Before the Windows 2000 stampede leaves you in the dust, spend some time figuring out what you can do today to prepare for the trail.
10 Steps to Prepare for Windows 2000
Before the Windows 2000 stampede leaves you in the dust, spend some time figuring out what you can do today to prepare for the trail.
- By Ed Brovick et al.
- March 01, 1999
Have you begun planning for Windows 2000? As far as we’re
concerned, this product line-up promises to be the largest
make-or-break career opportunity for systems engineers
since Microsoft announced its first premium title and
MCP Magazine published its first salary survey. Face it.
All of the new concepts and administrative tools in the
OS will prove highly challenging. Now is the time to get
moving on it—before the trail gets littered with
the debris of a stampede. So herewith, we provide 10 activities
we believe you should undertake in order to prepare for
its arrival.
1. Identify your Windows 2000 architecture
team and send it to training.
For an organization moving to Windows 2000 the first
step is developing a common understanding of the technology.
There’s nothing more confusing than having a team
that lacks the vocabulary and understanding of the fundamentals
of a technology. Windows 2000 establishes a whole new
list of terms, tools, and concepts that are best learned
in a structured environment that includes both conceptual
training and hands-on product configuration exposures.
Windows 2000 training promises to be big business for
the industry. The additional complexity of the technology
as well as the breadth of the functionality dictates a
broader set of training options than what is currently
available with the Microsoft NT 4.0 family.
Depending on the role of the staff, there are a few different
training approaches that we recommend. For the Windows
2000 designer, the starting point would be an education
in Active Directory. This is the single most significant
feature of Windows 2000—the component that ties everything
together from administration of applications and services
to security. The Active Directory training should be followed
with some hands-on exposure to Active Directory in a lab
environment.
For the network administrator, valuable training would
include a look at new concepts followed by some hands-on
work that exposes how to perform distributed administration
and use the Microsoft Management Console (MMC) tools and
snap-ins.
2. Identify business requirements and
map them to Windows 2000 functionality.
The mission of Windows 2000 is to enable the global corporation
to address many of the business issues that originally
drove companies from mainframe to a distributed computing
environment. Reduced cost of ownership and increased functionality
provide the IT director with compelling reasons for moving
forward with Windows 2000.
An example of a business requirement that might drive
a company is a requirement to reduce the number of administrative
staff members needed to support the desktop computing
environment. Strengthened by Active Directory, Windows
2000 provides the backdrop for reducing costs by eliminating
duplication of administration responsibilities omnipresent
in multi-domain environments. With Windows 2000, MMC,
and Active Directory, it’s finally possible to administer
servers, services, and other enterprise resources from
a central location.
Likewise, many Windows 2000 features are rooted in the
established business requirements for IT systems. Another
example of a business requirement is the increasing focus
by large companies on the need for a unified, central
repository for employee data and network resources. Active
Directory can provide that repository. By tying business
requirements to the technology, organizations will keep
project priorities in focus.
3. Standardize on NT 4.0 and TCP/IP.
Windows 2000 supplies all the arguments necessary for
an organization to justify standardizing on TCP/IP. The
OS relies heavily on services that depend on TCP/IP, such
as DNS and LDAP, and provides tools to ease the administrative
burden once associated with TCP/IP. DHCP and Dynamic DNS
allow for TCP/IP implementations to be as flexible as
other proprietary or non-routable protocols. Hence, if
your organization doesn’t have a complete TCP/IP
strategy, now is the time to move in that direction.
- Attend a Microsoft TCP/IP course.
It’s possible that someone in your organization
knows TCP/IP. Now it’s time to get that individual
up to speed on Microsoft’s implementation of TCP/IP.
- Create a TCP/IP strategy document
that includes the use of DHCP. This document
should outline the IP and subnet addressing of your
local area and wide area networks and will define the
scopes of IP addresses and the location of DHCP, DNS,
and WINS servers. It will also define the hostname and
NetBIOS name resolution services, thereby assuring timely
name resolution from anywhere on the network.
TCP/IP is the industry standard—many systems assume
it’s fully implemented. A building is only as stable
as its foundation; an OS and its applications will only
be as stable as the infrastructure and protocols supporting
them.
4. Learn DNS and how it’s implemented
in your organization.
Learning DNS is an extremely important activity in any
successful implementation of Windows 2000. Active Directory
is based in part on the Domain Name Service (DNS). The
administrative teams who manage the NT environment today
typically don’t control the Internet name space in
many companies. Consequently, it will be necessary for
NT administrators to work closely with Unix administrators
both during and following the implementation of Windows
2000.
Windows 2000’s dependency on DNS isn’t limited
to the typical DNS versions that many organizations are
using. With Windows 2000, several new Request For Comment
(RFC) features need to be implemented. So while Windows
2000 will work with non-Microsoft DNS implementations,
it’s important to understand what features are implemented
and supported. The political battles around a Microsoft
DNS implementation may be too difficult to overcome as
part of large-scale implementation with a relatively new
technology.
We recommend using Microsoft’s DNS due to the integration
with Active Directory; but even if you don’t standardize
on Microsoft’s DNS, the more you know about DNS in
general, the easier your configuration choices and troubleshooting
will be.
5. Read an X.500 book. To add adventure,
include LDAP.
Although Active Directory isn’t based entirely on
the public X.500 directory standard, it is, in the words
of Microsoft, “X.500-like.” This means it’ll
be extremely important for Windows 2000 professionals
to understand X.500 concepts such as organizational units
(OUs), given names (GNs), distinguished names (DNs), and
other X.500 directory components. Like X.500-based directories,
the Active Directory is based on a hierarchical structure
comprised of containers and objects. Properties can be
assigned and manipulated on individual objects.
In addition to learning about the X.500 directory standard,
it’s important to learn as much as possible about
the Lightweight Directory Access Protocol (LDAP). Just
as the Directory Access Protocol (DAP) is used to access
and manipulate X.500-based directories, LDAP is used to
access and manipulate the Active Directory. LDAP is a
standards-based API that enables administrators to add
and delete objects from the directory, as well as modify
administrative and security properties. The more familiarity
you have with LDAP and script-based administration of
the Windows 2000 platform, the easier it will be for you
to integrate Windows 2000 into a heterogeneous, distributed
computing environment.
6. Reevaluate NT 4.0 groups and Administrative
structure.
The administrative capabilities of Windows 2000 are greatly
expanded over those of NT 4.0. Much of the additional
functionality comes from the expanded role of Groups in
Active Directory. Therefore, it’s important to understand
your current NT 4.0 group strategy and to bring the NT
4.0 groups in line with that strategy. This means eliminating
obsolete groups and verifying the necessity and membership
of both Global and Local NT 4.0 groups.
Windows NT 4.0 limits the ability of companies to implement
the administrative management strategy that best suits
their environments. Windows 2000 has overcome many of
these limitations, giving organizations the ability to
design appropriate administrative strategies.
This means, however, that you, your department, and your
organization have to be willing to change the administrative
organizational structure you currently have in place.
Furthermore, it’s easy to go hog-wild with the flexibility
of Windows 2000 administration control policies. You’ll
have to make an effort not to create an administrative
strategy that’s overly complex. For example, it’s
possible to assign control and access to specific properties
on objects in the directory. Another example: You could
permit users to change their directory information, such
as phone numbers.
This means you can give an individual the right to change
the passwords for people in a container in the directory
tree, but not change any other user properties. This will
require a much larger emphasis on developing a strategy
for how control is allocated, rather than simply determining
who will be administrators for the computing environment.
7. Prepare a Windows 2000 test lab.
We’ve heard of more than one instance of heated
debate regarding the functionality of the Active Directory
and Group Policies that was only resolved in the lab with
developed scenarios and hands-on testing. With Windows
2000 there are several ways to accomplish the same functionality;
by bringing tests into the lab you can evaluate the approach
that matches the goals of your implementation.
Your lab should include enough hardware to simulate the
production environment in which Windows 2000 will eventually
be deployed. This may include:
- Two Windows 2000 domain controllers.
- Appropriate Windows clients (Windows 95, 98, NT Workstation,
or Windows 2000).
- A distributed WAN simulator to baseline directory
replication in the production environment.
- All the applications that will be deployed in the
production environment.
Windows 2000 should be tested in the lab in a controlled
manner. First, establish the goals that should be accomplished
as a result of the lab test. Next, build a test script
and a matrix in which the goals will be accomplished.
The test matrix should include testing for all functionality
that will eventually be deployed in production. Then identify
steps for later testing in cases where the functionality
isn’t included in Windows 2000 yet.
8. Create a Windows 2000 pilot program
and deployment schedule.
Creating a schedule may show how much time you don’t
have. Especially with Y2K fast approaching, your ability
to move to Windows 2000 may be hampered. After taking
the Windows 2000 concepts training, take the time to validate
your understanding of the fundamental concepts.
After careful testing and documentation, your organization
should establish a pilot program for Windows 2000. The
first pilot should be with a small group of users with
needs identified in the business requirements, and also
have a high tolerance for configuration and changes. We’ve
seen Windows 2000 beta releases act in a stable manner,
but it’s best to set pilot user expectation for interrupt.
Once the pilot has run successfully, the next step is
for a production pilot implementation across a representative
group of users.
Finally, establish at least a rough map of the deployment
plan. The deployment plan will provide your organization
with another point of reference for how long the Windows
2000 implementation should take. We think your organization
will be surprised with the time and effort involved with
planning for a migration to Windows 2000.
9. Identify network infrastructure and
future plans.
The network infrastructure on which Windows 2000 will
be installed can greatly influence the design of the sites,
directory replication, and the Active Directory schema.
Consequently, it’s critical that you have a complete
understanding of the network infrastructure that currently
exists in your organization and any upgrades or modifications
that will occur before Windows 2000 is released. When
establishing the baseline architecture for the existing
network, it’s important to focus on the following:
- IP subnets, including all hosts and resources.
- Type and speed of connectivity between subnets.
- Network paths between remote networks.
Once you’ve established a baseline and architecture
for the existing infrastructure, it will be possible to
begin to build a Windows 2000 site architecture and directory
replication plan. In addition, you’ll be able to
identify the extent to which you’ll have to deploy
global catalogs in your environment. All of these technical
elements will affect the performance of your Windows 2000
system once it’s deployed.
10. Participate in Windows 2000 beta
program and forums.
As long as Windows 2000 hasn’t been released, it’s
not too late to get involved with the beta program. Though
the beta program is officially closed to new participants,
beta CDs are always being handed out at Microsoft events.
Or call your local Microsoft sales office to obtain one.
Periodically visit the Windows 2000 beta site at http://ntbeta.microsoft.com,
which is home to valuable information, including several
newsgroups. Once you install the beta CD, the newsgroups
can serve as a valuable source of technical support and
shared experiences.
Breaking out of the mold
Windows 2000 is considered an upgrade from Windows NT
4.0; however, the two products are significantly different.
Windows 2000 is making deliberate steps to break out of
the mold of being just a small business network operating
system solution. This is Microsoft’s best shot at
becoming a true contender for running the enterprise.
That means taking on the issues that large enterprises
demand: a scalable organizational directory, desktop management
to reduce cost of ownership, and flexible administration.
These changes require the people with existing NT 4.0
installations to re-evaluate many current policies and
procedures in order to effectively benefit from Windows
2000. As a maturing industry demands extensible products
to meet its needs, you and your organization must be willing
to properly implement these new products to realize a
return on your investment.
See you on the newsgroups!