Preparing NT4 and Migrating to Windows NT5

Download Report

Transcript Preparing NT4 and Migrating to Windows NT5

Migrating to Windows 2000 in a Large Research Environment

Rand Morimoto President, Inacom Oakland [email protected]

Migrating to Windows 2000 in a Large Research Environment

      Background of Active Directory DNS in Windows 2000 Migrating from WINS to DNS Consolidating NT4 Domains Conducting a Phased Migration Next Generation MS-Exchange

About the Speaker

• Microsoft Advisory Council Member (1995-present) • On the NT and Windows 2000 Development Team • Author: • “Deploying Microsoft Exchange v5”, 700-pages • “Tuning and Optimizing Windows NT”, 1000-pages • “Windows 2000: Design and Migration” • “Exchange v6: Design and Migration” • President / Inacom Oakland • Inacom Corporation • National / Int’l Services • Windows 2000 Services

Microsoft Directory Evolution Now Now Coming Microsoft Exchange Server directory Windows NT user directory Windows 2000 Windows NT user directory

Single enterprise logon

Central management

Replicated/ partitioned

E-mail names and rich attributes

X.500 naming

MAPI, LDAP support

Scalable to “millions”

Integrated DNS, X.500

Deep integration with OS security

More standard support: X.500 DAP/DSP, ADSI, OLE/dB, etc.

Scalable to millions

What is Active Directory?

  Windows 2000 directory service Active Directory has 

A hierarchical, flexible namespace

Partitioning for scalability

Multi-master replication

Dynamic extensibility

Open and extensible directory synchronization interfaces

Lightweight Directory Access Protocol (LDAP) as the core protocol for interoperability

AD Terminology

        Namespace Name Domain Organizational Units (OUs) Tree Sites Global Catalog Schema

Differentiation

Administration Designators vs Replication Designators

Creating Administrative Structures

1.

2.

3.

4.

First I Create my “Domain” and Give it an Organization Name Then I Create Organizational Units within this Domain to Distribute Administration I then Create Users within the Organizational Units where they Belong Finally I Group the Users so I can more Easily set Policies to the Group

Creating Administrative Structures

Domain Organizational Units Users and Groups

Enterprise is Made of Domains

Domains can be linked by trust

Domains can be related by name

Both X.500 and DNS naming DC=MyCorp,DC=Com DC=Dev,DC=MyCorp,DC=Com whatever.edu

whatnot.whatever.edu

Active Directory Global namespace = DNS + LDAP Directories berkeley edu microsoft com inacom students courses PoliSci BSmith RJones AArney KBryant Domain: berkeley.edu Domain : microsoft.com

Domain : inacom.com

Windows 2000 DNS Management Services

Planning Your DNS Strategy

  Active Directory is integrated with Domain Name System (DNS) Therefore, it is important to 

Determine which DNS server to use

Determine your DNS root

DNS Server Options

   Implement Microsoft DNS Exclusively Implement Microsoft DNS as a Delegated Sub domain Use an Existing DNS Server

Implement Microsoft DNS Exclusively

 Benefits 

Tight integration with Active Directory

Supports the extended character set, Unicode

Not dependent on existing DNS Servers

Will co-exist with other DNS Servers

Supports multi-master replication

Implement Microsoft DNS as a Delegated Sub-domain

 Benefits 

Requires no upgrade of any existing DNS servers

Utilize existing DNS infrastructure

Minimizes dependency of Active Directory on existing DNS servers

Use a Non-Microsoft DNS Server

 Benefits 

Does not require replacing existing DNS servers

No DNS changes required

Existing DNS Server

 To Support Active Directory, a DNS Server 

Must support the SRV RR defined by RFC 2052

Should also support:

The Dynamic Update Protocol - RFC 2136

Incremental Zone Tranfers - RFC 1995

Multiple Domains/Trees

  Sometimes it is necessary to have more than one domain Multiple domains with a contiguous name space are referred to as trees

tailspintoys.com

europe.tailspintoys.com

marketing.europe.tailspintoys.com

Forest Definition

 One or more Windows 2000 Trees 

Do not form a contiguous namespace

Share a common schema, config., Global Catalog

All Trees in a Forest trust each other

Does not need a distinct name Microsoft.Com

PBS.Microsoft.Com

Softimage.Com

Finance.Softimage.com

NTDev.PBS.Microsoft.Com

Integrated Security Scenarios Single Sign-on Private Comm.

Secure Biz Tx Secure Desktop Safety:

 

Authenticode Driver signing Auth.:

  

Priv Key/Kerberos Public Key/X.509

NT4 Protocol:

  

SSL IPSEC RPC/DCOM Base:

  

Crypto API Encrypted F-S More Auditing Active Directory

PK Certificates

Kerberos keys

Goal of Windows 2000 for Enterprises: Reliability and Scalability

Network Load Balancing Clustering

Goal of Windows 2000 for Enterprises: World Ready

    Multilingual user interface Same code runs anywhere Simultaneous support of multiple languages Single world-wide API

What Can be Done with NT4 in Anticipation of a Migration to Windows 2000

Consider Implementing NT4 Workstation Today

    Higher level of security 

ability to lock down w/s hardware config

ability to create and manage set processes

Ability to use global roaming profiles Key to Intellimirror in Windows 2000 Consolidated DLL model in Windows 2000

Design, Implement, and Gain Support for System Policies

 Globally manage individuals, groups of users, or all users the ability to: 

change screen saver

change desktop background

add applications

purposely or accidentally delete applications

drop to DOS prompt

modify workstation configurations

System Policies

Consolidate Domains

    Minimize resource domains Develop structure that utilizes fewer domains Create simplified trust model Document enterprise hierarchy 

server/host configurations

segment addresses

segment bandwidth

trust and authentication process

Fastlane Technologies: DM/Manager

Selectively move single or multiple users from any Source Domain...

...to any Target Domain!

Setting Rules / Policies for Migration

Flexible migration options...

Conduct Performance Analysis

    Evaluate Client to Server Bandwidth Demands Evaluate Server to Server Bandwidth Utilization Analyze Server System Utilization Conduct WAN Bandwidth Analysis Bluecurve “Dynameasure” recognized by Microsoft for capacity analysis and capacity planning (http://www.bluecurve.com)

Performance Analysis Server CPU capacity is bottlenecked. All four server CPUs reach maximum thruput

Implement TCP/IP and SMTP as Core Communications Protocols TCP/IP SMTP Site A Site B

Implement DNS (in addition to (and in an Windows 2000 environment, in place of) WINS)

  WINS needed for Netbios name resolution DNS to be native in Windows 2000 complete TCP/IP environment

Implement LDAP for Look-up Client Microsoft Management Console Domain Controller Legacy NT4 APIs NT4 BDC Replication SAM ADSI NW3 NW4 NT4 NTDS NCP NCP Net APIs wldap32.dll

LDAP Directory Service Windows 2000 M-M Replication

Create an Windows 2000 Deployment Team

 Team Includes: 

DNS Decision Makers (NT, UNIX, etc)

Hardware Implementers and Support Personnel

File/Print LAN/WAN Decision Makers

Firewall and Internet Security Decision Makers (Kerberos, X.509, etc)

Electronic Messaging Group

Desktop Support Group (Intellimirror, Windows Scripting, Sysclone, SMS)

Migrating from NT4 to Windows 2000

 Migrating Domain Controllers  Migrating Servers  Migrating Users

Migration

  Any Windows NT domain model can be migrated easily to the Active Directory Mixed environments 

Fully supported

Look and act like Windows NT 4.0 domains

Migration to domain tree simple

Migration (Initial State) Initial state Windows NT 4.x domain “PDC” BDC BDC

Migration (Step 1) Upgrade PDC to Windows 2000 “PDC” Domain replica Global catalog BDC BDC BDC

Migration (Step 2) Upgrade remaining Windows NT 4.x BDCs DC - GC Domain replica Global catalog DC DC DC

Migration (Final State) DC - GC Domain replica Global catalog DC DC DC “Native” domain

Migration resource domains

  Can be upgraded in place and joined to tree Can be replaced with OUs 

Convert in place

Join to tree

Create OU in parent domain

Drag resource domain contents into OU

Delete (empty) resource domain

Server Role In Windows 2000 PDC Windows NT 4.0

Only writeable copy Windows 2000 Windows 2000 Mixed domain BDC Read-only copy Writeable copy.

Appears as PDC to downlevel clients - Only writeable copy (Windows NT 4.0 or Windows 2000) Read-only copy (Windows NT 4.0) Replica - Writeable copy Read-only copy

Next Generation Microsoft Exchange 2000 codename “Platinum”

Built on Windows 2000 Active Directory

AD Does Exchange Administration

Utilizes Multiple Storage Groups

• More than 1 MDB Per Server • Smaller MDBs for easier backup/restore • Separate MDB for NNTP and Internal Public Folders • Distribute DBs across multiple Storage Area Network (SAN) devices • Distribute Administration of DB management on a single server

Migration to Exchange Platinum

 Exchange Platinum Migration 

Exchange server needs to be migrated, but not the whole organization

Migration tools included to migrate Exchange v5.5 to Platinum (users, org/site structure, mailboxes, public folders)

Active Directory Connector provides a link between non-Active Directory NOSs and Exchange Platinum (NT4, NDS, LDAP)

Preparing for Exchange Platinum

  Upgrade to Exchange v5.5 (if you have not already done so) Replace Site Connectors with SMTP or X.400 Connectors using InterOrg Directory Replication

Questions ?

Rand Morimoto

Inacom Oakland internet: [email protected]

(510) 444-5700 ext.100