Do you think Microsoft .NET is just for developers? If you do, Microsoft's recent decision to drop ".NET" from the Windows Server name probably just confirmed your belief. But Microsoft designed many aspects of the .NET Framework to make life better for IT administrators.

Browser-based applications let administrators roll out applications without touching the client PCs. For example, a Microsoft developer can make a significant change in the browser-based Hotmail application and more than 100 million users will get the latest version of the application without making any changes to their PCs. That scenario works for administrators.

For developers, however, the design trade-offs between a highly interactive desktop application and a pure browser-based application are numerous. In particular, when using browser-based applications, end users complain about a huge loss of productivity when the perceived response time is slow or the software isn't designed for rapid data input or doesn't support a drag-and-drop UI.

The .NET Framework seeks to provide the best of both worlds—interactive desktop applications and browser-based applications—by letting developers combine an interactive smart client with a "no-touch" deployment model. Microsoft defines a smart client as one that leverages local processing power, consumes XML Web services, and supports online and offline scenarios. Several features make no-touch deployment achievable. For example, the .NET Framework eliminates DLL Hell because .NET component versioning is embedded in the components themselves. With this approach, multiple versions of the same assemblies can coexist on the same computer without conflict. To install an application on a computer, you simply copy the application directory to the appropriate location on the target machine's local disk, and it's ready to go. To uninstall an application, you simply delete the application directory.

The no-touch deployment process essentially mirrors the browser-based application deployment approach. The first time an application references a particular assembly, the application framework downloads the assembly from a Web server to the local directory on the client computer. The next time the application references the assembly, the loader checks the Web server to determine whether a new version is available. If not, the application is loaded from the local disk; otherwise, a new version is downloaded from the Web server. You can put a new version of an application in production while users are still using the old version, thereby achieving 100 percent perceived uptime. With this no-touch approach, applications are automatically updated and the network isn't flooded with redundant downloads.

To make this no-touch model work, you must install on the client side the .NET Framework, which includes the Common Language Runtime (CLR) and contains the software necessary for clients to run smart-client .NET applications. For information about downloading the .NET Framework, go to http://msdn.microsoft.com/netframework.

What About Security?
The .NET Framework offers a unique approach to security. By default, Web-based scripts run in a "sandbox," which means that they can't access system resources. With non-.NET Framework applications, programmers have devised various workarounds for applications. For example, a programmer can create a Win32 application to access any resources. And programmers write ActiveX controls that enable pure browser-based applications to access system resources. However, the .NET Framework provides an assembly cache download folder that contains security settings that an IT administrator defines. Systems administrators can use the .NET Framework Configuration Tool or a scriptable command-line tool to modify any of the .NET security settings. This approach lets administrators limit access to code depending on characteristics such as a digital signature or author identity. For example, you could deny access to the computer's registry or file system according to one set of criteria and allow more access according to a different set of criteria. These access levels are granular and override permissions that the application developer might have set inside the code. Bottom line: Smart-client applications give you more control over security than traditional browser-based applications, but learning to configure them is tricky.

The .NET Framework also affects network security. In a Distributed COM (DCOM) environment, you need to open ports in your firewall to allow executable code to pass from a remote application server to the local network. In contrast, .NET applications, facilitated by XML and Simple Object Access Protocol (SOAP), pass through the firewall as standard HTTP packets through port 80, which is typically open on a firewall. Over time, firewalls will provide a Quality of Service (QOS) level to .NET applications that will let you give performance preferences to SOAP packets over other network traffic. Therefore, you can improve users' perceived application response time.

Another advantage of a smart-client application over a browser-based application is the ability to work offline. If a connection is lost, the user can continue to work because the application runs locally. After the connection is reestablished, the application can function as usual. This functionality requires some work on the part of the application developer who, for example, might need to check for a lost connection and, if it is found, would need to store data changes in a local cache and then synchronize changes to the live database after a connection is restored. But the .NET Framework makes offline work possible.

Developers can also build applications on the .NET Compact Framework, which lets them develop smart-client applications on Windows-powered devices such as Pocket PCs. The idea behind the .NET Compact Framework is to have a set of code on a Web server that any .NET-enabled device can run.

Credit Suisse First Boston (CSFB) uses the .NET Framework to create a no-touch deployment of their desktop applications. CSFB has more than 17,000 desktops worldwide, so CSFB administrators believe they'll save significant costs and manpower by deploying smart-client applications. The company's internal initiative is called Zero Impact Application Deployment (ZIAD). "Enabled by .NET, ZIAD gives us the best of both worlds—the richness and power of Windows-based applications along with the agility and cost benefits of Web-based solution," says Andrew K. Smith, CSFB's vice president of Securities IT.

Check out the .NET Framework to see what's in it for administrators. You might discover that .NET applications will save you administration time and money.