News

Embracing Windows Server 2003: Moving a Global Firm from Windows NT

For a large global silicon manufacturing firm in the Midwest, simplicity was the driver in a move from Windows NT 4.0 to Windows Server 2003. The customer, with more than 150 resource domain controllers and 10,000 computers worldwide, needed to manage the entire infrastructure with limited IT resources. They also wanted to move off NT before Microsoft discontinues support at the end of 2004.

To help in the move, the company turned to John Potanos, a Chicago-based systems engineer with Avanade, a global systems integrator based in Seattle that's a joint venture between Microsoft and Accenture. Potanos has been working with Windows 2003 iterations since Whistler, and just upgraded his MCSE to Windows 2003. Potanos served as technical lead in the migration's design and piloting for the client.

At Avanade's recommendation, the customer moved directly from NT 4.0 to Windows 2003, a jump that Potanos highly recommends. "We don't see the value in the intermediate step," he says. "We've been recommending that [clients running NT] go directly to Windows 2003."

From the Many, One

Before the rollout, the client ran a single Windows NT 4.0 master account domain, with NT 4.0 resource domains in more than 90 offices worldwide, 8,000 users, and 10,000 computers. More than 150 NT 4.0 DCs provided authentication and access services. Additional infrastructure services (DNS, WINS, DHCP) were also targeted for consolidation.

The new environment: A single Windows 2003 domain, 42 Active Directory sites, and 62 DCs, down from 150, a significant cost reduction for the customer.

Potanos chose the simplicity of a single domain--and is happy he did. "We didn't see the value in going to a multiple-domain setup," he says. "[In the past,] people went with an empty root domain for two reasons: Possible name change of their enterprise, and the perception that enterprise-wide roles could be protected. As it turns out, that's not the case, and we didn't see the value in the empty root domain."

Simplicity was important because one of the customer's biggest migration drivers was to lower the cost of operation. A small IT staff of roughly 100 people supports the entire organization worldwide, so fewer servers and a centralized administration were imperative. The simple AD setup, without a complex OU structure, made things easier to manage.

In setting up the domain, Potanos went with a pristine forest setup rather than an in-place upgrade, and then migrated user accounts. That was partly because the customer wanted to move gradually rather than all at once, and because it allowed for some account cleanup along the way.

Did he have reservations about rolling out a new operating system? No, Potanos says, because he'd been working so closely with Microsoft through successive Windows 2003 betas. The customer, however, required some convincing--management wanted to wait for Service Pack 1. "We had to demonstrate that waiting would delay things three to four months [and] that the stability that Microsoft had built into 2003 was worth the trade-off."

One major challenge for the project was restricted bandwidth at customer offices in parts of Asia and Europe. That's where the increased performance of Windows 2003 became a selling point. "They don't have very wide pipes" at some offices, Potanos explains, "so we had to do more with less." The client was immediately delighted with performance improvements, he says. "Windows 2003 does such a better job of managing the replication between the AD sites." It also helped that replication dropped drastically once the server build was complete--it's now at the attribute level and much more manageable.

Another big driver for the customer was the desire to move off NT 4.0 before Microsoft ended support at the end of this year.

A Twist on the Five-Year Plan

With a bunch of new servers and the new OS, the customer is all set for five years, since Microsoft plans to support Windows 2003 at least that long.

The design process for the project began in mid-January 2003, with the goal of having a test lab up and running by the end of February. Instead, it was mid-April, which limited testing. Potanos' advice, based partly on that experience: Leave plenty of time for testing applications. "That's the biggest mistake we encounter with customers: They underestimate Active Directory and application testing. It's difficult to get application owners involved, but do it. Bring it into the test lab. You need to dedicate time and resources. Start that process early."

Potanos built the forest root the last week of June, then spent roughly a month building 40 of the 62 DCs with his team of six consultants from Avanade and another eight to 10 people from the customer. By the end of August, they had DNS and WINS fully functional in the new environment and were beginning work on DHCP. By mid-October, they were halfway through their migrations, and all DCs were fully deployed.

Potanos particularly likes the new Group Policy Management Console. He's used it with this customer to lock down security in gradual steps, from looser policies at the first pilot, to gradually tighter ones through the deployment. And that's another advantage to a single domain, Potanos points out--you can have a single group policy.

Finally, the ROI was simple and immediate, Potanos says, in consolidating to 90 fewer servers. "That's 90 servers they don't have to buy, 90 licenses, 90 anti-virus packages, backup, etc.--there's all kinds of things that they don't need."

About the Author

Linda Briggs is the founding editor of MCP Magazine and the former senior editorial director of 101communications. In between world travels, she's a freelance technology writer based in San Diego, Calif.

Featured