Comment by dabockster
8 years ago
And Active Directory. I mean, I haven't found another platform yet that allows a sysadmin to control 10,000+ computers at the OS level simultaneously via one checkbox.
Clear area for disruption here. But it's IT stuff, so no one wants to touch it because it's not a cool selfie app.
Novell's directory made Windows domains look like a toy. But Microsoft abused their monopoly status, and pushed Novell out of the space. I still miss it.
And then they made AD, and extended the LDAP spec so that 3rd-party clients had a hard time working with it. But I digress.
Microsoft continues to exist because they can setup a system -- for many millions of dollars -- that allow a Fortune 500 to lock down PC's to the point of, say, not allowing users to change the desktop background. And CIO's nod their heads, stroke their chins, and say, "Yes, we need this. Our data is INFINITELY valuable. The files we create in the course of manufacturing something that can easily be bought, disassembled, measured, and knocked off in China, needs AS MUCH PROTECTION AS I CAN POSSIBLY SPEND MONEY ON. Oh, and 'SOX'! Feel free to make the users' workflow as miserable as possible."
In my opinion, this is why Windows Phone didn't make it. Microsoft's continuing vision is in letting someone ELSE control your computing devices. A phone is too personal for that.
Azure has provided enough of this IT-end-user-abuse-control such that big companies are following right into their cloud product. For this, all I can do is tip my hat to Nadella. Well played, sir. Well played.
Sysadmins aren't big fans of disruption either. You could build the greatest active-directory replacement in the world and no IT department would touch it with a ten foot pole because it isn't what they're used to.
> Sysadmins aren't big fans of disruption either. You could build the greatest active-directory replacement in the world and no IT department would touch it with a ten foot pole because it isn't what they're used to.
It's all fun and games untill 2000 users cannot log into their machines because your new shiny active directory replacement didn't work.
Right. Automation means you can break things faster than ever. When you're asking someone who's already busy to rip out the guts and start over, and, if you're lucky, it will successfully do exactly what the old thing did... what's the incentive? So often in the ops/admin world changes can only make things worse and make your life miserable. And if your team doesn't have the bandwidth to deal with those 2000 users one-by-one.... good luck!
It would have to prove itself in smaller shops first. If you're running a multi-thousand-user shop, you'd be insane to be a first-adopter for something as critical as "can my employees even start working each day?". It's not a matter of "what they're used to", it's a matter of risk management. And with things this big, it's not IT's call to make, it's a business decision; it needs to come from the top, because the penalties of failure go well outside the IT department.
I built one over ten years ago, and it's true, it's a difficult area to disrupt for these reasons.
I wonder if that is what RH is gunning for by backing the likes of systemd and polkit.
Especially as they get more and more attention from the military-industrial complex.
polkit is so obviously a system intended to replace Group Policy. But people have been doing this for decades and still not achieved widespread switchover from AD. You still have to piece it together yourself.
MS has a bunch of patents related to active directory. Nobody wants to risk touching that.