|
|
There is no such thing as a one-size-fits-all computing environment. Thus, the IT infrastructure design for one enterprise will not be appropriate to all other enterprises. Complicating the uniqueness of enterprise infrastructures is the element of change. Organizations are dynamic, with constant shifts in mission, personnel, and technology affecting responsibilities. Enterprises also have inherent limitations, which include the political and the budgetary. Finally, legacy hardware, applications, and data stores influence any migration plan. For all these reasons, the first step in deploying Windows Server 2003 in the enterprise is to take very careful stock of the organization, its strengths and limitations, and its future. With this baseline of data, it is possible to determine the best use of Windows Server 2003 for current and future computing needs.
The first step is to carefully inventory the enterprise and document the results from several perspectives. We understand that nothing is probably less thrilling, but the pain associated with failing to take this important step can be crippling.
The meaning of inventory is much broader than a simple list of all computing equipment. An IT inventory involves a very analytical look at how and where this equipment is used, underscored by the need to ask how Windows Server 2003 will positively affect existing infrastructures. A decision on equipment and network retention begins at this stage.
Throughout this process there is one clear message: You must document, document, and then document some more. Table 3.1 is a partial checklist of IT-specific information that should be minimally inventoried and reduced to quick reference documentation. Note that since some of the items are covered in greater detail in other sections of the book, some cross-referencing may be required.
Reviewing the current configuration of hardware and software will reveal issues that must be addressed as part of the migration. The following issues will influence a successful deployment:
Windows NT upgrades. For existing Windows NT environments, you will need to identify the domain model in use and rethink the current network topology. This topic is explored in the section on upgrading. Existing Windows 2000 installations can use the same domain model or you can modify it easily.
Operating system interoperability. In many environments, heterogeneous operating systems such as UNIX and NetWare will continue to be used. It is important to understand that Windows Server 2003 needs to simply coexist or be fully integrated. Pay particular attention to network connectivity and directory service interoperability. Mapping the total enterprise and understanding how heterogeneous operating systems will interplay is an important planning step. A number of excellent reference books discuss related topics, including Windows NT & UNIX: Administration, Coexistence, Integration, & Migration (Williams and Gardner, Addison-Wesley 2002).
Legacy system life cycle. A life-cycle analysis of legacy systems should be undertaken to determine realistic migration schedules. You must determine how much of the enterprise you are going to migrate. A decision to migrate, coexist, or integrate presents both opportunities and costs. Most organizations do not have the luxury to abandon existing equipment, software, and, most important, staff with older skills.
Personnel training. Evaluating legacy systems is only one aspect of the equation; "retrofitting" staff to use the new operating system must enter into the scheme. Ultimately, technology is only as good as the people using it.
|
Document Item |
Inventorying Tasks |
|---|---|
|
IT Organization Itself |
Understand the number, location, and skills of existing IT talent. Review current available skills and required training at the site or organizational unit level. |
|
Network Operating Systems |
Identify the NOS environments currently in place and determine the future configuration. Also determine any protocols that will enhance interoperability with Windows NT/2000. For example, what directory services are in use for existing networks based on Windows NT, UNIX, or Novell? If DNS is employed, what is the level and does it support Dynamic DNS and SRV record (BIND 8.1.2 or better, RFC 2052- and RFC 2136-compliant) functionality? Networking upgrades and operating system interoperability will be predicated on this data. |
|
Physical Network Structure hubs, and Traffic Patterns |
Document the existing network structure, specifically end nodes, switches, and routers. Also determine network traffic patterns, bandwidth availability, and overall reliability, and extrapolate future network requirements. This information will define Windows 2000 sites. |
|
Addressing Scheme |
As discussed in Chapter 5, Windows 2000 supports a number of industry-standard naming conventions. The default network protocol is TCP/IP. The Windows 2000 directory services, Active Directory, uses Dynamic DNS, DHCP, and LDAP. Active Directory also embraces a hierarchical domain scheme. In most enterprises, a new naming scheme for nodes and servers may be required. Careful consideration of domain naming must begin prior to installing Windows 2000 and when adding nodes. Computer names must be unique across the forest. |
|
Internal and External Connectivity |
Inventory internal LANs, WANs, and Internet connectivity. Also look at phone lines, dial-up networking, fax services, ftp services, and so on. |
|
Software Licensing |
Look at current licensing operating system software and determine if it is the most appropriate. Base a licensing decision on this evaluation. |
|
File Storage Policies(especially with operating systems) |
If you anticipate using UNIX, Novell, or other environments with Windows 2000, assess how technologies such as NFS, Samba, and SMB are used. Also look at file server connectivity. |
|
Backup and Restoration Policies |
Make sure that the backup and restoration routines and scripts in use will be compatible with Windows 2000, including encryption or compression methodologies. Also compare current devices to Microsoft's Hardware Compatibility List (HCL). |
|
Applications Services |
The issue of managing applications either in a distributed or centralized fashion will play in the planning process. Review how application servers are currently used. |
|
Network Applications and Management Tools |
Although operating system network tools will probably be sufficient for smaller organizations, larger enterprises will probably need to invest in tools that support Simple Network Management Protocol (SNMP) and other protocols. Network equipment vendors typically provide SNMP tools. Third-party products such as Hewlett-Packard's OpenView or Microsoft's System Management Server can prove invaluable in very large networks. The important point is to evaluate your needs early and make appropriate provisions for network management tools. |
Analysis of the organization is a key component in defining the logical structure of a Windows Server 2003 enterprise. As discussed in Chapter 6, Windows Server offers a hierarchical domain structure that accommodates very granular administration. A domain tree comprises a root domain and one or more child domains that share a security boundary and namespace. A domain can be divided easily into components known as organizational units (OUs), the administration of which can be delegated to individuals or groups. At the other end of the spectrum, domain trees can be joined to form a forest. Trust is established between these structures that permits users with permission to access any resource in the OU, domain tree, or forest. The inherent Windows Server design accommodates very complex organizations of virtually any size. It also takes change into account by permitting the movement of OUs as well as their pruning from the tree when they disappear.
With this type of facility in mind, it is obvious that the initial design of the Windows Server 2003 enterprise must take into account the structure of the organization. An organization's structure affects the type of computing environment that should be put into place. The planning process should begin with an understanding of both the formal management structure and the physical sites to be served. In some cases, separate child domains might be created for the sales, engineering, and manufacturing organizations. In other cases, an enterprise may be organized around product lines, and a product line child domain might be in order: OUs would then be formed to separate the internal sales, engineering, and manufacturing resources.
A key question is the administrative model to be used. This will determine Active Directory hierarchies, administrative delegation schemes, and many security parameters. Generally, three classic administrative models are applied in the planning processes:
Centralized administrative model. Under this scenario, all administrative responsibilities are controlled by a central authority. This model works well for relatively small organizations, but can prove unwieldy for very large enterprises.
Decentralized administrative model. In this model, multiple OUs have full responsibility for the management of their IT resources. While it provides extensive grassroots autonomy, decentralization raises the issue of incompatibility and nonstandard policies. It is preferred by many organizations, but can lead to conflict where communication among units is necessary. Fortunately, the Windows Server 2003 domain and OU model can overcome some inherent conflict, especially if careful planning occurs at the outset.
Mixed administrative model. The most common for larger enterprises, the combined centralized/decentralized model delegates authority to organizational units. Responsibilities are defined by the centralized authority. The decentralized authority granted to the OUs may vary significantly, obviously resulting in a new level of complexity. The Windows Server domain model is particularly useful in creating complex mixed models.
The type of access to network resources required among organizational units, domains, trees, and forests becomes a significant planning issue. Every organization has its own dynamics. The computing requirements for a manufacturer are radically different from those of a finance house. Information can be very structured or completely ad hoc.
Access to resources is typically granted on the basis of need. Process management breaks apart a business's functions, tasks, and responsibilities to determine the relative needs of each. The identification of computing needs is vastly enhanced by an understanding of how data flows through the entire organization. For example, the accounting, marketing, and manufacturing departments need access to customer information, but the human resources department may not. By the same token, human resources departments have many data files that are processed and stored on a confidential basis. Understanding the business relationships of departments and their processes makes it easier to configure and implement the relative group policies. It also provides a road map for managing permissions to avoid unauthorized use of network resources.
It is not always be possible to predict the future of an organization. Nevertheless, effective planning involves breaking out the crystal ball to make reasonable projections. Windows Server 2003 is designed to facilitate unexpected changes; however, the more that change can be anticipated, the better the deployment. This requires that the planning team engage key executives and operational managers in sometimes very confidential discussions regarding potential growth and downsizing. Since the job of the professional system administrator is to handle sensitive information pertaining to many security issues, this is a good place to gain additional respect within the organization.
Plans should attempt to reflect organizational change for three to five years. The checklist of growth and change items to be integrated into the plan includes the following questions:
What are the projections for growth and reduction both on an enterprise level and within each organizational unit?
How are shifts going to be distributed both organizationally and geographically?
Where are reorganizations most likely to occur and what will be the overall impact?
What is the impact of mergers, acquisitions, and business unit spinoffs?
What new or emerging technologies are most likely to affect the plan?
Windows Server 2003 offers a vastly enhanced set of security technologies and implementation policies. A careful review of current security mechanisms and policies should be undertaken very early. User and group policies and permissions may be the first issue to consider. Thereafter, issues involving Windows Server Kerberos authentication and public key infrastructure, as discussed in Chapter 11, can be examined for their impact on the way business is conducted. Start with a baseline of current policies and how they relate. In a move from a Windows NT environment, these policies should translate rather transparently; however, greater functionality can be added through an early security assessment and plan.
When it comes time to define user and group profiles, an understanding of inherent commonalities and differences will greatly facilitate the deployment and management process.
The size of the user base on an enterprise-wide and organizational-unit basis must be identified. Users' geographical distribution and need for multilingual support should then be assessed, as should likely movement within and among organizational units. In addition, many users may belong to matrix organizations where reporting relationships and responsibility cross boundaries, so there must be plans to apply policies to them.
Mobile or roaming user requirements must also be addressed. For example, will the user need to maintain the same set of data on home and field office computer systems? These requirements, once defined, can be translated into policies that will permit transparent Windows Server 2003 synchronization of files. Issues of remote access connectivity will also be resolved based on this planning data.
Windows Server 2003 establishes the concept of a site to help the management of physical connectivity to resources. Microsoft defines a site as one or more well-connected TPC/IP subnets. A "well-connected" operating system usually is defined by the administrator, but ideally is based on transmission speeds that do not negatively affect network performance. One of the early tasks is to review the definition of logical sites based on Windows Server criteria. For example, each remote office might be defined as an individual site and intersite communication can then be managed. With such information, it is possible to plan wisely and schedule information flow among sites efficiently.
A physical site structure is often defined as a specific building. However, physical sites can be as small as a couple of adjoining offices or as large as network segments or even entire cities. Again, the key is reliable connectivity. Geography is usually a defining method of establishing sites and domains in a large enterprise. The planning process involves site definition, domain controller and Global Catalog requirements, and Active Directory replication schedules.
The checklist of information that is generally required in the early assessment of the physical structure includes the following:
The number of physical locations that must be served
The geographic location of all remote sites, both domestic and international
The number of buildings, floors, square footage, and other factors that could affect networking for each geographic location
The business function of each possible site, which determines the level of bandwidth and networking support required
An assessment of current network activity provides a baseline for Windows Server 2003 deployment, but you must assume that network activity will increase with Windows Server, especially in connection with Active Directory replication and Global Catalog inquiries. LAN speed requirements within a site can generally be accommodated by the addition of domain controllers to handle the internal target. Intersite traffic, however, is more complex. Two primary areas must be assessed when planning intersite network requirements:
Intersite link speeds. Link speeds are defined by how rapidly packets of data can be transmitted between network segments or geographical locations. Unfortunately, speed and reliability between links can vary radically. Therefore, control of Active Directory replication and other data transmission may be required. It is important to identify the weak links and plan to apply appropriate properties to them.
Bandwidth requirements. Network bandwidth is the space available for the flow of traffic. It is important to assess when the maximum amount of bandwidth is available for transmission and replication, including the conditions that exist during normal, busy, and off-peak hours. Again, this information will be used to set intersite link properties to control reliable communication.
Planning the physical structure includes the early design of site topology, server placement, domain controller requirements, and replication policies. The specific requirements associated with each of these demand an understanding of the Active Directory and networking, so we recommend a review of these technologies first. However, it is important to then return to the planning process in order to clearly define the intersite and intrasite connectivity requirements well before deployment.
There are a number of commonsense tips for implementing Windows Server 2003. Here are ten of them:
Make the plan available for review and comment. The biggest mistake that any IT organization can make is to force change and do so from an ivory tower. Publishing a draft set of policies and procedures can promote an early buy-in by both managers and end users. Everyone should understand that the planning document is dynamic and subject to input; feedback is very healthy during all phases of migration or implementation. Contributions by teams of users or individuals can often prove invaluable and also prevent being blindsided by hidden agendas. User input reflects the true nature of a group and thus greatly helps in the creation of child domains and organizational units.
Think carefully about leveraging current investments. The conventional wisdom of utilizing current assets whenever possible was true when the cost of personal computers regularly exceeded $2,500 and access to reliable, inexpensive networks was a rarity. However, significant changes have occurred recently. Personal computers priced at less than $500 may become increasingly commonplace even within corporate environments, and DSL (or greater) connectivity between sites is readily available and becoming less expensive. This might mean that current environments may eventually prove more costly than simple replacements. There are times, however, when it is possible to "recycle" the systems in one department to another department as needs change. A valid plan must include buy-versus-retention analysis.
Think early about personnel needs. Windows Server 2003 is a complex enterprise-level operating system that requires support by senior system administrators. You should conduct a skill survey early in the process and count on providing additional training.
Determine hardware, software, and funding availability. A plan to migrate or integrate operating systems must be cost justified via a series of subjective questions. Will organizational performance be enhanced? Will productivity be increased? Will lower-cost network connectivity and equipment demonstrably impact cash flow? What is the anticipated cost of system administration? Can legacy mission-critical applications be supported in the new environments? A TCO analysis underscores this part of the planning process.
Use test environments. Create a test lab, particularly for the introduction of the Windows Server 2003 Active Directory into the environment. Within existing Windows NT enterprises, take a current Backup Domain Controller (BDC) offline to a test environment. By upgrading the BDC and promoting it with the Active Directory as a Windows .NET domain controller, you will retain all security and configuration information. Add other systems and common devices to test the environment, and invite some of your users to play in the test bed to get further feedback. After testing, the promoted domain controller can then serve as the root for the new Windows Server 2003 enterprise. These pilot and test environments will also help with staging the implementation, as discussed in the next tip. Also, please note that best practices suggest that you always start with a fresh installation when going into production rather than move a test machine into production.
Consider deployment staging. Any deployment must occur with minimal impact on the user and mission-critical business activities. To that end, a number of questions must be resolved in advance. For example, do you unpack the equipment at the user's workstation or preload the software? Because of the time required to upgrade or install Windows Server, we recommend using a staging area if possible to preload and configure. As a part of this strategy, consider the use of remote automated or ghost installations to decrease direct user impact.
Enlist the support of others in the rollout. The best way to create a supportive environment is to enlist as many users as possible in the process. To gain their confidence, it is equally important that all IT professionals involved be fully equipped to handle common questions. Remember, deployments without some level of crisis are rare. Buffer these crises with knowledgeable people who will offer support despite and beyond temporary shortfalls.
Get operational management early. An operational management plan, with clear policies and procedures, must be in place. Because Windows Server 2003 permits very granular administration, there may be an increased early burden. If people are being assigned as printer administrators, they must be fully equipped from the beginning to react to system management issues. This is where documentation proves extremely valuable to the management team. Standard operational procedures and policies normally evolve from this type of documentation.
Begin training and support early. Two primary levels of training are generally required. Clearly, the first in line are system administrators and support personnel, which is where most of the training budget should be focused. However, do not overlook the end user. While Windows Server 2003 should feel comfortable to most users of Windows 95/98 systems, some differences may require explanation. Fortunately, much end-user training can be accomplished with computer-aided training or Web-based tools.
Audit use and perform monitoring. Determine the nature and level of event auditing and performance monitoring. Establish baselines early and build metrics into your processes to help you identify and correct performance bottlenecks proactively.
Regardless of the relative perfection of your plan, there will always be issues that mar otherwise exceptional performance. As an IT manager or system administrator, you must realize that your profession is often thankless. However, if everything goes well, your reward will be fewer trouble calls, and you can kick back and congratulate yourself for a job well done. Remember, though, that the job is just beginning. A system administrator must always strive to be proactive, not reactive.
 |
|
|
| Top |