One Year Later, Sun-Microsoft Alliance Starting to Bear Fruit

by Alex Woodie

While it took longer than expected for the ice to melt between Microsoft and Sun Microsystems, the strategic partnership joining the one-time bitter enemies is now moving forward, and the companies even had something to show for it at a news conference last week: new single sign-on (SSO) technology that will eliminate the need for separate passwords to access Windows and Solaris systems. At the same time, the companies haven't totally given up on competing with each other.

Microsoft and Sun shocked the computing world last April when they agreed to stop suing each other and entered into a 10-year agreement to work together (see "Sun Settles Microsoft Lawsuits, Inks Collaboration Agreement"). The two companies, which will do almost anything to protect their respective .NET and J2EE middleware stacks, found working together on a technical level was harder than they expected.

Never one for understatement, Steve Ballmer, Microsoft's chief executive officer, likened the new partnership to the historical fall of communism in Eastern Europe in 1989. "It's a little bit like when the Berlin Wall came down, there wasn't a lot of sort of natural contact between folks from the East and folks from the West," Ballmer said. "We probably spent three months, six months, where engineers on both sides were literally getting to know each other and learning to speak common language."

Once their respective developers and customers figured out that Sun and Microsoft weren't planning to merge Windows and Solaris, and instead were going to deliver an assortment of "filters and connectors and interoperability and commonality in new areas," it became easier, said Scott McNealy, Sun's chief executive officer. "The last thing Microsoft is going to do is start over with a new kernel and the last thing we're going to do is start over with a new kernel, and that is the boundary," he said.

The companies polled 10 of their mutual, enterprise-sized customers, and came away with a list of about 20 items they are grappling with. Near the top of the list was identity management and reducing the number of passwords that users have to remember to access disparate systems and applications.

"Clearly the whole single sign-on, directory and access manager, identity management, interoperability architecture was key," McNealy said. Other top items of concern are Sarbanes-Oxley compliance, reducing complexity, security, thin client access, certifying storage environments, and service oriented architectures (SOAs).

Microsoft and Sun decided to tackle the identity management area first. This has been one of the most troublesome areas, with Microsoft customers relying on Active Directory, and Sun customers relying on Sun software, including the Java Identity Management Suite. As a result, customers need to remember different sets of user IDs and passwords to access applications. Of course, people inevitably forget their passwords, and this leads to calls to the help desk and password resets, which can range upwards of $50 to $150 per reset, according to Microsoft.

Last Friday, on the same day Sun and Microsoft held their joint press conference, the two companies announced new technology that will enable their respective directory products to communicate identity information and thereby eliminate the requirement that users must sign-on to Sun and Windows systems separately. This capability is called "cross-domain Web single sign-on," and it will be available, in part, as a result of two draft specifications, the Web Single Sign-On Metadata Exchange (Web SSO MEX) Protocol and the Web Single Sign-On Interoperability Profile (Web SSO Interop Profile), that Sun and Microsoft published last week.

While the draft specifications are in the public realm, Sun and Microsoft have not yet submitted them to a standards body ("The nice thing about standards bodies is you've got a lot of choice," McNealy quipped). Microsoft's Active Directory product will gain the cross-domain Web SSO capability in the fourth quarter of this year "through the use of security tokens such as XAML [transaction authority markup language] assertions, and support for the Web services architecture," said Don Schmitt, a Microsoft employee who hosted a demo on SSO during the press conferences last week. Sun already offers SSO in its Java System Access Manager through supports for XAML assertions and the Liberty Alliance Federation specification, said Pat Patterson, the Sun employee on the demo.

In addition to identity management, Sun and Microsoft are collaborating on systems management. The two companies will deliver the capability to manage Sun and Windows servers from a common console, and will also enable customers to access Windows applications through Sun Ray thin clients (a capability that will be bolstered by Sun's recent acquisition of terminal emulation provider Tarantella (see "Sun Buys All of Tarantella, Procom's NAS").

McNealy and Ballmer hammered home the point that they consider Windows and Solaris to be the two strongest platforms in the market, and that bringing them closer together benefits the companies and its customers.

"I've been saying for quite a while now that there are two clear survivors in the U.S. marketplace, and they both run on the X86, X64 market, they're volume players, they're supported by very large R&D budgets, they have huge install bases, and that's Solaris and Windows," McNealy said. "What you're seeing is Solaris and Windows very tightly bringing their whole ecosystems together in a nice and interoperable way, while we can still compete and give the customer choice."

Ballmer reiterated the state of "co-opetition" that exists in the Sun-Microsoft, Solaris-Windows bond. "We're going to continue to compete and offer great new innovations to the marketplace, but at least the people who own the two leading platforms in the enterprise are cooperating in exactly the way I think our customers want us to."