Windows 2000 Overview
A lot of hype has surrounded Microsoft's impending release of Win2K. Find out whether the OS is everything the company claims.
October 21, 1999
Is it worth the wait?
Microsoft trained usto expect annual releases of new versions of Windows NT: NT 3.1 shipped in 1993, NT 3.5 in 1994, NT 3.51 in 1995, and NT 4.0 in 1996. Four years later, the company will finally release the latest version, under a new name: Windows 2000—Win2K. (For information about the name change, see Mark Smith, "Is NT Windows?" December 1998.)
The OS's name isn't the only thing that's new; Win2K is full of changes. What you've read so far about the new NT only scratches the surface. The difference between Win2K and NT 4.0 is vastly greater than the difference between NT 4.0 and NT 3.51. The three main changes are increased reliability and scalability, improved supportability, and updated hardware support. (For a list of Win2K acronyms and terms, see the sidebar "Windows 2000 Glossary," page 60.)
Enterprise Reliability and Scalability
Win2K must be more reliable and more scalable than NT 4.0 is. The OS can no longer require weekly server reboots to keep a system running, and it must support computers with 8, 16, and even 32 processors. Win2K needs to be reliable and scalable enough that we wouldn't laugh at the idea of AT&T using the OS to run its long-distance network.
Win2K's crown jewel: Active Directory (AD). To make Win2K more enterprise-ready than NT 4.0 is, Microsoft made AD a part of the OS. (For information about migrating your NT domain models to Win2K's AD, see Sakari Kouti, "Migrating to Active Directory," January 1999.)
AD is a directory service (i.e., a hierarchical database of users, computers, and shared applications and data) that a Microsoft Jet database engine controls. Although Win2K's AD isn't as powerful as Novell Directory Services (NDS) or Banyan's StreetTalk directory services, most of Win2K's compelling new features require—or take advantage of—AD to work.
With AD, Win2K supports networks that have far more users and machines than NT 4.0 supports. An AD database can accommodate between 1.5 and 20 million user accounts. AD is easy to extend, letting you build groups of domains, called forests, that automatically trust one another. Within a domain, you can divide security authority among organizational units (OUs) and eliminate the need for NT 4.0's resource domains. AD in Win2K understands network topologies. Thus, you can tell the service which machines have slow WAN links, and AD will compress domain controller communications before sending information over those links to conserve bandwidth. This feature is important because domain controller communication will increase now that AD's domain controllers use multimaster replication, which lets administrators connect to any domain controller to reset passwords, create new accounts, or perform other domain account maintenance. (In contrast, NT 4.0 administrators can perform account administration only when they're connected in realtime to a domain's PDC.) A significant weakness of AD in Win2K is the inability to merge (i.e., to prune and graft) two existing AD structures. However, Microsoft plans to incorporate software to address this limitation.
A scalable OS. To be viable in the enterprise, an OS must be scalable. And Microsoft clearly thinks Win2K is scalable because Win2K Datacenter Server (Datacenter) supports 32 processors right out of the box. The OS also supports as much as 64GB of RAM—assuming you can find a server and applications to support that much memory.
But if you want big, you need to wait for the 64-bit version of NT—the version that will run on Intel's Itanium (formerly code-named Merced). According to Microsoft, Win2K is the last 32-bit version of NT. (But the company has also called every version of Windows since 3.1 the "very last" version of Windows.)
Supportability
Running networks of PCs is expensive, both on the front end (desktop PCs) and on the back end (servers and network infrastructure). By simplifying remote server administration, providing automated scripting tools, improving the network infrastructure, and incorporating new desktop support tools, Microsoft made Win2K easier and cheaper to support than previous versions of NT are.
Remote control. Remote servers are especially easy to support. Every Win2K server has a built-in Telnet server that supports as many as two simultaneous connections. When you Telnet to a Win2K server, you receive a prompt for a username and password. After you supply these variables, you get a typical C:> prompt. Although you can't run GUI tools from Telnet, Win2K's command line is considerably more powerful than NT 4.0's. Many tools have command-line equivalents, and according to Microsoft, you can easily replace GUI-only tools by entering a few lines of VBScript. A caveat is that VBScript is easy to write, but finding documentation for the hooks into the OS is difficult.
Even administrative tools that don't run from the command line work as well on remote computers as on the local machine because virtually all hardware functions are now built around the Windows Management Interface. WMI is an eminently remoteable software interface. An example of WMI's power is the Device Manager, a program that lets you view and modify hardware settings not only for the computer you're sitting at but also for any network machine that you can see and that you have administrative rights on. Storage management is similarly improved: Whereas NT 4.0's Disk Administrator lets you format and partition disks only on locally attached disks, Win2K's Disk Management lets you perform these actions locally or over the network.
Remote control gets yet another boost in the form of Windows Terminal Services. Terminal Server debuted in a separate version of NT 4.0, but now just one click converts any Win2K server into a Terminal Server system. Suppose you need to reset a password or view an event log at 3:00 a.m. to solve a problem, but you live 40 miles from work. You can simply connect to the company's intranet over the Internet via a VPN and open a Terminal Server session.
Network infrastructure. To build an NT-based network around TCP/IP, you need three important infrastructure tools: DHCP, which hands out IP addresses to client machines; WINS, which helps those machines find domain controllers and each other; and DNS, which helps find particular machines' IP addresses and Internet domains' mail servers. Although Microsoft simply polished WINS in Win2K, it significantly improved DHCP and DNS. (For information about WINS, see Alistair G. Lowe-Norris, "Tombstones Mark the Coming of the End for WINS," March 1999.)
DHCP servers provide machines with unique IP addresses, an essential part of making a machine work on an intranet. DHCP has worked well since NT 3.5, but the protocol has always had one problem: Setting up a DHCP server is too easy. Occasionally, a novice administrator practices with the protocol by setting up a DHCP server on a PC. Then, the administrator's new DHCP server starts handing out bogus IP addresses to unsuspecting workstations. The worthless addresses in turn prevent the workstations from functioning on the company's network.
Creating a DHCP server involves more steps in Win2K than in NT 4.0. In Win2K, AD must authorize DHCP servers before they can start handing out IP addresses. This improvement eliminates rogue DHCP servers. DHCP also helps older systems work with Win2K's new DNS server.
DNS isn't an essential part of the OS in NT 4.0. The service's main task is to help Internet-oriented programs such as Web, FTP, and POP3/SMTP clients find their corresponding servers. In Win2K, however, DNS takes center stage. Without DNS, AD won't work. Win2K workstations and servers use DNS to find one another; to find domain controllers to handle logons; and to find other network services such as Win2K's Global Catalog, which is an abbreviated version of AD that helps speed up logons. Like NT 4.0's DNS Manager, Win2K's DNS server has a friendly user interface (UI). The wizard needs a bit of improvement, and I hope Microsoft will fix this problem before the company ships the product.
Win2K's DNS supports secure dynamic updates, which is a process that lets you automate the addition of information about new machines to a DNS database—much as WINS maintains its database of PCs. Based on the Internet Standards document Request for Comments (RFC) 2136, Win2K's DNS combines the best of NT 4.0's WINS and DNS servers. Win2K's DNS also supports RFC 2052, which expands the kind of information that DNS servers can contain. For example, a pre-RFC 2052 DNS server can tell you which machines act as mail servers for an Internet domain but not whether the machines are Web or FTP servers. RFC 2052-compliant DNS servers can provide this information and more: AD now uses RFC 2052 to let DNS help workstations find domain controllers and other AD-specific server types.
Win2K's only potential networking problem occurs on the client side: Similarly to WINS clients, RFC 2136 clients must register with their local DNS server. But because pre-Win2K machines aren't configured to register with the server, Win2K's DHCP registers the machines automatically.
Desktop deployment. To improve Win2K's supportability, you can install the OS on your workstations. In my experience, you'll want 400MHz or faster Pentium II machines with 96MB of RAM to support Win2K, although Microsoft says the OS will run on 133MHz systems. The two new technologies that make the OS practical for desktop use are Remote Installation Service (RIS) and Group Policy Editor. (For more information about RIS, see "Using Win2K's Remote Installation Service," September 1999; for more information about Group Policy Editor, see Darren Mar-Elia, "Introducing Group Policy," September 1999.)
RIS makes Win2K Professional (Win2K Pro) desktop installation simple. (Unfortunately, the service doesn't help you install Win2K Server.) Like programs such as Norton Ghost and Power-Quest's Drive Image Pro, RIS directs you to create a workstation with the configuration you want. Then, a wizard called RIPrep copies that workstation's disk image to one of your Win2K servers (RIS doesn't care which one). Next, you attach a new computer to the network and boot the computer with a 3.5" remote-boot disk (which Win2K can create for you). After you identify the user who will work at the computer, the installation proceeds automatically. RIS copies the disk image from the server to the new computer and runs a hardware detection to ensure that the system gets the correct drivers. Finally, the new computer reboots into Win2K. (For more information about installing Win2K Pro, see Zubair Ahmad, "Windows 2000 Professional Deployment," page 73.)
Because Win2K Pro images are at least half a gigabyte in size, storing numerous images on one server volume is impractical. The Single Instance Store (SIS) solves this problem. SIS examines all the RIS server directories that contain duplicate files (e.g., workstation images, whose kernel, driver, and program files are usually identical) and removes the duplicates, putting placeholder-like entries into the NTFS directory. These entries fool the RIS server into thinking it has many copies of files on its disk. Thus, you can put hundreds of system configurations on one server, using only 1GB or 2GB of disk space.
After you install Win2K on your desktops, you need central control and administration ability to keep your workstations running. NT 4.0's system policies let administrators lock down desktops to a degree, but system policies have many problems and are difficult to use. Thus, Microsoft developed Group Policy Editor for Win2K. In Win2K, group policies reside in the AD. This arrangement is beneficial because AD automatically replicates the policies, without the administrator having to use the directory replication service.
Win2K's group policies manage a wider variety of functions than NT 4.0's system policies control. For example, group policies let you move users' My Documents folders to the network for easier backup. In addition, an administrator can deploy an application from a central point to any or all the Win2K machines in the company, without using Microsoft Systems Management Server (SMS). Applications then self-install on users' desktops.
Applications also self-heal in the event of a program file erasure or other damage. However, this feature works only if you use Win2K-ready applications, run Win2K Pro on your users' desktops, and have Win2K servers with AD. (The OS also can self-heal: If a poorly written Setup program overwrites a Win2K system file with a file of its own, the OS automatically restores the file to its original Win2K format.)
Win2K finally has user disk quotas, although the quotas are primitive. You can't assign quotas by group, OU, or site. Instead, you set one quota size for everyone and make individual adjustments manually. Although users might hate quotas, they'll like the fact that network servers seem faster and more reliable because of offline files, a feature that caches often-used network files and lets users think the network is working even when it isn't. Win2K workstations and servers can act as dial-on-demand LAN/WAN Internet routers, preventing you from having to edit the Registry. Folder redirection stores users' files on a centrally backed-up server rather than on users' workstations.
Updated Hardware Support
Win2K provides the hardware-support updates that NT 4.0 needs. The OS has a variety of drivers and supports Universal Serial Bus (USB), Plug and Play (PnP), and IEEE 1394. However, Win2K's IEEE 1394 support is a bit weak; my Pinnacle DV-300 IEEE 1394 board didn't work with the OS during testing. The only other device I couldn't get to work with Win2K was my Presario internal modem. For Microsoft's list of approved hardware, see the article "Planning Windows NT Server 4.0 Deployment with Windows 2000 Server In Mind" (http:// www.microsoft.com/ntserver/ nts/deployment/migration/prepwinnt5v22-final.asp).
Additional Features
The new NT offers many additional features. Win2K's Dfs gives the OS enterprise file-management capability. Dfs lets you organize file shares intelligently, naming the shares by function rather than by which server they're on. In addition, Dfs lets you provide basic fault tolerance and simple load balancing by creating several identical shares and giving them the same name. (For more information about Win2K's Dfs, see Douglas Toombs, "Dfs in Windows 2000," page 101.)
In Win2K, junction points and mountable drives finally disconnect NT from drive letters. These features let you attach multiple drives and drive partitions to one drive letter.
Win2K also provides the Removable Storage Manager, which acts as a two-level hierarchical storage manager. This tool frees hard disk space by invisibly watching for long-unused files and moving those files to tape, where the files are ready for retrieval if you need them.
The Bottom Line
Win2K is a major improvement over NT 4.0: AD, PnP, and the Change and Configuration Management (CCM) tools are well worth the OS's price. Win2K has lots of room for improvement, however. The OS still isn't crash-proof, it still lacks a basic fax server, and DHCP still isn't fault tolerant unless you implement an expensive two-system cluster. Many of Win2K's CCM features require you to throw away your old applications, server OSs, and desktop OSs to benefit from CCM's desktop support. As with most OSs, you'll get the most out of Win2K if you run it on fairly recent hardware. Although you'll probably make the move to Win2K eventually, don't be in a hurry. You might want to begin by upgrading your workstations to Win2K Pro, then upgrade your member servers, and finally—after you're comfortable with Win2K's UI—merge and migrate your NT 4.0 domains to AD.
About the Author
You May Also Like