Introducing Windows 2000 Deployment Planning

Introducing Windows 2000 Deployment Planning
Introducing Windows 2000
Deployment Planning
The Microsoft® Windows® 2000 Server Resource Kit Deployment Planning Guide
is a tool for you to use as you design, plan, and develop your deployment of
Microsoft® Windows® 2000. As you read through this book, you will gain insight
about how to plan your deployment on both a project management and a feature
level. This book addresses planning information that will help you get started,
such as how to run a test lab and a pilot project, and provides important technical
discussions that will assist you in deploying Windows 2000 technologies.
You begin the planning process in this chapter. It includes an introduction to this
book, followed by a brief overview of Windows 2000 and its features. Next, you
are introduced to case studies that illustrate how four companies started their
deployment planning process. Finally, the chapter provides a feature overview
from an IT business perspective. You can use this overview to begin your
deployment planning process.
In This Chapter
Starting Your Plan 5
Overview of the Windows 2000 Product Family 8
Using Windows 2000 to Improve the Way You Work 12
Examples of How Business Needs are Satisfied by Windows 2000
Mapping Windows 2000 Features to Your Business Needs 24
Planning Task List for Mapping Windows 2000 Features 34
Part 1
Planning Overview
Chapter Goals
This chapter will help you develop the following planning documents:
 Windows 2000 product list for your organization
 A plan for mapping Windows 2000 features to your business needs
Related Information in the Resource Kit
 For more information about how to begin your deployment planning process,
see “Creating a Deployment Roadmap” in this book.
 For more information about deployment planning, see “Planning for
Deployment” in this book.
Chapter 1
Introducing Windows 2000 Deployment Planning
Starting Your Plan
Deploying a new operating system such as Windows 2000 in an enterprise
environment is a task that requires executive approval and funding as well as a
substantial planning effort. As you begin your planning effort, you need to
understand the Windows 2000 product family. Then, you need to gain an
understanding of the features and how you can take advantage of them to increase
productivity and reduce total cost of ownership (TCO) in your organization. The
following two sections provide an overview of the planning process described in
this chapter and an introduction to using this book.
Effectively Using This Book
This book will help you design, plan, and implement your Microsoft®
Windows® 2000 Professional and Microsoft® Windows® 2000 Server
deployment. It provides guidelines and caveats for solving critical business needs
by deploying the main features of Windows 2000. Also included are step-by-step
instructions for automating Windows 2000 Server and Windows 2000
Professional installation by using utilities such as unattended Setup tools,
scripting, and Microsoft® Systems Management Server. The information is
presented in a logical flow that you can use as you begin your deployment.
To accomplish these goals, this book contains three different types of chapters:
 Planning chapters that provide you with information that will help you be
successful as you begin planning your rollout, such as testing and planning
 Technical design chapters that provide you with information that will assist
you in implementing specific features of Windows 2000, such as Active
Directory™ directory service, and in designing your Windows 2000 network to
meet the needs of your organization.
 Automated installation chapters that provide step-by-step instructions for
installing Windows 2000 Server and Windows 2000 Professional by using
tools such as Systems Management Server.
Table 1.1 lists the six parts of this book and the chapters that fall under each part.
Part 1
Planning Overview
Table 1.1
Deployment Planning Guide Chapters
Part/Chapter Title
Part 1: Planning Overview
Provides information that will assist you in the planning
aspects of your deployment and includes information on
testing and piloting.
Introducing Windows 2000 Deployment Planning
Creating a Deployment Roadmap
Planning for Deployment
Building a Windows 2000 Test Lab
Conducting Your Windows 2000 Pilot
Part 2: Network Infrastructure Prerequisites
Provides information that will assist you in assessing your
current network and in planning your network upgrade.
Preparing Your Network Infrastructure for Windows 2000
Technical design
Determining Network Connectivity Strategies
Technical design
Using Systems Management Server to Analyze Your
Network Infrastructure
Technical design
Part 3: Active Directory Infrastructure
Provides information that will assist you in planning your
deployment of specific technical features.
Designing the Active Directory Structure
Technical design
Determining Domain Migration Strategies
Technical design
Planning Distributed Security
Technical design
Planning Your Public Key Infrastructure
Technical design
Part 4: Windows 2000 Upgrade and Installation
Provides information on upgrading and installing servers,
member servers, and terminal services.
Automating Server Installation and Upgrade
Using Systems Management Server to Deploy
Windows 2000
Upgrading and Installing Member Servers
Deploying Terminal Services
Technical design
Chapter 1
Table 1.1
Introducing Windows 2000 Deployment Planning
Deployment Planning Guide Chapters (continued)
Part/Chapter Title
Part 5: Advanced Management
Provides information that will help you plan for using more
advanced features.
Determining Windows 2000 Network Security Strategies
Technical design
Ensuring the Availability of Applications and Services
Technical design
Determining Windows 2000 Storage Management Strategies
Technical design
Synchronizing Active Directory with Exchange Server
Directory Service
Technical design
Part 6: Windows Professional/Client Deployment
Provides information that will help you plan for and deploy
Windows 2000 Professional clients.
Testing Applications for Compatibility with Windows 2000
Technical design
Defining a Client Connectivity Strategy
Technical design
Defining Client Administration and Configuration Standards
Technical design
Applying Change and Configuration Management
Technical design
Automating Client Installation and Upgrade
Part 1
Planning Overview
How to Begin Planning
Planning for an operating system installation or upgrade requires many steps and
in-depth planning. This chapter provides information that will help you get your
planning process started. Figure 1.1 illustrates the planning steps presented in this
Your planning
Determine which
Windows 2000
features will help your
organization reach its goals.
Examine how specific features
can help employees in
different job categories.
Map Windows 2000 features
to your business needs.
Figure 1.1
How to Begin Planning
Overview of the Windows 2000 Product
Staying competitive in the new digital economy requires an advanced computerbased, client/server infrastructure that lowers costs and enables your organization
to adapt quickly to change. The Microsoft Windows 2000 platform —the
combination of Windows 2000 Professional and Windows 2000 Server —can
deliver the following benefits to organizations of all sizes:
 Lower total cost of ownership (TCO).
 A reliable platform for computing 24-hours-a-day, seven-days-a-week.
 A digital infrastructure that can accommodate rapid change.
The entire product family is designed to provide networking, application,
communications, and Web services with increased manageability, reliability,
availability, interoperability, scalability, and security. To accommodate the
computing needs of organizations of all sizes, there are several Windows 2000
products available. The following sections introduce you to specific products that
make up the Windows 2000 family.
Chapter 1
Introducing Windows 2000 Deployment Planning
Windows 2000 Professional
Windows 2000 Professional allows users to be more productive in a variety of
work and user situations (such as mobile and remote users), to ensure the highest
level of security for user data, and to deliver the performance necessary for a new
generation of personal productivity applications. Windows 2000 Professional
helps you to lower the total cost of ownership through:
Improved Client Administration Capabilities Windows 2000 allows your
administrators to have total control over your client data and application and
system settings, thereby helping you to reduce the number of help desk calls. It
also ensures that users do not accidentally damage their systems and allows your
users to have 24-hour access to the tools they need to get their jobs done, even
when they are working from someone else’s computer.
Broad Management Tool Support Designed to improve information
technology manageability, Windows 2000 Professional includes “client agents”
that enable leading management solutions such as Systems Management Server to
work effectively.
Ease of Use The user interface has been designed for easier access to
information through the use of personalized menus and Most Recently Used lists.
(The operating system determines which tasks you use most often and then
displays those tasks in the visible portion of each menu.)
Higher Levels of Stability Windows 2000 Professional is designed to be the
most reliable client and mobile operating system available. Clients stay running
longer, helping you to ensure higher levels of productivity.
Greater Device Support Windows 2000 Professional supports over 7,000
devices, including expanded support for many devices not previously supported
by Microsoft® Windows NT® Workstation version 4.0, such as many older
printers, scanners, and digital cameras. This represents a 60 percent increase over
the number of devices supported in Windows NT 4.0. Windows 2000 Professional
also supports Microsoft® DirectX® version 7.0, a group of low-level application
programming interfaces (APIs) that give access to high-performance media
acceleration on Windows-based computers.
Note For more information about supported devices, see the Microsoft Windows
Hardware Compatibility List (HCL) link on the Web Resources page at
Part 1
Planning Overview
Easier to Configure New wizards take the guesswork out of configuring and
setting up Windows 2000 Professional.
More Language Options MultiLanguage technology provides unparalleled
multilingual options for end users and administrators.
For more information about Windows 2000 Professional, see the chapters in
Part 6 of this book.
Windows 2000 Server Family
The Windows 2000 Server family has two members: Standard and Advanced. The
Standard edition offers core functionality for essential services (including file,
print, communications, infrastructure, and Web servers) appropriate to small- and
medium-sized organizations with numerous workgroups and branch offices. The
Advanced edition is designed to meet mission-critical needs, such as large data
warehouses, e-commerce, or Web hosting services for medium-sized and largesized organizations and Internet service providers (ISPs).
Windows 2000 Server Standard Edition
At the core of Windows 2000 Server is a complete set of infrastructure services
based on Active Directory directory service. Active Directory simplifies
management, strengthens security, and extends interoperability. It provides a
centralized method for managing users, groups, security services, and network
resources. In addition, Active Directory has a number of standard interfaces
allowing interoperability with a variety of applications and devices.
Windows 2000 Server provides a comprehensive set of Internet services that
allows organizations to take advantage of the latest Web technologies. This
integrated, flexible Web platform has a full range of services you can use to
deploy intranets and Web-based business solutions. These services include site
hosting, advanced Web applications, and streaming media.
Windows 2000 Server extends the application services established by Microsoft®
Windows NT® Server version 4.0. By integrating application services such as
Component Services, transaction and message queuing, and Extensible Markup
Language (XML) support, Windows 2000 Server is an ideal platform for both
independent software vendor solutions and custom line-of-business applications.
Over the last few years, many companies have benefited from the rapid progress
manufacturers have made in the speed of microprocessors. To enhance system
performance with faster processors, Windows 2000 Server also supports
uniprocessor systems and four-way symmetric multiprocessing (SMP) systems
with up to 4 gigabytes (GB) of physical memory.
Chapter 1
Introducing Windows 2000 Deployment Planning
A business server running the Windows 2000 operating system has the
multipurpose capabilities required for both clients and servers in both a traditional
client/server model and workgroups. Your organization might also require
additional departmental deployments of file and print servers, application servers,
Web servers, and communication servers. Some key features of the operating
system that will assist you in installing and configuring servers that perform these
various roles include:
 Active Directory
 IntelliMirror and Group Policy
 Kerberos authentication and Public Key Infrastructure (PKI) security
 Terminal Services
 Component Services
 Enhanced Internet and Web services
 Up to four-way SMP support
Windows 2000 Advanced Server
Windows 2000 Advanced Server is the new version of Windows NT Server 4.0,
Enterprise Edition. It provides a comprehensive clustering infrastructure for high
availability and scalability of applications and services, including main memory
support of up to 8 gigabytes (GB) on Page Address Extension (PAE) systems.
Designed for demanding enterprise applications, Advanced Server supports new
systems by using up to eight-way symmetric multiprocessing (SMP). SMP
enables any one of the multiple processors in a computer to run any operating
system or application thread simultaneously with other processors in the system.
Windows 2000 Advanced Server is well suited to database-intensive work, and
provides high-availability server clustering and load balancing for high system
and application availability.
Windows 2000 Advanced Server includes the full feature set of Windows 2000
Server and adds the high availability and scalability required for enterprise and
larger departmental solutions. Key features of Advanced Server include:
 All Windows 2000 Server features
 Network (TCP/IP) Load Balancing
Enhanced two-node server clusters based on the Microsoft Windows Cluster
Server (MSCS) in the Windows NT Server 4.0 Enterprise Edition
Up to 8 GB main memory on PAE systems
Up to eight-way SMP
Part 1
Planning Overview
Terminal Services
The Terminal Services feature of Microsoft Windows 2000 Server delivers
Windows 2000 Professional and the latest Windows-based applications to
computers that normally cannot run Windows. Terminal Services also offers a
remote administration mode that allows administrators to access, manage, and
troubleshoot clients. Through terminal emulation, Terminal Services allows the
same set of applications to run on diverse types of computer hardware. For
organizations wanting to increase flexibility in application deployment and
control computer management costs, the Terminal Services architecture offers an
important enhancement to the traditional two- or three-tier, client/server
architecture based on servers and full-scale personal computers. For more
information about Terminal Services, see “Deploying Terminal Services” in this
Using Windows 2000 to Improve the Way
You Work
As your organization plans to migrate to Windows 2000, one of the first questions
many people will ask is, “What's in it for me?” The advantages of migrating to
Windows 2000 will be enjoyed by your administrators as well as your users. Your
administrators will enjoy being able to provide greater mobile support, easier
client installation, and less administrative overhead. The workers in your
organization will be able to take advantage of an easier user interface and
increased reliability and availability. Additionally, individual users will be able to
see specific enhancements based on the type of work they do.
Looking at how the Windows 2000 platform might affect three different job
categories — Information Technology (IT) administrator, department manager,
and sales representative — can help you answer questions about how
Windows 2000 can improve the work accomplished in your organization. The
following sections do not provide a comprehensive list of the features that each of
these job categories will use. They provide a sample that you can use to begin
IT Administrator
As an IT administrator, Windows 2000 provides you with centralized control over
all of the clients in an organization. An administrator will also be able to use
applications written specifically to take advantage of the new technologies of
Windows 2000. These applications will be easier to deploy, more manageable,
and more reliable. As a result, you will be able to provide better service. The
following Windows 2000 features are examples of new Windows 2000 Server
technologies that can allow you to work more effectively.
Chapter 1
Introducing Windows 2000 Deployment Planning
IntelliMirror and Active Directory These features let you use Group Policy
to configure clients to meet the varying needs of particular user groups. For
example, you can make sure that everyone in the finance department has the
spreadsheet, word processing, and presentation applications they need. Likewise,
you can assign sales-tracking software to the sales team. And, you can set policies
that let users see their preferred arrangements from any computer on the network.
To reduce Help desk costs, you can secure users’ computers so they cannot
change their computer configurations.
Remote Install Technologies Remote Install (RI) technologies allow you use
Group Policy to perform an automated clean installation of the Windows 2000
Professional operating system onto a client. You can use this technology (the
RIPrep tool is available on the Windows 2000 Server operating system CD) to
install the Windows 2000 Professional operating system from one central
location. You can combine RI with Microsoft® IntelliMirror technologies to
image a complete system. If you also use roaming profiles, this combination of
features can assist greatly in the disaster recovery process.
Windows 2000 Logo Application Certification Program
The Windows 2000 Logo program is a Microsoft specification that helps
developers build applications that take advantage of Active Directory, Windows
Installer software, and other features of Windows 2000 that make applications
easier to manage on a company-wide basis. Using the information in this
specification, you can develop applications that use Windows 2000 features to
reduce your TCO and that run well with other applications in use in your
organization. For more information about the Windows 2000 Logo Application
specification, see the MSDN Online link on the Web Resources page at 2000/reskit/webresources.
Terminal Services and Mobile Devices These features let you manage
services from anywhere on the network. For example, if you receive a call about a
network bandwidth issue while you are visiting a branch office, you can use a
wireless handheld computer to access the network’s centralized management
tools, diagnose the issue, and work to resolve it.
Department Manager
As a department manager, you are responsible for coordinating a number of
projects and employees. As a result of improved information access, you can now
gather and analyze information more easily. The following are examples of how
some specific Windows 2000 features will make your work as a manager easier.
Part 1
Planning Overview
Terminal Services or Change and Configuration Management
By using Change and Configuration Management technologies, your
administrator can make sure that the software, data, and desktop settings you need
are available, regardless of where you are when you log on to the network. If you
are visiting the accounting group and you need to look up a report, you can log on
to a thin client device by using Terminal Services and work as if you were still in
your office.
NetMeeting, Quality of Service, and USB Plug and Play Support
Microsoft® NetMeeting® lets multiple users on a network see each other over a
video link and work together on documents in real time. To ensure that the video
connection does not degrade, the Quality of Service (QoS) support integrated with
Active Directory lets the administrator assign more bandwidth to the users and
applications that need it. And, universal serial bus (USB) support lets users
quickly install devices that plug in and work right away, such as video cameras.
To set up a video conference, for example, all you have to do is plug in a camera
and click on the appropriate names in your address book.
Sales Representative
By using the Change and Configuration Management technologies, your
administrator can ensure that you always have the software you need, thereby
granting you easy access to your specific tools and information. Additional
capabilities are designed for users that spend most of their time away from their
primary offices. There are several Windows 2000 features that will make your
work time more efficient — whether you are on the road or conducting meetings
from your office .
Synchronization Manager Synchronization Manager lets you work with
information offline, as if you were working on the network. For example, you can
take your customer files with you, work with them in the field, and resynchronize
them with the network-based versions the next time you log on. Likewise, you can
download Web pages from your company’s intranet site and work on them
offline. The next time you log on, you can update the intranet information on your
laptop and the customer records stored on the network.
Roaming User Profiles Roaming user profiles allows you to use your
customized desktop settings and access all of your documents from any location
on the network. As you travel, you can log on to the corporate network from any
location and still have access to all of your data. You no longer need to worry
about transferring data onto floppy disks or through e-mail to have access to your
critical information.
Chapter 1
Introducing Windows 2000 Deployment Planning
Examples of How Business Needs are
Satisfied by Windows 2000
Organizations approach deployment from many different perspectives, depending
on how they plan to implement a new operating system into their environment.
Most organizations deploy an operating system incrementally (or, in phases) to
prevent user downtime and to guarantee success at critical steps along the way.
The following sections provide some case studies and examples of how
organizations have approached deployment from a product feature perspective.
These examples provide information about how some enterprise-scale
organizations resolve pressing business issues. Use the information provided in
this section for ideas that will help you promote and more effectively use
Windows 2000 in your organization.
Case Study 1: North American Industrial Manufacturer
Manufacturing is the primary business of this organization. Product assembly
takes place at numerous locations in North America; however, their business
offices are located all over the world, creating a highly distributed global
computing environment. There are several primary product divisions with
multiple product lines. The numerous internal teams distributed worldwide require
diverse levels of access to customer and internal documents. The users in each
division require a high level of client-based customization. Additionally, there are
numerous vendors and subcontractors, some of whom need network access within
the firewall, and others whose needs require only external access. Network
administrators need to provide varying levels of security based on the needs of
each unique internal and external team.
Existing IT Environment
Currently, this organization supports a mixed Windows NT Server 4.0 Service
Pack (SP) 4 and UNIX network operating system environment and a mixed
Microsoft® Windows® 95 (85 percent), Windows NT Workstation 4.0 (10
percent), and UNIX (5 percent) client environment. Information technology is
centrally managed with control of applications and resources distributed to lower
level IT managers. The organization has high bandwidth needs and requires
strong client management. Microsoft® Exchange Server is currently a global
mission-critical application for communications and scheduling.
Part 1
Planning Overview
Goals for Deploying Windows 2000
This corporation wants to standardize on one network operating system and one
client system to reduce support costs. It will also be integrating the Exchange
Server directory service with Active Directory to create a common directory and
for increased team collaboration. In addition, they plan to expand into a
multimedia network for collaboration and information sharing.
Table 1.2 summarizes the IT goals of this organization and includes the reasons
why this organization chose Windows 2000 to meet their goals.
Table 1.2
IT Goals for a North American Industrial Manufacturer
What Windows 2000 Offers
Support and install one standard client
operating system for rapid installation and
configuration as well as inexpensive
Provides client management features, such
as IntelliMirror and automated client install
and upgrade technologies, such as Remote
Install Services and Systems Management
Install a network operating system that is
secure, but flexible and robust enough to
run on a wide variety of hardware.
Provides the security features of Kerberos
authentication and Internet Protocol
security (IPSec). Provides more hardware
choices listed in the HCL. Provides Plug
and Play functionality.
Reduce deployment and management costs
by deploying only one server image.
Support only one common server platform
and consolidate smaller servers into larger
Advanced Server functionality provides for
the computing needs of the entire
organization because it provides clustering,
load balancing, and additional processor
support capabilities.
Maintain high server uptime for
Exchange Server because it is missioncritical to the organization.
Windows 2000 provides a stable operating
system platform for Exchange Server.
Create a centralized administrative model
that provides the ability for distributed
control at lower level domains.
Active Directory provides the ability for
higher level administrators to delegate
control for specific elements within Active
Directory to individuals or groups. This
eliminates the need for multiple
administrators to have authority over an
entire domain. Active Directory allows the
company to model its networking
environment after its business model.
Provide interoperability with current UNIX
servers and use a common security
Domain Name System (DNS) dynamic
update protocol provides interoperability.
Kerberos security works on both platforms.
Chapter 1
Table 1.2
Introducing Windows 2000 Deployment Planning
IT Goals for a North American Industrial Manufacturer (continued)
What Windows 2000 Offers
Support other cross-platform security
across their enterprise.
Distributed security, including IPSec,
Kerberos authentication, and PKI.
Use a network operating system and
domain structure that reflect business needs.
Windows 2000 is flexible enough for you
to shape the domain and security
boundaries to reflect the structure of your
business rather than requiring you to
organize your business around the
limitations of the server operating system.
Create one large corporate computer
Allows you to merge Active Directory data
with Exchange Server data for a common
Expand into a multimedia network for
collaboration and information sharing.
NetMeeting allows groups in diverse parts
of the globe to converse. QoS allows you to
allocate bandwidth as appropriate during
multimedia network events. Plug and Play
makes it easy to connect cameras for
multimedia events.
Case Study 2: Large Multinational Manufacturer
With headquarters in Europe, this multinational organization maintains offices in
more than 190 countries. Growth takes place through expanded markets,
increased product sales, and mergers and acquisitions. The company manufactures
a wide range of products, including consumer and industrial electronics,
computers, and instrumentation. Each separate manufacturing entity is run as an
independent company under the umbrella of the parent corporation. There are
over 130 separate operating companies, each with its own reporting structure and
chief financial, information, and executive officers. This affects inter- and intraorganizational dynamics because each IT organization has different goals,
budgets, objectives, and constraints. The parent company needs to provide
support and guidelines for intercompany IT cooperation.
Existing IT Environment
There is no centralized IT operations group and few common IT standards across
all operating companies, either for network or client operating systems, or for
client productivity applications. The centralized IT office is responsible for crosscompany directions and standards.
Part 1
Planning Overview
Goals for Deploying Windows 2000
In 1998, this company’s IT office sponsored a project to design a global
Windows 2000 Active Directory architecture — a unifying concept across each of
the decentralized operating companies. Representative groups from several of the
operating companies focused on Windows 2000 Server and Windows 2000
Professional architecture and deployment, and then integrated when necessary and
appropriate. The parent company was tasked with developing a common
framework that would be adopted as needed by each separate operating company.
Table 1.3 summarizes the IT goals of this organization, and includes the reasons
why this organization chose Windows 2000 to meet their goals.
Table 1.3
IT Goals for a Large Multinational Manufacturer
What Windows 2000 Offers
Establish a common IT reference that all
operating company IT groups can use to
establish a global multioperator model.
The forest architecture of Active Directory
provides a single logon point and Global
Catalog capabilities.
Establish one common directory service
that can be used by all operating
Active Directory is flexible, extensible, and
customizable to accommodate the IT and
business needs of separate operating
Establish one common model for migrating
from the Windows NT environment to
Windows 2000.
Availability of Remote Install technologies
and other remote or automatic installation
tools such as Systems Management Server.
Conduct a pilot rollout that can be used as
an implementation standard for all IT
groups in other operating companies.
The capability to clone a security principal
from another Windows NT domain, and the
security identifier (SID) history features
that enable the safe move to a pilot
environment with rollback options.
Establish one common client operating
system that can be used for all operating
A common security model for desktop and
portable computers. Plug and Play
capability. Common hardware support.
Group Policy, IntelliMirror, and other client
management tools administered through
Active Directory.
Chapter 1
Introducing Windows 2000 Deployment Planning
Case Study 3: Multinational Financial Services
A multinational financial services organization comprised of seven separate
operating companies has primary headquarters located in North America, Europe,
Asia Minor, and Southeast Asia. Over 50 major regional offices provide a
complete range of financial services (investment and personal banking, asset
management and insurance). Each operating company is an autonomous business
unit; however, at the local level, each company might share offices with one or
more operating companies.
This company operates under the strict regulatory scrutiny of many countries and
under their respective statutes regarding financial privacy, trading, and IT
functionality and security. As a result, maintaining secure and stable systems at
both the network operating system level and the desktop operating system level is
Existing IT Environment
There is no central IT group for all operating companies, so there are no
comprehensive IT standards for the entire organization. Each operating company
has created its own standards; therefore, each company has its own IT
infrastructure. In some locations, operating companies share one common
network. In other locations, the number of networks matches the number of
operating companies sharing that office location. Local offices, especially the
consumer and retail locations, maintain their own file and print servers, although
regional offices usually have domain controllers. Regional offices are otherwise
limited in their IT functions.
Some financial services applications require the UNIX operating system.
Currently, all infrastructure services such as Dynamic Host Configuration
Protocol (DHCP) and DNS are managed in a UNIX environment. Windows 2000
DNS dynamic update protocol will be used while the company researches the
possibility of migrating the custom applications running on UNIX servers to
Windows 2000.
Their current network operating system environment runs 95 percent on
Windows NT Server 4.0 and five percent on Novell NetWare Bindery. The
current client operating systems in use at each operating company include 80
percent Windows NT Workstation 4.0, approximately 15 percent Windows NT
Workstation 3.51, and about 5 percent Windows 95. Some financial services
professionals use both UNIX and Windows NT 4.0 clients.
Part 1
Planning Overview
Goals for Deploying Windows 2000
One of the operating companies is developing its own Active Directory structure
with the goal of creating a common global directory design for the entire
organization. A parent company IT initiative driven by a group of IT professionals
that represent each of the operating companies is also working to develop a
company-wide Active Directory structure.
The organization plans to retire NetWare Bindery when they install
Windows 2000. The network will use both Windows 2000 and UNIX for the
foreseeable future.
Table 1.4 summarizes the IT goals of this organization and includes the reasons
why this organization chose Windows 2000 to meet their goals.
Table 1.4
IT Goals for a Multinational Financial Services Corporation
What Windows 2000 Offers
Common client operating system across the
entire environment to enable
standardization, improve manageability and
administrative capability, and reduce TCO.
Increased hardware support allows for a
wider selection of company-standard
computers (desktop and portable).
Improved power management enables
network information to be as accessible on
portable computers as it is on desktop
computers. Group Policy and other
management tools can be enabled across the
entire IT environment.
Common network operating systems that
offer scalability and availability for IT
environments with different needs
throughout all operating companies.
Offers clustering, load balancing, and the
ability to handle large data stores and
complex objects. Single point of
administration requires only one set of
administrators. Group Policy enables
refined management for all clients.
Client security on all desktops and portable
Can secure a portable computer as you can
a desktop.
Need for multiple monitors at each desktop
to simultaneously track trading and access
customer information.
Allows one CPU to support more than one
Reduce TCO through reduced client
management while increasing the level of
Improved Group Policy and integration
with Systems Management Server.
Chapter 1
Table 1.4
Introducing Windows 2000 Deployment Planning
IT Goals for a Multinational Financial Services Corporation (continued)
What Windows 2000 Offers
Reduce in-house software development and
associated costs.
Component Services and other tools, such
as Windows Installer, that are included with
Windows 2000 Server enable easier tool
building and reduce the time invested in
developing custom applications.
Common directory for all operating
Active Directory has sufficient flexibility to
accommodate all operating companies.
Allow each separate company to have its
own child domain or domains.
Active Directory design uses a top-level
domain name as a placeholder domain,
thereby allowing each separate company to
have its own child domain or domains.
Share a common directory between
Exchange Server and Windows 2000
Synchronize Microsoft® Exchange Server
version 5.5 directory with Active Directory
by using Active Directory Connector.
Remote administration of services.
Terminal Services is configured in the
lightweight Administrative mode rather
than Application Server mode. This gives
administrators another option for remote
administration without negatively
impacting server performance.
Case Study 4: International Software Development
A leading developer of computer-based operating system and applications
software for consumer and business use has its main headquarters in the Western
United States. The sales, support, and software development offices are located in
180 worldwide locations. The Information Technology (IT) division has two
primary areas of responsibility:
 Providing and maintaining IT systems and solutions that help employees work
efficiently and effectively.
 Working with product development groups to test and deploy beta products in
an enterprise environment.
Part 1
Planning Overview
Existing IT Environment
The company’s current IT environment is a homogenous Windows NT Server 4.0
environment with a broad mix of Windows NT 4.0, Windows 95, and Microsoft®
Windows® 98 clients, including multiple computers in user offices that often run
beta software. IT provides centralized:
 Directory services.
 Mail and collaboration services.
 Management of Windows NT Server 4.0 security services, network accounts,
Web services, and networking.
Users are geographically scattered throughout the globe. Eighty to 90 percent of
employees troubleshoot their own client desktops. A large number of users access
the network remotely, requiring stable remote access services. IT also supports
off-site telecommuters and employees who require international access to the
corporate network.
Goals for Deploying Windows 2000
The major goal of this company is to upgrade all of the servers and users to
Windows 2000 within 12 months. During migration, the IT group must maintain
services of critical applications and at the same time collapse resource domains
into geographically-based master user domains. Eliminating many of the resource
domains should reduce the number of servers on the network and streamline
administration, as well as reduce hardware and software support costs.
The IT department must also keep user attribute information synchronized
between Active Directory directory service, Exchange Server 5.5 directory
service, and additional systems in use across the company. Everything that is
brought online that uses Active Directory must work together. Finally, they want
to create a common console tree and create a common directory.
Table 1.5 summarizes the IT goals of this organization and includes the reasons
why this organization chose Windows 2000 to meet their goals.
Chapter 1
Table 1.5
Introducing Windows 2000 Deployment Planning
IT Goals for International Software Development Company
What Windows 2000 Offers
Consolidate global servers to
improve manageability and decrease
support costs.
Server consolidation is enabled by the highperformance memory management and
multiprocessing capability of Advanced Server.
These features improve the scalability of the
platform making it an appropriate base for server
consolidation efforts.
Purchase new state-of-the-art
hardware to create a new high-speed
corporate network.
New technologies in Windows 2000 Server are
designed to integrate with advances in computer
architecture and microchip design, including
Advanced Power Management, USB devices,
FireWire, smart card readers, and infrared support.
Standardize to one client for better
administrative control and authority
delegation, and more options for
remote installation and management.
Achieve improved desktop management through
Group Policy and organizational units enabled by
Active Directory, IntelliMirror, and other Change
and Configuration Management technologies.
Obtain 50% improvement in
performance and reliability over
Windows NT 4.0 Server on all
Advanced servers.
Baseline improvements at the kernel level of the
core operating system enable improvement in
memory management, caching, and preemptive
Move from a moderately complex
Windows NT Server 4.0
environment to a highly simplified
Windows 2000 environment.
Active Directory provides increased object storage,
more granular management of servers and clients,
and improvements in simplified domain design
through use of Domain Name System and DNS
dynamic update protocol.
Change Windows NT Server 4.0
domain structure to Active
Directory model with domains and
Active Directory provides a more flexible domain
structure to accommodate current and future
organizational needs.
Improve security, information
sharing, and transaction capability
within the company as well as with
other businesses and customers.
Enable a virtual private network using the
advanced networking and security features of
Windows 2000 Advanced Server.
Improve e-mail security.
Use PKI and certificates.
Maintain a fully functioning
corporate network throughout the
transition period.
Simultaneous administration and auditing of
servers running Windows NT Server 4.0 and
Windows 2000 Advanced Server, including all
corporate printers, file servers, remote access
servers, proxy servers, and internal Web servers.
Interoperability with Windows 95, Windows 98,
and Windows NT 4.0 clients.
Part 1
Planning Overview
Mapping Windows 2000 Features to Your
Business Needs
The prior sections have examined the features and benefits of the Windows 2000
platform from a high-level perspective of business needs, sample corporations and
users, and product features. In this section, you will review specific technology
features with the goal of determining which technologies are most important for
your organization. Review these features while keeping in mind your
organization’s short-term, mid-term, and long-term plans. The chapters in this
book that focus on design go into detail about how each technology is integrated
with other Windows 2000 technologies and what the design dependencies are.
The following sections contain tables that list many of the Windows 2000 features
that you will want to deploy and configure in your organization. Assess the
benefits of the listed features and determine their relative priority for your
organization. Then, you can develop a deployment plan that is both timely and
cost effective.
All of the tables in this section are included in “Sample Planning Worksheets” in
this book. The tables in the appendix are formatted so that you can enter your own
comments about the potential role of these features within your organization. Use
these worksheets to prepare a customized executive summary of the
Windows 2000 features your organization requires.
Note The following tables highlight the main benefits of Windows 2000 Server
and Windows 2000 Professional, and are not intended to be a complete
description of all features. For more information about a particular feature, see the
product Help files or the appropriate book and chapter in the Microsoft®
Windows® 2000 Server Resource Kit.
Management Infrastructure Services
The management infrastructure services in Windows 2000 Server provide IT
departments with tools that enable you to provide the highest levels of service
available and reduce ownership costs. Table 1.6 describes the Windows 2000
Server management infrastructure services and their benefits.
Chapter 1
Introducing Windows 2000 Deployment Planning
Table 1.6 Management Infrastructure Services
Directory services
Active Directory stores information about
all objects on the network, making this
information easy to find. Provides a flexible
directory hierarchy, granular security
delegation, efficient permissions delegation,
integrated DNS, high-level programming
interfaces, and an extensible object store.
Provides a single set of interfaces for
performing administrative tasks, such
as adding users, managing printers,
and locating resources by only
logging on once. Makes it easy for
developers to enable their applications
on a particular directory.
Administration services
Microsoft Management Console (MMC)
provides administrators with a common
console for monitoring network functions
and using administrative tools. MMC is
completely customizable.
MMC standardizes your management
tool set, reducing training time and
increasing productivity for new
administrators. It also simplifies
remote administration and allows for
delegation of tasks.
Group Policy
Group Policy allows an administrator to
define and control the state of computers
and users. Group Policy can be set at any
level of the directory service, including
sites, domains, and organizational units.
Group Policy can also be filtered based on
Security Group memberships.
Group Policy gives administrators
control over which users have access
to specific computers, features, data,
and applications.
Instrumentation services
With Windows Management
Instrumentation (WMI), administrators can
correlate data and events from multiple
sources on a local or organization-wide
WMI allows you to create custom
applications and snap-ins by giving
you access to Windows 2000 objects.
Scripting services
Windows Script Host (WSH) supports
direct execution of Microsoft® Visual Basic
Script, Java, and other scripts from the user
interface or command line.
WSH allows administrators and users
to automate actions, including
network connection and
For more information about designing and deploying Windows 2000 directory
services and Group Policy, see “Designing the Active Directory Structure,”
“Planning Distributed Security,” “Defining Client Administration and
Configuration Standards,” and “Applying Change and Configuration
Management” in this book.
Part 1
Planning Overview
Desktop Management Solutions
Desktop management solutions are features that allow you to reduce the TCO in
your organization by making it easier for you to install, configure, and manage
clients. These features are also designed as tools that make computers easier to
use. Table 1.7 highlights Windows 2000 Server and Windows 2000 Professional
desktop management features that increase user productivity.
Table 1.7
Desktop Management Solutions
IntelliMirror is a group of features that can be
used to make users' data, applications, and
customized operating system settings follow
them as they move to different computers
within their organization.
Users have access to all of their
information and applications, whether or
not they are connected to the network.
Reduces the need for administrators to
revisit desktops for application or
operating system updates.
Windows Installer
Controls the installation, modification, repair,
and removal of software. Provides a model
for packaging install information and APIs for
applications to function with Windows
Enables remote deployment and
maintenance of applications by system
administrators. Reduces the number of
dynamic-link library (DLL) conflicts.
Enables self-repairing applications.
Remote Install
DHCP-based remote start technology installs
the operating system on a client’s local hard
disk from a remote source. A network start
can be initiated by either a pre-boot execution
(PXE) environment, a PXE-enabled network
card, specific function key, or remote boot
floppy provided for clients without PXE.
An administrator does not have to visit a
computer to install the operating system.
Remote OS Installation also provides a
solution for propagating and maintaining a
common desktop image throughout your
Roaming User
Roaming User Profiles copies registry values
and document information to a location on the
network so that a user’s settings are available
wherever the user logs on.
Users have the ability to travel and still
have their documents and system
information readily available.
Option Component
Windows 2000 Server Setup allows you to
bundle and install add-on components during
or after any system setup through an
installation module.
Reduces the amount of time required for
deployment setup and reduces the number
of trips to individual computers.
Disk Duplication
You can customize a single Windows 2000
Server or Windows 2000 Professional setup
and clone it across similar computers.
Cloning can save you time and money
when deploying a large number of servers
or clients.
Note You can use Systems Management Server to complement the desktop
management technologies in Windows 2000.
Chapter 1
Introducing Windows 2000 Deployment Planning
For more information about deploying Windows 2000 Server and Windows 2000
Professional management solutions, see “Defining Client Administration and
Configuration Standards” and “Applying Change and Configuration
Management” in this book.
Security Features
Enterprise-level security needs to be flexible and robust so that administrators can
configure rules to address possible security liability without hindering the free
flow of needed information. Table 1.8 highlights Windows 2000 security features.
Table 1.8
Security Features
Security Templates
Allows administrators to set various global
and local security settings, including
security-sensitive registry values; access
controls on files and the registry; and
security on system services.
Allows administrators to define
security configuration templates,
then apply these templates to
selected computers in one operation.
Kerberos authentication
The primary security protocol for access
within or across Windows 2000 domains.
Provides mutual authentication of clients
and servers, and supports delegation and
authorization through proxy mechanisms.
Speeds performance by reducing
server loads while connections are
being established. You can also use
it to access other enterprise
computing platforms that support the
Kerberos protocol.
Public key infrastructure
You can use integrated PKI for strong
security in multiple Windows 2000 Internet
and enterprise services, including extranetbased communications.
Using PKI, businesses can share
information securely without having
to create many individual
Windows 2000 accounts. Also
enables smart cards and secure email.
Smart card infrastructure
Windows 2000 includes a standard model
for connecting smart card readers and cards
with computers and device-independent
APIs to enable applications that are smart
Windows 2000 Smart Card
technologies can be used to enable
security solutions throughout your
intranet, extranet, and public Web
Internet Protocol security
(IPSec) management
IPSec supports network-level
authentication, data integrity, and
encryption to secure intranet, extranet, and
Internet Web communications.
Transparently secures enterprise
communications without user
interaction. Existing applications can
use IPSec for secure
NTFS file system
Public key–based NTFS can be enabled on
a per file or per directory basis.
Allows administrators and users to
encrypt data using a randomly
generated key.
Part 1
Planning Overview
For more information about deploying Windows 2000 security services, see
“Planning Distributed Security” and “Determining Windows 2000 Network
Security Strategies” in this book.
Information Publishing and Sharing
Windows 2000 information publishing and sharing technologies make it easier to
share information over your organization’s intranet, extranet, or the Web.
Table 1.9 highlights features for information publishing and sharing.
Table 1.9
Information Publishing and Sharing
Integrated Web services
Windows 2000 Server integrated Web
services allow you to use a variety of
Web publishing protocols.
Flexible opportunities for
publishing information on your
extranet, intranet, or the Web.
Indexing Services
Integrated index services allow users to
perform full text searches on files in
different formats and languages.
Improves productivity.
Removable Storage
Consists of server and tool components
for delivering audio, video, illustrated
audio, and other types of multimedia
over networks.
New opportunities in training,
collaboration, and information
sharing improve productivity.
Windows 2000 makes all shared printers
in your domain available in Active
Allows users to quickly locate the
most convenient printing source.
For more information about deploying Windows 2000 information publishing and
sharing services, see “Upgrading and Installing Member Servers” in this book,
and the Microsoft® Windows® 2000 Server Resource Kit Internet Information
Services Resource Guide.
Component Application Services
As a development platform, Windows 2000 offers Component Object Model
(COM) and Distributed COM (DCOM) support that extends a development
team’s capabilities to efficiently create more scalable component-based
applications. Table 1.10 highlights Component Application Services features.
Chapter 1
Table 1.10
Introducing Windows 2000 Deployment Planning
Component Application Services
Queued Components
Developers and administrators can
choose the appropriate communications
protocol (DCOM or asynchronous) to
use at the time of deployment.
Easier for developers to take
advantage of the store and forward
services offered by the integrated
message queuing services in
Windows 2000 Server without
having to write any code.
Publish and Subscribe
COM Events provide a uniform publish
and subscribe mechanism for all
Windows 2000 Server applications.
Developers do not have to reinvent
and program fundamental services.
Transaction Services
Provides information updates by calling
an application on a mainframe, or
sending and receiving a message to or
from a message queue.
Provides a way for developers to
guarantee correctness of their
applications when updating
multiple data sources
Message Queuing Services
Ensures that a message transaction is
either completed or safely rolled back to
the enterprise environment.
Provides developers with the
facilities to build and deploy
applications that run reliably over
unreliable networks and operate
with other applications running on
different platforms.
Web Application Services
Developers can use Active Server Pages
to build a Web-based front-end to their
existing server-based applications.
Web Application Services allows
remote servers to be administrated
through a Web browser with
minimum connectivity cost.
For more information about deploying Windows 2000 Component Application
Services and the Microsoft® Security Support Provider Interface, see
“Determining Windows 2000 Network Security Strategies” in this book. For more
information for developers, see the MSDN Platform SDK link on the Web
Resources page at
Note You might want to discuss these features and their potential business value
with members of your application development team. Their knowledge can assist
you in determining the potential business value of these technologies to your
Part 1
Planning Overview
Scalability and Availability
Faster CPUs and network adapters are the traditional benchmarks of network
performance. In the future, more efficient read/write capabilities, improved
input/output (I/O) performance, and faster disk access will be equally important
characteristics of network architectures. Environments that require missioncritical computers can now use the extended capabilities of Windows 2000.
Table 1.11 highlights Windows 2000 features that will assist you in improving
network scalability and availability.
Table 1.11
Scalability and Availability
Enterprise Memory Architecture
Windows 2000 Advanced Server
allows you to access up to 32 GB of
memory on processors.
Allows applications that perform
transaction processing or decision
support on large data sets to keep
more data in memory for improved
Improved symmetric
multiprocessing (SMP) scalability
Windows 2000 Advanced Server has
been optimized for eight-way SMP
Allows organizations to take full
advantage of faster processors.
Cluster service
Allows two or more servers to work
together as a single system.
Allows greater availability,
reliability, stability, and security
with simplified management.
Intelligent Input/Output (I2O)
I2O relieves the host of interruptintensive I/O tasks by offloading
processing from main CPUs.
Improves I/O performance in highbandwidth applications.
Terminal Services
Through terminal emulation,
Terminal Services allows the same
set of applications to run on diverse
types of client hardware, including
thin clients, older computers, or
clients not running Windows. Can
also be used as a remote
administration option.
Allows for centralized management
of applications and desktops for
task-based workers. Provides
technology for bridging existing
desktops to a full Microsoft®
Win32® environment. Gives
remote users local network
performance over dial-up remote
access connections. Also provides
for graphical remote administration
of any Windows 2000 Server.
Chapter 1
Table 1.11
Introducing Windows 2000 Deployment Planning
Scalability and Availability (continued)
Network Load Balancing
Combines up to 32 servers running
Windows 2000 Advanced Server
into a single load balancing cluster.
It is used most often to distribute
incoming Web requests among its
cluster of Internet server
Enhances the availability and
scalability of Web servers, File
Transfer Protocol (FTP) servers,
streaming media servers, and other
mission-critical programs by
combining the functionality of two
or more host computers (servers
that are members of the cluster).
IntelliMirror allows users to have
their data, applications, and settings
follow them when they are not
connected to the network.
Data is always available and the
user’s view of the computing
environment is consistent, whether
or not the client is connected to the
For more information about deploying Windows 2000 Cluster service, see
“Ensuring the Availability of Applications and Services” in this book.
For more information about Terminal Services, see “Deploying Terminal
Services” in this book.
Networking and Communications
To enhance your networking environment, consider the Windows 2000
technologies listed in Table 1.12, which can give you greater bandwidth control,
secure remote network access, and native support for a new generation of
communications solutions.
Table 1.12
Networking and Communications
DNS dynamic update protocol
Eliminates the need to manually edit
and replicate the DNS database.
Reduces administration and
equipment costs by reducing the
number of DNS servers needed to
support a network.
Quality of Service (QoS)
QoS protocols and services provide a
guaranteed, end-to-end express
delivery system for IP traffic.
Allows you to prioritize network
traffic to ensure that critical processes
are completed and data is delivered
promptly and accurately.
Part 1
Table 1.12
Planning Overview
Networking and Communications (continued)
Resource Reservation Protocol
A signaling protocol that allows the
sender and receiver to set up a
reserved path for data transmission
with a specified quality of service.
Improves connection reliability and
data transfer.
Asynchronous Transfer Mode
An ATM network can simultaneously
transport a wide variety of network
traffic, including voice, data, images,
and video.
Unifying multiple types of traffic on
a single network can dramatically
reduce costs.
Streaming Media services
Server and tool components for
delivering multimedia files over the
Streaming Media can dramatically
reduce the cost of travel, team
collaboration, and training by
offering online meeting and
information sharing.
Fibre Channel
Fibre Channel provides one gigabit
per second data transfer by mapping
common transport protocols and
merging networking and high-speed
input and output in a single
Improved flexibility, scalability,
manageability, capacity, and
availability over small computer
system interface (SCSI) technologies
for demanding applications.
IP Telephony
The Telephony API 3.0 (TAPI)
unifies IP and traditional telephony.
Developers can use TAPI to create
applications that work as well over
the Internet or intranet as they do
over a traditional telephone network.
For more information about Windows 2000 networking and communications
features, see “Preparing Your Network Infrastructure for Windows 2000” and
“Determining Network Connectivity Strategies” in this book.
Storage Management
Windows 2000 Server provides storage services designed to improve both
reliability and user access. Table 1.13 highlights these services.
Chapter 1
Table 1.13
Introducing Windows 2000 Deployment Planning
Storage Management
Remote Storage
Monitors the amount of space available
on a local hard disk. When free space on
the primary hard disk drops below the
level necessary for reliable operation,
Remote Storage removes local data that
has been copied to remote storage.
Allows administrators to manage the
amount of free disk space by migrating
files to a tape library where the files
remain active from the user’s
Removable Storage
Allows administrators to manage
removable storage devices and functions.
Administrators can create media pools
that are owned and used by a particular
Allows administrators to optimize
network performance by controlling
where data is stored. Also makes it
possible for multiple applications to
share the same storage media resources.
NTFS file system
Supports performance enhancements
such as file encryption, the ability to add
disk space to an NTFS volume without
restarting, distributed link tracking, and
per-user volume quotas to monitor and
limit disk space use.
File encryption reduces the risk that
confidential data is exposed to
unauthorized users. Being able to extend
partitions quickly reduces server and
network down time and the risk of data
Disk Quotas
Helps administrators plan for and
implement disk utilization.
Reduces the need for hardware
administration and decreases
maintenance costs.
With Backup, users can back up data to a
variety of storage media, including hard
drives, and magnetic and optical media.
Helps protect data from accidental loss
due to hardware or storage media failure.
Distributed File System
(Dfs) Support
Allows administrators to create a single
directory tree that includes multiple file
servers and file shares, and allows
interoperability between Windows 2000
clients and any file server that has a
matching protocol.
Dfs makes it easier for administrators
and users to find and manage data on the
network. Dfs also provides a faulttolerant share for important network
For information about deploying Windows 2000 Server storage management
technologies, see “Determining Windows 2000 Storage Management Strategies”
in this book.
Part 1
Planning Overview
Planning Task List for Mapping
Windows 2000 Features
Use the planning task list contained in Table 1.14 as you begin your
Windows 2000 deployment planning process.
Table 1.14
Planning Task List for Mapping Windows 2000 Features
Location in Chapter
Understand how the structure of this book
will assist you in your deployment planning
Starting Your Plan
Learn about the Windows 2000 product
Overview of Windows 2000 Product
Analyze how specific features can be used
to enhance worker productivity.
Using Windows 2000 to Improve the Way
You Work
Review Windows 2000 features in context
of your business goals.
Mapping Windows 2000 Features to Your
Business Needs
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF