Win 2000 server bigger than it is better

Windows 2000 Server, Beta 2




Pros and cons:






Microsoft Windows 2000 is coming at us like a slow-motion unstoppable avalanche. From
the desk to the server room and on to the data center, Win 2000 threatens to cover
everything. Will this be a new era in computing or a megaflop? As the GCN Lab discovered,
in the server arena it will depend on an agency’s current environment.


The only way for an enterprise to take advantage of everything in Windows 2000
Professional is to run Windows 2000 Server and its Active Directory Services. Win 2000
Advanced Server, formerly called the Enterprise Edition, will be a superset of Win 2000
Server with support for clustering, larger memory space and more CPUs.


Many network administrators are familiar with Novell Inc.’s Novell Directory
Services. The Active Directory in Win 2000 Server is Microsoft Corp.’s first attempt
to present an alternative to NDS.


NDS and Active Directory both map out the network labyrinth and store vital information
about objects—user settings, networked devices and applications. This makes objects
and settings much easier to administer, and users can conveniently locate the network
resources they need.


NDS has an edge over Active Directory in replicating directory information between
servers, because it is more mature and has been through the crucible of real-world use.
Though not perfect, NDS works pretty much as advertised.


Active Directory in the second beta of Win 2000 Advanced Server is promising but faces
a rough road on its way to enterprise acceptance.


For users accustomed to Windows NT 4.0’s domain structure, Active Directory will
require retraining. Managers who run mixed NetWare and NT environments will have to decide
whether to stay with the NDS directory they know or take a chance on Active Directory.


Although Novell sells NDS in a version for NT 4.0 Server, Microsoft has not announced
plans to port Active Directory to NetWare. That simplifies the migration decision somewhat
for mixed government shops. Microsoft will, however, incorporate a migration tool to move
NDS objects into Active Directory.


If a manager plans to mix servers running Windows 2000 and NT 4.0 in what Microsoft
terms mixed mode, users will have to give up some of the features available in an all-Win
2000 environment. At this time, NT 4.0 and Windows 9x clients cannot search the Active
Directory. Microsoft may correct this fault in a Service Pack at some point, but for the
time being, it’s Win 2000 only if you want Active Directory Services.


As with other Microsoft products, Active Directory demands commitment. It’s fine
if you have only Win 2000 clients and servers, but it’s likely to cause problems in
heterogeneous environments.


File and print services are the most heavily used under any network operating system.
Win 2000 makes several improvements here. Topping the list is a Win 2000 version of the NT
File System that lets users and administrators natively encrypt files and resize NTFS
partitions without rebooting servers.


Many administrators will appreciate being able to assign network disk use quotas to
users or groups—the first such capability in a Microsoft network OS, though common
under other vendors’ network OSes.


Performance gains in Win 2000 Server will be fairly small compared with NT 4.0. Both
Server and Professional can defragment partitions, regardless of whether they are 16- or
32-bit File Allocation Table or NTFS partitions.


One of the most impressive additions to Win 2000 Server is hierarchical storage
management, which offloads seldom-used files to optical or tape drives. If a user requests
such a file, the server brings it back online transparently.


File security is better, too. NT 4.0 can control user access rights down to the
subdirectory level but not to the file level.


Win 2000 Server’s distributed link tracking is one of those good ideas that should
have come earlier. Currently, when a file’s name or location changes, it becomes
almost impossible to find again. That’s bad enough for a data file, but if a program
file gets lost, a lengthy reinstallation follows. DLT keeps up to date on shortcuts and
links to files residing on NTFS partitions.


Other improvements are input-output bandwidth boosters such as I2O, Scatter/Gather I/O
and client-side caching of network files.


Of great importance on large, multiserver networks is Win 2000’s new Distributed
File System, which creates a tree of directories that contain files from multiple systems.


For example, a folder called Budget Fiscal Year 2001 could hold files residing on
different servers at the program office, the administrative office and the budget
division. The feature likely will ease sharing and managing files across offices,
departments and divisions.


Win 2000 has a lot to prove when it comes to security. NT 4.0 was scorned by many
hackers as too easy to crack.


Part of the reason is that because Windows NT 4.0 is fairly easy to set up and manage,
inexperienced administrators without network security training sometimes get the job.
Another reason is that, because NT 4.0 can fix or limit many of its security problems,
Microsoft made NT security policies difficult to implement.


Security in Win 2000 is more robust and a little easier to set up. The Security
Configuration Editor presents security templates that can be replicated across servers.


Win 2000’s public-key Encrypting File System runs as a service and can protect a
single file, a group of files or a directory. Win 2000 also supports the Kerberos 5
industry standard for authentication, which is likely to help with cross-platform security
integration.


In addition, Win 2000 will have a public-key certificate server—a boon for
organizations that want to move toward a public-key security model without buying
additional products. And smart cards can furnish a physical layer of security on top of
passwords.


TCP/IP is a notoriously insecure route for sending and receiving data. Win 2000
supports the open standard called IP Security Protocol for more secure data transmission
across an intranet or virtual private network.


NT’s greatest strength has always been with applications and Web servers, and
Windows 2000 continues in that vein. Microsoft has made it more scalable via the
Enterprise Memory Architecture, which will better handle transactions against large data
sets by keeping more data in memory.


The higher-end Win 2000 Advanced Server version will juggle up to 4G of memory on Alpha
and Pentium Xeon platforms, and the Win 2000 Datacenter Server version can support as much
as 64G.


Legacy client systems can take advantage of the latest applications through Win
2000’s Terminal Services, executing applications on the server rather than locally.


Win 2000 Advanced Server will do better clustering of application servers and, through
the Active Directory, give better availability to distributed application servers.


Symmetric multiprocessing now extends beyond eight processors, and Win 2000 has native
transaction, message queuing and Web application services.


What about network printers, the bane of every administrator’s existence? Active
Directory makes printers easier to find and install. You can even be working in an
application while you find and install printers from the Print menu.


Win 2000 also will work with more printers than NT 4.0 does. Through the Internet
Printing Protocol, users can print to a uniform resource locator and view data about their
print jobs via their browsers.


Win 2000 Server’s Dynamic DNS will update a database of Internet Domain Name
System entries automatically without requiring the administrator to enter them manually.


Quality of service is always a big issue for servers. If you have two applications
running and don’t want one to monopolize server resources, a Win 2000 QOS control can
automate that management item.


Denial of service attacks have been a problem for NT networks that tie into the
Internet. Win 2000’s network address translator keeps internal IP addresses from
being released in Internet traffic.


Native support for asynchronous transfer mode is likely to open up new applications for
the new NOS in simultaneous data, voice and video transmissions.


NT server management tools were always fairly good, and the Microsoft Management
Console improves on them. The console is a single point of contact for all administrative
functions, network resources and clients.


I personally found the console’s Internet Explorer-style interface inadequate, but
snap-ins are on the way from many application and device vendors.


Win 2000 will also benefit from the Windows Scripting Host, first seen in Windows 98,
that automates common tasks.


Setting up group policies is easier thanks to the Groups Policy Editor. Policy-based
management might finally come into its own with Active Directory and its object store.


The Application Installation Service lets the administrator specify a set of
applications that will always be available to a single user, a group of users or everyone
on the network. This will help immensely in deploying new applications across an
enterprise or fixing damaged installations on specific clients.


The Active Directory makes it possible for settings, data and applications to follow
users around wherever they log in under what Microsoft calls IntelliMirror. If you log in
at a Denver office, you see the same screen as you would in Washington. Upgrading desktop
hardware is infinitely easier, because regardless of where they are, users can get at
their applications and files elsewhere.


Win 2000 setup is easy compared with Windows NT 4.0 Server or Enterprise Edition. It is
different enough, however, to require a few trial runs before going through it for real.


Microsoft has significantly reduced the number of scenarios under which the server must
be rebooted. New services can be started and devices installed without a reboot.


Overall, Win 2000 is probably the most important operating system ever to come out of
Microsoft. Its impact, like that of a 900-pound gorilla, will be felt across most
government and corporate networks. It is more scalable, more powerful and certainly better
at enterprise networking than its predecessors.


But it is far from the best NOS ever, as Microsoft marketers would have you believe. It
is not streamlined and is more difficult to use than it should be. It suffers from massive
bulk. And it is yet another Microsoft product that does not work well with other
vendors’ products.


Win 2000 could have been great, but it is simply somewhat better than NT 4.0. Many of
its features will not be used or needed by many organizations. Its bloated size means that
Microsoft will have a more difficult time fixing the problems that crop up.


Remember that Microsoft is still releasing patches for the supposedly mature NT 4.0,
and sometimes the patches themselves cause fresh problems. The new NOS is orders of
magnitude more complex than NT 4.0.


For government network managers who are satisfied with NetWare 4.11 or 5.0 or Unix,
there is little reason to upgrade. The cost in terms of commitment to an unproved NOS is
too high.


But Win 2000 is a good choice for sites that already have 100 percent of their servers
running Windows NT or are starting from scratch.


Although this review considered only the beta Windows 2000 Server, the operating system
will only get bigger and more complicated between now and its release date in the second
half of next year.


If your organization is seriously considering buying it, find out as much as you can
now. You’ll need all the help you can get. 


Here are some new hurdles for Windows 2000 Server and Advanced Server administrators:


Active Directory: Enterprise-class object store for information about
users, applications and network resources. Many of the Windows 2000 operating
system’s features are integrated in some way with the Active Directory. Migration
from Novell Inc.’s Novell Directory Services looks possible but not promising.


IPSec: IP Security Protocol, a secure, open standard for sending and
receiving encrypted data across IP networks. Win 2000 and other operating systems promise
support for IPSec.


IntelliMirror: A set of tools for user roaming, centralized control of
desktop PC configurations, and automated software installation and management.


Distributed File System: Directories of shared files and
subdirectories on multiple computers and servers across a network.


Internet Printing Protocol: Protocol under which Win2000 users can
send print jobs over the Internet or intranet via uniform resource locators. They can view
job status through their browsers. The printers must operate under a Win 2000 server.


Clustering Services: Win 2000 Advanced Server’s way of
integrating server clusters with the Active Directory and cluster-aware services such as
Dynamic Host Configuration Protocol and Distributed File System.
Enterprise Memory Architecture: Scheme that frees up server memory for applications and
the data sets they use. EMA will be important for high availability of application servers
in large enterprises.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above