|
|
Windows Server 2003 enhances Windows NT and Windows 2000 features and adds many functions, each of which has a direct impact on system administration. Rather than merely outline the major new features and enhancements, we will look at them from the administrator's perspective.
The greatest single implication of the .NET Framework for administrators is the requirement to look at the network as a global entity. The enterprise is no longer just a group of users that must get access to clients and servers. Traditional views of static applications must give way to the concept of computing services. This global view forces the administrator's job to expand greatly in scope and complexity. Therefore, in order for an operating system like Windows Server 2003 to be successful, it must enhance the flexibility and power of the system administrators.
Make no mistake about this brave new world...for every functional advancement, there will be additional challenges. Clearly, any time productivity depends on the exchange of communication outside the enterprise, security takes center stage. With each opportunity to perform management functions remotely, the potential for unwanted intrusion can raise its ugly head.
Despite these issues, the role of the system administrator should be augmented greatly by Windows Server 2003. Mundane responsibilities such as applying an endless number of software patches will be reduced. In the same instant, your ability to improve the user experience is also possible. By providing the ability to gain access to real-time services that are managed safely by the system administrator, the universe of computing will be greatly enhanced. As you begin to understand and use Windows 2003 Servers and the .NET Enterprise Server applications, understand that you must move cautiously but deliberately toward an Internet services paradigm.
In Windows Server 2003, everything is treated as an object, including users, computers, files, and network elements. A core innovation of Windows 2000 and Windows Server 2003 is the Active Directory, which manages all domain objects in a hierarchical and replicated structure, thus allowing a significant difference in the way an administrator can conduct business. From a central location, administrators with appropriate permissions can add, delete, modify, and view objects and services anywhere in the domain, domain tree, or forest.
Some highlights of the Active Directory, detailed in Chapters 5 and 6, are:
Advanced data query functions. The Active Directory's Global Catalog of objects on the network makes it easy for the system administrator and authorized users to drill down to the object attribute level.
Directory replication. The Windows NT structure of a primary and a backup domain controller is replaced by a multimaster arrangement in which directory replication occurs across peer domain controllers. This provides greater redundant operations and higher data availability.
Adherence to standards. System name resolution in the Active Directory depends on the Domain Name System (DNS) over TCP/IP. System administrators with network knowledge of TCP/IP and DNS will have an advantage when managing the directory.
Extensible schema. The Active Directory can be dynamically altered to include new objects and even to modify attributes of existing objects. This means that the administrator can dynamically change the object definitions and associated attributes to meet enterprise requirements. Windows Server 2003 specifically improves the manageability of the schema by permitting the deactivation of attributes and classes.
Interoperability. Working with different operating systems and directory services is a constant challenge. The goal of the Active Directory is greater interoperability. Consequently, for example, the directory allows integration with the Lightweight Directory Access Protocol (LDAP v3) to resolve objects in Windows Server 2003 and heterogeneous environments. With Windows Server 2003, LDAP binds are now supported. The Name Service Provider Interface (NSPI) provides directory services interplay with Microsoft's Exchange Server. The Windows Server 2003 enhancement that allows the removal of RDN restrictions that are not X.500-compliant should also enhance interoperability.
Greater flexibility. Windows Server 2003 specifically expands the flexibility of Active Directory in many directions including an expanded ability to handle objects and reconfigure trees and domains.
The interface to the operating system involves much more than how windows are displayed and the pull-down menus function. Yes, a clean and familiar user interface makes user training and support easier. With regard to system management, it also dictates how easily administrative tasks can be accomplished locally, through a network, or over the Internet. Equally important is the flexibility of the interface to accommodate both standard tools and custom scripts. Chapter 4 focuses on the administrative and user interface improvements provided in Windows XP and Windows Server 2003.
The default user interface of Windows XP and Windows Server 2003 is newly enhanced to reduce clutter and improve accessibility. However, if a user prefers the familiar Windows 98 look and feel, the "classic view" can be applied.
Easy navigation through the operating system is basic to overall usability. The Adaptive Start function, for example, tracks the most used features and promotes them on the menu, and hides other items until they are required. This reduces the clutter of older menus. Even so, system administrators can count on receiving calls from users about "missing" functions until the users become familiar with the Adaptive Start feature.
The enhanced search and help features should lighten the system administrator's load. On the client side, users can now seek support online from fellow workers. Working with the Active Directory, users can locate objects anywhere in the domain. All persons and resources are treated as objects with specific attributes. Searches can be conducted based on the name of the object (or a part thereof) or its attributes. In the case of a document, one attribute would be its contents.
Personal settings established by users can be mirrored in a central store that permits easy retrieval. Thus, users can log on to any computer on the network and have their personal preferences reflected in that environment. A comfortable user is generally a happy user.
In global enterprises, internationalization becomes an important end-user support issue for the administrator. The multilingual support of Windows Server 2003 makes it possible to edit in any supported language or combination of languages.
Most system administrators seek simplicity but demand power in their interface. For that reason, administrative tools—in particular, those that hide the background process, like Windows wizards—must be rock solid, stable, and reliable. Many administrators coming from character-based environments distrust automated tools they cannot directly control at all stages. Administrators coming from largely character-based environments such as UNIX should alter this view, because much of Windows Server 2003 administration is based on wizards. Fortunately, our testing shows that the stability and reliability of wizards have been largely achieved. For greater interoperability, Microsoft also offers the optional Services for UNIX 3.0 suite that provides a complete POSIX environment and hundreds of UNIX commands within Windows Server 2003.
System administrators also rely on facilities that support character-based command-line interfaces and a wide variety of scripts. The Windows Scripting Host provides a direct interface to VBScript and Jscript facilities. The user can write and execute scripts to these engines in the same way a UNIX user might write a Perl or Korn shell script.
Underlying the management of Windows Server 2003 is Microsoft's Zero Administration Windows (ZAW) initiative. While the term "zero administration" is at best an oxymoron because all operating systems require some level of management, Microsoft's goal was to provide a more intelligent approach to system management. Many of the tools under the ZAW umbrella go a long way toward it. ZAW is divided into several initiative areas that deserve mention here:
Central policy administration. User and group policies can be effectively managed by a centralized system administration function. These policies can be applied by a site, a domain, or an organizational unit. The most common types of centralized policy administration involve security, file use, software publishing/distribution, and scripting.
Web-Based Enterprise Management (WBEM). Windows Server 2003 embraces Web-Based Enterprise Management using the industry standard Common Information Model (CIM) for application and system management as adopted by the Desktop Management Task Force. WBEM is designed to provide consistency across operations and configuration management. Scripts can be written to interface with it, through the Windows Scripting Host, and to query enterprise systems. The Common Object Model (COM) API is employed with WBEM, ensuring greater extensibility for both system administrators and third-party software and hardware vendors. As an example, the WBEM initiative resulted from the efforts of Microsoft, BMC Software, Cisco Systems, Compaq Computer, Intel, and many other DMTF member companies to establish management infrastructure standards; it provides a standard way to access information for various hardware and software components. Windows Management Instrumentation (WMI) is a management infrastructure that allows administrators to monitor and control managed objects in the network that emerged from the WBEM initiative.
System management tools . As discussed throughout this book, administrators are provided a wide range of graphical tools for administration of both local systems and domains. For example, with the Computer Management tool a local user can assume an administrative role (providing Administrator rights are granted) to fine-tune the performance of a local machine. For the system administrator, this tool also supports troubleshooting for remote systems on the same network or virtually anywhere. The Task Scheduler allows the user and the system administrator to establish specific parameters for the execution of programs and events at the desired time. Windows Server 2003 system backup is now integrated with the Task Scheduler, giving automatic system backup without direct human intervention to hard drives, tape, recordable CD-ROM, robotic changer tape banks, and the like. The Removable Storage Manager can administer tape or disk mounting at the scheduled time. However, file shares, system sessions, and connections are more effectively managed with the Files Service Manager. The foregoing represents only a small portion of the tools available to the system administrator.
Software management. The software management infrastructure permits the assignment of applications to specific users and computers. Applications can also be "published" to a server and then added, upgraded, or removed as the user requires. The concept of publishing applications to the enterprise reduces traditional system administrator support of common applications installation. Users who must roam among systems can get access to those applications in which they have assignment through the IntelliMirror technology. Finally, as systems are replaced, the need for individualized application installation is greatly reduced.
Microsoft Management Console (MMC). A common frustration in computer management is attempting to learn and manage a variety of disjointed tools. To alleviate it, Windows Server 2003 permits the consolidation of tools into one or more Microsoft Management Console(s), illustrated in Figure 1.4. Because the MMC is extensible, "snap-in" application tools can be included as Windows Server 2003 evolves and as third-party management software becomes available. Microsoft publishes an API to facilitate the development of management tools with a common look and feel. Thus, administrators can now go to a single point and use tools that have the same interface. The MMC can be shared with other administrators and used to delegate selected tasks.
Network connectivity and other forms of communication are another area of concern to system administrators. Given the central role of Web services for Windows Server 2003, this may be the most significant focus for administrators. Windows Server 2003 has a number of wizards that facilitate connectivity and reduce some of the more mundane system administrator activities. Its tools and support for protocols aid in the management of Internets and intranets.
Windows Server 2003 supports a Network Connections Wizard that walks the end user and system administrator through network, dial-up, virtual private network (VPN), and serial connections. This facility controls configuration setup and management, allowing protocols and services to be set for each connection. From a user's perspective, offline browsing that permits review of a Web page after disconnection and subscription support for automatic Web page updates is a valuable addition.
In addition to the more standard forms of connectivity, Windows Server 2003 provides administrator tools to support advanced communications—for example, the creation, viewing, and management of VPNs. Windows Server 2003 embraces both the Point-to-Point Tunneling Protocol (PPTP) and the Layer 2 Tunneling Protocol (L2TP), and Internet Protocol Security (IPSec) can be employed as an alternative approach. VPNs permit a sales office to connect "virtually" through the Internet to corporate headquarters in a secure tunnel.
The Windows Server 2003 family has added many enhancements in the communications and networking arena. They include:
Enhanced support for the TCP/IP suite, including a Telnet server and SMTP native support
Reliance on dynamic Domain Name Services (dynamic DNS)
Multiple protocol routing through the Routing and Remote Access Service (RRAS) that enables IP, IPX, and AppleTalk routing
The PPTP and L2TP
The Routing Information Protocol (RIPv2).
Asynchronous Transfer Model (ATM) support
Fibre Channel 1-GB-per-second bus data transfer
Hardware management can be a nightmare. However, Windows Server 2003 is based solely on Intel-compatible systems, so the requirement to support dozens of proprietary architectures is reduced. Even so, hardware support will continue to be an important administrative task. To confirm hardware compatibility, it is recommended that you refer to the regularly updated Hardware Compatibility List on the Microsoft Web site.
The Win32 Driver Model (WDM) theoretically establishes binary driver compatibility and I/O services with earlier Windows environments and Windows .NET. Windows NT system administrators frequently complained about the lack of support for certain devices supported by Windows 95/98. Windows Server 2003 is working to overcome this limitation, which should greatly reduce administrative headaches caused by hardware incompatibility. However, given the thousands of devices available, the updating process will surely continue for many years.
Windows Server 2003 provides a more robust Plug and Play facility with a significantly larger set of device drives. Support for the universal serial bus (USB) permits the operating system to dynamically detect connected hardware and then the device driver is automatically installed. Printer device improvements are particularly significant. Users can send documents (including those using the Image Color Management 2.0 API) to printers connected to an intranet or the Internet. The Advanced Configuration and Power Interface streamlines both Plug and Play and power management. Also supported is fibre channel technology for the transmission of data at 1 GB per second. Smart cards (e.g., for secure transmission of online banking) and flash memory can also be used in connection with Windows Server 2003. Finally, Windows Server 2003 supports such graphics and multimedia standards as DirectX 8.0, Direct3D, and DirectSound acceleration technology.
Windows provides an assortment of utilities that make life easier on the desktop. The Hardware Wizard attempts to find and configure attached devices, although we found this to be a mixed blessing because it is difficult to turn off. The Device Manager, however, is a handy application designed to configure devices and resources interactively. Also useful is the Windows Installer service, which manages application installation, and the OnNow applet, which places the system in hibernation when not in use, thereby reducing battery use on portable systems.
Disk management and storage and backup cause many headaches for system administrators. A number of automated tools in Windows Server 2003 greatly reduce these manual burdens while enhancing utilization. They include:
Windows 95/98 and Windows NT file system compatibility. Windows Server 2003 maintains base-level compatibility with earlier Windows environments. Its native file system is NTFS 5, enhancements to which include file encryption using public keys and tracking of distributed links. With respect to Windows 98, Windows Server 2003 fully supports the FAT32 file system; disk defragmentation is supported for FAT, FAT32, and NTFS volumes.
Disk quota utility. The Windows Server 2003 supports disk quotas to limit user storage and to monitor the status of such limits.
Universal Disk Format. This format permits the exchange of data with DVD and compact disk media.
Removable Storage Management. RSM supports tape and disk libraries through a common interface.
Remote Storage Service. RSS intelligently monitors frequently used files and periodically sends the most used items to backup. In conjunction with RSM, RSS sends infrequently used files to the library, where they can be filed until retrieved as needed. All directory information on the files is retained so that retrieval becomes seamless. RSS greatly reduces the need to add local hard disk capacity.
Distributed File System (DFS). With this distributed model, a single directory tree can be created and maintained across several file systems, file servers, or even the entire enterprise. This permits a more global view of resources and data across the network.
Windows Server 2003 comes of age as a greatly enhanced security-aware enterprise operating system. As discussed in detail in Chapters 9 through 11, it fully embraces a wide variety of technologies to protect the enterprise. For example, Kerberos security standard is used by the Active Directory for single-point enterprise logons. Public key certification is based on the X.509 standard and is integrated with the Active Directory. To facilitate administration, the Security Configuration Editor permits fine-tuning of security-sensitive registries, files, and system services.
Microsoft has adopted the IPSec model in its IP Security management tools. The Encrypted File System extends the NTFS with the ability to provide public key encryption of disk-based files. Finally, a smart card infrastructure permits secured transmission of sensitive data between systems and in mobile situations.
The enhanced support of new security technologies by Windows Server 2003 represents a real opportunity for system administrators. Through the proper development and deployment of security policies, better protection from unwanted breaches can be achieved. For example, the administrator can monitor potential attacks and close possible security leaks before damage is done. In essence, the administrator becomes a proactive agent for security rather than a reactive defender of the realm.
 |
|
|
| Top |