Weighing W2K: No Pain, No Gain

Special Report

A lot of planning will be necessary to migrate to Microsoft Corp.’s Active Directory, the technological heart of the Windows 2000 operating system. But if you’re not moving to Active Directory immediately, can you put off Windows 2000 planning issues until after this next-generation of Windows NT ships? Only if you are willing to risk potentially massive problems, when you eventually do migrate to Windows 2000.

Microsoft is unleashing an entirely different beast this time around. The traditional approach for Microsoft products of creeping upward from a few machines in a branch office or a department beneath the notice of central IT will lead to kludgy and complicated networks that could block your organization from ever deriving the full benefits of Active Directory. With Windows 2000, more than with other Microsoft products, IT must keep an eye on how the system works its way into the enterprise.

Aside from architectural issues, smaller concerns exist, too. Will it be worthwhile to incrementally upgrade production file and print servers or Web servers before a domain migration? When should those incremental moves begin?

Careful consideration of several factors will help an organization weather the Microsoft/ISV marketing storm and step up to Windows 2000 if and when the time is right.

Politics

Politics isn’t a word IT people like, but Microsoft’s Active Directory requires dabbling in politics more than previous Microsoft operating systems.

Microsoft doesn’t routinely emphasize what a scary process it will be to embrace Active Directory. "I’m sure it’s corporate nature to downplay the difficulty in making that kind of transition," says Dwight Davis, an analyst with Summit Strategies (www.summitstrat.com).

The bulk of Microsoft’s Active Directory message is aimed at selling the technology -- how Active Directory will lower total cost of ownership (TCO), simplify Windows management, strengthen Windows security and extend Windows interoperability.

But Microsoft has unveiled case studies showing that elaborate internal coordination with support from the highest executive levels is required to move to the Active Directory. Siemens Corp., was one case study presented last May at Tech-Ed ’99 in Dallas. One of Europe’s largest manufacturers, Siemens is undertaking a migration of its global organization to Windows 2000 with the Active Directory from OS/2, Windows for Workgroups and Windows 3.x desktops.

From planning to deployment, the process is expected to take about two years, assuming the operating system ships this year. Granted, Siemens is a global corporation with 400,000 employees, and the company has been working with the changing beta code. Nonetheless, analysts predict large organizations will need a year to implement Active Directory.

Before the migration, Siemens conducted a vote of its operating companies to go to Windows 2000. In a process as complex as a corporate reorganization, the company devoted employees to transition teams and subteams that focused on everything from what to include in the Active Directory, to security, to software distribution. The CIO at Siemens sent this message, which was displayed at Tech-Ed: "I am strongly recommending that the Groups, Regions and SOCs [Siemens Operating Companies] do not begin independent deployment of Windows 2000 Active Directory … Otherwise we will have to spend an inordinate amount of money to do the necessary migration to the binding deployment standard."

While underscoring the level of political support needed for an effective migration, the memo also brings up another issue. A well organized Active Directory takes advantage of the DNS naming of domains across the enterprise. Ideally, a unit of a company would be identified as "unit.department.company.com" in the Active Directory.

Allowing departments to begin implementing Active Directory outside central IT control could lead to different naming conventions, resulting in nightmare scenarios for integrating the mini-Active Directories later. If you think your company will move to Active Directory some day, but you want to allow departments to deploy the Active Directory early, at least map out how your Active Directory will look so you can assign coherent namespaces to the smaller units. As Microsoft recommended in another TechEd presentation: "Plan for the enterprise. Deploy incrementally."

One other political issue to consider: Expect a Unix vs. NT religious war over DNS. Active Directory requires Dynamic DNS, which ships with Windows 2000 Server. Microsoft built its Dynamic DNS to adhere to industry standards, but they are new standards. Most large organizations rely on Unix servers for DNS, and most currently don’t support Dynamic DNS. Organizations will be faced with migrating DNS services to Windows 2000, which is guaranteed to be unpopular with Unix backers; upgrading the Unix DNS to a version that supports the necessary recent standards, which won’t support the multimaster DNS replication that Microsoft promotes; or carve out a DNS namespace beneath the Unix DNS, which is a somewhat cumbersome solution.

Interoperability

Interoperability must be considered with any operating system, but one analyst who focuses on operating system research says Windows 2000 may be unique. What makes Windows 2000 special, according to Dan Kusnetzky of International Data Corp. (IDC, www.idc.com), is the way Microsoft handled the upgrade’s software lock-ins, a term for features that shackle a user to a particular platform.

"This is the first time I’ve ever seen a company present two software lock-ins as the primary reason you should move to their software," says Kusnetzky of Active Directory and COM+. "If you build to Active Directory directly, you have definitely tied your software not only to Microsoft, but also to Active Directory."

Also consider the interoperability of Windows 2000 with your hardware. The upgrade’s considerably larger disk space, processor and memory requirements mean every company’s TCO should take potential hardware upgrade costs into account.

Stability

Whether or not Active Directory is attractive, many organizations will consider deploying Windows 2000 for the incremental improvements in stability and functionality that are expected in the upgrade.

"The biggest benefits there would be reliability," says Karan Khanna, a product manager for Windows 2000, of the justification for moving member servers in a domain from Windows NT 4.0 to Windows 2000. He says Microsoft has made Windows 2000’s design goal to be 100 percent more reliable when it ships than Windows NT 4.0 with Service Pack 5.

One way Microsoft increased availability has been by eliminating reboot scenarios. The company added support for plug-and-play and made it possible to change system and network configurations without taking the system down, Khanna says. Also, Microsoft has scores of developers working around the clock to flush bugs from the beta code and certify compatibility with hardware devices.

Analysts say early reviews of the beta code suggest high quality software, but many remain cautious.

"[Microsoft] can test maybe a percent or so of the entire combinations of all the different drivers," says Neil MacDonald, an analyst with Gartner Group (www.gartner.com). The analyst firm advises organizations to wait until mid-2000 for incremental deployments and at least until the end of 2000 for Active Directory deployments.

Microsoft has pushed unprecedented number of Beta 3 CDs into users’ hands, but MacDonald questions how many administrators are rigorously testing the code. Busy with Y2K preparations, most won’t put the operating system through its paces until early next year, he says. For that reason, GartnerGroup predicts Windows 2000 bug reporting and fixing activity will be as intense after Microsoft releases its first service pack for Windows 2000 as it was during the beta and early adoption phases. The usual curve has bug activity at its highest in the beta and early release stages, with a much smaller flurry of bug activity around the first service pack release.

But, there is a lot of new code to test. Windows NT Server 4.0, Enterprise Edition, with the Option Pack installed had 16 million lines of code. GartnerGroup estimates the production version of Windows 2000 will have between 30 million and 35 million lines of code. "The only way Windows 2000 will mature is through real-world, large-scale deployment, and that is precisely what is not going to be happening in the fourth quarter of 1999," MacDonald says.

Microsoft’s Khanna says one factor enterprises must consider when making a deployment decision is the level of experience a company’s IT staff has with Windows 2000. Microsoft recommends extensive testing, then rollouts of member servers in file and print, Web and network server capacity, followed by domain migrations and upgrades of mission-critical application or database servers. Khanna concedes that companies must consider their own tolerance for risk in the decision.

Applications

One of the most obvious gates to Windows 2000 deployment is applications. The simple test is to check if the critical applications running on an organization’s servers are Windows 2000 Ready or Windows 2000 Certified. Ready means the ISV has managed to run the application on Windows 2000. Certified means Microsoft’s testing facility approved the application. Many applications are Ready. Certification hasn’t started yet.

Homegrown applications will probably have to be rewritten. "It might be a good idea to start the process of rewriting [home-built] software, but wait to deploy it until it’s clear from other people’s work how to make Windows 2000 cooperate and interoperate" with other systems, IDC’s Kusnetzky says.

Active Directory again poses entirely different issues. It is in directory-enabled applications that Microsoft hopes to make its product most compelling, but it’s not clear what those applications will be. Microsoft is developing the first one, a new version of Exchange code-named Platinum, which is scheduled to come out after Windows 2000.

Gartner’s MacDonald contends that the TCO-reduction promises -- which Microsoft says begins with the Active Directory -- will only start to work with the emergence of useful directory-enabled applications. "Let the applications pull you to Windows 2000. Don’t let Microsoft push you," MacDonald says. "Go for the business value when the applications are there that you need."

Windows 2000 presents a classic "bleeding edge" scenario. Early adopters will wrestle with numerous problems from political fights over DNS, to interoperability failures, to bugs, to the availability of mature applications. The consensus among most analysts is to test the operating system vigorously -- especially after Y2K issues are handled -- roll out the OS slowly in limited roles and let the applications drive any migrations to the Active Directory.

Must Read Articles