1 / 52

Migrating to Windows 2000 in a Large Research Environment

User and Presentation Services Application Services Management Network Services Distributed Services Base Services Migrating to Windows 2000 in a Large Research Environment Rand Morimoto President, Inacom Oakland rand@inaoak.com User and Presentation Services Application Services

Audrey
Download Presentation

Migrating to Windows 2000 in a Large Research Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. User and Presentation Services Application Services Management Network Services Distributed Services Base Services Migrating to Windows 2000 in a Large Research Environment Rand Morimoto President, Inacom Oakland rand@inaoak.com

  2. User and Presentation Services Application Services Network Services Management Distributed Services Base Services Migrating to Windows 2000 in a Large Research Environment • Background of Active Directory • DNS in Windows 2000 • Migrating from WINS to DNS • Consolidating NT4 Domains • Conducting a Phased Migration • Next Generation MS-Exchange

  3. About the Speaker • Microsoft Advisory Council Member (1995-present) • On the NT and Windows 2000 Development Team • Author: • “Deploying Microsoft Exchange v5”, 700-pages • “Tuning and Optimizing Windows NT”, 1000-pages • “Windows 2000: Design and Migration” • “Exchange v6: Design and Migration” • President / Inacom Oakland • Inacom Corporation • National / Int’l Services • Windows 2000 Services

  4. Microsoft Directory Evolution Now Now Coming Microsoft Exchange Server directory Windows 2000 Windows NT user directory Windows NT user directory • Singleenterprise logon • Centralmanagement • Replicated/ partitioned • E-mail namesand rich attributes • X.500 naming • MAPI, LDAP support • Scalable to “millions” • Integrated DNS, X.500 • Deep integration with OS security • More standard support: X.500 DAP/DSP, ADSI, OLE/dB, etc. • Scalable to millions

  5. What is Active Directory? • Windows 2000 directory service • Active Directory has • A hierarchical, flexible namespace • Partitioning for scalability • Multi-master replication • Dynamic extensibility • Open and extensible directory synchronization interfaces • Lightweight Directory Access Protocol (LDAP) as the core protocol for interoperability

  6. AD Terminology • Namespace • Name • Domain • Organizational Units (OUs) • Tree • Sites • Global Catalog • Schema

  7. Differentiation Administration Designators vs Replication Designators

  8. Creating Administrative Structures • First I Create my “Domain” and Give it an Organization Name • Then I Create Organizational Units within this Domain to Distribute Administration • I then Create Users within the Organizational Units where they Belong • Finally I Group the Users so I can more Easily set Policies to the Group

  9. Organizational Units Users and Groups Creating Administrative Structures Domain

  10. Enterprise is Made of Domains • Domains can be linked by trust • Domains can be related by name • Both X.500 and DNS naming DC=MyCorp,DC=Com whatever.edu DC=Dev,DC=MyCorp,DC=Com whatnot.whatever.edu

  11. Active DirectoryGlobal namespace = DNS + LDAP Directories com edu berkeley inacom microsoft students courses PoliSci Domain :inacom.com BSmith RJones AArney KBryant Domain : microsoft.com Domain: berkeley.edu

  12. Windows 2000 DNS Management Services

  13. Planning Your DNS Strategy • Active Directory is integrated with Domain Name System (DNS) • Therefore, it is important to • Determine which DNS server to use • Determine your DNS root

  14. DNS Server Options • Implement Microsoft DNS Exclusively • Implement Microsoft DNS as a Delegated Sub-domain • Use an Existing DNS Server

  15. Implement Microsoft DNS Exclusively • Benefits • Tight integration with Active Directory • Supports the extended character set, Unicode • Not dependent on existing DNS Servers • Will co-exist with other DNS Servers • Supports multi-master replication

  16. Implement Microsoft DNS as a Delegated Sub-domain • Benefits • Requires no upgrade of any existing DNS servers • Utilize existing DNS infrastructure • Minimizes dependency of Active Directory on existing DNS servers

  17. Use a Non-Microsoft DNS Server • Benefits • Does not require replacing existing DNS servers • No DNS changes required

  18. Existing DNS Server • To Support Active Directory, a DNS Server • Must support the SRV RR defined by RFC 2052 • Should also support: • The Dynamic Update Protocol - RFC 2136 • Incremental Zone Tranfers - RFC 1995

  19. Multiple Domains/Trees • Sometimes it is necessary to have more than one domain • Multiple domains with a contiguous name space are referred to as trees tailspintoys.com europe.tailspintoys.com marketing.europe.tailspintoys.com

  20. Microsoft.Com PBS.Microsoft.Com NTDev.PBS.Microsoft.Com Forest Definition • One or more Windows 2000 Trees • Do not form a contiguous namespace • Share a common schema, config., Global Catalog • All Trees in a Forest trust each other • Does not need a distinct name Softimage.Com Finance.Softimage.com

  21. Active Directory Safety: • Authenticode • Driver signing SingleSign-on Auth.: • Priv Key/Kerberos • Public Key/X.509 • NT4 PrivateComm. Protocol: • SSL • IPSEC • RPC/DCOM SecureBiz Tx • PK Certificates • Kerberos keys Base: • Crypto API • Encrypted F-S • More Auditing SecureDesktop Integrated Security Scenarios

  22. Goal of Windows 2000 for Enterprises:Reliability and Scalability Network Load Balancing Clustering

  23. Goal of Windows 2000 for Enterprises:World Ready • Multilingual user interface • Same code runs anywhere • Simultaneous support of multiple languages • Single world-wide API

  24. What Can be Done with NT4 in Anticipation of a Migration to Windows 2000

  25. Consider Implementing NT4 Workstation Today • Higher level of security • ability to lock down w/s hardware config • ability to create and manage set processes • Ability to use global roaming profiles • Key to Intellimirror in Windows 2000 • Consolidated DLL model in Windows 2000

  26. Design, Implement, and Gain Support for System Policies • Globally manage individuals, groups of users, or all users the ability to: • change screen saver • change desktop background • add applications • purposely or accidentally delete applications • drop to DOS prompt • modify workstation configurations

  27. System Policies

  28. Consolidate Domains • Minimize resource domains • Develop structure that utilizes fewer domains • Create simplified trust model • Document enterprise hierarchy • server/host configurations • segment addresses • segment bandwidth • trust and authentication process

  29. Fastlane Technologies: DM/Manager Selectively move single or multiple users from any Source Domain... ...to any Target Domain!

  30. Setting Rules / Policies for Migration Flexible migration options...

  31. Conduct Performance Analysis • Evaluate Client to Server Bandwidth Demands • Evaluate Server to Server Bandwidth Utilization • Analyze Server System Utilization • Conduct WAN Bandwidth Analysis Bluecurve “Dynameasure” recognized by Microsoft for capacity analysis and capacity planning (http://www.bluecurve.com)

  32. Performance Analysis Server CPU capacity is bottlenecked. All four server CPUs reach maximum thruput

  33. Implement TCP/IP and SMTP as Core Communications Protocols TCP/IP SMTP Site A Site B

  34. Implement DNS (in addition to (and in an Windows 2000 environment, in place of) WINS) • WINS needed for Netbios name resolution • DNS to be native in Windows 2000 complete TCP/IP environment

  35. Implement LDAP for Look-up Domain Controller Client Microsoft Management Console Legacy NT4 APIs NT4 BDC Replication SAM ADSI NW3 NW4 NT4 NTDS Windows 2000 M-M Replication Directory Service LDAP wldap32.dll Net APIs NCP NCP

  36. Create an Windows 2000 Deployment Team • Team Includes: • DNS Decision Makers (NT, UNIX, etc) • Hardware Implementers and Support Personnel • File/Print LAN/WAN Decision Makers • Firewall and Internet Security Decision Makers (Kerberos, X.509, etc) • Electronic Messaging Group • Desktop Support Group (Intellimirror, Windows Scripting, Sysclone, SMS)

  37. User and Presentation Services Application Services Network Services Management Distributed Services Base Services Migrating from NT4 to Windows 2000 • Migrating Domain Controllers • Migrating Servers • Migrating Users

  38. Migration • Any Windows NT domain model can be migrated easily to the Active Directory • Mixed environments • Fully supported • Look and act like Windows NT 4.0 domains • Migration to domain tree simple

  39. Migration (Initial State) Initial state Windows NT 4.x domain “PDC” BDC BDC

  40. Domain replica Global catalog Migration (Step 1) Upgrade PDC to Windows 2000 “PDC” BDC BDC BDC

  41. Domain replica Global catalog Migration (Step 2) Upgrade remaining Windows NT 4.x BDCs DC - GC DC DC DC

  42. Domain replica Global catalog Migration (Final State) DC - GC DC DC DC “Native” domain

  43. Migrationresource domains • Can be upgraded in place and joined to tree • Can be replaced with OUs • Convert in place • Join to tree • Create OU in parent domain • Drag resource domain contents into OU • Delete (empty) resource domain

  44. Server Role In Windows 2000 PDC BDC Replica Windows NT 4.0 Only writeable Read-only -- copy copy Windows 2000 Writeable copy. -- Writeable copy Appears as PDC to downlevel clients Windows 2000 Only writeable Read-only Read-onlyMixed domain copy (Windows copy copy NT 4.0 or (Windows Windows 2000) NT 4.0)

  45. Next Generation Microsoft Exchange 2000 codename “Platinum”

  46. Built on Windows 2000 Active Directory

  47. AD Does Exchange Administration

  48. Utilizes Multiple Storage Groups • More than 1 MDB Per Server • Smaller MDBs for easier backup/restore • Separate MDB for NNTP and Internal Public Folders • Distribute DBs across multiple Storage Area Network (SAN) devices • Distribute Administration of DB management on a single server

  49. Migration to Exchange Platinum • Exchange Platinum Migration • Exchange server needs to be migrated, but not the whole organization • Migration tools included to migrate Exchange v5.5 to Platinum (users, org/site structure, mailboxes, public folders) • Active Directory Connector provides a link between non-Active Directory NOSs and Exchange Platinum (NT4, NDS, LDAP)

  50. Preparing for Exchange Platinum • Upgrade to Exchange v5.5 (if you have not already done so) • Replace Site Connectors with SMTP or X.400 Connectors using InterOrg Directory Replication

More Related