Evaluating your Migration Options:
Why Windows .NET Server 2003
Enterprise Systems Group (ESG)
Dell White Paper
By Mike Owens
November 2002
Contents
Introduction: Choices, Choices, Choices
Operating System Market Dynamics
What are my choices?
Organizations still running Windows NT
Organizations that have already deployed Windows 2000 Server
Windows .NET Server 2003 – Key Feature Overview
Introduction
Key Features
Administration and Management Enhancements to Active Directory
Managing Your Server and Storage
Security
Reliability and Performance
Conclusions
Additional Resources
Figures
Figure 1: Migration Options
Figure 2: Migration Timeline Affects Decision
Tables
Table 1: Operating System Specifications
November 2002Page 1Dell Enterprise Systems Group
Section1
Introduction: Choices, Choices, Choices
Operating System Market Dynamics
No matter what your core network operating system (NOS) of choice is, chances are that if you are running Intel-based servers in your IT infrastructure, then you are probably going to have Microsoft® Windows NT® Server and/or Windows® 2000 running on at least some of these servers. With this in mind, there are two key events related to the Windows server platform that will probably have you considering an operating system migration.
- After five years on the market—and with the increasing adoption of its successor, the Windows 2000 Server family of operating systems—Microsoft is retiring Windows NT Server 4.0. Some of the key dates are listed below and for more information, please visit the Microsoft website at the link below:
- As of July 1, 2002, Windows NT Server 4.0 was no longer offered through the Direct OEM channels such as Dell.
- Beginning on January 1, 2003 and ending January 1, 2004, customers requesting non-security QFEs (Quick Fix Engineering) for Windows NT Server 4.0 will be charged a fee by Microsoft. Microsoft will continue to provide security updates free of charge to all customers during this time period.
- Beginning on January 1, 2004, Microsoft will no longer offer pay-per-incident and Premier Support for Windows NT Server 4.0.
- Beginning on January 1, 2005, Microsoft will no longer offer online support for Windows NT Server 4.0.
- In 2003, Microsoft is expected to launch Windows .NET Server 2003, the follow-on operating system to Windows 2000 Server. Built on the same architecture that made Windows 2000 successful, Windows .NET Server 2003 has some compelling new features that are expected to offer improvements in security, performance, administration, and ease of use.
What are my choices?
Both the retirement of Windows NT and the emergence of Windows .NET have organizations evaluating their migration options as they search for the best Windows-based path for their IT infrastructure. Where they choose to go will depend a lot on where they are today. Figure 1 illustrates the potential choices that organizations have today.
Figure 1: Migration Options
Organizations still running Windows NT
Organizations that are still running Windows NT probably are doing so for one of the following reasons:
- Need to support legacy applications that only run on NT
- Believe Active Directory migration is too large of an undertaking
- Organizational issues within IT and/or the business unit prevent funding and/or progress on migration projects
Due to both security and support risks associated with staying on NT, these organizations will be faced with three primary Windows-based migration options:
- Migrate to Windows 2000 Server
With this option, organizations will redesign their network and domain infrastructures and migrate to Active Directory. Also associated with this migration are a refresh of server hardware and a migration of key applications to Windows 2000-based systems. There still may be some pockets of legacy applications that remain on NT; however, the bulk of the infrastructure will be running on Windows 2000. - Keep an NT domain, but replace older servers with new ones based on Windows 2000
With this option, organizations are opting to maintain a legacy domain infrastructure based on NT. They still retain the risk of losing support as a part of Microsoft’s phased retirement plan for NT; and, they are not able to take full advantage of the security enhancements available in Windows 2000 and/or Windows .NET Server domains. However, in terms of cost and complexity, this option is the least taxing. Because NT will not be available in the market, organizations can replace aging servers with Windows 2000-based systems, and they will likely begin some application migration. Organizations that chose this option may migrate to either Windows 2000 Server and/or Windows .NET Server 2003 at a later date.
NOTE: Dell recommends that organizations that pursue this option begin planning for migrations to Windows 2000 or Windows .NET now! - Migrate to Windows .NET Server 2003
With this option, organizations will perform many of the same tasks that they would in a full-scale migration to Windows 2000 Server: redesign of the network and directory infrastructure, server refresh, and application migration. Windows .NET Server 2003 offers the same basic architecture as Windows 2000 Server; however, .NET will provide a more robust set of features that will ease some of the administrative burden associated with a large scale migration.
With these three options at hand, organizations might wonder which path would work best for them. There are many factors that can influence this choice, but in general, organizations that are still running NT today need to initiate plans for a full-scale migration to either Windows 2000 Server or Windows .NET Server 2003 now.
“Enterprises cannot employ a light switch approach in their infrastructure migration strategies. At the end of 2003, support for legacy environments built on Windows NT 4.0 will end, and organizations should plan on initiating migration projects 12-18 months prior to this date.” Thomas Bittman, Gartner Inc., May 2002
Organizations need not wait on Windows .NET Server 2003, and those that are currently evaluating, planning, or deploying Windows 2000 Server should continue with their efforts. Windows 2000 Server and Windows .NET Server are designed to coexist in the same environment so the planning and effort that organizations invest in a migration to Windows 2000 will be just as relevant should they decide to evaluate and migrate to Windows .NET Server. Customers who are considering a migration to Windows .NET Server so that they can begin development and deployment of XML Web service solutions based on the .NET Framework and Microsoft Visual Studio® .NET can deploy the Windows 2000 Server family today and begin development and deployment of XML Web service solutions based on the .NET Framework and Microsoft Visual Studio.NET - and be assured of a smooth migration to Windows.NET Server when it is available. If an organization has not begun planning a migration project, then they should consider evaluating and deploying Windows .NET Server 2003. Figure 2 provides a timeline that can help serve as a guideline for organizations that are planning to migrate off of Windows NT to another Windows-based platform.
Figure 2: Migration Timeline Affects Decision
Organizations that have already deployed Windows 2000 Server
Over half of the Windows server install-base worldwide is already running on Windows 2000 Server today, and most organizations have been pleased with the added scalability, reliability, and ease of administration offered by Windows 2000 Server over Windows NT. Windows .NET Server 2003 offers some exciting new features that can help organizations optimize and improve their Windows infrastructures. Organizations that are already running Window 2000 Server today should evaluate Windows .NET Server 2003 to see if it helps to meet their IT and/or business needs. From a Windows 2000 Server environment, an upgrade to Windows .NET Server 2003 is just that – an upgrade. The most time consuming work was done in the migration to Windows 2000 Server, so organizations can upgrade to Windows .NET Server without huge effort and begin taking advantage of evolutionary new features almost immediately.
Section 2
Windows .NET Server 2003 – Key Feature Overview
Introduction
Windows .NET Server 2003 provides a set of evolutionary new features that offer compelling reasons for organizations to consider a migration to .NET Server. This section provides an overview of some of these features. Figure 3 is a high-level overview of the primary editions that will be available in Windows .NET Server 2003 and some of the basic feature specifications that differentiate these editions.
Table 1: Operating System Specifications
The remainder of this section highlights additional new features available in Windows .NET Server 2003. To supplement the information presented here, please visit the Microsoft web site at the link below:
Key Features
Administration and Management Enhancements to Active Directory
One of the primary areas Microsoft has improved with .NET Server is with the administration and management tools and features of Active Directory. These new features make migration, management, and administration of Active Directory much easier and more efficient. Some of the top new features include:
- Cross-Forest Trust and Management
With this new feature, users get the benefits of “single sign-on” while still having the capability to access resources in other forests of the directory. Administrators also have the benefit of managing only one user account per person versus several. This can provide greater security as administrators no longer need to create additional accounts or offer increased access levels to users just so that they can perform a single function or access a single resource. - Domain Rename
With this new feature, administrators have the capability of changing the name of an existing domain on the fly. This is in contrast with the traditional method of changing a domain name whereby an organization is required to create a new domain and then migrate individual resources into the new domain. - Install Replica from Media
This new feature allows organizations to back up and restore an existing Domain Controller or Global Catalog to/from a disk instead of having to replicate this information over the network. This feature is a great addition for organizations that have a need for domain controllers in remote locations, but don’t have the luxury of high-bandwidth connections between sites. - Cached Credentials
Remote offices no longer need to have dedicated connectivity with the global catalog server. With .NET Server, users at these locations can log into a local domain controller using cached credentials. - Meta-directory Support
This feature allows organizations to integrate Active Directory with other applications, databases, and files that leverage “directory-like” information. This gives an organization a unified view of directory information, allows for administration to occur in the areas of the organization where it makes sense, and helps synchronize identity information across the organization. - Application Directory Partitions
In addition to meta-directory support, Windows .NET Server allows for directory partitions to help segregate application-specific directory information that may not be relevant to the entire domain community. This helps to eliminate organizational issues with regards to the directory schema, to put management of directory information in the hands of the right individuals, and to eliminate unnecessary replication of data across the network. - Prevent Overloading Domain Clusters
With this feature, Windows .NET Server prevents a newly added, first domain controller from being overloaded. The new Windows.NET Server 2003 domain controller can emulate the behavior of a Windows NT 4.0 domain controller, and administrators can better manage the migration of the domain members. - Active Directory Migration Tool (ADMT) Enhancements
Microsoft has improved the ADMT to include the migration of passwords and has also added enhanced scripting capabilities to allow for command line support which can help organizations integrate ADMT into in-house applications and processes. - Enhanced Queries
Windows .NET Server 2003 provides administrators with enhanced query capability and the ability to save queries against the directory. This helps administrators to save time in routine reporting/administrative tasks, share queries with other administrators, edit multiple user objects at once, and identify a set of users based on specific attributes. - Group Policy Enhancements
Windows .NET Server provides over 160 new group policy settings and gives administrators a new wizard called “Resultant Set of Policy,” which allows administrators to perform “what if” analysis to gain an understanding of the policies actually in place for a specified location in the directory.
Managing Your Server and Storage
In addition to the new administrative features for Active Directory, Windows.NET Server 2003 also includes features designed to ease the management of server and storage resources in .NET infrastructures.
- Manage Your Server Wizard
The first new feature that you will see when you boot Windows .NET Server 2003 for the first time is the Manage Your Server Wizard. This provides a central location for launching many of the most common administrative tasks. In addition, Windows .NET Server comes with a new deployment feature that allows you to add “personality” to your server through a wizard that helps you to automatically configure your server to serve in common roles, including: DNS Server, FTP Server, Domain Controller, and Web Server. - Shadow Copy Volume Shadow Copy Services (VSS)
This new feature provides point-in-time backups of networked file shares. VSS allows administrators to conduct online backups of data at a point in time without having to worry about open or locked files. A shadow copy is a previous version of a file, and with this feature, administrators can configure file shares to maintain a set of previous file versions on the server. Users only need to install a small client add-on to be able to leverage the functionality available with VSS. They can then recover older versions of files to replace deleted, corrupt, or “incorrectly” edited files. Shadow copy adds a new level of business continuity features to the base operating system in Windows .NET Server 2003. - VDS Virtual Disk Service (VDS)
VDS is a new “ease-of-use” feature that provides a set of application program interfaces (APIs) for managing the disks in a Storage Area Network (SAN). With Windows .NET Server, there is a common set of APIs for managing the SAN hardware rather than having to rely on vendor-specific calls and management tools. Windows .NET provides a common interface for managing storage resources and storage management software that leverages VDS can be hardware independent.
Security
Windows .NET Server 2003 was designed with security as one of the primary feature enhancements. With the its Trustworthy Computing initiative, Microsoft has taken a focused look at security and made several modifications to not only the tools and features of the OS but also some of the default settings. Some of the most notable changes include the following:
- Credential Manager
Windows .NET Server 2003 comes with a new credential manager in Active Directory that provides a secure store for user credentials and X.509 certificates. - Internet Information Services (IIS) 6.0
Microsoft also has enhanced security in the latest release of Internet Information Services. IIS 6.0 includes selectable cryptographic services, advanced digest authentication, and configurable access control of processes. In addition, the Web server does not install automatically, and installs in lockdown mode by default. This provides a greater level of control over the security of back-end servers and Web sites. - Networking Enhancements
Microsoft has included significant networking enhancements in Windows .NET Server 2003, including Internet Protocol version 6 (IPv6), Point-to-Point Protocol over Ethernet (PPoE), and Internet Protocol Security (IPSec) over Network Address Translation (NAT). - Common Language Runtime
With Windows .NET Server 2003, Microsoft introduces the Common Language Runtime (CLR). The CLR is a software engine that helps ensure a secure runtime environment by reducing the number of bugs and security holes caused by common application-programming errors. This helps make applications more reliable, leave fewer vulnerabilities for malicious attackers to exploit, and protect the environment from untrustworthy code from outside sources. When a piece of code is ready to run, CLR checks to ensure that it can run without error, that the current security permissions are appropriate for it to run, and that the code does not carry out any actions that are inappropriate. The CLR keeps track of where code was downloaded from, if it was signed by a trusted developer, and if it has been altered in any way since it was signed. - Internet Connection Firewall
ICF is a software-based firewall that protects and monitors traffic across the boundary between the network and the Internet. - Software Restriction Policies
Software restriction policies give administrators a policy-driven mechanism to identify programs running on computers in the domain, and control their ability to execute.
Reliability and Performance
One of the final areas that Windows .NET Server 2003 provides new enhancements and features is in reliability. First, Windows .NET Server builds on the reliability that organizations experienced in Windows 2000 Server; however, in addition to leveraging this, .NET Server also offers some new clustering features as well as the ability to install larger cluster sizes.
- Majority Node Clusters
Windows .NET Server 2003 has an optional quorum resource that does not require a disk on a shared bus for the quorum device. This feature is designed to be built into larger end-to-end solutions by original equipment manufacturers (OEMs), independent hardware vendors (IHVs) and other software vendors, rather than be deployed by end-users specifically—although this is possible for experienced users. This enables geographically dispersed clusters, and no shared disks - Large Cluster Sizes
With the Enterprise Edition, larger cluster sizes provide much more flexibility in how applications can be deployed on a server cluster. Applications that support multiple instances can run more instances across more nodes; multiple applications can be deployed on a single server cluster with much more flexibility and control over the semantics if/when a node fails or is taken down for maintenance.
- Network Load Balanced Clusters
Up to 32 nodes for all editions. - Hyper-Threading Support
Windows .NET Server 2003 provides support for the Hyper-Threading technology built into Dell PowerEdge™ servers running Intel®Pentium® 4 or Xeonprocessors. Hyper-Threading is a technology introduced by Intel that allows a single Intel processor to execute two programs, or threads, simultaneously. One physical processor looks like two logical processors to the operating system and applications. - Windows Resource Manager
The Windows Resource Manager lets administrators set resource usage (for processors and memory) on server applications and manage them though Group Policy settings. - Terminal Services
Windows .NET Server 2003 offers several significant enhancements to Terminal Services. Not only does Windows .NET offer enhancements designed to make terminal services licensing more straightforward, but Windows .NET offers new features such as per-user time zones, load balance support, increased number of users supported, Hi-color, and audio/port/drive redirection.
Section 3
Conclusions