Eastman Chemical Company
Fortunately, Eastman Chemical Company, a global
chemical manufacturing company (not to be confused with Eastman Kodak),
gave me permission to describe its Windows 2000 migration from Windows
NT. I was engaged as a consultant working for Compaq at the time to
assist the design team to the point of the upgrade. Eastman's migration
had several interesting facets that make its migration a good study.
Eastman Chemical Company has its world headquarters
in Kingsport, TN, and has approximately 15,000 employees spread across
more than 30 countries around the world. Its Windows NT configuration,
depicted in Figure 2,
was a single Windows NT master user domain with several resource
domains. Although at the time, the in-place upgrade method was generally
thought to be for smaller companies, Eastman decided to use it rather
than a restructure. Eastman's goal was to do an in-place upgrade of the
Eastman master user domain and create the Windows 2000 domain, EMN.com,
shown in Figure 3,
and then migrate the computer accounts from the W2K.tmp resource domain
after all the DCs were upgraded to Windows 2000. Note that EMN.com is
Eastman's internal namespace, derived from their stock ticker symbol,
EMN.
The migration plan was well thought out and worked well. The plan is illustrated in Figures 4 through 6, although these figures illustrate only a few of the 30 remote sites.
The initial site configuration, shown in Figure 4,
consisted of a PDC and several Windows NT BDCs in the Kingsport hub
site for the Eastman domain, and a BDC in each of the major remote
sites. In addition, there was a DC in each site for the Windows 2000
domain, W2K.tmp, which housed all the computer accounts. Eastman wanted
to do this migration with as little downtime as possible, so the company
executed the following steps:
1. | The
DNS and Dynamic Host Configuration Protocol (DHCP) infrastructures were
configured, tested, and validated prior to the Windows migration. A
number of changes were made in terms of network upgrades, DHCP lease
reconfiguration, and so on. These were all completed and validated
before the upgrade of the Windows environment began.
note
The DC in each site for the W2K.tmp domain were new
powerful machines that Eastman wanted to use as the DCs for the new
EMN.com domain. |
2. | Installed
a “helper” DC in each of the remote sites for the W2K.tmp domain,
making two DCs in each site for that domain. These helper machines were
mostly workstations at the remote sites that Eastman beefed up to be
temporary servers (see Figure 6).
|
3. | With
helper machines in place and the W2K.tmp domain stable, had a local
site IT contact wipe the original W2K.tmp DCs and do a fresh install of
Windows 2000 with service packs, security patches, and so on, on them.
All they needed to do now was wait for the PDC to be upgraded and then
run DCPromo.
note
Without the helper machines, Eastman would have had
to either do an in-place upgrade on the existing BDC or do a wipe and
reload, causing inconvenience to the users as they would have had to
authenticate to another BDC. Of course, there is always the possibility
of some failure happening on the upgrade. The helper machine eliminated
nearly all of the risk of the upgrade.
This method does take extra time, planning, and
hardware resources. Consider the benefit of the risk reduction to the
extra time and cost to determine whether it makes sense in your
environment. If you are confident that the upgrade will go smoothly
(that is, you've tested the hardware, drivers, and so on, on all DCs),
then a weekend upgrade—perhaps a few per weekend—would cause little
disruption to the users. |
4. | Performed
an in-place upgrade on the PDC in Kingsport and then upgraded all BDCs
in Kingsport.
|
5. | With
several DCs establishing the new EMN.com domain in Kingsport, the IT
staff used Terminal Server to connect to the remote servers and run
DCPromo to join the domain. Time differences spread DCPromo out over a
period of time so it didn't create a heavy load on the network or the
existing DCs.
|
6. | After
the DCs for the EMN.com were built, a Windows 2000 trust was built
between the EMN.com domain and the W2K.tmp domain to permit use of a
migration tool to migrate the computer accounts to the EMN.com domain.
|
7. | The
old Windows NT 4 machines were decommissioned, as well as the helper
DCs in the W2K.tmp domain, leaving the structure looking like Figure 6.
|
This process had a number of benefits that included the following:
Rather than doing an in-place upgrade on each
remote Windows NT 4 machine, Eastman was able to preinstall a machine
in each site to Windows 2000, and then when the new domain was
established, simply do a DCPromo, which saved considerable time. This is
the preferred method of an in-place upgrade. Do clean installations for
the replica DCs rather than an upgrade.
note
Eastman Chemical upgraded only a few machines in the
hub site to establish the domain, and then went back, one by one, and
did a wipe and reload on those upgraded machines so that they had no
“upgraded” DCs left. All were fresh installs.
One of the first things a support engineer will ask
if you have a problem following a migration is, “Was this machine
upgraded or a fresh install?” If the answer is “upgrade,” it's a big red
flag.
Extensive testing
included taking images from the PDC, using them to build a test PDC in
the lab, and practicing the migration process. This helped bulletproof
the migration process plan.
New machines were easily used to replace the old Windows NT 4.0 without migrating Windows NT to the new machines.
Avoided the Pile-On problem by putting the computer accounts in the W2K.tmp resource domain.
note
As of this writing, Eastman
Chemical is considering migrating to Windows 2003, but like most
companies, it anticipates a simple upgrade with no further redesign
required.
