WIN2K Will Win Big.Active Directory Will Profit Resellers Microsoft is positioning Windows 2000, the operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. formerly known as Windows NT (Windows New Technology) A 32-bit operating system from Microsoft for Intel x86 CPUs. NT is the core technology in Windows 2000 and Windows XP (see Windows). Available in separate client and server versions, it includes built-in networking and preemptive multitasking. 5.0, as the OS for all applications, stressing increased reliability, availability, and scalability; lower TCO (1) (Total Cost of Ownership) The cost of using a computer. It includes the cost of the hardware, software and upgrades as well as the cost of the inhouse staff and/or consultants that provide training and technical support. See ROI. through ease of administration; and adherence to open Internet and IP standards. The Microsoft marketing message aims Windows 2000 squarely at the higher reaches of enterprise computing Refers to information technology in the larger company. See enterprise data and enterprise networking. where these capabilities are of paramount performance. In addition, to a large extent, managers and IT professionals are buying the Windows 2000 story, as revealed by the Windows 2000 Adoption Survey recently released by Survey.com (formerly World Research, www.survey.com). Based on responses from over 1300 IT professionals and managers who intend to implement Windows 2000, the survey reveals widespread and rapid adoption of the OS. By January 1,2001, over 90% of the desktops in all organizations will be running some modem variant of Windows; over 40% will be running Windows 2000 Professional (Fig 1). By the same date, 81% of the servers in all organizations will be running either Windows NT 4.0 Server or Windows 2000 Server (Fig 2). Widespread implementation will begin by the second quarter of 2000; however, large companies will lag significantly, giving VARs and integrators who serve that market segment a longer window of opportunity. Yet despite this overwhelming vote of confidence, there are eddies and whirlpools in the Redmond flood tide flood tide also flood·tide n. 1. The incoming or rising tide; the period between low water and the succeeding high water. 2. A climax or high point: a flood tide of fears. . The most notable of these involves Active Directory, Microsoft's new directory structure. The survey reveals that, although Active Directory is the foundation of many, if not most, of Windows 2000's benefits, especially its promised lower total cost of ownership through easier management, and improved security, most respondents rank it fairly low--behind the very features and capabilities it makes possible! In addition, only about one-fourth of the organizations surveyed have developed an Active Directory design, although about 70% are assessing their current network as part of their Windows 2000 upgrade plan in apparent response to the sweeping changes in logical network structure demanded by Active Directory. Less than half of the organizations responding have yet decided how to make the transition to Active Directory and this percentage is significantly lower for large organizations. So there is widespread FUD about Active Directory at all levels of corporate computing. This, of course, portends profit opportunities for VARs and systems integrators serving this market who can deliver Active Directory expertise and guide their customers through the difficult transition from Windows domains to the Active Directory promised land. A brief survey of the features and capabilities of Active Directory may serve to illuminate some of the business opportunities offered by this facet of Windows 2000. A Place For Everything Active Directory is a distributed, peer-to-peer system with a great deal of redundancy and represents, among other things, Microsoft's response to the threat of the Novell Directory Service (NDS See eDirectory. NDS - Netware Directory Services ), which has a considerable lead in development time and installed base over Active Directory. It sweeps away the old, enterprise-unfriendly Windows Domain structure and replaces it with an X.500-based, LDAP-compliant distributed directory system that can interoperate with NDS and other LDAP-compliant directories. AD can also manage mixed networks of Windows 2000 and earlier versions of Windows (Windows 95 and 98 will be updated to become AD aware, but not NT Workstation), but its full benefits are realized only in an end-to-end Windows 2000 network. Active Directory gives administrators a central repository for managing information on users, computers, applications, and network resources (including network hardware) with an extremely high degree of granularity. Every aspect of the operating system uses Active Directory to keep track of network resources and enable them to work together. Active Directory delivers a number of important benefits, including: * Improved manageability * Improved security * Quality of Service (QoS) capabilities * Improved data availability Refers to the degree to which data can be instantly accessed. The term is mostly associated with service levels that are set up either by the internal IT organization or that may be guaranteed by a third party datacenter or storage provider. A brief look at the way Active Directory organizes a Windows 2000 network will set the stage for a closer look at these benefits. And Everything In Its Place Active Directory organizes a Windows 2000 network into a hierarchical structure See hierarchical. using five logical units. * Domains. Domains are the basis of replication in Active Directory. Unlike Windows NT, in Windows 2000, the relationship between domain controllers is multi-mastered, delivering faster and more reliable replication of critical information throughout the network. Because the objects in each domain are not replicated across the network, Active Directory maintains a Global Catalog that points to a subset of object properties that is useful for the entire network, such as a user's log-on name. Windows 2000 domains can store millions of objects and the AD domain schema, which specifies the types of objects stored, is extensible, enabling it to store objects and properties unique to a company. In addition, Windows 2000 domain names are DNS names (e.g., chicago.us.yourcompany.com), which simplifies administration. * Organizational Units. Organizational Units (OUs) enable administrators to group users, file shares, printers, and the like within a domain into a hierarchy more closely matching organizational realities, giving them far more granular control over controlling administrative rights. For instance, a domain might be divided into Sales, Marketing, and Finance OUs. * Trees. A Tree is a hierarchy of Windows 2000 domains, which allows a certain amount of inheritance from parent to child to ease administration. For instance, a child domain inherits its parent's schema. * Forests. Trees can be grouped into Forests, which establish a transitive trust An automatic trust association between parent and child domains and between root domains in a Windows Active Directory forest. For example, if domain A trusts B, and B trusts C, then A automatically trusts C. See forests and trees. relationship between the two trees, which allows all the domains in the Forest to share resources if they have the appropriate security permissions. * Sites. Sites identify areas of high-bandwidth network connectivity: one with at least 5l2Kbit/sec between subnets. This enables Active Directory to replicate itself across low-bandwidth WAN links without swamping other traffic. More importantly, it makes any other services dependent on Active Directory, such as the file system, also bandwidth-aware and capable of intelligent wide-area operation. Managing Desktops With Active Directory Perhaps, the most important advance in management in Windows 2000 is offered by Intellimirror, an Active Directory-dependent capability that automates the management of user documents, user settings, and software installation. Intellimirror can restore a user's computer from virtually any disaster, complete with all applications, documents, settings, shortcuts See Win Shortcuts. , and other personal settings. Intellimirror can mirror user data automatically, so that critical data is always replicated and also supports client-side caching, which enables users to continue working on so-called offline folders when the network is not available. When network connectivity is reestablished, the local cache and the network share are automatically synchronized. This is of particular importance for mobile computing Using a computing device while in transit. Mobile computing implies wireless transmission, but wireless transmission does not necessarily imply mobile computing. Fixed wireless applications use satellites, radio systems and lasers to transmit between permanent objects such as buildings . Intellimirror also helps administrators maintain and control user desktop settings, both for roaming and stationary users. As well, Intellimirror enables administrators to assign and publish applications via the Application Management Services so that they are automatically installed for users at log-on. Such applications can be installed entirely automatically, optionally (appearing in the Add/Remove Programs applet in the Computer Management console A terminal or workstation used to monitor and control a network. See Microsoft Management Console. ), or upon document activation. Finally, Active Directory also supports the Remote Installation (RI) service, a boot server that can automate the installation of the operating system in client. Users see a welcome screen with several options for installation. ISVs and OEMS OEMS Office of Emergency Medical Services (Massachusetts government) OEMS Oracle Enterprise Messaging Service OEMS Order Entry Management System can customize the RI service. Security And Active Directory Active Directory is the foundation of security in Windows 2000, which is considerably advanced over that offered in Windows NT 4.0. Unlike its predecessor, Windows 2000 can support transitive trust relationships, which greatly ease administration of users and resources. Trust is what enables objects in one domain to access or use objects in another. In Windows NT 4.0, trusts are one-way and intransitive in·tran·si·tive adj. Abbr. intr. or int. or i. Designating a verb or verb construction that does not require or cannot take a direct object, as snow or sleep. n. An intransitive verb. . This means that to share objects in both directions between two domains, two trust relationships have to be established, which made administration of large collections of domains quite unwieldy. Furthermore, since such trusts are intransitive, a domain cannot "pass along" its permissions in one domain to another. In Windows 2000, all trusts are by default two-way, although one-way trusts can be established. They are also transitive transitive - A relation R is transitive if x R y & y R z => x R z. Equivalence relations, pre-, partial and total orders are all transitive. : if Domain A trusts Domain B, and Domain B trusts Domain C, then Domain A and C can share resources, as well. The permissions structure of Windows 2000, again based on Active Directory, is also more advanced than earlier versions. Every object in a domain has an Access Control List that defines users and groups that have permissions for that object. There are three types of groups, enabling any combination of users from single or multiple domains to be granted permissions to a given object. In addition, permissions can be granted to an object or merely to an object property. This makes possible very fine-grained distribution of administrative rights. For instance, a user could be granted Write privileges to the Members property of a group, but not Delete privileges, enabling them to add, but not remove, users. Some of the more esoteric security capabilities of Windows 2000, including its encrypting file system, Kerberos security, and Microsoft Certificate Services, which establishes a Public Key Infrastructure (PKI (Public Key Infrastructure) A framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of ), are also dependent on Active Directory for their functioning. Networking With Active Directory Windows 2000 has eliminated dependence on the Windows Internet Name Service Windows Internet Name Service (WINS) is Microsoft's implementation of NetBIOS Name Server (NBNS) on Windows, a name server and service for NetBIOS computer names. Effectively, WINS is to NetBIOS names, what DNS is to domain names - a central mapping of host names to network (WINS), which enables the OS to locate network resources by name. It has been replaced with the Dynamic Domain Name Service (DDNS (Dynamic DNS) A service that lets anyone on the Internet gain access to resources on a local network when the Internet address of that network is constantly changing. Such resources are typically a Web server, Webcam or a PC for remote control operation. ), which enables a Dynamic Host Configuration Protocol (protocol) Dynamic Host Configuration Protocol - (DHCP) A protocol that provides a means to dynamically allocate IP addresses to computers on a local area network. The system administrator assigns a range of IP addresses to DHCP and each client computer on the LAN has its TCP/IP (DHCP (Dynamic Host Configuration Protocol) Software that automatically assigns temporary IP addresses to client stations logging into an IP network. It eliminates having to manually assign permanent "static" IP addresses. DHCP software runs in servers and routers. ) Server, which assigns IP addresses to clients dynamically to update the DNS server A dedicated server or a service within a server that provides DNS name resolution in an IP network. It turns names for Web sites and network resources into numeric IP addresses. DNS servers are used in large companies, in all ISPs and within the DNS system in the Internet, a vital service on-the-fly. The former inability of DNS (Domain Name System) A system for converting host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP protocol. For example, when a Web site address is given to the DNS either by typing a URL in a browser or behind the to support dynamic updates was why Microsoft created WINS. The new IETF See Internet Engineering Task Force. IETF - Internet Engineering Task Force DNS standard supports dynamic updates. The combination of DHCP and DDNS makes administering IP addresses much simpler. Active Directory also enables Windows 2000 to support a form of QoS technology based on the IETF Subnet (SUBNETwork) A logical division of a local area network, which is created to improve performance and provide security. To enhance performance, subnets limit the number of nodes that compete for available bandwidth. Bandwidth Management Controlling the traffic flow in a network. See bandwidth manager. (SBM SBM - Solution Based Modelling ) platform and the Directory-Enabled Networking (DEN) specification, which defines ways to represent information about network devices and associated management policies in directories. With Active Directory, IT managers can assign priorities to network traffic based on business rules, theoretically making the network far more efficient and giving them more bang for their network infrastructure dollars. Organizations using Microsoft Exchange Messaging and groupware software for Windows from Microsoft. Exchange Server is an Internet-compliant e-mail system that runs under Windows NT/2000 and Windows Server 2003. It can be accessed by Web browsers, the Exchange client, versions of Outlook and the earlier Windows Inbox. as their messaging infrastructure will also benefit from Active Directory. The next version of Exchange (code-named Platinum) will be able to use AD as Exchange's directory store, enabling administrators to manage users in one place. Data Availability Active Directory is critical for several aspects of the improved data availability offered by Windows 2000, including clustering, load balancing The fine tuning of a computer system, network or disk subsystem in order to more evenly distribute the data and/or processing across available resources. For example, in clustering, load balancing might distribute the incoming transactions evenly to all servers, or it might redirect them , various aspects of the files system, and the Distributed File System Software that keeps track of files stored across multiple networks. When the data are requested, it converts the file names into the physical location of the file so it can be found. (DFS (Distributed File System) An enhancement to Windows NT/2000 and 95/98 that allows files scattered across multiple servers to be treated as a single group. With Dfs, a network administrator can build a hierarchical file system that spans the organization's LANs and ). The Cluster Service in Windows 2000, formerly known as WolfPack, not only offers 8:1 failover (any one of eight CPUs can jump-start an NT process in the event that one fails), but also two-node clustering and rolling upgrades of both Windows NT Enterprise Edition, Windows 2000 Advanced Server, and Windows 2000 Datacenter Server. A rolling upgrade enables administrators to sequentially upgrade the OS without bringing down the cluster. In addition, more OS services such as DHCP and WINS are cluster aware. The Load Balancing Service in Windows 2000 complements the Cluster Service by clustering TCP/IP TCP/IP in full Transmission Control Protocol/Internet Protocol Standard Internet communications protocols that allow digital computers to communicate over long distances. services in a way transparent to both server applications and clients. Clients can access the cluster through a single IP address with the LBS (Location-Based Services) See mobile positioning. automatically balancing TCP/IP traffic between the clustered computers and reconfiguring the cluster if one of the computers in it fails. Active Directory also delivers Hierarchical Storage Management See HSM. , which automates the migration of less-used data to less expensive media in a way transparent to users, via the Remote Storage Service (RSS (Really Simple Syndication) A syndication format that was developed by Netscape in 1999 and became very popular for aggregating updates to blogs and the news sites. RSS has also stood for "Rich Site Summary" and "RDF Site Summary. ). A migrated file displays in Windows Explorer or any dialog box the same as a normal one, the only difference perceived by the user being a delay in access, which is proportional. Active Directory is also the foundation of Microsoft's Distributed File System, which gives users a logical view of shared resources on the network in a single, global namespace. A DFS root, which can be represented by a single drive letter for mapping purposes, can contain a whole tree of nodes representing shared resources in different physical locations, so that users see a familiar directory-like structure and do not have to know where any given resource is. For Windows 2000, DFS has been updated with improved replication and fault-tolerance, both via Active Directory. The file system is the same because AD is bandwidth-aware via its Site-based organization, making wide-area file replication possible and manageable. Migrating To Active Directory Active Directory is the source of both the majority of benefits and the majority of migration difficulties with the move to Windows 2000. The major difficulty with Active Directory is its "all or nothing" nature: its full benefits can only be realized at the cost of sweeping logical and physical changes in the network, and the adoption of end-to-end Windows 2000--putting it on virtually every desktop and server in the organization. The fundamental nature of Active Directory makes the method of migration an important decision. Upgrading users in place involves swapping out Windows NT servers with their domain-based user organization and information for Windows 2000 servers and AD. If there are any glitches, the productivity loss from suddenly non-connected users could be staggering. Incremental migration is fundamentally safer, although it requires a longer period of coexistence between Windows NT 4.0 Server and Windows 2000 Server in the network. Given the centrality of this decision to realizing the benefits of AD, migration services and applications are likely to be a profit center for many VARs and integrators in the next few years. This article is adapted from the Windows 2000 Adoption Survey recently published by Survey.com. The full report is available for $1895, detailing the intentions of IT professionals in eight areas: Windows 2000 Planning, Windows 2000 Implementation and Deployment Plans, Hardware Upgrades and New Hardware Purchase Plans, Windows 2000 OS Migration Plans, The Operating Systems Landscape in 2001, Windows 2000 Server with Terminal service, Windows 2000 Features and Capabilities, and Active Directory Plans and Attitudes. An Executive Summary of the report can be viewed at www.survey.com. Dave Trowbridge, a contributing editor for CTR See click-through rate. , is a senior analyst at Survey.com, a market research firm specializing in data-intensive reports on information technologies, where he monitors operating systems, portals, and various aspects of business intelligence. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion