1 September 2013

Windows Operating System Architecture

Microsoft Windows Operating System series are one of the most popular operating system among the users. The first Windows was released in 1985 (Windows 1.0) and since then till today the Microsoft OS has dominated the personal computer market. Windows has been written in Assembly, C and C++ languages and it is simply a graphical user interface (GUI) that manages and maintains the users’ computer resources and components. Computer software is categorized in Application software and System software. Application software can perform a specific task, a text or image editor such as Microsoft Word or Adobe Photoshop are some example of Application software. But system software refers to the software that enables a computer to function efficiently. These special sorts of software consist of programs, interpreter, and languages to control the operation of a computer system. In this post we will talk about the Windows Operating System evolution and its architecture as system software. So before we start, let see what an operating system is exactly.

Operating System

An operating system (OS) is System software. It is a collection of programs that acts as an interface or mediator between the user (user programs) and the computer hardware. It provides a human friendly environment for users to execute his/her program. Operating systems allow us to operate and maintain the hardware in desired way and according to our needs.  Some examples of OS are Microsoft Windows, Linux, Macintosh OS X and UNIX. Even today, mobile phones have their own operating system.

Tasks of an Operating System

We need to use computers as a daily base to perform certain tasks like reading our email, writing a letter or watching a video. We also need to store our data in the system for later references or uses. All these tasks and process must be done by the operating system. An OS must have built in facilities to provide us some services to accomplish all these jobs. Otherwise we end up with an undependable and unsecured system. The services or tasks that an OS offers users are categorized in "Process Management, Input/output Operation (I/O), File Management and Memory Management".

Process Management

A process is an instant of a program that's currently running. Processes can run simultaneously and the OS manages and control all the processes. A user can listen to the music while he/she is making a spread sheet (multitasking). Execution of any program needs resources like memory and CPU. Today the modern computers have ability to perform different tasks at the same time. If you are using a network, then sharing the information between the nods and processes is necessary. An OS can create and delete a process, manage the resources for processes, synchronizes their execution and allocate the memory.

Input/Output Operation

Operating system control Input and Output devices, so the user can enter data and access the output. OS schedules the allocation of the I/O devices for all processes. As a user, when we execute a program we need to enter data and get our desired result. For example, if a user writes (Input) a letter with a text editor, he also needs to print (Output) the same letter or views it on the monitor. Each input or output device (Keyboard, Mouse, Printer, etc.) has its own controller. The operating system must have the power to manage all these devices and hide (abstraction) their hardware details from the user. 

File Management

An OS gives you a user friendly environment for File operations like creating a new file, rename a file, delete an existing file etc. we all need some space on our local machine for storing information and data permanently. These data and information can include different type of files like image, text, video, or even programs. We also need space to save the output or result of a program in our system. All these files must be organized in a manner that can retrieve easily whenever we need them. For storing the data permanently we use secondary storage devices such as a hard drive. The operating system creates, manipulates, organizes and manages all files. 

Memory Management

As I mentioned in the Process Management, the OS manages memory allocation for the running processes. When a program executed, it is executed as processes. In other words, a process encapsulates the context of a running program. One execution of a process finished, it should remove from the system. There might be many programs running at the same time that they need to access the Main memory. Every memory location (array of bytes or words) has different addresses. The CPU can access these addresses directly. So the operating system has to allocate memory to allow the execution of processes. When the main memory is not available and occupied by other processes, the OS must use the secondary storage device as an alternative to store some of the waiting processes and frees the memory. Allocation and de-allocation of memory is one important feature of an operating system.

Evolution of Windows OS

The ability to evolve is another feature of a good quality operating system. With the fast growing of the technology, users need new improvement and services every day. The design of an operating system must be in a way that can provide easy installation of new services and updates. Since 1985 that Microsoft introduced the Windows 1.0, this operating system has evolved from Windows 3.X family to the Windows NT. All the Windows versions came from these two families, some of them originating from Windows 3.X and another from Windows NT.

Windows 3.X family

Windows 3.1

Microsoft Windows 3.1 was the first member of windows family. It had a graphical user interface (GUI) and was based to run on the DOS (Disk Operating System). Windows 3.1x is a 16-bit operating system that was designed for personal computers. 

Windows for Workgroups 3.11

The main feature of Windows for Workgroup 3.11 was the network support. It supported 32-bit access, full 32-bit network re-directors and ran on the DOS.

Windows 95

The Windows 95 was a significant improvement from the previous Windows versions. It was designed for end-user desktop with better user interface, network support and plug-and-play feature (connect devices to the system without the need of configuration). 

Windows 98

The second major release in the Windows 9x family was the Windows 98. It included new features such as Wizards, Utilities, Tools and resources for better performance. The Windows 98 is a 16-bit/32-bit OS with an MS-DOS based boot stage. This operating system was faster than the Windows 95 and contained enhanced television, video playback, and new hardware support.

Windows Me

The last operating system released in the Windows 9X series was the Windows Millennium or ME and it was designed by Microsoft for home users. It had the ability to connect users’ computers at home to create a local area network with better Internet connectivity, and work with rich multimedia content such as photos, videos, and music.

Windows NT family

Windows NT

The first version of Windows NT (New Technology) family was released in 1993. Its design was based on Windows 95 user-interface and was a multiprocessor and multiuser operating system. It was a true 32-bit operating system, which was optimized to work with 32-bit architecture hardware devices. At this stage, Microsoft started to remove the dependencies on DOS and began to fully rely on the NT Kernel.

Windows 2000

Windows 2000 design was built on Windows 98 user-interface and made business user more productive. Windows 2000 introduced many of the new features of Windows 98 and Windows 98 SE into the NT family. Windows 2000 made business user more productive. Its integrated Web capabilities and support for mobile computers and hardware devices made Windows 2000 the easy way for business user to connect to the Internet anywhere and anytime. 

Windows XP

Microsoft used power of Windows 2000 and business features of Windows 98 and Me and made Windows XP. Windows XP was a smarter OS and introduced several new features to the Windows line, such as GDI+ graphics subsystem and improved image management, Start Menu and Taskbar improvements, Integrated Networking and Multimedia support and many more.

The operating systems that evolved after origin of Windows 2000 were based on the Windows 2000 architecture only. The other Windows operating systems after XP include Windows Vista, 7, and Windows 8.

Windows Architecture

Windows 2000 architecture is the latest architecture of Windows operating system and the newer versions of the Windows OS have the same structure as Windows 2000. This structure is a modular structure, composed of several simple modules. These modules are:

  • Hardware Abstraction layer
  • Kernel
  • Executive Services
  • Protected Subsystems
  • Environment

Hardware Abstraction Layer

What we mean by Hardware Abstractions is a set of routines that give a program direct access to the hardware resources. The Hardware Abstraction Layer (HAL) makes the hardware dependencies transparent to the rest of the operating system. This allows Windows 2000 to be portable from one hardware platform to another. It is a thin layer of software or programming that hides (Abstraction) the hardware differences from the operating system. The HAL consists of a series of function that hides or abstract differences between hardware platforms. For example, the processor used in your system can be from any vendor, such as Intel, Advanced Micro Devices, and Motorola. In the Windows NT OS, the HAL is placed in the Kernel and in the space between hardware and the Win NT services.


The Kernel works very closely with the HAL and is the heart of the operating system. It schedules the activities to be performed by the CPU. On a computer that has multiple processors, the kernel synchronizes activity among processors to optimize performance. For example, if you open more than one application, such as, MSWord, MS Excel, and PowerPoint, the kernel schedules the processor’s time within all applications. 

Kernel-mode device drivers enable the Windows NT to interact with hardware components. These drivers have some system routines that represent all the system devices seen as a file object in the Input/output manager for the user and the I/O manger can view them as device objects. These drivers exist in three levels: high level, intermediate and low level drivers. The high level relies on intermediate level which is contained of function drivers. The intermediate drivers rely on the lower level; this level also includes the Windows Driver Model (WMD). The lowest level directly controls the hardware and do not rely on the intermediate or high level drivers. 

Another term that we are seeing in the Windows architecture is the Microkernel. The Microkernel is a collection of programs that can provide tasks such as address space management, thread management and inter-process communication (IPC). The Microkernel along with the Windows kernel are in charge to make the operating system work efficiently.

Executive Services

The Executive Services, which includes the kernel and the HAL, provides a set of common services that the user can use. This section interacts with Input/output devices, object management, process management and the system security. Each group of services is managed by one of the components of the executive services, which are as follows:

  • Object Manger
  • Power Manger
  • Process Manager
  • I/O Manager
  • Virtual Memory Manager
  • Local Procedure Call Facility
  • Cache Manager
  • Security Reference Monitor
  • Plug and Play Monitor
  • Device Drive Manager

Object Manager

The Object Manager provides rules for retention, naming and security of objects. Objects can be, for example, files and folders saved in the file system. It also removes the duplicate object resources. The Object Manager considers each resource as an object whether it is a physical resource or a logical one like a file.

Creation and insertion of objects can be done in this section. The Object Manager first allocates an empty object and then reserves the required resources. After that Ob inserts the object and makes it accessible through its name or a handle (cookie). A Handle is an identifier that points to a certain Kernel resource. The lifetime of an object also managed by the Ob and it will keep the object till the subsystem needs it and then it will be deleted by the Object Manager.

Power Manager

The Power Manger deals with power events like power-off, stand-by, and hibernate. Windows 2000 supports all of the latest standards in Power Management including the Advanced Power Management (AMP) and Advanced Configuration and Power Interface (ACPI). Consequently, network devices can be powered off when not in use and dynamically reactivated when network access is required. Windows 2000 also supports Wake-on-LAN technology, allowing an entire machine to be powered down and then reactivated via incoming network requests. With APM and ACPI support, Windows 2000 has the potential to run for longer periods of time on battery powered systems due to its ability to conserve power when not in use and then be dynamically reactivated via incoming network requests.

Process Manager

The Process Manager manages the creation and deletion of processes. It provides a standard set of services for creating and using processes. The windows Process Manager works in conjunction with the Security Model and the Virtual Memory Manager to provide inter-processes protection.

I/O Manager

The I/O Manager manages all the input and output for the operating system. It supports all file system drivers, hardware device drivers and network drivers, and provides a heterogeneous environment for them. The I/O Manager provides a common interface that all drivers, such as FAT file system driver and NTFS driver can call. This allows the I/O Manager to communicate with all drivers in the same way, without any knowledge of how the devices they control actually work. The I/O Manager provides a cache manager for improving the disk performance by caching the read request and then writes them on the disk in the background.

Virtual Memory Manager

The memory architecture for Windows2000 is a demand-paged virtual memory system, accessed via 32-bit address. Virtual Memory is the term used to describe the technique where the operating system can allocate more memory than what is physically available. Each process is allocated its own unique virtual address space, which appears to be 4 gigabytes (GB) in size. This address space is divided into block of equal size called Pages.

Demand Paging is a method by which data is moved in pages from physical memory to a temporary paging file on the disk. As the process needs data, it is paged back into physical memory.

The Virtual Memory Manager maps virtual addresses in the process’s address space to physical pages in the computer’s memory. It hides the physical organization of memory from the processes. This ensures that processes do not access the memory of other processes.

Local Procedure Call Facility

Windows 2000 provides a communication mechanism between the applications and the environment subsystems. The executive system implements a message passing facility called a Local Procedure Call (LPC). Applications communicate with the environment subsystems by passing messages via the LPC facility. The LPC contains inter-process communication ports that can be used by user-mode subsystem for communication.

Cache Manager

The Cache Manager is a part of the I/O architecture. It handles caching for the entire I/O system. Caching is used to improve the performance of the I/O systems. Instead of reading and writing directly to disk, frequently used files are temporarily stored in a cache in memory, and read and write operations are performed to these files in the memory. This improves the performance since reading and writing to memory is much faster than reading and writing to disk. The Cache Manager provides caching services for all file systems and network components under the control of the I/O Manager.

The Cache Manager dynamically changes the size of the cache as the amount of available RAM varies. When a process opens a file that is already present in the cache, the Cache Manager copies data from the cache to the process’s memory, and vice versa, as read and write operations are performed.

Security Reference Monitor

The Security Reference Monitor (SRM) is responsible for enforcing the access validation and audit-generation policy defined by the local security subsystem. It’s also responsible for controlling which objects have permissions to which resource. Each object has an Access Control List (ACL) that is queried when the object makes a service request. Access to resources is allowed or disallowed according to the right the module has in the ACL. For example, you have created a shared directory having read permission. If other users try to write into the directory, the Security Reference Monitor will check for the permission and will deny writing into the directory.

Plug and Play Manager

Plug and Play, which made its first appearance with Microsoft Windows 95, is now a feature of Windows 2000. Changes have been made within the system architecture of Windows 2000 to accommodate this facility. Compatible devices can now be introduced and Windows will configure the device. PnP supports device detection and installation at boot time which may require the reconfiguration of other devices. Plug-and-Play automatically tells the software (device drivers) where to find various pieces of hardware devices such as modems, network and sound cards etc. Its task is to match the physical devices with the software that operates them and to establish channels of communication between each physical device and its driver.

Device Manager

Device Manager allows you to check the status of your hardware devices and to update device drivers for the hardware installed on your computer. It also checks how the hardware interacts with your computer programs. You can also use Device Manager to check the status of your hardware and update device drivers for the hardware installed on your computer.

Environment Subsystems

Windows 2000 allows many different types of applications to run on the same graphical desktop. It runs applications for operating systems such as MS-DOS, OS/2, Windows and POSIX. Windows 2000 support a variety of applications through the use of Environment Subsystems, which are Windows 2000 processes that emulate different operating system environments. For example, through command prompt of Windows 2000, you can get the CUI environment of DOS.