In-Depth
Embracing Windows Server 2003: Moving a Global Firm from Windows NT
The final chapter in this four-part series discusses a global manufacturing firm’s experiences in moving from NT 4.0 to Windows Server 2003, an operation with 10,000 computers worldwide.
- By Linda Briggs
- December 11, 2003
For a large global silicon manufacturing firm in the Midwest, simplicity was
the driver in a move from Windows NT 4.0 to Windows Server 2003. The customer,
with more than 150 resource domain controllers and 10,000 computers worldwide,
needed to manage the entire infrastructure with limited IT resources. They also
wanted to move off NT before Microsoft discontinues support at the end of 2004.
To help in the move, the company turned to John Potanos, a Chicago-based systems
engineer with Avanade, a global systems integrator based in Seattle that's a
joint venture between Microsoft and Accenture. Potanos has been working with
Windows 2003 iterations since Whistler, and just upgraded his MCSE to Windows
2003. Potanos served as technical lead in the migration's design and piloting
for the client.
At Avanade's recommendation, the customer moved directly from NT 4.0 to Windows
2003, a jump that Potanos highly recommends. "We don't see the value in
the intermediate step," he says. "We've been recommending that [clients
running NT] go directly to Windows 2003."
From the Many, One
Before the rollout, the client ran a single Windows NT 4.0 master account
domain, with NT 4.0 resource domains in more than 90 offices worldwide, 8,000
users, and 10,000 computers. More than 150 NT 4.0 DCs provided authentication
and access services. Additional infrastructure services (DNS, WINS, DHCP) were
also targeted for consolidation.
The new environment: A single Windows 2003 domain, 42 Active Directory sites,
and 62 DCs, down from 150, a significant cost reduction for the customer.
Potanos chose the simplicity of a single domain—and is happy he did. "We
didn't see the value in going to a multiple-domain setup," he says. "[In
the past,] people went with an empty root domain for two reasons: Possible name
change of their enterprise, and the perception that enterprise-wide roles could
be protected. As it turns out, that's not the case, and we didn't see the value
in the empty root domain."
Simplicity was important because one of the customer's biggest migration drivers
was to lower the cost of operation. A small IT staff of roughly 100 people supports
the entire organization worldwide, so fewer servers and a centralized administration
were imperative. The simple AD setup, without a complex OU structure, made things
easier to manage.
In setting up the domain, Potanos went with a pristine forest setup rather
than an in-place upgrade, and then migrated user accounts. That was partly because
the customer wanted to move gradually rather than all at once, and because it
allowed for some account cleanup along the way.
|
Avanade's John Potanos |
Did he have reservations about rolling out a new operating system? No, Potanos
says, because he'd been working so closely with Microsoft through successive
Windows 2003 betas. The customer, however, required some convincing—management
wanted to wait for Service Pack 1. "We had to demonstrate that waiting
would delay things three to four months [and] that the stability that Microsoft
had built into 2003 was worth the trade-off."
One major challenge for the project was restricted bandwidth at customer offices
in parts of Asia and Europe. That's where the increased performance of Windows
2003 became a selling point. "They don't have very wide pipes" at
some offices, Potanos explains, "so we had to do more with less."
The client was immediately delighted with performance improvements, he says.
"Windows 2003 does such a better job of managing the replication between
the AD sites." It also helped that replication dropped drastically once
the server build was complete—it's now at the attribute level and much more
manageable.
Another big driver for the customer was the desire to move off NT 4.0 before
Microsoft ended support at the end of this year.
A Twist on the Five-Year Plan
With a bunch of new servers and the new OS, the customer is all set for
five years, since Microsoft plans to support Windows 2003 at least that long.
The design process for the project began in mid-January 2003, with the goal
of having a test lab up and running by the end of February. Instead, it was
mid-April, which limited testing. Potanos' advice, based partly on that experience:
Leave plenty of time for testing applications. "That's the biggest mistake
we encounter with customers: They underestimate Active Directory and application
testing. It's difficult to get application owners involved, but do it. Bring
it into the test lab. You need to dedicate time and resources. Start that process
early."
Potanos built the forest root the last week of June, then spent roughly a month
building 40 of the 62 DCs with his team of six consultants from Avanade and
another eight to 10 people from the customer. By the end of August, they had
DNS and WINS fully functional in the new environment and were beginning work
on DHCP. By mid-October, they were halfway through their migrations, and all
DCs were fully deployed.
Potanos particularly likes the new Group Policy Management Console. He's used
it with this customer to lock down security in gradual steps, from looser policies
at the first pilot, to gradually tighter ones through the deployment. And that's
another advantage to a single domain, Potanos points out—you can have a single
group policy.
Finally, the ROI was simple and immediate, Potanos says, in consolidating to
90 fewer servers. "That's 90 servers they don't have to buy, 90 licenses,
90 anti-virus packages, backup, etc.—there's all kinds of things that they
don't need."