Creating a Deployment Roadmap |
This organization has nine distinct operating companies, each with its own IT organization, and no common IT standards. As an organization, they experience problems with security policies, domain structure, and network configurations. Most of their servers are currently running Microsoft® Windows NT® Server 4.0. The key objectives they want to accomplish are to create:
The deployment team identified several key issues that define how they stage their deployment, as follows:
During the assessment phase, IT management from each company agrees on the need for a common namespace. Although several Domain Name System (DNS) names are already registered by and for each of the operating companies, the challenge is to find one name to use as the root name for all companies. This single "placeholder" name needs to meet the following criteria:
IT management defines global engineering teams that are split into eight working groups based on plans for a basic configuration that can be tested, modified, and customized for each operating company. Table 2.2 shows the deployment teams and their responsibilities.
Table 2.2 Deployment Planning Teams
Deployment Team | Focus |
Server and Infrastructure Design | Responsible for overall design, design iterations, and final engineering. |
Active Directory | Domain and tree design below the main domain level and ongoing management of Active Directory in their respective domains, especially as they relate to security and administrative privileges. |
Mobile and Desktop Design | Develop Windows 2000 configurations for all desktop and portable computers and determine the appropriate Group Policy and Microsoft® IntelliMirror™ features to use for managing those configurations. |
Security | Permissions, group memberships, and administrative delegation (provide input to Active Directory group on organizational unit design). |
Migration | Migrating Windows NT Server 4.0 to a Windows 2000 Server environment. Focus on interoperability, migration, and coexistence during the interim period of parallel domains until migration is complete. |
Certificate Services | File encryption and PKI. |
Free Seating | Develop Windows 2000 configuration for free-seating clients and determine appropriate Group Policy and IntelliMirror features to use for managing those configurations. |
Application Management | Ensure that all in-house applications are Windows 2000 Logo–compliant. Determine the best deployment vehicle to use for desktop and portable computers (through an in-house developed push application or Windows 2000 installation tools). Determine shared run-time components. Study system file protection mechanisms. Run existing applications side-by-side for minimal maintenance. |
The team determines that the business and IT needs will be principally met through the following:
The primary issue during this phase is to decide whether the domain root name needs to be visible or accessible through the Internet or available only internally. An Internet presence already exists for the entire group of operating companies, so the intranet name needs to be different. An internal root name is created as a placeholder name so that individual domains can be created for each of the nine operating companies. Each company retains autonomy in areas such as configuration creation, management, and security.
They also use this phase to design and test the configuration for each feature. Then, the teams work together to determine how the selected Windows 2000 features affect each other. They also create training documentation and start developing a support plan.
As the driving force behind the migration to Windows 2000, Active Directory and domain design need to meet the following business and IT criteria to be acceptable for all operating companies:
As the Active Directory design is developed, the migration team needs to consider issues of computer cloning versus computer upgrade. Computer cloning is a process in which you create one installation and configuration for new operating system installations and then copy that configuration to all new computers you install.
Because the namespace decisions are so important to meeting the company's goals, a namespace design board is formed with representatives from the IT groups of each operating company. The senior management of the board and the IT organizations of each operating company need to agree on the final namespace design. The namespace design factors they consider include:
The company considers both domain design and DNS to be critical decision points when upgrading from Windows NT Server 4.0 to Windows 2000 for two reasons:
The team determines that the upgrade or migration decision will be dictated by:
The team then realizes that deciding what will exist in each domain requires analysis of the following items:
For example, this organization uses an in-house scripting tool that associates users with specific applications. This tool performs application publishing similar to Windows Installer in Windows 2000, so a decision needs to be made whether to continue using the in-house tool or to use Windows Installer. Using Windows Installer would reduce internal development costs and thereby reduce total cost of ownership (TCO). As a result, they decide to use Windows Installer.
For more information about Active Directory domain design, see "Designing the Active Directory Structure" in this book. For more information about domain migration, see "Determining Domain Migration Strategies" in this book.
Their secondary goal is to determine other features of Windows 2000 that are beneficial to their environment, but which might not be features of Windows NT Server 4.0. Then, they develop a plan to determine if the new features are appropriate for their environment. For example, this sample organization decides that the following features meet their business and IT needs:
Offline Files Portable computer users can have access to network data when traveling by having personal and network files on their local computers. For nontraveling end-users, this feature helps ensure continuous end-user productivity if the LAN or WAN has service interruptions, because files are stored on the user's local hard-drive.
Fault-tolerant Distributed File System With Distributed file system (Dfs), they can create a single directory tree that includes multiple file servers and file shares for a group, division, or enterprise. This allows users to easily find files or folders distributed across the network. Having a fault-tolerant Dfs is linked to roaming user profiles, which are already in use through their Windows NT Server 4.0 infrastructure. Files can be stored on the network, providing improved replication among the company's partners.
Disk Quota Management Disk quota management allows the company to use volumes formatted with the NTFS file system to monitor and limit the amount of server disk space available to individual users. They can also define the responses that result when users exceed the specified thresholds. In the past, the organization used third-party tools. They are moving to Windows 2000 native tools in an effort to reduce in-house development costs and total cost of ownership (TCO).
Remote OS Installation An enhanced scripting process for installation already exists in this organization, but scripts must be updated every time the basic client computer configuration changes. They will use Windows 2000 Remote OS Installation to deploy Windows 2000 Professional for first-time installations, and also use Remote OS Installation for rapid updates of malfunctioning computers. They plan to use Remote OS Installation in conjunction with IntelliMirror to accelerate and simplify computer replacement, resulting in reduced TCO.
Exchange directory service with Active Directory integration This organization plans to synchronize Exchange 5.5 directory using the Active Directory Connector (ADC), and eventually integrate the directory services when the organization upgrades to the next version of Exchange.
This sample organization set up a test lab for feature and pilot testing. They want to simulate the actual conditions of their production migration. After the lab and pilot tests validate the migration process, the organization will be ready to begin the production rollout. The preliminary design pilots will be rolled out to IT personnel during the design phase so they can test and refine the designs.
The initial design issues they plan to test and evaluate include:
Their pilot objectives include:
During this phase, the deployment team redesigns and tests until consensus is reached. The new design needs to meet the following acceptance criteria:
After the domain design is tested and finalized, each global engineering team within the organization will sign off on the domain design. Then, the design must be approved by higher IT management through all nine operating companies.
Because the organization finds it necessary to maintain Roaming User Profiles for mobile users, they decide to maintain two parallel environments throughout the transition period. Many roaming users who upgrade to Windows 2000 at home will find that their work environment has not yet upgraded. By maintaining parallel environments, the infrastructure will support all users and allow them to access their files, regardless of which operating system they are using.
However, migration needs to occur as quickly as possible. The organization plans to maintain the dual Windows NT Server 4.0 and Windows 2000 environment for 12 to 24 months. Users will be able to remain in both environments until the IT environment in all nine operating companies is completely transitioned to Windows 2000.
For this organization, collapsing the Windows NT Server 4.0 environment is the most critical decision point for their entire migration. They want to be sure that they perform adequate lab and pilot testing to alleviate any significant problems that can arise as a result of improper design. By performing adequate testing, they hope to avoid causing network downtime. After they complete testing, they will proceed with migrating to Windows 2000 throughout the operating companies and then collapse the Windows NT Server 4.0 environment.