Who needs it?

ITworld.com – Windows 2000 marks a big change in direction for Microsoft's business-class platform. The focus of the new generation is to more easily support large-scale networks of users and computers. Microsoft hopes this new version will eliminate criticisms about the poor performance of Windows NT in the enterprise arena. A major part of the company's efforts was directed at enabling the OS to run better on larger servers and at supporting more memory and faster and more complex peripheral devices. Windows 2000 has made improvements not only in the type of hardware it can support, but also in the number of features it has added. Microsoft says that, with the new features, the OS can scale across the platforms in your enterprise, from desktops to workstations to workgroup servers and enterprise servers alike. Furthermore, its improvements will make managing the system easier.

Microsoft's claims aside, are the new features useful to you now? If so, will you need to change your current environment to take advantage of them? How difficult are they to implement? And what effect will they have on existing systems? With these questions in mind, we'll explore a number of Windows 2000's purported advantages.

Management and remote administration

Microsoft Management Console MMC consolidates all the administration tools in Windows 2000. It incorporates both new and existing management tools into a single interface that covers every aspect of the system. And once you adjust to how MMC works, you will find that it has incorporated the earlier tools into the system so that they operate very much as they did before. This keeps things familiar for the administrator and makes it easier to improve the interface for management, event logging, and report generation. In addition, some administrator tasks can, in a simple way, be delegated to lower-level administrators or less-privileged operators. By giving you easier access to all the administration tasks, this unified tool can reduce the amount of time needed to solve problems.

Windows Terminal Server. Although not really a new feature, WTS is now included as part of Windows 2000 Server rather than as a separate package. The new version maintains full compatibility with the Remote Desktop Protocol (RDP) used in NT 4, and will thus allow Windows 9x or NT systems to connect to the Windows 2000 Server through the WTS client software. This allows older Windows machines to access software on the server and thus can support a migration path from the older systems to newer software services that are supported only on Windows 2000. It also implements a thin-client model of computing, reducing the amount of software management required on desktops. That should make it a valuable addition to the Windows Server platform for any site.

IntelliMirror.This new service lets users roam from desktop to desktop while maintaining full access to their personal environments and files. The service replicates software installed on one machine onto others, based on a user profile maintained on a Windows 2000 server. So users' files and applications move with them. Although the replication can take time -- especially if the application software is not installed -- the software runs locally once it is in place. The system is thus faster than a remote display technology such as Windows Terminal Server.

The downside is that IntelliMirror works only for Windows 2000 desktops, so it's of limited use if you're planning to start only with a server migration. Furthermore, it works best if users don't move constantly between machines, since that increases the amount of replication needed. IntelliMirror will appeal to organizations whose users run a closely defined set of applications, but only if those organizations are planning to move large numbers of workstations over to Windows 2000 Professional. Those with existing Windows 9x and NT desktops should probably wait to get excited about IntelliMirror until the next upgrade cycle for all the desktops

Remote OS installation. The capability to do remote installations can be valuable when you have to deploy large numbers of desktop systems. The desktop OS can be installed from a server over the network, complete with personalized configuration information. However, this feature works only with Windows 2000 Professional desktops and not the Server editions or any of the earlier desktop OSs. Furthermore, the desktops require special network cards that support the Intel Portable Execution Environment (PXE) to allow network booting. Another drawback is that you cannot <em>upgrade</em> the operating system remotely, only perform fresh installations. As with IntelliMirror, these issues combined make this service of little use unless you are planning to deploy Windows 2000 Professional on the desktop.

Service Pack Slip-Streaming. Microsoft has finally fixed its limited method of performing OS upgrades through service pack releases. With existing NT systems, the service pack cannot be removed once it is applied. You need to reinstall the operating system from an earlier service pack to get it back to the condition it was originally in. This is a concern because Microsoft has repeatedly released service packs that have caused existing services to break or have created new problems when installed. With Service Pack Slip-Streaming, you can install and remove Service Packs as you need to, thus saving an enormous amount of time. This is definitely a useful tool because you will undoubtedly be installing a Service Pack for Windows 2000 in the future. Too bad Microsoft couldn't put this capability into NT 4 systems.

Network and hardware services

Asynchronous Transfer Mode. ATM network services are new in Windows 2000. Previously, you had to rely on custom drivers from each ATM network card vendor. With standardized drivers, you can now directly use pure ATM services, as well as IP over ATM. Unfortunately, a number of factors make this capability less important than it might have been at one time. First, ATM for the desktop has not caught on. Competing technologies such as Fast and Gigabit Ethernet are cheaper and easier to implement. Second, ATM network speeds start at around 155 Mbps (not including the desktop technologies), and go up to 10 Gbps at the high end, rates that require high-performance system buses to transfer data. Not only do most PC systems and servers lack the necessary bus speeds, but high-speed network traffic also causes a lot of processing overhead in Windows that reduces actual throughput. Although ATM-based Windows products will probably still emerge, this feature isn't much of a draw for most administrators.

Virtual private networks. VPNs are in high demand in these days of extranets and remote offices with Internet access. A VPN lets a single remote desktop or an entire branch office communicate on a par with systems on the corporate network. In days of yore, remote clients had to be restricted because of the security risks they presented. Today, with encryption technologies it is possible to pass data among sites without anyone being able to intercept and view it. Secure VPN technology is built in to the Windows 2000 network and remote access services, since it implements the IP Security (IPSec) protocol for communicating over the Internet. Windows did have earlier technologies that allowed VPNs, including Point-to-Point Tunneling Protocol (PPTP) and Layer-2 Tunneling Protocol (L2TP), but these did not offer secure encrypted communications.

There is a catch to IPSec in Windows 2000, though. IPSec was designed so that any two hosts running any OS platform could communicate with each other. The Windows 2000 IPSec implementation, however, requires that you also use L2TP to authenticate users on remote machines as well as support other non-IP protocols. This breaks compatibility with other platforms, most of which do not use Microsoft's L2TP system. Thus, Microsoft-flavored VPN technology can work only among Windows 2000 systems, severely limiting its use in heterogeneous environments.

Quality of service. QoS is a new arrival for IP network communications in general. QoS attempts to define a guaranteed level of quality for communications between two IP hosts,on top of the nonguaranteed protocol services of IP. The Internet standard for setting up such services is the Resource Reservation Protocol (RSVP), but for any appreciable results, RSVP needs to be supported on as many of the network nodes located between the end-points as possible. QoS is thus lagging in wide deployment. Network administrators don't use it because most of their desktop and server systems don't support QoS. This ends in a catch-22: The network doesn't have it because the systems don't, and the systems can't really make use of it until the network implements it. The good news is that Windows 2000 now supports the standard method for supporting QoS. The bad news is that older Windows systems do not. Thus QoS becomes a useful feature only if you plan to have lots of Windows 2000 -- or non-Windows systems that support QoS -- on your network.

Plug and play. Plug and play is nothing new for Windows 9x users, but NT Workstation users will be happy that it is now available for Windows 2000 systems. Furthermore, the Windows driver model used in Windows 2000 is similar to that in Windows 9x, making it easier for vendors to port device drivers to the new platform. This means greater support for adapters and other devices that go into your system. Everyone wins with this new feature.

Power and configuration management. Advanced power and configuration management brings more relief for NT Workstation users. This feature allows Windows 2000 Professional to use the battery systems in laptops more efficiently, giving longer work times between recharges while you're on the go. Again, a great addition.

Security services

Encrypting File System. EFS is a new feature for the safety conscious. Using this file system, any data stored on the disk can be accessed and read only by the owner of the data. Saved data are automatically encrypted; your owner information and local host information generate a local certificate. Other users cannot read even plain text files, even if they have access to your directory. Especially important is that EFS is integrated into the NTFS 5.0 file system architecture and thus works with all software. This encryption/decryption process adds overhead and delay to accessing files, but except for very large files, it offers a greater value in security than the seconds it makes you wait. Network users can access information if they have been authenticated properly and have proper access to the directory and files. EFS is a good new feature to have on an enterprise operating system, especially as users become more privacy conscious.

Distributed File System. With DFS, you can make a single tree of all public files and directories on your network and hide the identities of the servers and drives they refer to. This makes it much simpler to access any file without having to remember which server and drive it was stored on. In other words, Windows finally catches up to the distributed file system tree capabilities of Unix and NFS.

On the other hand, DFS can confuse an end user because of changes in file-access procedures. Although the benefits of using DFS are numerous, users may be used to the existing Common Internet File System (CIFS) method of mounting a remote drive as a new drive letter. Worse yet, CIFS information may be encoded into the data and application files, making it difficult to switch to the new system. DFS is handy, but it will probably come into use slowly.

1 2 Page 1
ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon