Too Many Cooks for SMS?

eLABorations: At the Microsoft Management Summit in Las Vegas, Cameron Sturdevant wonders how many programmers it takes to upgrade SMS?

LAS VEGAS, NEV - Despite the mention of Unix and Linux here and there, the first Microsoft Management Summit, which I attended earlier this week in Las Vegas, was entirely about Microsoft, with NetIQ and Altiris, the summits organizers of the previous four years, shoe-horned in. And this show was almost entirely about SMS (Systems Management Server) 2003, the newly renamed next release of SMS 2.0.

You can imagine (and perhaps even share) my astonishment when I was told that Microsofts new focus on building secure products--even at the expense of adding new features--would not delay the ship date of SMS 2003. David Hamilton, director of product management for SMS (and the first keynote speaker at the summit); and Bill Anderson, lead product manager for the Management Business Group, both looked positively surprised that I even asked the question.

Perhaps they were right to raise their eyebrows. SMS 2003 wont even go into beta until summer and has nothing even resembling a promised ship date, except that it will be on or before July 2003.

At the Microsoft Management Summit, much like every other vendor show Ive been to this year, officials saluted you, the customer, as the reason for the slow development cycle. You demand quality features (which were scarce in SMS 2.0, according to the sales pitch I heard), including mobile client support. So there is plenty of time to scrub the code for potential buffering problems and other nasty security leaks.

As much as Im in favor of careful product reviews and the inclusion of critical features such as mobile client support, I have to wonder that it has been three years since the last release of the product, and will likely be almost another before SMS 2003 gets out the door. So I asked how many developers are assigned to coding the product.

As it turns out, thats like asking a Las Vegas casino about the armored car cash pickup schedule.

After much harrumphing and divvying up ("there is a whole group that just works on install that is shared between many different products"), Hamilton and Anderson, who presented the initial technical drill-down session on SMS 2003, admitted that the number of engineers directly working on the product was in the low hundreds.

Now, thats either too many or too few to develop a product that is designed to manage only Windows desktop systems. Its great that the company is adding support for laptops, which compose a large and rapidly growing percentage of the machines that IT managers have been trying to manage for several years. But if theyve been working for three years and have only the plans I saw for SMS 2003 to show for their efforts, thats too many engineers.

On the other hand, its too few if a lack of people power was the only reason for the development lag.

I suspect that the real reason for the glacial rate of SMS development is that other products do its job better (including wares from Altiris, Lanovation, Mobile Automation and Tally Systems), and Microsoft has had little incentive to help corporate IT manage costs.

Until now, that is. One of the big improvements touted for SMS 2003 is software metering that is scalable, said Anderson. Although he never mentioned Microsofts crusade to crack down on so-called software piracy (I wonder how many unused copies of Microsoft Access are out there?) it was clear to me that the new metering and usage reports being added to the product would do just the trick to show IT managers where they need to spend more money on software licensing.

But product security is the area that Microsoft really needs to think about. Virus attacks on Microsoft Outlook cost millions of dollars in lost productivity, but an attack launched through SMS could be truly devastating. This is because the whole premise of the product is to install new software. Imagine an attack that installs a "new" virus signature file that makes every desktop system a launch point for a Denial of Service attack.

Its this kind of "ease of use" that I hope the chiefs at Microsoft are making sure isnt baked into the next version of SMS, whatever year it ships.

Senior Analyst Cameron Sturdevant can be contacted at