What Windows Server 2003 Can Do for You

You've migrated from Windows 2000 in the last year, so why the rush to Windows 2003? Bill examines the pros and cons.

I'm an impulsive kind of guy. Given a few bucks in my pocket and some sort of toy, tool, car, electronics gizmo or appliance, I'm likely to spring and buy it right away. Why wait? Life is short and you might as well enjoy the toys while you're still young enough to do so.

Which is why I'm jealous of those of you who are cautious and pragmatic when it comes to waiting on new releases of software. Me? I installed SMS 2.0 at a client site when it was first released—okay, I installed Release Candidate 1. Boy howdy, I paid for that mistake big-time. The initial SMS 2.0 code simply wasn't ready for prime-time. It took two service packs for the code to become stable and useful and, even at SP3, you still probably wouldn't consider using Software Metering as a part of your routine SMS offerings—at least in mid- to large shops.

So my hat's off to you folks who waited with Windows 2000 Server before installing. Perhaps you're running an all-Windows NT 4.0 shop (and chewing your nails because of the impending support drop by Microsoft), or maybe you've got a Win2K test lab running but haven't actually implemented any servers in production. Most likely, you've got a couple of Windows 2000 boxes running but no Domain Controllers. And you certainly haven't flipped the native-mode switch yet.

If this is you—i.e., you're the type that waits for the second model year before buying a new car just so you can be sure they've worked the bugs out—I think that you're going to:

  1. save yourself a lot of pain over those who've already completed their NT 4.0/Win2K conversions, and
  2. there are a ton of good reasons to switch directly from NT to Windows Server 2003.

Let's talk about some of the reasons why you should consider an upgrade to Windows Server 2003. Incidentally, if you've already completed your conversion to Win2K, I think there is plenty of impetus to move forward into the new product. I've listed the most compelling reasons for beginning your Windows Server 2003 architecture and design now. (Incidentally, I view Windows Server 2003 as that next model year, not as a release of brand new code. Yes, you can expect service packs to come out for Windows Server 2003 and beyond, and no, I don't think you should wait for SP1.)

First Things First
Understand that there are now four versions of Windows Server 2003: Server, Enterprise, Datacenter and Web. There are distinct reasons why you'd pick one version over the other, some more important than others. For example, if you're just itching to get into 64-bit code and you've got servers with Itanium processors capable of running the code, then you can run Windows Server 2003 Enterprise or Datacenter, both of which are available in 64-bit editions. (Note that it might be awhile before a plethora of 64-bit applications are available for the OS. We underwent this phenomenon when the OS was upgraded to 32-bit.)

Also, clustering is not available in plain old Windows Server 2003, only in Enterprise and Datacenter. If you've got some clustered environments deployed, then you'll need to purchase Enterprise. (Datacenter is generally saved for large, expensive equipment such as the Unisys ES-7000).

Interestingly, symmetric-multiprocessing (SMP), the idea of the OS being able to use more than one microprocessor in some sort of intelligent load-sharing capacity, is not available in the Web edition of Windows Server 2003. My guess is that Microsoft wrote the Web code for 1U rack-based servers that typically make up large Web environments.

Rather than chew up words trying to explain the version differences, see this URL for the complete table: http://www.microsoft.com/windowsserver2003/
evaluation/features/compareeditions.mspx
.

Got NT Domains?
If you've not yet converted from NT 4.0 (or NT 3.51, for that matter) and you have a fairly large, diversified campus, then your chief reason for doing so will be Active Directory. AD is essentially a catalog of users, computers and other information that is shared across the DCs in an AD environment using the Lightweight Directory Access Protocol (LDAP) and conforming to the X.500 standard (see www.webopedia.com and key in LDAP for good links on this subject). There are some updates in Windows Server 2003's AD that folks have been anxiously waiting for:

  • Active Directory Migration Tool (ADMT) version 2, the tool that allows you to migrate users from the old stuff to the new, ships with Windows Server 2003. The chief benefit from this updated ADMT tool is that you can also migrate your user's passwords. Imagine the Win2K days, migrating a thousand users, resetting their passwords along the way, then having to worry about all the help-desk calls the following Monday in which the customer care folks try to walk users through a password change. You've been there; you know what I'm talking about. ADMT 2 fixes that problem.
  • A new Group Policy Management Console (GPMC) allows you to rope in the management of your Group Policy Objects in your environment. Because the way your users interact with the system is largely predicated on GPOs, a centralized console is of extreme benefit.
  • Cross-forest trusts allow you to set up more than one forest in your environment, then connect them together with a trust relationship. I'm not crazy about this idea except in the largest of shops because I think it defeats the idea of the enterprise and the connecting together of the user-base across a corporate platform. But, as I'm sure you're familiar, there are politics in any given IT environment—groups that feel, perhaps rightly, that they shouldn't have anything to do with your corporate computing public—and this cross-trust thing will help eliminate some of the difficulties.
This Example Is, Ahem, for the Birds

One of the companies I worked for at one time was a satellite television broadcast company. This company had a couple of locations that were responsible for actually managing the satellites (called "birds" in the biz) in geosynchronous orbit—flying directly over the equator at 17,500 miles per hour. The folks that worked at these locations could perform functions such as uploading updated code to the birds' transponders, steer the birds from one position to another and so forth.

Understandably, normal admins were not allowed to get into the domains of these locations in any way shape or form. There were no trust relationships set up and these locations had their own admins. These locations were verboten to regular corporate employees.

This kind of environment is, I think, a place where a separate forest is called for and, in my opinion, one of a few examples in which this might be the case. Because of Windows Server 2003's security capabilities, I don't see the need for highly segmented computing environments in which different groups operate in their own private forest.

  •  Software restriction policies allow you to stipulate what software is trusted so users don't accidentally run something that is harmful.
  •  Passport integration is now facilitated through AD. You've doubtless been involved with .NET Passports if you've visited any Microsoft Web sites that required authentication-now you can integrate this into your corporate environment.
  •  You can now take a backup of the Active Directory then replicate it across your environment from the backup. This feature, called Install Replica From Media mimics the storage area network idea of a "shadow-copy" where you take a snapshot of the actual production data, then work from the snapshot as opposed to the real stuff. This feature should help shops that may have replication problems due to slow wide-area network links or where there are many geographically dispersed DCs. AD replication problems, like name-serving, are mischievous little bugaboos that can be hard to diagnose and difficult or expensive to satisfactorily rectify.
  •  Public Key Infrastructure has been enhanced with the release of Credential Manager, allowing you to more closely manage and monitor the credentials a user has. PKI, especially in the area of certificate services, is a place where not many administrators have previously gone mostly, I think, because of the complexity of understanding PKI and the certificate infrastructure, then wisely deploying it. Microsoft has devoted some engineering cycles to this problem and has streamlined your ability to deploy a secure certificate- or smart-card-based environment, then monitor accordingly. It's definitely phase 2 of a Windows Server 2003 deployment, but also definitely worth a look.

Command-Line Management
Scripting has always been big in the Unix world, but only recently has it become a popular way to automate control the Windows environment. Perhaps you've always wanted to script a process then automate it with the command scheduler (AT) embedded in the Windows Server products. Microsoft has greatly enhanced the commands that can be utilized from a command-line interface, giving you greatly increased capability to script command operations. Most Windows Server 2003 tasks can be managed from the command line. Scripting, like software development or packaging, is a complicated thing. I would recommend finding a class or a book on scripting before embarking down a scripting path. (Visit www.bestbookbuys.com, then key in the search string "Windows 2000 scripting" for an idea of the literature and pricing available.) Also check out the Windows 2000 Scripting Guide at http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/scriptcenter/scrguide/sagsas_overview.asp
.

Software Update Services
The biggest dog in the kennel is Microsoft and so, to hackers, it's the most desirable target for mischief. Seems like a month hasn't gone by that Microsoft has made the news with some sort of serious security hack that required admins to jump quickly to patch the problem. Every now and then, the patch itself created problems, so most admins got to the point where they'd test each patch before deploying.

Windows Server 2003 gives you the ability, called Software Update Services (SUS) to manage the patching of your servers and workstations from a centralized interface. This way you can download the patches to a single machine, test then deploy them. You're given a client- and server-side interface in which you can manage the patching operation in your environment. (For an in-depth look at SUS, check out "Patching the Holes," by Jeremy Moskowitz, in the March 2003 issue, or click here.)

Storage Management Features
Most shops have begun to either deploy, or at least research, some sort of SAN or network-attached storage solution in order to more effectively manage disk. While there are different ideas about what a SAN or a NAS is, essentially you can think of these boxes as a large disk repository that's managed by some sort of miniature OS with enough oomph to serve users their files, whether via Windows shares or Unix NFS volumes.

With a SAN/NAS purchase comes software that allows an admin to perform various operations on the partitions, Logical Units (LUNs) and their associated data. EMC Corporation, a huge SAN/NAS specialist, has some software called TimeFinder that allows an admin to take a snapshot of real-time data for the purposes of creating a test environment in which to develop code or databases, or for backing up the data without interrupting the real-time user/data interaction. EMC takes this idea one step further with Shared Remote Data Facility (SRDF), a facility that allows for symmetric, pseudo-symmetric or manual real-time mirroring of data across a geographic span.

SRDF can work in harmony with TimeFinder. You might have a database on an EMC Symmetrix (Symm) SAN for which you use TimeFinder to create a shadow copy on the same data partition. You then use SRDF to symmetrically copy the data to another Symm in a different campus. (There are distance limitations associated with SRDF, so you can't really get away with an SRDF copy across a thousand miles, but you can use it with a campus just a mile or two away. Hence, the need for a pseudo-symmetric copy in which you basically get the copy done pretty fast but not at real-time speeds. This takes into account the latency associated with large-hop copies.)

While Windows Server 2003 includes such Win2K data management features as Distributed File System and File Replication service that allow for some semblance of real-time file copying and fault-tolerant high-availability, I'm most intrigued with two new storage-management features in Windows Server 2003. These new features mimic and enhance ideas such as TimeFinder and SRDF:

  •  Virtual Disk Service allows an admin in charge of different storage arrays such as an EMC Clariion (a down-scaled unit from the Symm), HP or XIOTech array to centrally pull in the management of these disparate arrays within a single Windows interface. VDS allows for the scripting of storage management activities across heterogeneous storage platforms. Because SAN manufacturer storage-management applications are proprietary to the SAN device, the admin needs to learn to "drive" the various applications in order to manage the respective SAN arrays. With VDS, this management can be centralized and scripted, thus allowing those not skilled in the storage management software to still be able to perform storage tasks such as adding a new disk to the array.
  •  Virtual Shadow Copy Service gives admins the ability to create a shadow copy of some real-time data so that the data can be manipulated and operated upon without disrupting the real-time copy. VSS is useful for backups, data warehousing and mining, setting up software development test environments and so forth.

    Note: VDS and VSS are available only in Windows Server 2003 Enterprise & Datacenter versions.
  •  Shadow Copy of Shared Folders provides admins the ability to set up a shared folder so that version tracking is enabled. The admin is required to allocate a certain portion of a file server's disk space (10 percent recommended) for shadow copies of the work on which a user is working. As a user works on a file, the deltas of the file are written to this shadow copy space. As space fills up, old deltas are purged. If a user needs to get something back (e.g. she overwrote the old file with some deletions when she meant to re-name the file) she can simply access the file's properties, see a version history, and open the previous version. Shadow Copy of Shared Folders works with Windows 98, XP and 2000 clients (but not NT 4.0 Workstation) and will be a huge boon to admins and internal customer care centers everywhere.
Flash Demo Online
Microsoft marketers have mastered the use of Flash. I'd highly recommend viewing the Flash demos of the products previously listed in this article at http://www.microsoft.com/
windowsserver2003/
evaluation/demos/default.mspx

Step Back Before Deployment
Whether you've already migrated your network to Win2K or you're just now playing with the idea of updating, I'd highly recommend developing a solid migration plan that will put you in the Windows Server 2003 driver's seat in the ensuing months. Be sure you drive your migration from a project-management perspective and utilize the skills of subject matter experts who can guide you through the complexities of the upgrade. Be sure you test all elements before deploying so that you understand the deployment's nuances and complexities. Do not simply upgrade your production servers to Windows Server 2003.

If you're in the midst of a Win2K deployment, finish it before updating to Windows Server 2003. You're much better off getting your servers out of the NT environment and onto Win2K before you introduce yet another server OS into the mix. This is, in the words of mathematics folks, too many unknowns without enough constants to solve the equation.

In either case, there is enough meat in Windows Server 2003 to compel you to strongly consider the upgrade. It will cost you time, server upgrades (also potentially infrastructure enhancements) and planning but, overall, the new OS is well worth the effort and puts you on the cusp of being able to provide some very cool and dynamic services to users.

Featured