Managing in Isolation
Remote management has never been a Microsoft strong suit, but Windows Server 2003 is helping users manage servers that no IT staff can touch.
- By Kevin Fogarty
- May 01, 2005
Systems administrators stuck with the job of managing Windows servers tucked into buildings that have no IT presence have long complained about their plight, but Windows Server 2003 is giving them cause for hope.
Windows NT Server and Windows 2000 Server were difficult to maintain, monitor and customize, with little of the sophisticated scripting capabilities that Unix and mainframe system administrators use routinely. Neither made it easy to perform everyday maintenance or emergency response without third-party tools to automate common functions or apply changes to a group of servers at once.
"When Microsoft talked about Windows in the data center three or four years ago, it was really kind of laughable," according to Jean-Pierre Garbani, vice president of computing systems research at Forrester Inc.
Windows Server 2003 was intended to change that perception, and make Microsoft a contender in the market for servers that can be maintained without an IT person on site to baby-sit them—and thus a contender in the enterprise data center. To a large extent, Garbani says, it has done just that.
Microsoft has been trying to improve remote
administration and management of its servers since the first version of NT shipped. The goal is to match or exceed the remote-management functions of data-center managers like Unix machines and mainframes, according to Ward Ralston, senior technical product manager in the Windows Server Division. "With Windows Server 2003, you can choose to remotely perform server management tasks that previously could be done only locally," he says.
Tools within Windows 2003 fall into four categories:
- Remote administration with Terminal Services, which is built into the OS and allows two simultaneous remote
connections with no additional license costs. It's designed to allow server administration and configuration functions on servers located anywhere on the network. The Remote Desktop MMC snap-in allows support for additional machines, and can remotely administer Win2K servers.
- Branch office/remote (BO/R) servers allow administrators to remotely control servers that don't have a monitor, keyboard or mouse, as might be the case in either a cluster arrangement or in a branch office, to discourage users from tinkering with their local server. BO/R also includes Emergency Management Services, which lets administrators re-start or remotely install software on a server whose OS isn't responding.
- The command-line interface in Windows 2003
is much more capable than in previous versions
because of enhancements to the Windows Management Instrumentation (WMI) API. WMI gives administrators access to all shells and utilities in Windows 2003, and enables them to write extensive scripts to automate functions across one or many servers.
- The Windows Server 2003 administration tool
pack, included in Windows Server 2003 CDs, includes simplified interfaces for remote-management functions to make it easier to administer servers, networks, directories and storage.
"When you add up all those things, [Microsoft's] story is pretty good, especially for the money you spend," according to Peter Pawlak, a senior analyst at Directions on Microsoft, a research company in Kirkland, Wash. "You spend a fraction of what you would in the Unix world and get 80 percent of the functionality; and it's not just limited to Windows Server 2003. Some of those functions were there in Windows 2000 and can be used on NT and XP as well."
Easier Living Through Scripting
For many users, it's the base functions rather than the add-on products that they find particularly useful—especially given they come with no additional cost.
David Chacon, technical services manager for the IS department at PING Golf in Phoenix, Ariz., is particularly fond of the enhancements to WMI, an application programming language that first appeared in Windows 2000. WMI makes for simplified, richer scripting by providing access to operating system services that are otherwise inaccessible.
"Before WMI existed, if you wanted to kick off automated processes to migrate something, or handle login scripting, or monitor the status of a machine or an application, there was no way to do it in the OS itself," says Chacon. You could do it with DOS batch files, or you'd have to get some third-party application."
In Windows 2003, Microsoft enhanced WMI's automation capabilities, making it much easier to work with. For example, the SMTP Event Consumer function that enables WMI to e-mail an administrator when it notices a problem event
wasn't available in Win2K.
Versions in XP and Windows 2003 also include more functional utilities and a simpler command set. Rather than having to write a script for every event and server you want to track, WMI now includes viewers or shorthand commands to let administrators view logs, query specific nodes and handle other functions with point-and-click or single-line commands.
The scripts Chacon's group wrote to manage 30 physical servers on the 1,000-person company's main campus aren't nearly as complex as the functions available in some of Microsoft's higher-end products. "But if you can automate status monitoring that keeps you from having to go to 500 workstations individually and spend 20
minutes on each, that time adds up quick," Chacon says. "That's versus a couple of days setting up and testing a script, then letting it take over."
PING has one full-time staffer who uses Terminal Services and other
command-line-interface tools to monitor system status and keep
the applications running. The new WMI scripts saved 40 percent of
his time, a significant savings in a 15-person IT department—so much so that Microsoft is featuring PING in a series of case studies and ads.
"My picture's been up in so many places they've hung it up on our office bulletin board and are calling me 'Mr. 40 percent,'" Chacon jokes. The automated scripting has saved 800 hours worth of work, while making it possible to share data with customers securely and maintain the uptime of critical order-processing applications.
It also made it much easier to configure and maintain the "very complex" configurations on PING's 500 workstations, many of which run several applications and few of which can be down at any one time without dire consequences.
It's Windows 2003's ability to shield users from changes on the network that's particularly valuable to Bruce Haff, director of IT at K2 Sports on Vashon Island, Wash.
The Volume Shadow Copy function in 2003 lets Haff and his crew
temporarily map users in a remote office to a data volume on any server in the network, rather than the one that is closest to them. Haff's crew can then remotely update, reboot or make any other changes to the server without the users even knowing they'd been moved off the server in their own office.
"It used to be if we wanted to expand a volume or something, we had to let everyone know and re-map the drives," he says. "This way, the users don't have to know where the data lives any more. So we can move
volumes around, or move data to
completely different servers and the users would never know."
Assessing the Add-ons
In addition to base functions that come with Windows Server 2003, Microsoft touts add-on utilities such as Microsoft Operations Manager (MOM) as important components of its management lineup. But users warn that MOM comes with a fairly steep learning curve for the more powerful functions, which have to be scripted carefully.
It's fairly easy to tell it to trap critical events from all the server logs and present them to a server admin first thing in the morning, however. "That saves us about a half hour every day," Haff says. "It used to be that we'd have to check the log on each individual server. This consolidates things."
MOM 2005 is designed to monitor the status of every machine in the network, the health of the applications running on them and to automate many required maintenance tasks. It brings Windows systems-management capabilities up to par with mainstream Unix products from IBM and HP, Garbani says. MOM still trails those of BMC and Computer Associates, he says, which are both well ahead of IBM and HP in the feature/function race.
"The last version of MOM (2000), for example, would have been good in 1995. With MOM 2005, it's still a good product, but it is more like a 2002 version of the best systems
management," Garbani says.
The major thing missing is the ability to map applications to specific servers, databases and network services so that you can get a picture not only of what server's running what applications, but the condition of the various components on which a single application depends, Garbani says
MOM is also reactive, not proactive, so by the time it notices a server is down or the Internet's inaccessible, "it's already become a problem," says Steven Brummer, client/server design supervisor for Children's Healthcare in Atlanta (CHOA).
CHOA does its systems monitoring with NetIQ's AppManager product, which tracks performance data and extrapolates trends to identify problems as they're developing. CHOA has servers in geographically dispersed areas of the hospital complex, which makes it difficult for a technician to go work on them in person when there's a problem.
"With AppManager, we can configure it to see the trend and jump in before it becomes a problem. So it will notice if the database is slowing down, or you're running low on disk space, rather than waiting until the problem happens and then thinking what you're going to do about it," Brummer explains. "We want to be able to head it off at the pass."
On the Horizon
Microsoft is also working on a host of usability and manageability functions that it will release with an update
to Windows 2003 due out later this year, code-named R2. It will deliver Windows Server Update Services (WSUS), a new, twice-renamed
version of the free Software Update Services. WSUS is a more advanced application that can help administrators define by administrative group, server classification or end-user role what machines should get automatic updates. It can also direct users to internal servers rather than Microsoft's site for patches and OS updates.
It's those kinds of internal support functions that seem attractive to most users, despite Microsoft's efforts to sell add-on products like MOM 2005. Scripting and remote access to functions enabled by WMI let administrators do what they need to do, while excess bells and whistles cost more and deliver fewer critical functions.
As Brummer says, "If I had a big budget to go buy something, I'd go out and get another person, not a piece of software."
A Brighter Future
Microsoft may not be the leading light in systems management, but it is certainly a lot brighter than it was a couple of years ago and will make lots more progress in the near future if it lives up to its announced plans, says Jean-Pierre Garbani, vice president of computing systems research at Forrester Inc.
For example, Microsoft is updating its scripting capability with a new command-line interface called the Microsoft Shell (MSH), code-named "Monad," which is due to ship in the Longhorn version of Windows next year. Monad is based on version 2.0 of the Windows' .NET Framework, which in turn supports WMI—and WMI support is built into numerous Microsoft applications, from Exchange Server 2003 to IIS 6.0 and Active Directory, to name a few.
Monad will give administrators a remote-scripting ability and a set of domain-independent utility commands that will make it easier to create and run custom-designed processes on remote machines. It will also include a Software Developers' Kit designed to make it easier to create task-specific commands.
"Monad is quite impressive," according to Peter Pawlak, a senior analyst at Directions on Microsoft. "[Microsoft] will almost have parity or even exceed what's in the Unix world for remote management through scripting."
R2 will also have tighter security, with a user-customizable file-quarantining function, a federated-identity management function called TrustBridge, and a Rights Management Service designed to help control use of media files.
Microsoft's most ambitious server management initiative is a project designed to bring self-healing characteristics to Windows machines.
Dubbed the Dynamic Systems Initiative, the project is designed to help developers use XML and a protocol called the Systems Definition Model to build models defining the computing and networking resources a particular application needs. When a Web Service is being overtaxed, for example, and needs to balance the load using an additional server, a management application should be able to discover the problem and automatically deal with it.
The system is similar in approach to utility computing initiatives IBM, Sun and HP are pursuing, but DSI begins with the application rather than with the server.
Microsoft will ship SDM capabilities in an upcoming version of its Visual Studio.Net development tool, as a module code-named "Whitehorse," Pawlak says.
"Which makes more sense, building management into the application right from the get-go, or trying to paste it on later on?" Pawlak asks. "It remains to be seen how hard it is to add this into existing products. And, of course, anything you do to build more management stuff into a product ultimately makes it more expensive to sell. You then have to analyze it to see if it will ultimately save you money."