Windows Server 2003 on Proliants. Deployment Techniques and Management Tools for System Administrators
< Day Day Up > |
This section is a practical guide to building a template from which the assessment data can be gathered and a resulting document produced. The topics listed here note differences in approach between a Windows NT assessment and a Windows 2000 assessment for a Windows 2003 migration. The assessment will involve all of the design team members ”each one taking responsibility for the part of the migration that falls in his or her area of expertise. Typically, when I do an assessment for a customer, I conduct interviews with all the design team members to get a complete view of the total environment.
tip A good assessment and a comprehensive document will do a lot of the AD design work. The AD design will be much easier if you do a good assessment.
Introduction to the Assessment
This portion of the document describes the scope of the assessment, such as reviewing the current design, identifying elements of the migration that are not ready for the migration to Windows 2003, and identifying infrastructure configuration changes and upgrades that are required prior to the migration. Also included in this section is a list of benefits for the company as a result of the migration, as well as a list of tasks to be accomplished to allow you to realize those benefits. Some recommendations might include
note A number of significant changes were made to the Windows Server 2003 HCL from the Windows 2000 version from an HP perspective. Chapter 7, "ProLiant Server Installation and Deployment," addresses supportability from a ProLiant perspective. Make sure you check the Microsoft Web site as well to ensure that your hardware is specifically on the HCL. Don't get into the situation where you call for support and get the "your hardware configuration isn't supported" disclaimer.
Overview of Existing System Environment
This section surveys the physical environment. Determining the existing environment helps identify changes needed for an efficient AD implementation. The organizational structure, server systems topology, network topology, network services, operating systems (OSs) and server inventory, user working environment, and security are important parts of this section. You should survey the organization of the enterprise to gather information about the physical locations of company offices and the user population in those sites. In addition, it is important to identify the workstations and member servers (file/print, application, and so on). This helps you determine the design of the AD sites ”distribution of Domain Controllers (DCs), and GC servers ”as well as administration requirements. A typical summary of the user distribution is shown in Table 4.1. Table 4.1. Distribution of Users and DCs Across All Company Sites for a Windows NT Environment
If the sites are all Windows 2000 rather than Windows NT, this is a good way to evaluate the distribution of DCs, GCs, and Flexible Single Master Operation (FSMO) role holders. Table 4.2 shows a Windows 2000 environment. Note that San Antonio and Miami have GCs, but have small communities of users. They might be good candidates for Windows 2003's Universal Group Membership Caching feature to eliminate GCs for autonomous user logon in those sites. Table 4.2. Distribution of Users, DCs, and GCs Across All Sites for a Windows 2000 Environment
Server Systems Topology
This section identifies the existing domain structure, an analysis of the deployment of DCs including hardware configuration, the administration model, security standards, and Transmission Control Protocol/Internet Protocol (TCP/IP) addressing standards. In the list shown here, I have provided various components of the systems topology and how they could be documented in the assessment:
Network Topology
A network topology map can mean anything from a complex diagram showing routers, switches, and IP addresses to a simple drawing showing network connections and link speeds. All we need here is a conceptual diagram like that shown in Figure 4.2. We need to know the physical locations, how they are connected to the other locations, and, if possible, speeds and available bandwidth. This will be important for the design of the site and replication topology. Figure 4.2. Functional diagram of a network topology.
If you already have Windows 2000 implemented, this will not be new to you. However, it's important not to skip this phase. Network changes might have been implemented since you deployed Windows 2000, or you might have decided that, with some experience under your belt, it's time to take a fresh look at the replication topology. Other network- related topics you should consider include
Network Services
Network services should be listed for later examination for removal or upgrade. This review also gives you a good definition of how services such as DHCP, NetBIOS, and DNS are configured and implemented, and identifies all existing protocols. You might also want to list problems that currently exist that should be addressed prior to the migration. The following list identifies services and details how you can assess the impact of each service:
The important point here is to examine DNS carefully . One customer I worked with was using NetID for DHCP and DNS and had planned to move to QIP. This DNS migration had to be included in the migration plan as a preparatory step. It is important during the assessment to identify situations like this that will impact the migration. Additional information about DNS will be given in Chapter 6, "The Physical Design and Developing the Pilot," which covers the actual design of the infrastructure. ProLiant Network Adapters and Interconnects
In assessing the physical network components, it makes sense to identify the various network interface options available to the ProLiant family of servers. The majority of the current line of ProLiant servers use dual-port, embedded Network Interface Cards (NICs), meaning the NICs are embedded in the motherboard. This feature is referred to as LAN on Motherboard (LOM). LOM is a space-saving feature that enables the current trend toward consolidation and space-saving server architectures. LOM also frees up a PCI (Peripheral Components Interconnect) slot for other PCI options. All embedded and slotted NICs currently shipping in ProLiant servers offer a full set of features for improve functionality and performance, including
This range of features helps ProLiant server customers in future-proofing their ProLiant servers for the inevitable increase in networking throughput. For servers that require additional network connections, HP offers optional NICs. The gigabit Ethernet adapter has a couple of options:
For the complete details on the full-feature sets, including IEEE 802.xx, PCI-X, PCI, and ACPI information on HP's line of ProLiant Embedded or Slotted Ethernet adapters, see the HP Web site at http://www.hp.com/servers/networking. Servers
This section should include a comprehensive survey of servers (including DCs), OSs employed on those servers, and any applications running on the servers. Tables 4.4 and 4.5 are examples of how this could be done. The columns , of course, can be adjusted to collect relevant data. The advantage of this, although it might take time to collect, is that you can easily see all hardware configurations for comparison to the HCL, as well as identify specific needs, such as a memory upgrade. Table 4.4 shows that several servers are at old service packs , so bringing them up to the current service pack would be added to the project. The application inventory, shown in Table 4.5, is a good way to see all the applications at a glance for evaluation of the current version, Windows 2003 compatibility, and whether they have been validated by your staff. Table 4.4. Server Hardware and OS Inventory (sample)
Table 4.5. Installed Applications Inventory
Rather than cluttering up the assessment document with what could be a several-page table, I usually add this information in the appendix of the assessment document. You only need to specify processor type, number of processors, memory, disk space, and the make and model of the servers ”just the information needed to validate them on the HCL. Besides physical components, it is important to upgrade ROM, drivers, and other software components, as noted in Table 4.6. During the initial phases of the migration, it's important to evaluate what needs to be done to upgrade existing servers so they are compatible with Windows Server 2003. Don't wait until you are ready to deploy Windows Server 2003 to start looking for drivers. Table 4.6. Windows NT 4.0 and Windows 2000 Upgrade Checklist
note Chapters 7 and 8 provide additional details regarding installation and deployment of ProLiant servers, including deployment tools.
One of the most important items in this list is that of the Windows 2000 Primer Utility. This utility must be run on all ProLiant Windows NT servers before they are upgraded to Windows 2003 to erase all incompatible ProLiant utilities. Failure to do this causes operation failures after the upgrade. Note that this utility does not need to be run on Windows 2000 systems prior to the upgrade.
note The upcoming "ProLiant Server Summary" section details the ProLiant servers and their uses in regard to the Windows 2003 environment. This will be helpful in designing the server environment to support the Windows Server 2003 infrastructure.
Physical Environment
Other physical features of the environment should be assessed. These features will be very important in the AD design later on. The intent is to get the big picture of what the physical network looks like. Questions to ask in this assessment phase include
After procuring these answers, you should provide (or create) a map of the network topology and identify slow links. In addition to the server environment, the user environment must be designed to address the requirements from the user community. User Working Environment
This section describes the user's workstations and computing environment. You should list all OSs, hardware configurations, applications, remote user configurations (laptops, remote connection software, SmartCards, and so on), and how profiles and group or System Policy are managed. In analyzing the applications used, you should quantify the list, relating which users have which applications. You should work with those responsible for applications and the user environment to start developing a test procedure to qualify all applications ”especially home-grown ones ”for Windows 2003. Don't assume that because they are working in the Windows 2000 environment, that they will work in the Windows 2003 environment with no problem. It is imperative that the user environment is properly defined to minimize impact on the users. This includes reproducing the profile the users are currently using. Having thousands of users spend an hour or so getting their desktop the way they want it can cost the company ”and the project ”a lot of money, in addition to additional help desk calls when the help desk could be handling more important issues. Security
In recent years , the influx of viruses, worms and hacker attacks require even the most novice home computer user to employ security measures to protect private resources. If you are in a Windows NT environment, you might consider enlisting the help of a qualified security consultant if you don't have someone on staff with that expertise. Even if you have been active in Windows 2000 security using Public Key Infrastructure (PKI), Kerberos authentication, Certificate Services, and the Software Update Service for patch management, there are significant changes in Windows 2003. The assessment simply requires you to evaluate and describe the current infrastructure, but you should take advantage of this opportunity to get an expert to evaluate it and make recommendations that will be used in the design and implementation phases.
warning With the importance of security to the enterprise, we recommend that you obtain the services of a qualified security expert who is skilled not only in Windows security, but in most standard security and access technologies, such as PKI, firewalls, remote access, Web Services, and so on
|
< Day Day Up > |