Embracing Windows Server 2003: Moving a Global Firm from Windows NT
- By Linda Briggs
- January 07, 2004
For a large global silicon manufacturing firm in the Midwest,
simplicity was the driver in a move from Windows NT 4.0 to
Windows Server 2003. The customer, with more than 150 resource
domain controllers and 10,000 computers worldwide, needed to
manage the entire infrastructure with limited IT resources.
They also wanted to move off NT before Microsoft discontinues
support at the end of 2004.
To help in the move, the company turned to John Potanos, a
Chicago-based systems engineer with Avanade, a global systems
integrator based in Seattle that's a joint venture between
Microsoft and Accenture. Potanos has been working with Windows
2003 iterations since Whistler, and just upgraded his MCSE to
Windows 2003. Potanos served as technical lead in the
migration's design and piloting for the client.
At Avanade's recommendation, the customer moved directly from
NT 4.0 to Windows 2003, a jump that Potanos highly recommends.
"We don't see the value in the intermediate step," he says.
"We've been recommending that [clients running NT] go directly
to Windows 2003."
From the Many, One
Before the rollout, the client ran a single Windows NT 4.0
master account domain, with NT 4.0 resource domains in more
than 90 offices worldwide, 8,000 users, and 10,000 computers.
More than 150 NT 4.0 DCs provided authentication and access
services. Additional infrastructure services (DNS, WINS, DHCP)
were also targeted for consolidation.
The new environment: A single Windows 2003 domain, 42 Active
Directory sites, and 62 DCs, down from 150, a significant cost
reduction for the customer.
Potanos chose the simplicity of a single domain--and is happy he
did. "We didn't see the value in going to a multiple-domain
setup," he says. "[In the past,] people went with an empty root
domain for two reasons: Possible name change of their enterprise,
and the perception that enterprise-wide roles could be protected.
As it turns out, that's not the case, and we didn't see the value
in the empty root domain."
Simplicity was important because one of the customer's biggest
migration drivers was to lower the cost of operation. A small IT
staff of roughly 100 people supports the entire organization
worldwide, so fewer servers and a centralized administration were
imperative. The simple AD setup, without a complex OU structure,
made things easier to manage.
In setting up the domain, Potanos went with a pristine forest
setup rather than an in-place upgrade, and then migrated user
accounts. That was partly because the customer wanted to move
gradually rather than all at once, and because it allowed for
some account cleanup along the way.
Did he have reservations about rolling out a new operating system?
No, Potanos says, because he'd been working so closely with
Microsoft through successive Windows 2003 betas. The customer,
however, required some convincing--management wanted to wait for
Service Pack 1. "We had to demonstrate that waiting would delay
things three to four months [and] that the stability that
Microsoft had built into 2003 was worth the trade-off."
One major challenge for the project was restricted bandwidth at
customer offices in parts of Asia and Europe. That's where the
increased performance of Windows 2003 became a selling point.
"They don't have very wide pipes" at some offices, Potanos
explains, "so we had to do more with less." The client was
immediately delighted with performance improvements, he says.
"Windows 2003 does such a better job of managing the replication
between the AD sites." It also helped that replication dropped
drastically once the server build was complete--it's now at the
attribute level and much more manageable.
Another big driver for the customer was the desire to move off NT
4.0 before Microsoft ended support at the end of this year.
A Twist on the Five-Year Plan
With a bunch of new servers and the new OS, the customer is all
set for five years, since Microsoft plans to support Windows 2003
at least that long.
The design process for the project began in mid-January 2003,
with the goal of having a test lab up and running by the end of
February. Instead, it was mid-April, which limited testing.
Potanos' advice, based partly on that experience: Leave plenty
of time for testing applications. "That's the biggest mistake we
encounter with customers: They underestimate Active Directory and
application testing. It's difficult to get application owners
involved, but do it. Bring it into the test lab. You need to
dedicate time and resources. Start that process early."
Potanos built the forest root the last week of June, then spent
roughly a month building 40 of the 62 DCs with his team of six
consultants from Avanade and another eight to 10 people from
the customer. By the end of August, they had DNS and WINS fully
functional in the new environment and were beginning work on
DHCP. By mid-October, they were halfway through their migrations,
and all DCs were fully deployed.
Potanos particularly likes the new Group Policy Management
Console. He's used it with this customer to lock down security
in gradual steps, from looser policies at the first pilot, to
gradually tighter ones through the deployment. And that's another
advantage to a single domain, Potanos points out--you can have a
single group policy.
Finally, the ROI was simple and immediate, Potanos says, in
consolidating to 90 fewer servers. "That's 90 servers they don't
have to buy, 90 licenses, 90 anti-virus packages, backup,
etc.--there's all kinds of things that they don't need."
Linda Briggs is the founding editor of MCP Magazine and the former senior editorial director of 101communications. In between world travels, she's a freelance technology writer based in San Diego, Calif.