I’ve been a programmer, consultant, administrator and contractor. During all those years since 1996 I keep hearing the same old tune from people … "Microsoft software isn’t stable, it isn’t scalable and it isn’t secure". Hmmm. Lets have a look at that.
It Isn’t Stable
I ran a network with 160 odd Windows 2003 and a handful of Windows 2000 servers. We had around 12 Solaris machines which ran our front office and our back office application. The critical applications that were on those UNIX platforms were far from stable. In fact, they were clustered and the clustering was not only a huge cost but failed to work correctly. We also ran Lotus Notes, usually the latest builds. We had a cracking Lotus Notes team led by one of the best Lotus freaks in Ireland. We saw many funnies there despite that team’s efforts. On the MS side? Was it perfect? Nope. But we were stable. Services did not go down during the day. We were able to stick to prevously agreed maintenance windows.
It Isn’t Secure
Here’s the one that makes me really laugh out loud. I’ve asked people why they use ISA Server as a proxy but instead of using this economic product (around €1,000 and no CAL’s required) as their firewall, they cough up countless amounts of money for something like Checkpoint whose licensing makes Dick Turpin look like a saint. The usual line is "I won’t use a Microsoft Firewall because it isn’t secure". I usually respond with "What attack on ISA made you feel that way?". There is never a response. Since ISA 2000, you can count the number of security patches for the ISA family with fewer digits than are on your hands. Can you truly say the same for Cisco or Checkpoint? Plus, ISA is managable and understands your user accounts. It can be made fault tolerant and is cost effective. Not only does it do the usual port blocking , etc, but it understands the applications passing though it and can actually intercept malformed packets that are an attack on your network.
Then we get to patching. Penguin lovers can be quiet here. When is the last time you saw a fully patched Linux or UNIX network? How did they deploy the patches? Microsoft has a responsive solution for getting patches out to the public and they have provided 3 mechanisms (Windows Update in each machine WSUS and SMS) for deploying updates. With these tools, your Microsoft network can be secured within a 24 hours with minimal business impact or manual effort.
It Isn’t Scalable
Maybe this one was true in the past. SQL 2000 (certainly 2005), Exchange 2003 and Window 2003 easily took care of all scalability problems. When Microsoft ran Exchange 2003, they had 3 or 4 clusters for the 55,000 users across the globe in 3 sites. Each cluster was made up of 6 HP DL380’s, 4 being active, 1 for recoveries and one as a failover node. That’s 6 * 4 = 24 servers for 55,000 users with room for failover for probably one of the busiest email networks in the world. That’s impressive if you ask me.
OK … It’s Too Expensive
We all hear headlines about how organisations allegedly dump MS to go with the Penguin way of life. The Munich government made headlines back in 2003 with their decision to snub Steve Balmer. He warned them that he was giving them a great price for their needs and that their Linux solution would end up costing more. They had the whole arrogance thing going on and didn’t listen. A year later we heard that their Linux project licensing was costing around 30% than what MS had quoted them for licensing. That worked out well. I guess they never considered user familiarity, training, managability, deployment, product integration, etc.
As an example, here’s a a case study where the London Stock Exchange adopted Microsoft technology. You’re not going to find many more sites where cost, scalability, scurity and stability are going to be more important.