Windows Vista: features and system architecture

Windows Vista

Overview of the Microsoft Windows Vista Operating System

As security has become a strategic priority for Microsoft leading to the development of their Trusted Computing initiative, the primary design goal of the Microsoft Windows Vista operating system is to increase the level of security inherent in system design. Microsoft's approach to accomplishing this design objective was to concentrate on creating a series of security integration technologies at the operating system kernel level. In addition, Vista includes User Account Control levels and BitLocker Drive Encryption that encrypts the contents of an entire hard disk and the operating system (Bradbury, et.al). The Microsoft firewall has also been significantly improved, allowing for bidirectional secured traffic in and out of the firewall. The reliance on the hybrid kernel architecture within Windows Vista was specifically included to provide increases in performance given the increased security features in this latest operating system from Microsoft (Breen, 49). Security underscores the main aspects of this operating system, the subject of which are discussed in this paper. Device, file, memory, network, security, processor, and process management features are discussed in this paper and related back to the primary design objective of the operating system. Each of these systems is tightly integrated to each other to ensure Windows Vista delivers consistently reliable and predictable performance. The progression of the Windows operating system product family, from Windows NT through Windows XP to Windows Vista is discussed in each of these seven subsystem areas.

Device Management

Microsoft initially launched the Microsoft Management Console (MMC) in the Windows 2000 operating system as a mechanism for managing device drivers utilities delivered with the operating system. MMC is invoked by typing it on the Command Line accessible from the Start menu. Since its launch with Windows 2000, MMC has progressively gained more functionality, including device management and maintenance applications. The MMC in all five versions of the Vista operating system is backward compatible to the MMC 2.0 version in Microsoft Windows XP and Windows Server 2003.

Microsoft's approach to device management using the MMC architecture is to create an Application Programmer Interface (API) that allows for specific Device Monitor plug-ins to be installed and used within the MMC interface. Microsoft made the decision to base their device management architecture on APIs that have since become the foundation of the Vista operating system. There are APIs specifically for managing networking, video interfaces, networking and enhanced audio. API support also is reflected in the enhanced security infrastructure and better management of dedicated memory locations synchronized to processor threads from Win16- and Win32-based applications.

The progression of the MMC interface from its initial release to today in Vista is markedly different, taking on an increasingly browser-like approach to navigation and appearance. Microsoft's increasing reliance on the MMC architecture is also evident in how device management's features and functionality have been increased in scope with Vista. Device Monitor snap-ins are typically created using the Microsoft Component Object Model (COM) and now include the ability to monitor the status of each device by the type of connection present. In 2007 for example Microsoft fine-tuned the MMC plug-ion for managing all plug-and-play devices within Windows XP. Thankfully the development teams who created this MMC did so using a common baseline of APIs ensuring its use in subsequent MMC versions including 3.90 which is shipping with Vista as of this writing.

In addition to the Device Monitor snap-ins, Microsoft has steadily increased the functionality of MMC to include in Vista support for an Event Management snap-in that provides event logs specifically for tracking events as defined within the configuration of this specific snap-in module. From the first edition of the MMC in Windows 2000 there has been support for group policy management, yet in the current iteration in Windows Vista there is support specifically for multiple policy settings within any given login. MMC Version 3.0 also supports Performance Diagnostics, which has continually added functionality since its release with Windows 2000. This is the most critical aspects of the device management approach Microsoft is using the MMC architecture for, as it supports a real-time view of system resources including CPU usage, memory, disk and network usage. The MMC snap-ins for this area is often augmented by specific hardware and software providers' individualized performance monitoring applications as well. Carried forward to Windows Vista is Performance Monitor snap-ins in addition to Performance Monitor in the System Management Group, and Print Manager, which has continually been improved to support greater levels of printing metafile support. Reliability Monitor is a Microsoft offered snap-in that provides for traceability of software and hardware events, including installation and tracking both successful and unsuccessful system updates.

Resource Management, Service Management, Software Installation, Storage Management and Task Scheduler all have their basis in previous generations of the MMC architecture. Their individual functions have become more attuned to the specific requirements of the Vista operating system including greater support for logging and traceability of key events. The Microsoft development team also included enhanced support for the User Management snap-in, a carry-over from the Microsoft Server 2000, Server 2003 and Windows XP Server platforms. It is interesting to note that Microsoft chose to increase the level of user management functionality at the client level in the Vista operating system release. The progression of Vista's features to support greater collaboration in work groups is one of the catalysts that led to the inclusion of greater levels of user management. The bottom line is that the MMC is the central reference point within the Vista operating system used for device management and will continue to fulfill this role through the use of plug-ins created using Microsoft's COM-based development environment.

File Management

The legacy of the Windows operating systems have begun with File Allocation Table (FAT16) file systems, progressing through FAT32 (a version of the File Allocation Table file management approach optimized for 32-bit multi-threaded operation in Windows NT) to NTFS (Windows NT File System). Microsoft's design objective in the area of file management with Windows Vista was to create an agile enough technical architecture that could in effect create customized taxonomies that matched how users interacted with and organized information. This is the most critical area of the Vista operating system design that needed to focus on backward compatibility, as the majority of developers who have produced software for Microsoft have written to APIs specifically aimed at the FAT16 file system. it's the one that was delivered as the default file system in Windows 2000, Windows NT and Windows XP Professional and Windows XP Home. Support for FAT32 was driven by scientific and technical users requiring a higher level of multi-threaded performance for their applications. During the early 2000-2001 timeframe additional applications that were resource-intensive including Microsoft Outlook began being delivered in default configurations supporting the FAT32 file system in conjunction with being written to Win32 APIs, two factors that increased the performance of these applications to 60 or more according to Microsoft (Bradbury, et.al.). NTFS was designed in response to higher security levels in enterprise installations, and the original intent of the WInFS (Future Storage) originally announced to be shipping with Vistas and since pulled out the first gold masters sent to production in early 2008 is also designed specifically to meet this requirement. As a result, NTFS is heavily relied on within enterprise installations of Vista for its recoverability as it is an operating system that creates journaling points of reference during its use. NTFS also has since Windows 2000 supported the Encrypting File System (EFS), a key feature of the NTFS file system over the FAT16 file system, as the latter has no consistent approach to defining security to the file level. NTFS also supports re-parsing and has a 64-bit version that is used in government installations of the Windows 2000, Windows 2003 Server, Windows XP, and Windows Vista operating systems. Microsoft chose to augment the NTFS file system in Windows Vista by launching for the first time their Transactional NTFS operating system that relied on a kernel component that specifically manages journaling of low-level operations including block data management.

Memory Management

Windows Vista's approach to memory management is a significant departure from the approaches Microsoft has used in the past with Microsoft Windows NT vs. Windows XP. The approach Microsoft is taking with Vista is based on the use of a Memory Manager that synchronizes the needs of applications for memory with the available physical and virtual memory on any given system. The Memory Manager in Vista supports a system virtual address (VA) space approach where both physical and virtual memory are allocated on-demand vs. being pre-emptively allocated as was the case in the Windows NT memory architecture, or shared in first-generation Windows operating systems. The VA memory address space is used instead of a registry-based and configuration-driven boot-time sequence which is used in the Windows 2003 Server and Windows XP operating systems architectures. Instead of memory being defined through pre-emptive multitasking memory algorithms, Vista defines the VA memory space through a dynamic allocation of resources. This translates into the use of system cache as part of the memory allocation algorithms inherent in the VA memory space approach to managing memory in Vista. In addition, memory manager now relies on kernel page tables that are loaded at system initiation and allocated on demand. This saves a significant amount of system resources including a minimum of 1.5MB on Intel x86-based systems and up to 3MB on PAE-based systems. The resource savings are exponential when applied to 64-bit systems, where up to 2.5GB of memory can be saved through this approach to memory management. Microsoft also continued this approach to the definition of the boot sequence on systems with large registries, predominantly found on 32-bit based Intel systems. The options on this specific Memory Managers include turning on or off the option of using a 3GB switch, which is essential for larger systems used for multipath network configurations.

Memory Manager's primary design goal was to map VA memory space to physical memory, regardless of location or relative access characteristics. This necessitates in many larger Vista configurations reliance on the MMC to coordinate I/O process routines.

Network Management

TCP/IP has been the foundation of networking within all Windows operating systems since their inception of Windows NT, and with each release Microsoft continually refines and augments their interpretation of this standard. Windows Vista is a major refresh of the TCP/IP protocol stack with support added for a dual Internet Protocol (IP) layer architecture. Much has been written about this dual IP approach to the TCP/IP layer architecture as it supports both IPv4 and IPv6 standards at two levels of the TCP/IP stack including the Transport and Framing Layers. Both IPv4 and IPv6 are supported in the default configuration of the Vista operating system. Microsoft also chose to include modifications to the TCP/IP command interpretation for improvement to secured HTTP connections with the HTTP.SYS enhancements, support for Internet Protocol security (IPsec) and several enhancements to the Windows firewall. As here had been security breaches in the past relative to Windows Sockets, Microsoft chose Vista as the Windows version to make these modifications as well. Quality of Service (QoS), a major concern for many companies given the use of server and site loading by hackers to shut down sites, is also now implemented in Vista. Enhancements to Server Message Block 2.0 (SMB), WinINet, Network Device Interface Specification (NDIS) 6.0 and 6.1 support, and enhancements to peer-to-peer networking all have been integrated into the network management functions of Vista.

Security Management

As Microsoft defined security as the primary design objective of Vista, this area has received the most attention from a development and continual testing and validation standpoint internally before Vista was launched. Previous operating systems including Windows 2000 and Windows XP had been susceptible to malware attacks; therefore Microsoft concentrated on developing entirely new approaches to countering these threats to Vista. The integrated web browser, Internet Explorer is designed to sense and block malware before it's loaded onto a systems, which is a major improvement over the previous operating systems' nonintegrated approach to security on this specific threat.

Additional security features include User Account Control, a much-needed change to user authentication and security logic which gives users the flexibility of changing their own settings to the point of not comprising security of their systems. This was designed specifically to address the needs of system administrators and it departments, who would find users would change settings on their systems to allow an application to run, yet would significantly increase the risks of it also becoming infected with a virus. Second, Microsoft has also created an architectural layer in their operating system which is given the name Windows Defender (Melber, 47). The purpose of the Defender layer of Vista is to evaluate and classify software as it is being installed to see if it is also trying to modify or destroy other applications at the same time. Defender acts as a security auditor, watching the specific installation of applications to ensure all other aspects of the operating system are safe (Melber, 46). The most discussed new series of features involve modifications to the firewall, specifically the support for bidirectional traffic and support for outbound filtering in peer-to-peer networking environments. The catalysts for these additions to the firewall have been driven by the rise in social networking traffic companies are experiencing and the resulting peer-to-peer development requirements. Microsoft has taken features from its NTFS file system and created the Windows Service Hardening, which blocks the extent of changes that any given malware or security threat can make to any part of the operating system or its applications. Network Access Protection is an extension of the Windows Service Hardening (Melber, 47), with the intent being the prevention of internal network attacks by systems that do not meet the specific security parameters necessary to gain access. Microsoft coordinated with hardware and disk drive manufacturers and created an encryption approach that relies on firmware or electronics on system motherboards and on disk drives to provide encryption of entire disk volumes. Called BitLocker encryption (Lamb, 3), this approach encrypts the contents of an entire disk drive and protects it from being hacked into by anyone without 128-bit or higher encryption.