Windows 2000: Should I Stay or Should I Go Now? (Part II of II)

Last month, we started this two-part discussion reviewing the features found in both Windows 2000 (Win2K) Professional and Server, focusing on those that applied to Win2K Professional. This month we'll turn our attention to Windows 2000 Server.

Stability:

Increased uptime, fewer crashes, and fewer "planned reboots" are particularly significant when managing enterprise servers. The improved stability alone may provide sufficient reason to upgrade your NT servers sooner rather than later.

A Thing Called "Active Directory"

The most notable feature of Win2K Server is the Active Directory (AD) Service. Using widely-accepted industry standard protocols like the Domain Name System (DNS) and the Lightweight Directory Access Protocol (LDAP), AD organizes the entire enterprise into a single hierarchy. It provides a single point through which you can manage all of the Win2K Enterprise. Volumes have been written about AD, and you'd need to read them to understand AD fully .

In short, Active Directory provides the following:

  1. A common, intuitive interface to manage all network resources (including non-Microsoft resources like routers, firewalls and printers).
  2. Flexibility in managing your infrastructure.
  3. Remedies to many Windows NT domain model deficiencies.
  4. Extensibility, i.e., the ability to add or change features. For example, track items by employee and secure that information on a need-to-know basis.
  5. A single logon for all system resources including mainframe, UNIX and other systems.
  6. Distributed administration to allow you to delegate administration of any portion of your systems' resources.
  7. The ability to assert a universal set of policies that will apply across the enterprise.

For larger associations, AD will provide plenty of justification in reduced administration. For smaller organizations, the cost of learning AD may not prove cost effective.

Management:

For larger associations, AD will provide plenty of justification in reduced administration. For smaller organizations, the cost of learning AD may not prove cost effective.

  1. Win2K's Group Policies, tied to the AD, close loopholes found in Microsoft's policy editor used by administrators to control any aspect of the Windows environment. Win2K group policies can be applied to any branch of the organizational tree and be inherited or blocked by organizational branch.
  2. Intellimirror® allows users to access their data, programs and preferences anywhere on the enterprise network.
  3. Remote storage monitoring enhances administrators ability to manage disk resources.
  4. The Remote Installation Service allows administrators to automate more easily installation of workstations.
  5. The Windows Task Scheduler and Scripting Host features provide graphical tools to automate or schedule network-based operations.
  6. The Distributed File System provides for access to files across the enterprise using a single directory tree.
  7. Disk quotas restrict users from exceeding their allocated space.
  8. The SysPrep tool prepares systems for disk imaging software like Symantec's "Ghost".

One or more of these tools may help your association reduce administration costs, increase return-on-investment, and improve organizational productivity and effectiveness.

Security:

Microsoft has substantially improved security with Win2K. Under NT, any data file can be snooped-with a single floppy or CD, an unsophisticated individual can compromise your organization's secret data. Win2K's file encryption scrambles files, making unauthorized access extremely difficult. To encrypt network traffic, Win2K provides Internet Protocol Security or IPSec. Part of the standard for the next generation Internet, IPSec is the standard for encrypting network transmissions. Most virtual private network solutions (VPNs) support IPSec. Win2K supports Kerberos, an industry standard for a centralized enterprise security checker. Kerberos authenticates users and provides a secure "ticket" to accompany all network traffic. Win2K adds a whole multitude of security protocols for a more secure dialup environment.

Many associations now pay more attention to security issues. Win2K's new security features will help protect system privacy, integrity and availability.

Recommendations:

Remember these things when considering migration to Win2K Server.

  1. If you can't cost justify your decision to migrate, don't migrate.
  2. Your enterprise applications come first. Make sure you test them thoroughly on Win2K before you decide to migrate.
  3. If server uptime, availability and stability are a concern, migrate soon.
  4. If security is a major concern to your organization, Win2K provides valuable improvements over NT4.
  5. Whether you migrate or not, get to know the tools you have available to effectively manage your systems. Look at desktop management tools, installation scripts, disk imaging systems, roaming user profiles and the Microsoft System Policy Editor. Even small associations will realize excellent return-on-investment on the time invested.
  6. Upgrading hardware is an excellent opportunity to migrate.
  7. You must know AD before migrating. Run Win2K and Active Directory in a test environment until IT staff are comfortable with them.
  8. When you migrate, know the difference between Server, Advanced Server, and DataCenter Server .
  9. If you migrate from a Windows NT domain model, you must migrate the primary domain controller (PDC) first.
  10. Don't wait for "XP" or "Whistler", the next generation operating system due in the fall. Wait six months or a year after release to see the verdict. After that you'll need several months of planning.

Previous article