Windows 2000 Server: Worth The Wait

It's here, at long last--Windows 2000 Server. With this major upgrade to its flagship operating system line, Microsoft has gone far to address many of the weaknesses in Windows NT, both on the server and workstation. In our tests of the three initial versions of Windows 2000, we found significant improvements in reliability, manageability and scalability.

For enterprises considering or maintaining a Microsoft-centric IT environment, we recommend Windows 2000 as a worthwhile upgrade to Windows NT 4. For companies not completely sold on the Microsoft way, however, many new Windows 2000 features, such as Active Directory, may not be worth the effort and risk of Microsoft lock-in.

We set up a test network running all three flavors of Windows 2000: Professional (which replaced Windows NT 4 Workstation), Server and Advanced Server, which adds greater symmetric multiprocessing and other capabilities to Windows 2000 Server. On the network, we also had two other servers running Windows NT 4 Server, as well as several PCs running Windows 98.

We found the installation of Windows 2000 on all these systems to be extremely easy, and everything worked the first time. Several of these systems had long been running prerelease versions of Windows 2000, including Release Candidate 2 (RC2, build 2128) and Release Candidate 3 (RC3, build 2183). We upgraded these systems, as well as ones running Windows NT 4 Workstation, to what Microsoft told us was "release to manufacturing" (RTM) code for Windows 2000, build 2195.

The portion of the upgrade requiring user intervention was very fast--under half an hour. The automated upgrade process, even from the Windows 2000 release candidates, took as long as five hours on one Pentium II-based server. Plan your upgrades for when you can afford the downtime. And then, after you get the system up and running, it's time to configure it.

The good news was that all the systems worked after the upgrade was completed, with user and network configuration intact. The bad news is that there were some minor peculiarities in upgraded systems--in some cases, a step backward from RC3.

For one example, some applications, such as LapLink.com's LapLink 2000, needed to be reinstalled after the upgrade in order to launch. For another, build 2195 was unable to work with our Windows NT 4-based network printers--even those that had worked fine with all previous builds.

We had configured an HP DeskJet 812C as a shared printer on a Windows NT 4 Server. Every build of Windows 2000, from Beta 3 to RC2, had been able to use that network printer, using Windows 2000's own driver for that printer. With the RTM code, Windows 2000 could "see" the printer on the network, but insisted that every driver we tried was incorrect. Unlike Windows NT 4 and Windows 9x, you can't override Windows 2000's choice of print drivers--it's take it or leave it. We ended up moving the shared printer to a Windows 2000 server. But that's not the answer we wanted.

Our advice: Test all applications and shared features after an installation, and be prepared to reinstall the binaries, if necessary. And in the case of network printing, it may be necessary to move shared resources to Windows 2000-based servers if you want to access them from Windows 2000. Perhaps those issues will be resolved in Service Pack 1.

Active Directory

The most significant new feature in Windows 2000 may be Active Directory, Microsoft's replacement for the old Windows NT domain-controller system. For small networks, which used only a single domain under Windows NT, Active Directory might not be worth the effort to learn and configure. For larger networks that are (or should have been) organized in multiple domains, Active Directory represents a definite improvement.

Unlike flat domains, Active Directory organizes the network into a hierarchical "forest," with logical units--"trees"--identified by a fully qualified DNS address. Thus, it's necessary to have a working DNS server on the LAN. Also, unlike the old Windows NT domain system, the Active Directory schema is dynamically extensible, typically by applications. The next version of Microsoft's Exchange Server is slated to extend Active Directory's schema to store end-user account information, for example, rather than maintain its own user database.

Although it's a safe bet that future Microsoft applications will heartily embrace (read, "require") Active Directory, it's uncertain how many independent software vendors will surrender their private directories to move to that technology. Such a move would make cross-platform use or development of the application more difficult, as well as introduce compatibility issues for networks managed by other directory services such as Novell Directory Services.

Microsoft gets points for backward compatibility. Our network consisted of two domains, each with its own Windows NT 4 primary domain controller (PDC); the two domains were configured for full bidirectional trust. We upgraded one PDC to Windows 2000 Server, and a helpful wizard walked us through the process. When installation was complete, all systems--Windows 2000 and Windows 9x/NT--could access the domain. (During the installation, they were unable to authenticate to the network because we had no back-up domain controller.)

After the upgrade, Active Directory is in "mixed" mode, where it emulates Windows NT's domain system, and non-Windows 2000 systems are limited to accessing their local "tree" and other "trees" with explicit trust relationships. Once all Windows NT domain controllers are removed from the system, it can be switched into "native" mode, where non-Windows 2000 clients can seamlessly access all Active Directory resources.

Although some thought and planning needs to go into an Active Directory deployment, it's a worthwhile step. From there, user and group access service rights across the entire "forest" can be administered from one point, rather than having to either set up complex trust relationships or manually replicate and maintain accounts on multiple domains.

Management Console

Although the Microsoft Management Console (MMC) debuted in the Windows NT 4 Option Pack, the new administration interface pervades Windows 2000. Nearly all management of the local server and network resources are performed via the MMC interface, including functions previously assigned to individual tools in Windows NT 4, such as local and network storage, local user accounts and hardware configuration.

Despite its name, MMC isn't a unified management application, like Unicenter or Tivoli. Rather, it's a presentation framework into which different parts of Windows 2000 or other applications "snap in" their administrative functions. Want to create distributed file system shares? Launch the Distributed File System console. Want to set up security? Launch the Security console. Each opens in its own window. The benefit for administrators is that MMC-based management tools share a common, basic command set, making them easier to learn and use--but it's not as easy as a single unified management application would be. Developers will find it easy to develop MMC-compatible management interfaces.

Early prerelease versions of Windows 2000 Professional adopted MMC to manage the workstation's configuration, but we (and obviously beta testers) found MMC unintuitive for end users. However, for the later-release candidates, Microsoft added Windows 9x-style individual management tools, including the Device Manager and Add Hardware Wizard. MMC-based consoles are still available via the Control Panel in the Administrative Tools folder.

Storage And Devices

Another cornerstone of Windows 2000, and a leap forward, is device support, notwithstanding our experience with Windows NT 4 network printers. Both server and workstation versions have Windows 9x-style Plug and Play support for new hardware, making adding new peripherals much easier--though again, one generally can't overrule Windows 2000's choice of device drivers.

Universal Serial Bus support is another welcome addition, particularly for Windows 2000 Professional, though the combination of USB and Plug and Play would make it easy to chain and share many inexpensive printers off of a single Windows 2000 Server. We had excellent success with both Plug and Play and USB support in Windows 2000. It automatically recognized and installed both an HP ScanJet 6250Cse scanner and an HP DeskJet 812C printer via USB.

Windows 2000 offers new high-end storage capabilities. We appreciated the built-in disk defragmenter and the slightly updated NT File System version 5.0, which now supports encryption. Two features we did not test are out-of-the-box support for I2O and Fibre Channel. We were pleased that the operating system now supports FAT32. Note that it cannot convert FAT to FAT32, so if you're upgrading Windows 98 workstations to Windows 2000 Professional and want FAT32, perform the drive format conversion before the OS upgrade.

We were impressed with the inclusion of a distributed file system (DFS) with Windows 2000 Server. It was easy to set up a distributed network share over two servers using MMC. The DFS share can be either a stand-alone entity "owned" by a named server or an Active Directory share. If the latter, the network share can actually be moved from one server to another without needing to reconfigure other systems' dependencies on that share's location.

Stability And Reliability

Windows NT 4's reputation for instability and "blue screens of death" is often justified. Although it's too early to definitively state that Windows 2000 Server is more reliable, we did not experience a single server crash or hang with RC3 or the RTM build in six weeks of continuous operation on multiple servers.

The Compaq Presario PCs, which ran Windows 2000 Professional, were significantly more stable than they were with Windows 98 and Windows 98 Second Edition. Every so often, badly behaved operations, or running in a low-memory condition (such as running all Microsoft Office applications, then launching Adobe Photoshop), would corrupt the Desktop, but logging out of the user account and logging back in nearly always solved the problem. There were only a few occasions when we decided that a preemptive reboot would be helpful, and those after days of continuous operation. We had experienced many UI "freezes" with RC2, which we did not experience with the RTM build.

One reason why Windows 9x and NT are so unstable is that applications can overwrite key system files by "upgrading" a key DLL with what's actually an older version. Windows 2000 protects itself in a passive-aggressive way by allowing the overwrite, then replacing the original file. This feature protects the operating system, but might wreak havoc on third-party providers wishing to replace Windows DLLs with their own enhanced versions. That's not the only reason why Windows 2000 seems more stable; more effort appears to have been made to protect the kernel memory from overwrites or leaks.

Microsoft also claims to have improved the service-pack loading process, eliminating the need to reinstall a service pack after making modifications to the OS configuration. Of course, it's too early to test that feature.

A Worthy Upgrade, But Move Carefully

There are several additional features of Windows 2000 that we did not test for this review. One is the inclusion of Terminal Services within the core Windows 2000 Server package. Also, as we did not have any applications written specifically for them, we could not test new under-the-hood programmers' interfaces, such as the new TAPI 3 telephony API, message queuing, enhanced Common Object Model and so on.

Our overall impression of Windows 2000 is very favorable, and thus, we're issuing it an InternetWeek Approved rating. Microsoft has addressed many longstanding weaknesses of the Windows NT 4 product family. Any Windows NT shop should consider Windows 2000 to be a recommended upgrade. It may be worthwhile to wait until all of your vendors have certified their applications and utilities as compliant with Windows 2000 before making the move. And even then, take your time.

What about Windows 2000 for the non-Windows NT shop? Microsoft's operating system is bigger than ever, and features like Active Directory make it harder to fully exploit the OS in a truly heterogeneous world. Systems administrators who value Linux, Unix, NetWare or OS/2 for their streamlined efficiency will find little gain from moving to a Windows platform.

Alan Zeichick is principal analyst with Camden Associates and a contributing editor to InternetWeek. He can be reached at zeichick@camdenassociates.com.