now. ActiveDirectly is possible via DCOM and MMCs, but Microsoft is thinking of replacing it with .NET Remoting and Web based UIs.
I'm not familiar with big orgs. What does active directory facilitate mostly? Like seeing a list of other computers in the company and accessing their drives?
In abstract, centralise everything. You have a "Domain Controller" which is basically a server which everything authenticates against.
Settings from domain controllers (privileges etc) are propagated over the network to other servers (Email,File servers etc).
So when you authenticate against a DC (by logging into your workstation etc) you get a token back which can be sent to other hosts on the network who then understand what to grant access to based on that token.
This makes it easier for a large org with an international presence to allow say marketing teams in the London and New York offices to have access to the same files etc and be able to use each others workstations interchangeably whilst all being managed by the IT team in Mumbai.
This means that if you stick to mainly MS products you get the advantage of knowing that everything will integrate into AD so you spend less time handrolling shared authentication etc.
Nitpick - AD supports a centralised topology, but is more effective when decentralised. You can deploy as many domain controllers as you like, you can separate global catalogues entirely, and deploy multiples of those, and you can even separate domains within forests, and then create cross-domain trusts. If you want to create cross-forest trusts you can do that using Active Directory Federation Services (ADFS).
ADFS is hugely under-rated, and is arguably the most capable identity federation software out there because it's the only implementation I know of that does both passive- (browser-based), and active federation, which allows you to authenticate against AD from your JSON service.
That story gets even better with U-Prove (http://www.microsoft.com/mscorp/twc/endtoendtrust/vision/upr...).
Single sign on, group policies, user account control on a global scale.
Stopped reading when I read 'could care less'...
I stopped at "I could care less".
I couldn't care less about the use of the phrase "I could care less".
Very true.