

Microsoft's Most Valuable Asset - jbpadgett
http://padgeblog.com/2012/10/29/microsofts-most-valuable-asset/

======
DanBlake
"In fact, so many people I work with don’t use Windows as their host OS."

Then the people you work with are a edge case minority.

Windows absolutely and completely dominates the desktop computer landscape in
both enterprise and home. Most estimates have it at 90-95% penetration
worldwide vs mac/nix.

For anyone who may say macs are now selling more than ever before and that MS
is losing market share fast, remember that apple is not even in the top 5 for
computer manufacturers. For every Mac computer sold, there is 90+ Windows
equipped computers.

While MS may be in trouble in the phone/tablet market, they still are on
extremely solid footing in the desktop market. The question just becomes, what
will become a desktop computer in 5 years. Will we all abandon what it is
currently and move to tablets?

~~~
epistasis
By this reasoning, programmers and software developers are an edge case
minority. Yes, they are only a small chunk of the people who buy computers,
but they have tremendous influence over the future direction of the field.

Which is to say, paying attention to the mass of office workers does not tell
you something about the direction of the software world, it tells you about
what dogfood is being forced onto the workers at this moment in time.

~~~
rizzom5000
I largely agree with what you're saying, but at some point some of the workers
eating the dogfood become the managers buying the dogfood. Sometimes (hell,
maybe the majority of the time) their decisions are self-serving and
uninformed; but sometimes their decisions really are based on making the
organization as successful as possible under their current circumstances.

It's at this point that we look at what the majority of dogfood buyers are
buying and realize that the influence of software developers is probably less
than the influence of the people buying the software (sorry for restating the
obvious there).

Anyway, the point, if I have one, is that the mass of office workers probably
does tell you something about the direction of the software world -- and in
fact, if we consider the net worth of IBM, Oracle, SAP, CSK, MSFT, Intuit,
Autdesk, etc.; we might find we are at odds about where the 'tremendous'
influence is coming from, if there is any such thing as 'tremendous' influence
at all.

~~~
Toshio
This being HN, here's the obligatory disruption remark.

> "IBM, Oracle, SAP, CSK, MSFT, Intuit, Autdesk"

Ripe for disruption.

Go, HN, go - disrupt the dinosaurs.

~~~
dagw
I'd like to add ESRI to that list if I may.

------
jewel
In 2006 I helped put in an OpenLDAP server in a medium-sized company (150
users). Once we'd gotten past the initial hump of configuring everything to
work with it, it was really nice to have single sign-on and a list of users
and permissions accessible from any computer on the network.

Since we could access the directory from perl it was easy to make a simple UI
for the support team to make changes.

Maybe I'm missing something, but I don't see Active Directory as being that
big of an advantage over OpenLDAP. If your company is small, you'll do fine
without any central directory. If it's large, the cost of implementing and
supporting OpenLDAP should be less than the cost of the CALs for Active
Directory.

~~~
ghshephard
The OP is bang on - I started work at Netscape in 1996, went over to Oblix in
1999 (A pure play LDAP management company) and then spent the next 2-3 years
in a startup (Loudcloud) in which we tried to run our entire infrastructure
off of Netscape Directory Server (Still, one of the finest engineered products
I ever worked with - only had issues when you ran out of disk space).

Eventually, after I started managing IT, with all of the Windows Systems, and
Exchange Servers, and Users - AD just _infected_ us, and it's really hard to
get out of your life. For a while, it was Blackberry Enterprise Server (BES),
but being able to control whether people can login to their
laptop/desktop/VPN/Email/etc... through AD is just so much easier when you
have a lot of windows systems. Also - Group Polices, ACLs on things like
Printers, File Systems, and other Resources - and now with Lync starting to
pop up....

If you can live without Microsoft Exchange, and you don't have a lot of
windows laptops, you can probably avoid it - but, AD really is the competitive
weapon that Microsoft continues to be able to wield to keep themselves in the
heart of a lot of IT environments.

Would love to go run an environment/company that had a pure-play LDAP server
like OpenLDAP, Netscape/Fedora/389 Directory server, or, OpenDS.

------
joenathan
In the corporate space I'd agree, but the Xbox brand isn't to be discounted.
The Halo series is a money printing machine.

"All in all, the Halo franchise has made nearly $3 billion from sales."

"Halo: Reach, Halo creator Bungie's last Halo game, made more than $200
million in sales in the US and Europe in the first 24 hours of release. This
figure eclipsed all previous 2010 US entertainment launches, including the
three-day opening weekends of Iron Man 2, Alice in Wonderland and Toy Story
3."

[http://www.eurogamer.net/articles/2012-10-31-more-
than-46-mi...](http://www.eurogamer.net/articles/2012-10-31-more-
than-46-million-halo-games-have-been-sold-worldwide)

[http://www.reuters.com/article/2012/11/12/us-microsoft-
halo-...](http://www.reuters.com/article/2012/11/12/us-microsoft-halo-
idUSBRE8AB19120121112)

~~~
kayoone
That is $3bn in revenue for the whole series. The first of 5 (?) titles has
been released 10 years ago. While this revenue for a game series is
impressive, its insignificant given MSFT makes >$70bn in revenue per year.

------
Cogito
My dayjob is as a business process consultant, specialising in the Atlassian
application stack among other things.

Almost every single hour of my time working with an enterprise customer
involves dealing with AD or related Microsoft products in some fashion.

In the enterprise, I almost always deploy to windows products, over the
preferred linux+postgres+apache stack, because the business has already
invested in resources to manage Windows Server, Microsoft SQL Server, and IIS,
in conjunction with AD. Configuration tends to be more platform agnostic, as
the applications are Java based, however the number of gotchas that seem to
crop up around the Microsoft products make it a big enough pain.

It's unfortunate that the link to AD so often blossoms out to the entire
infrastructure stack, as the products are in many ways inferior to their open
source relatives, but the momentum, support and resources are already there
and it doesn't look like changing anytime soon.

------
rizzom5000
While I've certainly seen firsthand the importance of AD in enterprise, and I
agree that it will continue to sell a lot of Server and SharePoint licenses
for MS - I think Office is probably a stronger most valuable asset for a
variety of reasons. Among them, Office actually is MSFT's most profitable
product and it actually currently doesn't face any noteworthy competition (not
that AD does, mind you).

Also, I had to check to see if 'blogosphere' was coined prior to 2001, and
found that indeed it was.

~~~
bad_user
Office has strong competition. I've seen businesses switch to LibreOffice
under the threat of BSA. And Google Apps is just awesome ... being an online
service it doesn't have all the features of Office, but it's within reach 24/7
on whatever device, wherever you are, the only requirement being an Internet
connection.

Being able to make changes to a document (collaboratively too) from an iPad or
an Android device, while commuting, is the definition of awesomeness.

~~~
rizzom5000
I like Google Apps, but at the enterprise level there hasn't been much
traction. Now MSFT has answered with SkyDrive and OfficeLive. It might be a
stretch to suggest that Google Apps isn't competition, but I don't think it
has competed very well at all to the present. Also, it doesn't look like
LibreOffice is doing much better than OpenOffice ever did. Orgs try it, but
often end up going back to Office - and every time it happens, it provides
negative feedback for other Orgs who are thinking about switching.

~~~
bad_user
So I haven't seen big Orgs switching to Libre/OpenOffice - since they have the
resources necessary for whatever licensing and because they get special deals
too and because MS Office is a lot better than Libre/OpenOffice, then they
have no real reason to switch.

However, the big problem Microsoft faces is that one reason Office is popular
is because of piracy, which is like this freakishly big elephant in the room.
I can bet that most home users that use Office do not have a license for it -
I've seen this happening with small to medium businesses too in my country at
least.

And for a small to medium business, what makes more sense? Shelling out the
cash for Office licenses or going with a completely free and legal
alternative? Considering most such businesses don't actually need Exchange
integration or other niceties that MS Office provides, the choice is pretty
obvious under the threat of being caught.

And this is the big problem for MS Office - it's an awesome software package,
but judging relatively to its upfront cost to home users or small/medium
businesses? Well, the extra value provided starts to fade in comparison to a
$0 price tag.

------
jtchang
This guy is spot on. I've done quite a bit of time in the corporate
environment running middleware systems such as LDAP and AD.

Google Apps does not have a viable solution because it is not in house. There
is no easy way to extend the schema and integrating with Google Apps is
actually quite difficult. There are tools to help you integrate from Active
Directory to Google Apps but not the other way around.

Also Active Directory is actually pretty awesome from a management standpoint.
Suppose today you wanted to have 50k linux boxes with all the same logins. You
would probably use LDAP (which is essentially AD under the hood). But how
about automatic package management per user? How do you configure that? AD has
all this built in and more.

~~~
irq
> LDAP (which is essentially AD under the hood)

This is false. LDAP itself is nothing more than a protocol (that's what the P
stands for). There are very popular implementations of this protocol (OpenLDAP
being just one) but even they are not "AD under the hood".

AD = LDAP + Kerberos + Microsoft proprietary extensions

So if anything, under the hood of AD you will find LDAP, but not the other way
around.

~~~
jtchang
I had that reversed. AD is at its base LDAP.

------
medell
I worked for a company with 25,000 office employees worldwide and can say that
they won't be leaving Microsoft anytime soon for this reason.

They were using IE6 all the way up until 2010, finishing the deploy of IE8 two
years after it was released. :/

------
freehunter
So, what I'm taking from this is that the author feels Microsoft should pull
an IBM and basically completely withdraw from the consumer market. While it's
true that Microsoft's best domain is in the enterprise market, I have to
imagine there's more to it than them "wasting money" on IE, Bing, etc. AD is
great, but even in the server space Microsoft has a lot more to offer than
just one product.

I like the author's main point and I agree with it without hesitation, but I
can't support the supporting arguments. Especially considering Microsoft is
still a _huge_ success in the desktop market (a market that isn't quite as
dead as some seem to call it).

------
lukeh
This is probably only of historical interest but: in 2001 I started building a
Linux-based Active Directory replacement, XAD. I first demonstrated it in 2003
and I think we shipped around 2005. The underlying technology was OpenLDAP and
Heimdal, but obviously with a lot of homegrown code (many RPCs, support for
multimaster replication, etc).

XAD was sold to Novell in 2007 and was rebranded Domain Services for Windows.
I haven't really followed its progress since; of course, Samba4 is also now an
effective Active Directory replacement.

------
cargo8
Great call out on a reasonable strategy for Microsoft to remain successful,
albeit less relevant in the consumer market. (There is another comment
alluding to taking the route of IBM, cementing their place in enterprise but
sacrificing the consumer market a bit). AD is definitely a great asset that is
probably not thought of as much as it should be given its usage, as you point
out.

I would say, though, that claiming that IE and Bing advertising is "wasted" is
pretty bold. Sure, OSD hasn't started turning a profit yet, but there is
something to be said about Bing having ~30% market share and the fact that if
Bing did not exist, Google would almost certainly have a complete monopoly on
search today. The data generated from Bing and the Bing ecosystem is
incredibly valuable, but Bing Ads have yet to unlock the full revenue
potential unfortunately. Consider, though, that Google and Microsoft are the
only two companies that have the unbelievably valuable asset that is an index
of the entire (within reason) web.

~~~
hmexx
Yeah. People seem to forget that MS has a larger share of the search market
than Apple does of the PC market. And search has given the market leader
(Google) a 200bn+ market cap!

So not exactly throwing money down the drain.

~~~
netcan
The difference is that on PCs, Apple takes a far higher profit margin than
other manufacturers.

On Search, Bing has a lower profit margin than Google.

Apple's model is good for making money as a smaller player. Bing's is not.

------
josteink
Not really a well written piece. In fact, it's pretty poorly written.

But yes, AD is king in most enterprises. Definitely one of Microsoft's most
important assets.

And that can be said with way less text. Like I just did.

------
joss82
Please someone create a cool, cheaper alternative to AD that runs on Linux and
does not suck!

Insert below mandatory answer about how great existing open-source solutions
are.

~~~
Toshio
I happen to know of two CIOs of very large enterprises who went with LDAP
instead of AD with a very clearly stated goal of not being locked into a
single vendor.

So it's happening, even if it's just a trickle at the moment.

~~~
joss82
But to me, comparing LDAP to AD is like comparing an engine to a car, isn't
it?

LDAP is a protocol, it is not a standalone service. Don't you also need a
client-side authentication mechanism and server-side sharing system that is
seemlessly compatible with LDAP?

------
troymc
Corporate directories aren't something I'm familiar with, so forgive me if
this question seems naive:

Does Google Apps for Business (i.e.
<http://www.google.com/enterprise/apps/business/> ) have a viable solution for
the corporate directory, or do they just expect you to use a third-party
solution like Microsoft Active Directory?

------
lucian1900
> I could care less

I _couldn't_ care less

~~~
jpswade
Yup, my pet hate too.

------
sjtrny
I stopped reading at "I could care less".

~~~
hapuka
Yes, me too. This is so irritating. The proper usage surely must be "I
couldn't care less."

"I could care less." - There is room for you to care less than you care now.
This phrase is meaningless as a way to describe how much you care about
something.

~~~
pfortuny
Well, as a matter of fact, I would understand 'I could care less' when someone
has been taken with something too much and realizes it. Obviously, it seems
the OP's meaning was not this...

Yes, its irritating, like not using the apostrophe correctly :-)

------
skrebbel
At the risk of intentionally misunderstanding the OP's definition of the word
'asset', aren't their developers supposed to be their most valuable asset? I'm
not saying they are, just that if they aren't (anymore), I'd worry about that
instead.

------
est
It's now on an interesting fork right now. ActiveDirectly is possible via DCOM
and MMCs, but Microsoft is thinking of replacing it with .NET Remoting and Web
based UIs.

------
pixie_
I'm not familiar with big orgs. What does active directory facilitate mostly?
Like seeing a list of other computers in the company and accessing their
drives?

~~~
jiggy2011
In abstract, centralise everything. You have a "Domain Controller" which is
basically a server which everything authenticates against.

Settings from domain controllers (privileges etc) are propagated over the
network to other servers (Email,File servers etc).

So when you authenticate against a DC (by logging into your workstation etc)
you get a token back which can be sent to other hosts on the network who then
understand what to grant access to based on that token.

This makes it easier for a large org with an international presence to allow
say marketing teams in the London and New York offices to have access to the
same files etc and be able to use each others workstations interchangeably
whilst all being managed by the IT team in Mumbai.

This means that if you stick to mainly MS products you get the advantage of
knowing that everything will integrate into AD so you spend less time
handrolling shared authentication etc.

~~~
Spearchucker
Nitpick - AD supports a centralised topology, but is more effective when
decentralised. You can deploy as many domain controllers as you like, you can
separate global catalogues entirely, and deploy multiples of those, and you
can even separate domains within forests, and then create cross-domain trusts.
If you want to create cross-forest trusts you can do that using Active
Directory Federation Services (ADFS).

ADFS is hugely under-rated, and is arguably the most capable identity
federation software out there because it's the only implementation I know of
that does both passive- (browser-based), and active federation, which allows
you to authenticate against AD from your JSON service.

That story gets even better with U-Prove
([http://www.microsoft.com/mscorp/twc/endtoendtrust/vision/upr...](http://www.microsoft.com/mscorp/twc/endtoendtrust/vision/uprove.aspx)).

------
stuaxo
Stopped reading when I read 'could care less'...

------
sjtrny
I stopped at "I could care less".

~~~
hapuka
I couldn't care less about the use of the phrase "I could care less".

------
meshko
Very true.

