Microsoft Technology Summit, March 15th – March 18th 2005, Redmond WA

See also the slides and online blogcast about this event provided by Rick Ross of Java Lobby: http://www.javalobby.org/eps/summit/

Day 1:

Keynote

Martin Tayler (martina@microsoft.com) is the General Manager of Platform Strategy at Microsoft. He runs the Linux open source R&D team. His role is to provide Microsoft with a better understanding of the open source world, how Linux is developed and operates and the dynamics of open source itself. This is necessary, he says, because many at Microsoft, having worked most of their carriers there, are not well informed about open source and Linux. He is in charge of a marketing group, "so that customers can make decisions on other dimensions - getting away from the either / or decisions about open source."

Microsoft used to cooperate with other vendors but starting about 12 years ago, technical decisions started to become an either/or decision; either it's Microsoft or it's not. But this was never the case for the customers who have always operated in a heterogynous environment. As a result of Microsoft either/or mentality a stigma developed about Microsoft.

One of the reasons they called this summit was to get people-to-people communication, because it promotes healthier relationships. This plays into the theme of the entire summit, which was characterized by several Microsoft folks over the course of the week as a "conversation". We are engaged in a "conversation" about Microsoft, its technologies, and areas where Microsoft needs to improve. Martin set the tone when he said, "This is not a conversion meeting, it’s a conversation meeting." In other words, the goals not to convert the attendees to the Microsoft way of thinking, it was to engage the attendees in a conversation about Microsoft's technologies and business practices. The primary objective of this continuing dialog, of which this summit was just a beginning, was to make Microsoft more open to collaboration with the rest of the world.

Martin also talked about Microsoft's reaction to open source as having taken place in three phases. First, Microsoft dismissed open source as unimportant and non-consequential to their business. When open source grew in popularity and its impact was more obvious, Microsoft entered its second phase which was combative. Open source was the enemy. When this approach didn't work, they switched to the third phase of their relationship to open source. Which was, as far as I can determine, one of cooperation or at least coopitition. Open source is here to stay, it’s a reality of business, and Microsoft needs to accept the open source community and learn to work with it.

Having said all that, however, Martin (as well as every other MS representative) insisted that Microsoft would never open source its operating system, Windows. That will never happen. For some of the attendees this was an issue. Some want Microsoft to open source their technology and make it available on other platforms like Linux, or at least the .NET portion of the platform. For others, like myself, this was at best naive and at worst plain stupid.

Attendee Introductions

Mostly Java wonks.

Improving Security at Microsoft by changing the process

Michael Howard, Security Program Manager of SWI (mikehow@microsoft.com). Author of Writing Secure Code, 2nd Edition and Designing Secure Web-based Applications for Windows 2000 (both from Microsoft Press). He is authoring the book, 19 Deadly Sins of Computer Security along with John Vega and Howard LeBlac, which will be out soon. It's only 300 pages of no-nonsense guidance. Each member in attendance received a copy.

Howard has been working at Microsoft for 13 years. He was originally involved in kerberos and other security technologies. About 4 years ago he and others splintered away from the Windows group and became the Secure Windows Initiative. The Secure Windows Initiative (SWI) focuses on securing new and legacy code. A big part of what they do is called "Trustworthy Computing", where the are focused on "how not to inject security defects into code in the first place.". This team works with other development teams to teach them to focus on security threats, "How can people attack my code."

His group created the Security Development Lifecycle (SDL). In Howard's words, "Most software today is pretty lousy in terms of security because any hack can compile and distribute software. The process in place today for making software doesn't create secure software. The enter process is flawed. The only way to address it is to change the process." SDL is part of that change, it modifies the process to help prevent the injection of security errors in the first place. Bill G and Steve B. are "totally bought into it." (Note Bill G. provides a nice endorsement for the Write Secure Code book and has made it required reading at Microsoft.) The SDL was made public on Friday, March 18th and can be accessed at http://msdn.microsoft.com/security/sdl . It's estimated that SDL adds about 12% of overhead to the lifecycle process at Microsoft. The SDL is updated about twice a year. In July 2005 cryptography restrictions will be added to the SDL. One guy, Chris Walker, reviews all security bugs discovered in Microsoft products, categorizes them and advises on additions and changes based on this research to the SDL.

The SDL is being applied throughout Microsoft in the development of new products. A good example is IIS 6.0. IIS has had a reputation as an insure system. With IIE 6.0 the SDL was applied. It has had only two security "compromises" since it was introduced in Windows 2003 two years ago. Compared to Apache with Linux (see http://Zone-H.org) it more secure.

What of the primary tenants of Michael Howard's work is that "you cannot secure a system that you do not understand very well.". Another is threat profiles. "If you can't understand the threats you can't secure against them." You have to understand the skill vs. motives of the attackers. Microsoft has put together a set of 1,200 thread models based on research by them, the FBI, CIA, and Russians. Each component in a system has its threats, which can be categorized into one or more threat categories. Once you understand the threat categorizes that a component faces, you can easily derive a security strategy for dealing with them. The threat models identified by Microsoft can be found at http://msdn.microsoft.com/security/securecode/threatmodeling/default.aspx .

Tools used in Whidby to help with security:
* Sourcecode Annotation Language (SAL) adds annotations to the code to indicate relationships between code and memory so that the compiler has more information on which to discover security bugs.
* AppVerifier is used in combination with SAL to find potential buffer overflows (the biggest security problem) during compilation.
* Final Security Review (FSR) is a final review step of code that uses AppVerifier and other tools and processes to ensure that code is secure before shipping. You cannot ship code until it passes the FSR. As an example it took 10 weaks for Yukon and 5 weeks for Whidbey to go through FSR.

Microsoft Messaging Future Using Indigo

Don Box (dbox@microsoft.com), Microsoft Architect working on Indigo. During the 80's there was a made rush to object-oriented programming. Unfortunate, one of the mis-steps of this rush was to project the object paradigm onto distributed computing. In this area, CORBA got it right by focusing on messaging. CORBA took the type system and sliced in in half. In short data object coupling doesn't lend itself to messaging.

The right way to do contract is to separate object-oriented contracts from message contracts (this is something that .NET does with OO vs. Service level annotations). Couple of sound bytes:

* "Relax NG is better than XSD, but we are stuck with XSD"
* "If I could wave a magic wand, we would all just use Ruby."

Programming Language Design Panel

Anders Hejlsberg, Chief Designer of C#, previously designed J# and Borland Delphi. Distinguished engineer in developer division. Designed C# programming language and also works in libraries.
* C# 3.0 focused on eradicating separation of data languages and databases. Being able to query and set operations in language without using.
* Ruby? Follows everything with great interest about what is happening in dynamic languages.
* AOP? In wait and see mode on AOP. The freedom that comes with AOP is a very big gun. There are parts of AOP that he likes and he think you can do some of these things in C# already.
* Microsoft is in the business of create one, well integrated, platform rather than solving just one problem and allowing customers to cherry pick.
* Comega (http://research.microsoft.com/Comega/) was a research project. Also know as X#, it’s a CLR langauge for processing XML Schema and CLR.
* Concurrency, shared state is a dead end. It won't work. Doesn't scale. Application Servers like ASP.NET teaches us that programmers are successful with currently processing if you make the programming model look serial.

Herb Setter, architect in development division, runs C++ group. C++ is the only language that does native and managed.
* Dynamic languages. Provide value but a lot of developers can't adopt it, however, we can take some things from it.

Jim Hugunin, Chief Designer of IronPython. Member of CLR Group. 18 months ago out in Java community working AspectJ and Jython. Now doing Microsoft .NET IronPython.
* Public release sometime soon but will not be 1.0 ( a beta). Will be announcing on the 22nd at the Python conference what Microsoft will be doing (may even announce that IronPython is released).
* Python is compiled to ILM on the fly - it feels just like a scripting language.
* Doing Python is easier than Ruby. The differences between Ruby the language and Ruby the platform. Python has a wealth of libraries.
* Taking Python to .NET will require some type of licensing terms that are agreeable to the Python community.

Jim Miller, Chief Designer of CLR
* With regard to Mono: Deliberate decision to allow alternative CLR platforms being developed.
* CLR designed from the bottom up to support multiple languages.

Developer Community Outreach and Channel 9 stuff (during lunch)

Didn’t take notes: Warm and fuzzies

SQL 2005 and Developer

Tom Rizzo, Director of Product Management of SQL Server

Hard push on Web services so that you can use non-Microsoft to access SQL. Http endpoint can be created on the database and accessed. Invoking stored procedures or T-SQL batches using SOAP with WSDL interface. Native Web Services support on SQL Server.

Grid. Oracle doesn't have real grid computing. Oracle is tightly coupled system where they are all attached to the same disk. The way we think about Grid, is in terms web services. Oracle is a shared disk system. Shared nothing is Microsoft's approach.

SQL Server 2005 contains a subset of .NET framework (not things like WinForms for obvious reasons).

XML databases will go the way of object databases. Use XML in binary so that it's more efficient which allows primary and secondary indexing. XML data can be typed or untyped. Yukon support full text search of XML. Yukon supports XQuery. And cross domain queries. Combine SQL and XQuery now support November draft of XQuery.

WinFX based on SQL Server but it is not full SQL Server. It's a live and kicking.

3 tenets of WinFS: Find, relate and act.

ObjectSpaces was an object-relational mapper that they were going to ship. But it got pushed out.

MS vs Oracle. If you want cross-platform support you go with Oracle. If you are not a Microsoft shop than you choose Oracle.

Example of large instlation that uses SQL Server in production:
* NASDEC: Uses SQL Server.
* Western Digital migrated from Oracle to SQL Server all ship floor controls. 50% better performance.
* Pilgrims products (chicken processing folks) they have a two terabyte database warehouse. MS Legal document database has 4 terabytes.

Product Development Process

Ian McDonnald, Director of Program Management Director at server long term planning for windows server. Project manager Win 2000, NT, 2003, and XP.

Development at Microsoft is spread across 7 businesses P&Ls (profit & loss)

1. Business solutions
2. Home & entertainment
3. Information worker
4. Mobile & embedded devices
5. MSN
6. Server & tools
7. Windows client

They do have a standardized lifecycle that groups should follow, but don't have to follow to the letter.

* "Isn't PowerPoint one of the most evilest things ever? I don't know, that's how I see it."
* "How agile are we? Frankly we suck! Or at least that's my way of looking at it."
* "300 people dedicated to servicing windows and that's a full time job. The computer industry is crazy in the way it does testing today. The reality is the we must create significantly more code for test the product than running the product."
* "Microsoft in 2000 looked at security as a bunch of freaks off in the corner that you threw some code at now and then. We had to as a company understand that our basic ways of looking at things was wrong. Example any string compare you have an integer overflow in it. Had to question base ways of doing things. "
* "Fix bugs earlier. Fix six months before shipping costs 30 times more. Fix after a release costs 100 times more than if you catch it early on."
* "We have a set of project tools that we run thing by." (RMH: They have their own source code management tools, IDEs, etc. that wouldn't make good products but are necessary to develop the large software products they are doing.)
* Feature Inventory Tool
* Compliance Stuff
* "Bad RAM is probably causing about 20% of our windows crashes."
* "Spyware is just a virus with an economic model"
* "Windows Server an amorphous blob that is not easy to describe. The key thing is that the Microsoft stuff integrates well. Integration allows us to share functions across different scenarios. Integrated managment, security, programming model, ops, dev tools. "
* "Active directory is the centralized place of identity managment in most computing system in most organizations. You can run it with other DNS but if you run it with MS DNS it will work better."

With regard to Self-Healing we have a bunch of interesting research projects. Self-Healing is very much about software Policies. "Self-healing will be the norm in 10 years."

Windows Server 2003 Hotpatch. If a vulnerability comes update without out human intervention but obviously need admin permission.

Windows server doesn't use MSF process. A process designed for 20 people is very different from one designed for a team 12,000.

Windows Architecture

Chris Jones. Runs Program Management team in core. Build the OS platform toolkit. Works on operating system, road map, features, and how to run the project.

Operating systems didn’t converge until Windows 2000. Today Windows 2003 and XP are different code bases that require duplicating fixes and features across code bases.

With Longhorn we are on one code base. Can't get rid of Windows Registry in Longhorn because of legacy software dependancy and COM dependencies.

D3d (some type of graphics library on which the new WinFX UI will be shipping on). For longhorn has a new display driver model.

40% of "blue screen of death" are do to display drivers. Moved a lot of code into user mode. New Window Manager.

Chris Anderson, Software Architect of Avalon and XAML
Avalon and XAML: What is the point? 3 main points

1. Want to enhance developers ability to create a different types of products.
2. The need to create interfaces that are unique and pretty = this requires (RMH: Flash like technology).
3. Enhancing user experience is big part of it.

The input side changed the way you communicate with devices - built a new accessibility. From a users experience perspective had to change the UI model. XAML is the way to have a super productive environment. Tools and .NET with XAML is going to make the developer experience much better.

Day 2:

Keynote

We have no sponsorship or partnership or endorsement of Mono.

What a much better Java on Windows.

How big can we go with making Java work on the Microsoft Platform?

.NET CLR Architecture

Jason Zander, CLR Product Unit Manager, been on the team since we started
Dr. Miller
Brad Abrams
Jim Hugunin.

Started working on 1997 originally Component Object Runtime (COR).
Started incubation in MTS group around metadata and complier integration
Sever API's still use the Cor pref and engine DLLs are named MSCOR??.dll

Lots of names
* COM3
* COM+ Runtime
* NGWS Runtime
* Universal runtime (URT)

Did the big unveil at the PDC 2000 in Orlando, .NET FX 1.0 shipped in June 2002
* 1.1 shipped in 2003
* Now working on .NET 3.0

Goals of CLR
* Dramatically simplify development of classic Win32 programmers
* Mike Tougongy coined "managed environment"
* Unify programming models
* Provide managed code access security
* Typesafe and verifiable
* Automatic memory management
* Boundary checking
* Support for multiple programming languages
* Common engine infrastructure everyone share
* Enable tools that can ignore ….

Cedar was a managed environment from the 70's? IL is a combination of Curso from Steve Lusco and Xcodes. Jim Miller was a big part of defining CLI.

JIT at instantiation or the first time each method is called. JIT has two main parts:

* GAC Global Assembly Cache. Common services
* NIC Native Image Cache where the JIT stores the cached native compiled images.

GC, there are no pointer indirections so that when accessing objects you have a direct pointer to it. Which saves time in redirection. "Tuned the hell out of the GC". There is the client GC and a server GC (avoids buss locks).

Languages: Common Language Specification (CLS) when you are trying to unify that many language processors you have to address issues about moving a source code to IL. IL allows us to share the tools like profilers and debuggers etc.

Dynamic languages is the next area that they want to see more developments. LCG (Lightweight Code Generation) in 2.0. Generic types really good for dynamic languages.

Version 2.0
* More libraries, collection classes
* Generics
* 64-bit support (IA64, x64)
* RAD support: Edit and continue, just my code
* Click once deployment
* MS SQL Server: fiber mode integrate security
* Avalon and Indigo
* Windows Longhorn

CLR in Databases
* DB/2, Oracle 11g, both out -of-process with vq.q
* SQ SQL Server 2005: in-process v2.0

ASP.NET

Missed this one.

VS.NET

Ori Amiga - Was a VisualAge deveoper.
Jason Weber (mac developer)
Douglas Hodges - Original member of OLE2 COM team working VS since 1995. The Grandfather of Visual Studio

Bill G. "At every juncture, advanced tools have been the key to a new wave of applications…"

Visual Studio Express free stand alone supports all the languages. Other versions: Standard, Professional Editions and Team System.

In order to accommodate all other systems: Visual Studio IDE | Services (debuggers, compliers, etc.) | Team Foundation Services (source code management, etc.)

60 languages across academia, industry and so forth supported by VS using its pluggable architecture.

Still pluggable architecture is very complex. Looking at a way of making AST for all languages available to third-parties. Code model is a higher level abstraction. But it doesn't allow you to go deep enough for AOP.

AspectJ not supported because VS doesn't expose its C# AST (language hierarchy)

Visual studio ships with over 20,000 dlls

VSIP (Visual Studio SDK) Program allows you to extend VS. There are now 230 partners with 820 products that work on top of VS.

* Two types of products: those that complement languages for these its zero costs. But to distribute VS IDE with your own product, so you want the empty VS which costs $20.00 per IDE that you resell. To redistribute the standard and professional editions is done at a discounted rates.
* Visual Language Studio allows you to design a new language for VS.
* VSIP (Visual Studio SDK) shows how to build a new language for VS.NET.
* Powerful support for domain languages.
* PHP language editors . One natively targets PHP. The other Phlanger, complies into CLR rather than PHP.

Microsoft Research (during lunch)

Smart Client Futures

Keith Yedlin Product Unit Manager

Taking the best of the rich client and the web client and merging them together. Effective and robust interface that is easy to deploy across the web. Consumes web services and is available for offline. And is available for device adaptability. Provide tools that enable smart client.

Why Windows Forms is Smart Client Technology. A major feature of Whidbey is click once deployment.

Windows Forms is the client/UI framework. Worked on 3 things: Easier to build, easy to create professional looking and also easy deployment.

Visual Studio 2005 Tools For Office - combines Word, Excell, and InfoPath. Smart tags are boxed text that call up action pains (left screen)

Guidance through Patterns and Practices

Ward Cunningham is a member of this group, but not at presentation
These guys research how to implement MS technology and publish documents on it. Basically MS architectural patterns and practices for success.

Build Scenario based solution guidance
Smart Client
Line of Business Applications
Integration

Each scenario has associated
* Architecture of situations types
* Technical challenges
* Lifecycle challenges

Patterns information is driven more by scenario (e.g. smart client, LOB, etc.) and then discussions around those scenarios take place.

Guides produced by this Group
* http://www.microsoft.com/resources/practices/guides.mspx
* http://www.microsoft.com/pratices
* patternshare.org Has patterns from Gang of Four, Martin Fowler, Boggy Wolf.

Application Blocks: Reusable frameworks for specific scenarios. Tool extensions

Base line architecture is a risk case management tool. It's not the complete deal, it address the risks not the implementation.

This really cool reference architecture Global Bank will ship for free from their web site. Will ship the first week of April.

www.godotnet.com

Open Source and Microsoft

Rob Mensching

Linux Kernal patches per hour. Right now it's 2.4 patches per hour.

Is there an appropriate technology for Microsoft to open source. Look at patches per hour, distribution lag.

We don't look at open source as a panacea, but we acknowledge that it is the right model for some software. But we will never make Windows open source. Fundamentally, open source can't test windows (drivers, all sorts of things) just by accident.

How can MS learn from OSS

Community involvement is good depending on what it is (testing, etc.) The more transparent you are the better.

Must balance modularity or integration costs soar. Can't have several different ways to do things, or integration testing will soar.

Shared Source - most people think of it as a read-only source code.
But there are different ways to share source code. Twelve different licensing programs allow full modification and distribution rights. Use some pre-existing open source licensees and some are MS invented (e.g. NetNew).
Windows - is read only for government and certain commercial organizations

* FlexWiki is free for distribution and modification.
* C#/CLI - ROTOR project.
* Wix (Windows installer XML Toolkit)

Things need to be made OSS for a compelling reasons, not just because you want to.

Key Learnings:
* Community doesn't "just happen" you have to have a shepherd. A person to guide, nurture the community.
* Require strong leadership and ongoing attention.
* Serve a specific need - don't just dump code.
* MS is considering open sourcing some stuff.
* There must be good business, Legal, and Technical reasons for open sourcing.
* Some people think that Microsoft has "Legions of Croatian coders writing Linux viruses". Not true.

MONAD - Microsoft next generation scripting language and shell. Supposed to be as good as Bash, without problems, but specific to windows. Can look like other environments (DOS, Linux shells). Includes stuff like grep. You can change these system calls (they are stored as .msh) files. Transparence and text files. MONAD runs on .NET framework so you can write .msh files using C# or Jscript or whatever. Unlike Bash you can reach out and use .NET widgets like Excel.

Open source is an "Architecture for participation" (Tim O'Reilly) when the core is managed by a core group but extensions and modules are developed by community.

Day 3:

Closing Keynote

Eric Rudder - (erudder@microsoft.com) Sr. Vice President Developer Division
Commits to doing some type of security event with other vendors.

Windows CE and Mobility

Mike Hall - Technical Product Manager of Mobile and Embedded Devices Group. mikehall@microsoft.com

WindowsCE is used in robotics for integration, these little embeded systems can interact with the larger systems of the corporations.

Minimum size is about 200k. It's more of a bucket of legos where you can build what you need. Started in 1993 built from the

Has Core EDL, GWDS (graphical system). You can choose to build a headless (no gui) devices that uses network communications. BlueTooth, Ethernet, Wide ware networking, HTTP, etc.

There is one development tool called Platform Builder of which there is an evaluation version (windowsembmedkit.com) and a fully licensable version.

Premium source msdn.microsoft.com/embeded) can get access to source code for windows CE. Includes about 2.5 million lines of source code in the form of modules you can use to build platforms for smart phones, gateways, drivers, etc.

.NET Compact Framework is about 1.5 meg in size.

Windows XP Embedded is used in larger devices like medical, robots, gambling machines and such things. Is exactly the same, on a binary level, the same as desktop Windows XP. Everything you'll find in XP Pro but license restricts it use to build another PC.

SPOT - operating system that runs inside the watch, the interesting thing is that there is a tinny layer of assembler and than immediately above that is the a tinny CLR, there is no operating system. All the application are written in C#. There is an embedded development board, which contains the spot processor and spot development tools for create SPOT applications. Some watches don't allow direct download of code but other due. Using a USB adapter, they are looking now at allows develops write applications for their own SPOT watches.

Core license for a single license $3.00
Pro version contains applications form pocket PC (like PDF viewer) this is $12.00 per license.

XP Embedded is $70 per license.

The value add in WindowsCE is that components that you might normally need to license and the number of devices support is huge.

Difference between WindowsCE and Windows Embeded: WindowsCE used to write device operating systems. Windows Mobile for smart phones and pocket PCs customized for those types of devices. Windows Mobile are the GUI and applications that run on top of Windows CE, but specifically for mobile devices.

Visual Studio Team System

Darren Jefford (?)

Visual C#/Basic/C++/J# Express Edition designed for every day people.

Team System focuses on collaboration and communication among teams. Today, developers will use several different tools to collaborate. VS Team attempt to provide a single tool that includes everyone. From design to operations.

VS Team: Team Architect, Team Developer, Team Test, Team Foundation Server.

Architect product is centered on modeling services oriented applications. Looks at VB as democratizing programming. Today we are on a iconic shift on web services. Believe there will be a huge shift around web services so the products today have to make creating web service easy. We need VB for Web services. This is what Team Architect is the visualization of web services. Tools also allow you to visualize data center and validate that the services and tools work together.

Team Developer has code analyzers (dynamic and static) and code profilers, unit testing, code coverage. Built in load testing tools, which are normally very expensive.

Team Foundation Server is a collaboration server built-in from the ground up. Source code control, work item tracking (but tracking), project management, change management, reporting, project site (share point Windows based not share point server for version 2), and nightly build service.

Overall Goodness Factor (OGF) a term used at Microsoft. Can analyze code churn, unit test coverage, code coverage, and then give you an accurate view of your projects health. The server is accessed as a web service.

Process guidance hooks including Agile "MS for Agile" CMMI "MS for CMMI3" process guide. It manifests as help, but also as policies (e.g. can't check unless all unit test pass or can't check unless peer reviewed first). Includes hooks for integrating your own process guidance.

Team Architect is as close to MDD as MS can get today. Team Developer is very code centric development tool.

Team Foundation will have a plug-in for Eclipse.

Profiler will "inject" probs into code to gather data and send them back to the VS team system so that you can track operations in specific areas - (RMH: sounds like AOP to me.)

Load Testing
Will be priced at a per agent basis, so that a single server could imitate a huge number of clients. Mercury will be better than VS because VS only supports HTTP and HTTPS protocols for load testing.

MSDN Universal license is probably the best way to access these things. This will provide you with a non-cost upgrade to one of the three client VS team with special upgrade pricing. Without the MSDN-UL than each of the clients if 3 - 4,000 each, with the suite priced at 7,000.00. Details on all of this stuff will be aviable on Monday, March 21st.

Product plan for V2
Business analysts, database architects, help desk, database administrators all of which will integrate with the Team Foundation. Basically build out roles and integrate with Team Foundation.

Closing Remarks

Where do we go from here?
Will collate notes, poll speakers, and get input back out to attendees sometime over the next month.

Each attendees will receive a survey of event on Monday. Please fill out the survey as it will be used to determine if it will happen again, and also to create an advisory panel. Include 5 actionable items that you think we need to do. Get the word out on threat modeling, or patterns and practices, have another summit, not necessary MS improvements but where to go from here.

Using e-mail mtsquest@microsoft.com to send in comments for DE (Jeff).

Rick Ross has volunteered to set up a list server for the group.