Migrating to windows 2000 in a large research environment
Download
1 / 52

Migrating to Windows 2000 in a Large Research Environment - PowerPoint PPT Presentation


  • 251 Views
  • Uploaded on

User and Presentation Services Application Services Management Network Services Distributed Services Base Services Migrating to Windows 2000 in a Large Research Environment Rand Morimoto President, Inacom Oakland [email protected] User and Presentation Services Application Services

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Migrating to Windows 2000 in a Large Research Environment' - Audrey


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Migrating to windows 2000 in a large research environment l.jpg

User and Presentation

Services

Application

Services

Management

Network

Services

Distributed

Services

Base

Services

Migrating to Windows 2000 in a Large Research Environment

Rand Morimoto

President, Inacom Oakland

[email protected]


Slide2 l.jpg

User and Presentation

Services

Application

Services

Network

Services

Management

Distributed

Services

Base

Services

Migrating to Windows 2000 in a Large Research Environment

  • Background of Active Directory

  • DNS in Windows 2000

  • Migrating from WINS to DNS

  • Consolidating NT4 Domains

  • Conducting a Phased Migration

  • Next Generation MS-Exchange


Slide3 l.jpg

About the Speaker

  • Microsoft Advisory Council Member (1995-present)

  • On the NT and Windows 2000 Development Team

  • Author:

    • “Deploying Microsoft Exchange v5”, 700-pages

    • “Tuning and Optimizing Windows NT”, 1000-pages

    • “Windows 2000: Design and Migration”

    • “Exchange v6: Design and Migration”

  • President / Inacom Oakland

  • Inacom Corporation

    • National / Int’l Services

    • Windows 2000 Services


Slide4 l.jpg

Microsoft Directory Evolution

Now

Now

Coming

Microsoft Exchange Server directory

Windows 2000

Windows NT user directory

Windows NT user directory

  • Singleenterprise logon

  • Centralmanagement

  • Replicated/ partitioned

  • E-mail namesand rich attributes

  • X.500 naming

  • MAPI, LDAP support

  • Scalable to “millions”

  • Integrated DNS, X.500

  • Deep integration with OS security

  • More standard support: X.500 DAP/DSP, ADSI, OLE/dB, etc.

  • Scalable to millions


Slide5 l.jpg

What is Active Directory?

  • Windows 2000 directory service

  • Active Directory has

    • A hierarchical, flexible namespace

    • Partitioning for scalability

    • Multi-master replication

    • Dynamic extensibility

    • Open and extensible directory synchronization interfaces

    • Lightweight Directory Access Protocol (LDAP) as the core protocol for interoperability


Slide6 l.jpg

AD Terminology

  • Namespace

  • Name

  • Domain

  • Organizational Units (OUs)

  • Tree

  • Sites

  • Global Catalog

  • Schema


Slide7 l.jpg

Differentiation

Administration Designators

vs

Replication Designators


Slide8 l.jpg

Creating Administrative Structures

  • First I Create my “Domain” and Give it an Organization Name

  • Then I Create Organizational Units within this Domain to Distribute Administration

  • I then Create Users within the Organizational Units where they Belong

  • Finally I Group the Users so I can more Easily set Policies to the Group


Slide9 l.jpg

Organizational Units

Users and Groups

Creating Administrative Structures

Domain


Slide10 l.jpg

Enterprise is Made of Domains

  • Domains can be linked by trust

  • Domains can be related by name

  • Both X.500 and DNS naming

DC=MyCorp,DC=Com

whatever.edu

DC=Dev,DC=MyCorp,DC=Com

whatnot.whatever.edu


Slide11 l.jpg

Active DirectoryGlobal namespace = DNS + LDAP Directories

com

edu

berkeley

inacom

microsoft

students

courses

PoliSci

Domain :inacom.com

BSmith

RJones

AArney

KBryant

Domain :

microsoft.com

Domain:

berkeley.edu



Slide13 l.jpg

Planning Your DNS Strategy

  • Active Directory is integrated with Domain Name System (DNS)

  • Therefore, it is important to

    • Determine which DNS server to use

    • Determine your DNS root


Slide14 l.jpg

DNS Server Options

  • Implement Microsoft DNS Exclusively

  • Implement Microsoft DNS as a Delegated Sub-domain

  • Use an Existing DNS Server


Slide15 l.jpg

Implement Microsoft DNS Exclusively

  • Benefits

    • Tight integration with Active Directory

    • Supports the extended character set, Unicode

    • Not dependent on existing DNS Servers

    • Will co-exist with other DNS Servers

    • Supports multi-master replication


Slide16 l.jpg

Implement Microsoft DNS as a Delegated Sub-domain

  • Benefits

    • Requires no upgrade of any existing DNS servers

    • Utilize existing DNS infrastructure

    • Minimizes dependency of Active Directory on existing DNS servers


Slide17 l.jpg

Use a Non-Microsoft DNS Server

  • Benefits

    • Does not require replacing existing DNS servers

    • No DNS changes required


Slide18 l.jpg

Existing DNS Server

  • To Support Active Directory, a DNS Server

    • Must support the SRV RR defined by RFC 2052

    • Should also support:

      • The Dynamic Update Protocol - RFC 2136

      • Incremental Zone Tranfers - RFC 1995


Slide19 l.jpg

Multiple Domains/Trees

  • Sometimes it is necessary to have more than one domain

  • Multiple domains with a contiguous name space are referred to as trees

tailspintoys.com

europe.tailspintoys.com

marketing.europe.tailspintoys.com


Slide20 l.jpg

Microsoft.Com

PBS.Microsoft.Com

NTDev.PBS.Microsoft.Com

Forest Definition

  • One or more Windows 2000 Trees

    • Do not form a contiguous namespace

    • Share a common schema, config., Global Catalog

    • All Trees in a Forest trust each other

    • Does not need a distinct name

Softimage.Com

Finance.Softimage.com


Slide21 l.jpg

Active Directory

Safety:

  • Authenticode

  • Driver signing

SingleSign-on

Auth.:

  • Priv Key/Kerberos

  • Public Key/X.509

  • NT4

PrivateComm.

Protocol:

  • SSL

  • IPSEC

  • RPC/DCOM

SecureBiz Tx

  • PK Certificates

  • Kerberos keys

Base:

  • Crypto API

  • Encrypted F-S

  • More Auditing

SecureDesktop

Integrated Security

Scenarios


Slide22 l.jpg

Goal of Windows 2000 for Enterprises:Reliability and Scalability

Network Load Balancing

Clustering


Slide23 l.jpg

Goal of Windows 2000 for Enterprises:World Ready

  • Multilingual user interface

  • Same code runs anywhere

  • Simultaneous support of multiple languages

  • Single world-wide API



Consider implementing nt4 workstation today l.jpg
Consider Implementing NT4 Workstation Today Windows 2000

  • Higher level of security

    • ability to lock down w/s hardware config

    • ability to create and manage set processes

  • Ability to use global roaming profiles

  • Key to Intellimirror in Windows 2000

  • Consolidated DLL model in Windows 2000


Slide26 l.jpg

Design, Implement, and Gain Support for System Policies Windows 2000

  • Globally manage individuals, groups of users, or all users the ability to:

    • change screen saver

    • change desktop background

    • add applications

    • purposely or accidentally delete applications

    • drop to DOS prompt

    • modify workstation configurations


Slide27 l.jpg

System Policies Windows 2000


Consolidate domains l.jpg
Consolidate Domains Windows 2000

  • Minimize resource domains

  • Develop structure that utilizes fewer domains

  • Create simplified trust model

  • Document enterprise hierarchy

    • server/host configurations

    • segment addresses

    • segment bandwidth

    • trust and authentication process


Slide29 l.jpg

Fastlane Technologies: DM/Manager Windows 2000

Selectively move single or

multiple users from

any Source Domain...

...to any Target Domain!


Slide30 l.jpg

Setting Rules / Policies for Migration Windows 2000

Flexible migration options...


Conduct performance analysis l.jpg
Conduct Performance Analysis Windows 2000

  • Evaluate Client to Server Bandwidth Demands

  • Evaluate Server to Server Bandwidth Utilization

  • Analyze Server System Utilization

  • Conduct WAN Bandwidth Analysis

    Bluecurve “Dynameasure” recognized by Microsoft for capacity analysis and capacity planning (http://www.bluecurve.com)


Slide32 l.jpg

Performance Analysis Windows 2000

Server CPU capacity is bottlenecked. All four server CPUs reach maximum thruput


Slide33 l.jpg

Implement TCP/IP and SMTP as Core Communications Protocols Windows 2000

TCP/IP

SMTP

Site A

Site B


Implement dns in addition to and in an windows 2000 environment in place of wins l.jpg
Implement DNS (in addition to (and in an Windows 2000 environment, in place of) WINS)

  • WINS needed for Netbios name resolution

  • DNS to be native in Windows 2000 complete TCP/IP environment


Implement ldap for look up l.jpg
Implement LDAP for Look-up environment, in place of) WINS)

Domain Controller

Client

Microsoft

Management

Console

Legacy NT4 APIs

NT4 BDC

Replication

SAM

ADSI

NW3 NW4 NT4 NTDS

Windows 2000 M-M

Replication

Directory

Service

LDAP

wldap32.dll

Net

APIs

NCP

NCP


Slide36 l.jpg

Create an Windows 2000 Deployment Team environment, in place of) WINS)

  • Team Includes:

    • DNS Decision Makers (NT, UNIX, etc)

    • Hardware Implementers and Support Personnel

    • File/Print LAN/WAN Decision Makers

    • Firewall and Internet Security Decision Makers (Kerberos, X.509, etc)

    • Electronic Messaging Group

    • Desktop Support Group (Intellimirror, Windows Scripting, Sysclone, SMS)


Slide37 l.jpg

User and Presentation environment, in place of) WINS)

Services

Application

Services

Network

Services

Management

Distributed

Services

Base

Services

Migrating from NT4 to Windows 2000

  • Migrating Domain Controllers

  • Migrating Servers

  • Migrating Users


Migration l.jpg
Migration environment, in place of) WINS)

  • Any Windows NT domain model can be migrated easily to the Active Directory

  • Mixed environments

    • Fully supported

    • Look and act like Windows NT 4.0 domains

    • Migration to domain tree simple


Migration initial state l.jpg
Migration (Initial State) environment, in place of) WINS)

Initial state

Windows NT 4.x domain

“PDC”

BDC

BDC


Migration step 1 l.jpg

Domain replica environment, in place of) WINS)

Global catalog

Migration (Step 1)

Upgrade PDC to Windows 2000

“PDC”

BDC

BDC

BDC


Migration step 2 l.jpg

Domain replica environment, in place of) WINS)

Global catalog

Migration (Step 2)

Upgrade remaining Windows NT 4.x BDCs

DC - GC

DC

DC

DC


Migration final state l.jpg

Domain replica environment, in place of) WINS)

Global catalog

Migration (Final State)

DC - GC

DC

DC

DC

“Native” domain


Migration resource domains l.jpg
Migration environment, in place of) WINS)resource domains

  • Can be upgraded in place and joined to tree

  • Can be replaced with OUs

    • Convert in place

    • Join to tree

    • Create OU in parent domain

    • Drag resource domain contents into OU

    • Delete (empty) resource domain


Slide44 l.jpg

Server Role In Windows 2000 environment, in place of) WINS)

PDC BDC Replica

Windows NT 4.0 Only writeable Read-only -- copy copy

Windows 2000 Writeable copy. -- Writeable copy Appears as PDC to downlevel clients

Windows 2000 Only writeable Read-only Read-onlyMixed domain copy (Windows copy copy NT 4.0 or (Windows Windows 2000) NT 4.0)


Slide45 l.jpg

Next Generation environment, in place of) WINS)

Microsoft Exchange 2000

codename “Platinum”


Slide46 l.jpg

Built on Windows 2000 Active Directory environment, in place of) WINS)


Slide47 l.jpg

AD Does Exchange Administration environment, in place of) WINS)


Slide48 l.jpg

Utilizes Multiple Storage Groups environment, in place of) WINS)

  • More than 1 MDB Per Server

    • Smaller MDBs for easier backup/restore

    • Separate MDB for NNTP and Internal Public Folders

    • Distribute DBs across multiple Storage Area Network (SAN) devices

    • Distribute Administration of DB management on a single server


Slide49 l.jpg

Migration to Exchange Platinum environment, in place of) WINS)

  • Exchange Platinum Migration

    • Exchange server needs to be migrated, but not the whole organization

    • Migration tools included to migrate Exchange v5.5 to Platinum (users, org/site structure, mailboxes, public folders)

    • Active Directory Connector provides a link between non-Active Directory NOSs and Exchange Platinum (NT4, NDS, LDAP)


Slide50 l.jpg

Preparing for Exchange Platinum environment, in place of) WINS)

  • Upgrade to Exchange v5.5 (if you have not already done so)

  • Replace Site Connectors with SMTP or X.400 Connectors using InterOrg Directory Replication


Slide51 l.jpg

Questions ? environment, in place of) WINS)


Slide52 l.jpg

Rand Morimoto environment, in place of) WINS)Inacom Oaklandinternet: [email protected](510) 444-5700 ext.100


ad