Windows Server 2003 on HP ProLiant Servers : Assessment of the Enterprise - Conducting the Assessment

This section is a practical guide to building a template from which the assessment data can be gathered and a resulting document produced. The topics listed here note differences in approach between a Windows NT assessment and a Windows 2000 assessment for a Windows 2003 migration. The assessment will involve all of the design team members—each one taking responsibility for the part of the migration that falls in his or her area of expertise. Typically, when I do an assessment for a customer, I conduct interviews with all the design team members to get a complete view of the total environment.

Introduction to the Assessment

This portion of the document describes the scope of the assessment, such as reviewing the current design, identifying elements of the migration that are not ready for the migration to Windows 2003, and identifying infrastructure configuration changes and upgrades that are required prior to the migration. Also included in this section is a list of benefits for the company as a result of the migration, as well as a list of tasks to be accomplished to allow you to realize those benefits. Some recommendations might include

• Test application compatibility with Windows 2003. This is more of an issue if you are migrating from Windows NT.

• Make administration changes, if any are needed.

• Consolidate servers.

• Upgrade hardware following the Hardware Compatibility List (HCL) published by Microsoft on its Web site.

Overview of Existing System Environment

This section surveys the physical environment. Determining the existing environment helps identify changes needed for an efficient AD implementation. The organizational structure, server systems topology, network topology, network services, operating systems (OSs) and server inventory, user working environment, and security are important parts of this section.

You should survey the organization of the enterprise to gather information about the physical locations of company offices and the user population in those sites. In addition, it is important to identify the workstations and member servers (file/print, application, and so on). This helps you determine the design of the AD sites—distribution of Domain Controllers (DCs), and GC servers—as well as administration requirements. A typical summary of the user distribution is shown in Table 1.

If the sites are all Windows 2000 rather than Windows NT, this is a good way to evaluate the distribution of DCs, GCs, and Flexible Single Master Operation (FSMO) role holders. Table 2 shows a Windows 2000 environment. Note that San Antonio and Miami have GCs, but have small communities of users. They might be good candidates for Windows 2003's Universal Group Membership Caching feature to eliminate GCs for autonomous user logon in those sites.

Server Systems Topology

This section identifies the existing domain structure, an analysis of the deployment of DCs including hardware configuration, the administration model, security standards, and Transmission Control Protocol/Internet Protocol (TCP/IP) addressing standards. In the list shown here, I have provided various components of the systems topology and how they could be documented in the assessment:

• Existing Domain Structure: A drawing showing the Windows NT or Windows 2000 domain structure is used here to describe the functional aspects, such as the domain names and function (Account or Resource domain for Windows NT, parent and child domains, and OUs for Windows 2000).

• Administrations Model: Either a description or a drawing will be used here to describe a centralized or distributed model or perhaps a combination of the two. Identify them per site and the domain or OU that they administer. You might want to include the Administrators' names.

• Security Model: This varies depending on whether you are assessing a Windows NT or Windows 2000 environment. As you identify these security areas, you will undoubtedly start identifying security features in Windows 2003 that you want to implement or at least explore.

• Windows NT: Identify protocols used for remote access; use of System Policies, user profiles, and password policies.

• Windows 2000: Remote access policies and protocols (dialup, VPN [Virtual Private Network], and so on), security settings in Group Policy, and OUs.

• Both Windows NT and Windows 2000: Identify certificate services that are implemented, firewalls in use, Demilitarized Zone (DMZ) configuration, and auditing.

• Naming Standards: Identify naming standards for users (accounts and mailboxes), groups, computers (workstations, servers, and DCs), domains, OUs, and so forth. If you are migrating from Windows NT, check for characters used in NetBIOS names that are not recommended for DNS names in Windows 2003, such as special characters—especially the dot (.) and hyphen (-).

• TCP/IP: A chart such as the one shown in Table 3 is invaluable for managing TCP/IP addresses. Of course, this example is just a sampling of the real map, but you get the idea. If you don't have a document like this, make one now.

  Table 3. TCP/IP Address Assignment

  IP Range	Purpose
  192.168.0.0–192.168.50.255	Entire IP addressing scheme
  192.168.0.1–192.168.0.255	Routers, network appliances
  192.168.1.1–192.168.1.255	Servers, DCs
  192.168.2.1–192.168.2.255	Remote access (static), VPN pool
  192.168.3.1–192.168.3.255	DHCP for New York
  192.168.4.1–192.168.4.255	DHCP for Columbus
  192.168.5.1–192.168.5.255	DHCP for Providence

  
  

Network Topology

A network topology map can mean anything from a complex diagram showing routers, switches, and IP addresses to a simple drawing showing network connections and link speeds. All we need here is a conceptual diagram like that shown in Figure 1. We need to know the physical locations, how they are connected to the other locations, and, if possible, speeds and available bandwidth. This will be important for the design of the site and replication topology.

Figure 1. Functional diagram of a network topology.

If you already have Windows 2000 implemented, this will not be new to you. However, it's important not to skip this phase. Network changes might have been implemented since you deployed Windows 2000, or you might have decided that, with some experience under your belt, it's time to take a fresh look at the replication topology.

Other network-related topics you should consider include

• Bandwidth analysis

• Network resilience

• LAN connectivity (here's where you want a router diagram)

Network Services

Network services should be listed for later examination for removal or upgrade. This review also gives you a good definition of how services such as DHCP, NetBIOS, and DNS are configured and implemented, and identifies all existing protocols. You might also want to list problems that currently exist that should be addressed prior to the migration. The following list identifies services and details how you can assess the impact of each service:

• DHCP: Identify how DHCP is configured for leases, renewals, DNS registration, and so on. This is a good time to determine what percentage of your total DCHP addresses are being used. The migration might bring in more clients than you previously had.

• NetBIOS: Identify the WINS structure—servers, configuration, IP address, PUSH/PULL configuration, verification interval, and extinction, as well as the backup strategy. If you have a Windows 2000 environment, you might not even have a WINS implementation because it is primarily used for downlevel clients.

  note

  Although WINS isn't necessary for a pure Windows 2000 domain with no downlevel clients, NetBIOS is. There is some confusion on this point. NetBIOS should not be disabled. Many Microsoft and third-party applications, as well as some Windows components, still use NetBIOS name resolution and broadcasting.

  
  

• DNS: Describe the current DNS infrastructure. If you make a diagram, it will help visualize the structure, and will be a valuable tool in making changes and troubleshooting problems in the future. If you have a pure Windows NT structure currently, you probably have not paid much attention to DNS. The success of the Windows 2003 infrastructure will depend on the capability of DNS to resolve names of the DCs for authentication and authorize access to resources in the domain and forest. Some questions to ask concerning the existing DNS structure include

  • Who hosts the top-level company DNS domain (that is, company.com?

  • Is the company's top-level domain hosted by an ISP or internally?

  • Is DNS hosted on a UNIX, Linux, Windows NT, or Windows 2000 server?

  • What “brand” of the DNS service has been implemented (for example, BIND, Microsoft, QIP, NetID, and so on)?

  • What other clients are currently using DNS (UNIX, Linux, and so on)? That is, who else has an interest in your DNS design?

  • Is there more than one DNS namespace in the company?

  • Do you have a separate namespace for internal and external DNS domains, or do you have a single domain name that is used for both?

  • If the same DNS namespace is used externally and internally, is it physically split, also known as split-brained, or is it unified?

  • How many DNSs are there currently and where are they deployed?

  • Who administers the DNS?

  • Are forwarding and stub zones used? Forward and reverse lookup zones used?

  • Where are secondary zones hosted?

  • What caching servers, client TCP/IP configuration, and DNS suffixes are used?

The important point here is to examine DNS carefully. One customer I worked with was using NetID for DHCP and DNS and had planned to move to QIP. This DNS migration had to be included in the migration plan as a preparatory step. It is important during the assessment to identify situations like this that will impact the migration.

ProLiant Network Adapters and Interconnects

In assessing the physical network components, it makes sense to identify the various network interface options available to the ProLiant family of servers. The majority of the current line of ProLiant servers use dual-port, embedded Network Interface Cards (NICs), meaning the NICs are embedded in the motherboard. This feature is referred to as LAN on Motherboard (LOM). LOM is a space-saving feature that enables the current trend toward consolidation and space-saving server architectures. LOM also frees up a PCI (Peripheral Components Interconnect) slot for other PCI options. All embedded and slotted NICs currently shipping in ProLiant servers offer a full set of features for improve functionality and performance, including

• Gigabit Ethernet throughput: Up to 1000Mbps Ethernet transfer rate delivers outstanding network performance that improves response time and removes bottlenecks across the entire network.

• Tri-Speed support: Supports both 10Mbps Ethernet and 100Mbps Fast Ethernet in addition to Gigabit Ethernet, meaning users are guaranteed end-to-end protocol support across their enterprise. All HP server adapters adhere to open industry standards, ensuring that it will work seamlessly with any network devices that also support IEEE standards.

• PCI-X data path: HP was an early champion of PCI-X bus technology and has played a key role in the development and industry adoption of the PCI-X specification. The PCI-X 64-bit/133MHz data path yields faster transmission with lower CPU utilization than smaller bus architectures.

• Network Fault Tolerance (NFT): NFT, sometimes called failover or NIC redundancy, allows for the installation of multiple server adapters or other network adapters so that the active device can be backed up by a redundant adapter to improve availability. HP's teaming utility also allows users to specify that when a failed adapter is fixed and replaced, the original adapter resumes its function as the primary network connection.

• Load balancing and port bonding: Transmit Load Balancing (TLB) and Switch-Assisted Load Balancing (SLB) are two advanced features used to build a bigger pipe for improved networking bandwidth. These port-bonding techniques enable users to install up to eight adapters in a ProLiant server and aggregate their throughput up to a theoretical maximum of 16Gbps full-duplex transmission.

• Bus-mastering: Bus-mastering technology helps maximize throughput and minimize CPU utilization. It enables a controller connected to the PCI bus to communicate directly with other devices on the bus without going through the CPU.

• Jumbo Frames: Also known as Extended Frames, they offer a 9K maximum transmission unit, which is six times the size of traditional Ethernet frames. Jumbo frames are a way to achieve higher throughput and better CPU utilization when deployed in a network infrastructure that supports them. Jumbo frames are particularly useful for database transfers and tape backups.

  note

  Jumbo frames require the switch and routing infrastructure that is configured to support them.

  
  

• TCP Offloads and Interrupt Coalescing: TCP Checksum Offloads as well as TCP Segmentation Offloads and Interrupt Coalescence are features that reduce the load on the CPU for overall improved system response. Interrupt Coalescence groups multiple packets and issues a single interrupt to the host. This process optimizes host efficiency, leaving the CPU available for other duties.

• Pre-Boot Execution environment (PXE): Enables automatic deployment of computing resources remotely from anywhere and allows a new or existing server to boot over the network and download software, including the OS, from a management/deployment server at another location on the network. Additionally, PXE automates setting up and configuring new systems and enables decentralized software distribution and remote troubleshooting and repairs.

• Cold boot Wake on LAN (WOL): A system that supports WOL can remain available to a system Administrator during its normal downtime. After the machine is awakened, the system Administrator can remotely control, audit, debug, or manage the machine.

• Dual Address Cycle (DAC): This feature provides the capability to address memory above 4GB and improves system performance because it keeps the OS from performing a buffer copy from below 4GB to above 4GB.

• ACPI (Advance Configuration Power Interface): Reduces power consumption. ACPI is an open standard developed jointly by HP, Microsoft, Intel, Toshiba, and Phoenix that establishes standard interfaces for power management on laptops, desktops, and servers.

• Auto-negotiation: Automatically senses and configures itself to the speed of the device to which it is attached. It also automatically configures for half- or full-duplex, depending on the duplex mode of the switch, hub, or router at the other end of the cable.

• Management support: All HP server adapters ship with drivers and agents that can be managed from all versions of HP Systems Insight Manager (SIM), as well as using any management application that supports Simple Network Management Protocol (SNMP).

• LED indicators: Show link integrity, network activity, and speed.

This range of features helps ProLiant server customers in future-proofing their ProLiant servers for the inevitable increase in networking throughput. For servers that require additional network connections, HP offers optional NICs.

The gigabit Ethernet adapter has a couple of options:

• Gigabit over copper 10/100/1000 Base-TX Ethernet server adapters

• Fiber-optic Gigabit Ethernet server adapters with SC or LC connectors

For the complete details on the full-feature sets, including IEEE 802.xx, PCI-X, PCI, and ACPI information on HP's line of ProLiant Embedded or Slotted Ethernet adapters, see the HP Web site at http://www.hp.com/servers/networking.

Servers

This section should include a comprehensive survey of servers (including DCs), OSs employed on those servers, and any applications running on the servers. Tables 4 and 5 are examples of how this could be done. The columns, of course, can be adjusted to collect relevant data. The advantage of this, although it might take time to collect, is that you can easily see all hardware configurations for comparison to the HCL, as well as identify specific needs, such as a memory upgrade. Table 4 shows that several servers are at old service packs, so bringing them up to the current service pack would be added to the project. The application inventory, shown in Table 5, is a good way to see all the applications at a glance for evaluation of the current version, Windows 2003 compatibility, and whether they have been validated by your staff.

Rather than cluttering up the assessment document with what could be a several-page table, I usually add this information in the appendix of the assessment document. You only need to specify processor type, number of processors, memory, disk space, and the make and model of the servers—just the information needed to validate them on the HCL. Besides physical components, it is important to upgrade ROM, drivers, and other software components, as noted in Table 6. During the initial phases of the migration, it's important to evaluate what needs to be done to upgrade existing servers so they are compatible with Windows Server 2003. Don't wait until you are ready to deploy Windows Server 2003 to start looking for drivers.

One of the most important items in this list is that of the Windows 2000 Primer Utility. This utility must be run on all ProLiant Windows NT servers before they are upgraded to Windows 2003 to erase all incompatible ProLiant utilities. Failure to do this causes operation failures after the upgrade. Note that this utility does not need to be run on Windows 2000 systems prior to the upgrade.

Physical Environment

Other physical features of the environment should be assessed. These features will be very important in the AD design later on. The intent is to get the big picture of what the physical network looks like. Questions to ask in this assessment phase include

• Are all users in a single building or location?

• Does the location provide a lockable/securable room for server equipment?

• Is there a single site or are there multiple sites (locations of offices with users in them)?

• Do the company sites span multiple countries?

• Is there a defined Data Center or Centers?

• What is the current security scheme, and what policies are used?

• What is the current utilization of the network capacity?

• Will there be adequate power, network capacity, network drops, and so on if additional servers are deployed?

After procuring these answers, you should provide (or create) a map of the network topology and identify slow links.

In addition to the server environment, the user environment must be designed to address the requirements from the user community.

User Working Environment

This section describes the user's workstations and computing environment. You should list all OSs, hardware configurations, applications, remote user configurations (laptops, remote connection software, SmartCards, and so on), and how profiles and group or System Policy are managed. In analyzing the applications used, you should quantify the list, relating which users have which applications. You should work with those responsible for applications and the user environment to start developing a test procedure to qualify all applications—especially home-grown ones—for Windows 2003. Don't assume that because they are working in the Windows 2000 environment, that they will work in the Windows 2003 environment with no problem.

It is imperative that the user environment is properly defined to minimize impact on the users. This includes reproducing the profile the users are currently using. Having thousands of users spend an hour or so getting their desktop the way they want it can cost the company—and the project—a lot of money, in addition to additional help desk calls when the help desk could be handling more important issues.

Security

In recent years, the influx of viruses, worms and hacker attacks require even the most novice home computer user to employ security measures to protect private resources. If you are in a Windows NT environment, you might consider enlisting the help of a qualified security consultant if you don't have someone on staff with that expertise. Even if you have been active in Windows 2000 security using Public Key Infrastructure (PKI), Kerberos authentication, Certificate Services, and the Software Update Service for patch management, there are significant changes in Windows 2003. The assessment simply requires you to evaluate and describe the current infrastructure, but you should take advantage of this opportunity to get an expert to evaluate it and make recommendations that will be used in the design and implementation phases.