On the final day of Microsoft’s first Ignite conference in Chicago, a standing-room-only crowd made up entirely of admins listened to independent consultant, author and lecturer Mark Minasi as he led them on a discussion of the forthcoming benefits and near-term headaches (at least hopefully near-term) of administrating users of Windows 10.
The crowd’s interest in the subject appeared at first to prove me wrong about my point earlier this weekthat interest in Nano Server, Microsoft’s forthcoming miniaturized server operating system, was outpacing interest in the Windows 10 client operating system.
The 2 Domains
Minasi has been a fixture at Microsoft conferences for well over a decade, and his Friday session proved to be as clear a preview of coming attractions as admins may ever hope to see: reason enough to stay through Friday morning.
And as the session became a discussion with attendees, many of their foremost concerns about the future of their own careers bubbled to the surface.
It has always been very clear to participants that Minasi does not speak for Microsoft, although he does have close friends in the company.
When its technology fails to impress, Minasi never skimps with words… or actions or attitudes, as was the case more than once on Friday when, during a demo, provisioning a Windows 10 user account consumed close to a half-hour of wait time over a slow network connection.
“What Microsoft is trying to do is create a setup that is very clear,” said Minasi at one point, referring to the Windows 10 client provisioning process that he acknowledged has been almost completely replaced with every new test build. “They’re going for very clear, very simple and very obvious. They haven’t achieved that goal yet.”
Much of Minasi’s talk centered on Microsoft’s forthcoming shift to its Azure cloud as a central hub for verifiable identity, and the painfully slow progress during the demo only proved his point. A veteran lecturer, however, Minasi knows how to keep the audience enthused and entertained during the most headache-inducing Microsoft processes.
Azure Active Directory is Microsoft’s cloud-based identity and access control system, which is being rolled out along with Windows 10. While Active Directory has been Windows Server’s network identity system ever since the heady days of Windows NT, the shift of focus for AD to a cloud-based directory is indicative of Microsoft’s astounding course change away from many of its own legacy technologies.
The rapidity of this change is made evident by a warning message that the present Windows 10 build presents, and which Minasi pointed out, explaining (or, more accurately, attempting to acknowledge without really explaining) the current incompatibility between Azure AD domains and Windows Server AD domains.
You see, Windows 10 is trying to establish a deeper partition between business profiles and personal profiles, enabling device managers for the first time to wipe credentials from all classes of Windows 10 devices, including PCs, if for example the user’s employment has been terminated.
The goal there is to wipe corporate assets, including both applications and some documents, from systems remotely, just as MDM admins would with iPhones and BlackBerrys — while leaving the personal account and personal applications intact, thus not destroying the PC.
For the moment, though — and perhaps for the foreseeable future — there is this problem: Azure AD enables access to business applications and documents by way of a corporate Microsoft account enrolled in that directory. The user would log onto her device through this account. Theoretically, this causes a problem if the user’s personal files were only accessible through her personal Microsoft account, as things stand now with Windows 8.1.
That problem would go away if logging onto the business account, in turn, authenticates the personal account too, letting the user log on both ways with a single password or token. That feature might only work, however, up until the point the corporate admin wipes the corporate account.
And that’s what Microsoft’s cryptic error message tries its best to (not) explain. At the end of the message, it beseeches users who don’t understand what’s going on to talk to their support staff to learn more.
Since no one knows what’s going on, that’s a problem.
“How many of you have pasted a mirror on your servers?” Minasi asks, holding up his hand to elicit a response. The admins in the room look around for clues as to whether anyone knows the deeply technical meaning behind his question.
“Then when the error message is, ‘See your administrator,’ how do you do it?” he said.
The Man in the Mirror
It might not have been the most egregious example ever seen of Microsoft using an error message to paste over a technical problem with politics. But as Minasi’s time drew to a close, it was enough to draw some admins’ emotions to the surface.
For one fellow, the trigger was containers — the technology born in the Linux realm, and being replicated in new versions of Windows Server and on the Azure platform. After five days of sessions in which Microsoft representatives and the company’s partners gave hands-on demonstrations of containers in action, one admin remained skeptical about the company’s intentions.
Usually Microsoft is very forthcoming about new technologies that it knows admins may try to put to use in ways other than their original intent. He foresaw an opportunity for containers to be put to use in making client deployments of software easier, though he’d been told (correctly) that containers were a server-side technology.
And that might have been the last straw for him. His fear was that, by shifting the job of maintaining things to the cloud — from Azure Active Directory to Nano Server and cloud containers — the job of administrator was going away completely. His fear was that his job was being obsoleted.
Looking at the nods from the other folks in the room, it was clear he was nowhere near alone.
Minasi attempted to allay his fears by explaining that the cloud is merely a different location for work to be dropped — that the same scripts he built using Visual Studio today, would merely be deployed in a different location.
“Microsoft believes that, when you build line-of-business apps, you’re building n-tier apps,” Minasi said, referring to the ideal that all business applications today have an unspecified number of layers, the cloud platform being just one.
“When we build LOBs, then the front end is going to be IIS [Internet Information Services]… When they talk about LOBs or ‘Modern apps,’ they are assuming it’s at least three-tier.”
In the modern era, the cloud platform is one tier and the on-premise network is another. So the point Minasi was making to this particular DevOps professional was, your platform is not going away.
“I think the thing to remember is, they [Microsoft] are doing Windows half-heartedly. Because desktop Windows is going away.” Here is where you realize he doesn’t speak for Microsoft in the least.
His point is that the job of deploying software on local clients is indeed going away, as Microsoft comes to realize along with the rest of the world that local clients are fast becoming irrelevant.
As long as employees have verified access to their designated apps on the server, they should be able to access those apps on their Galaxy phones, said Minasi (to which another professional in the room, who earlier indicated her experience with Citrix desktop virtualization, agreed).
“You talk about high-speed Internet? You don’t need high-speed Internet!” said Minasi. “Because if I’m the UPS guy, all I’m punching in is the code for what I’ve delivered to [somebody’s] house, and it’s already got the time. It’s only writing 55 bytes! An awful lot of mobile apps are like that. Think of what stores are doing, getting rid of cash registers and let people walk around with iPhones, which reduces the friction.”
For this one fellow, Minasi’s message wasn’t quite enough to quell his concern, but he did take the message seriously. Admins’ jobs have been to maintain client-side operating systems, and that job is becoming irrelevant. As the deployment mechanism changes, admins’ must shift their focus – and if they can do that properly, they won’t have to change their entire skill set.
But that error message, explaining without explaining that the cloud and on-premise AD domains may not yet be joined, was not the kind of message many folks in the room felt comfortable reading.