Windows 2000 Server: Worth The Wait
By ALAN
ZEICHICK
January 31, 2000
It's here, at long
last--Windows 2000 Server. With this major upgrade to its
flagship operating system line, Microsoft has gone far to
address many of the weaknesses in Windows NT, both on the
server and workstation. In our tests of the three initial
versions of Windows 2000, we found significant improvements in
reliability, manageability and scalability.
For enterprises considering or maintaining a
Microsoft-centric IT environment, we recommend Windows 2000 as
a worthwhile upgrade to Windows NT 4. For companies not
completely sold on the Microsoft way, however, many new
Windows 2000 features, such as Active Directory, may not be
worth the effort and risk of Microsoft lock-in.
We set up a test network running all three flavors of
Windows 2000: Professional (which replaced Windows NT 4
Workstation), Server and Advanced Server, which adds greater
symmetric multiprocessing and other capabilities to Windows
2000 Server. On the network, we also had two other servers
running Windows NT 4 Server, as well as several PCs running
Windows 98.
We found the installation of Windows 2000 on all these
systems to be extremely easy, and everything worked the first
time. Several of these systems had long been running
prerelease versions of Windows 2000, including Release
Candidate 2 (RC2, build 2128) and Release Candidate 3 (RC3,
build 2183). We upgraded these systems, as well as ones
running Windows NT 4 Workstation, to what Microsoft told us
was "release to manufacturing" (RTM) code for Windows 2000,
build 2195.
The portion of the upgrade requiring user intervention was
very fast--under half an hour. The automated upgrade process,
even from the Windows 2000 release candidates, took as long as
five hours on one Pentium II-based server. Plan your upgrades
for when you can afford the downtime. And then, after you get
the system up and running, it's time to configure it.
The good news was that all the systems worked after the
upgrade was completed, with user and network configuration
intact. The bad news is that there were some minor
peculiarities in upgraded systems--in some cases, a step
backward from RC3.
For one example, some applications, such as LapLink.com's
LapLink 2000, needed to be reinstalled after the upgrade in
order to launch. For another, build 2195 was unable to work
with our Windows NT 4-based network printers--even those that
had worked fine with all previous builds.
We had configured an HP DeskJet 812C as a shared printer on
a Windows NT 4 Server. Every build of Windows 2000, from Beta
3 to RC2, had been able to use that network printer, using
Windows 2000's own driver for that printer. With the RTM code,
Windows 2000 could "see" the printer on the network, but
insisted that every driver we tried was incorrect. Unlike
Windows NT 4 and Windows 9x, you can't override Windows 2000's
choice of print drivers--it's take it or leave it. We ended up
moving the shared printer to a Windows 2000 server. But that's
not the answer we wanted.
Our advice: Test all applications and shared features after
an installation, and be prepared to reinstall the binaries, if
necessary. And in the case of network printing, it may be
necessary to move shared resources to Windows 2000-based
servers if you want to access them from Windows 2000. Perhaps
those issues will be resolved in Service Pack 1.
Active Directory
The most significant new feature in Windows 2000 may be
Active Directory, Microsoft's replacement for the old Windows
NT domain-controller system. For small networks, which used
only a single domain under Windows NT, Active Directory might
not be worth the effort to learn and configure. For larger
networks that are (or should have been) organized in multiple
domains, Active Directory represents a definite improvement.
Unlike flat domains, Active Directory organizes the network
into a hierarchical "forest," with logical
units--"trees"--identified by a fully qualified DNS address.
Thus, it's necessary to have a working DNS server on the LAN.
Also, unlike the old Windows NT domain system, the Active
Directory schema is dynamically extensible, typically by
applications. The next version of Microsoft's Exchange Server
is slated to extend Active Directory's schema to store
end-user account information, for example, rather than
maintain its own user database.
Although it's a safe bet that future Microsoft applications
will heartily embrace (read, "require") Active Directory, it's
uncertain how many independent software vendors will surrender
their private directories to move to that technology. Such a
move would make cross-platform use or development of the
application more difficult, as well as introduce compatibility
issues for networks managed by other directory services such
as Novell Directory Services.
Microsoft gets points for backward compatibility. Our
network consisted of two domains, each with its own Windows NT
4 primary domain controller (PDC); the two domains were
configured for full bidirectional trust. We upgraded one PDC
to Windows 2000 Server, and a helpful wizard walked us through
the process. When installation was complete, all
systems--Windows 2000 and Windows 9x/NT--could access the
domain. (During the installation, they were unable to
authenticate to the network because we had no back-up domain
controller.)
After the upgrade, Active Directory is in "mixed" mode,
where it emulates Windows NT's domain system, and non-Windows
2000 systems are limited to accessing their local "tree" and
other "trees" with explicit trust relationships. Once all
Windows NT domain controllers are removed from the system, it
can be switched into "native" mode, where non-Windows 2000
clients can seamlessly access all Active Directory resources.
Although some thought and planning needs to go into an
Active Directory deployment, it's a worthwhile step. From
there, user and group access service rights across the entire
"forest" can be administered from one point, rather than
having to either set up complex trust relationships or
manually replicate and maintain accounts on multiple domains.
Management Console
Although the Microsoft Management Console (MMC) debuted in
the Windows NT 4 Option Pack, the new administration interface
pervades Windows 2000. Nearly all management of the local
server and network resources are performed via the MMC
interface, including functions previously assigned to
individual tools in Windows NT 4, such as local and network
storage, local user accounts and hardware configuration.
Despite its name, MMC isn't a unified management
application, like Unicenter or Tivoli. Rather, it's a
presentation framework into which different parts of Windows
2000 or other applications "snap in" their administrative
functions. Want to create distributed file system shares?
Launch the Distributed File System console. Want to set up
security? Launch the Security console. Each opens in its own
window. The benefit for administrators is that MMC-based
management tools share a common, basic command set, making
them easier to learn and use--but it's not as easy as a single
unified management application would be. Developers will find
it easy to develop MMC-compatible management interfaces.
Early prerelease versions of Windows 2000 Professional
adopted MMC to manage the workstation's configuration, but we
(and obviously beta testers) found MMC unintuitive for end
users. However, for the later-release candidates, Microsoft
added Windows 9x-style individual management tools, including
the Device Manager and Add Hardware Wizard. MMC-based consoles
are still available via the Control Panel in the
Administrative Tools folder.
Storage And Devices
Another cornerstone of Windows 2000, and a leap forward, is
device support, notwithstanding our experience with Windows NT
4 network printers. Both server and workstation versions have
Windows 9x-style Plug and Play support for new hardware,
making adding new peripherals much easier--though again, one
generally can't overrule Windows 2000's choice of device
drivers.
Universal Serial Bus support is another welcome addition,
particularly for Windows 2000 Professional, though the
combination of USB and Plug and Play would make it easy to
chain and share many inexpensive printers off of a single
Windows 2000 Server. We had excellent success with both Plug
and Play and USB support in Windows 2000. It automatically
recognized and installed both an HP ScanJet 6250Cse scanner
and an HP DeskJet 812C printer via USB.
Windows 2000 offers new high-end storage capabilities. We
appreciated the built-in disk defragmenter and the slightly
updated NT File System version 5.0, which now supports
encryption. Two features we did not test are out-of-the-box
support for I2O and Fibre Channel. We were pleased that the
operating system now supports FAT32. Note that it cannot
convert FAT to FAT32, so if you're upgrading Windows 98
workstations to Windows 2000 Professional and want FAT32,
perform the drive format conversion before the OS upgrade.
We were impressed with the inclusion of a distributed file
system (DFS) with Windows 2000 Server. It was easy to set up a
distributed network share over two servers using MMC. The DFS
share can be either a stand-alone entity "owned" by a named
server or an Active Directory share. If the latter, the
network share can actually be moved from one server to another
without needing to reconfigure other systems' dependencies on
that share's location.
Stability And Reliability
Windows NT 4's reputation for instability and "blue screens
of death" is often justified. Although it's too early to
definitively state that Windows 2000 Server is more reliable,
we did not experience a single server crash or hang with RC3
or the RTM build in six weeks of continuous operation on
multiple servers.
The Compaq Presario PCs, which ran Windows 2000
Professional, were significantly more stable than they were
with Windows 98 and Windows 98 Second Edition. Every so often,
badly behaved operations, or running in a low-memory condition
(such as running all Microsoft Office applications, then
launching Adobe Photoshop), would corrupt the Desktop, but
logging out of the user account and logging back in nearly
always solved the problem. There were only a few occasions
when we decided that a preemptive reboot would be helpful, and
those after days of continuous operation. We had experienced
many UI "freezes" with RC2, which we did not experience with
the RTM build.
One reason why Windows 9x and NT are so unstable is that
applications can overwrite key system files by "upgrading" a
key DLL with what's actually an older version. Windows 2000
protects itself in a passive-aggressive way by allowing the
overwrite, then replacing the original file. This feature
protects the operating system, but might wreak havoc on
third-party providers wishing to replace Windows DLLs with
their own enhanced versions. That's not the only reason why
Windows 2000 seems more stable; more effort appears to have
been made to protect the kernel memory from overwrites or
leaks.
Microsoft also claims to have improved the service-pack
loading process, eliminating the need to reinstall a service
pack after making modifications to the OS configuration. Of
course, it's too early to test that feature.
A Worthy Upgrade, But Move Carefully
There are several additional features of Windows 2000 that
we did not test for this review. One is the inclusion of
Terminal Services within the core Windows 2000 Server package.
Also, as we did not have any applications written specifically
for them, we could not test new under-the-hood programmers'
interfaces, such as the new TAPI 3 telephony API, message
queuing, enhanced Common Object Model and so on.
Our overall impression of Windows 2000 is very favorable,
and thus, we're issuing it an InternetWeek Approved rating.
Microsoft has addressed many longstanding weaknesses of the
Windows NT 4 product family. Any Windows NT shop should
consider Windows 2000 to be a recommended upgrade. It may be
worthwhile to wait until all of your vendors have certified
their applications and utilities as compliant with Windows
2000 before making the move. And even then, take your time.
What about Windows 2000 for the non-Windows NT shop?
Microsoft's operating system is bigger than ever, and features
like Active Directory make it harder to fully exploit the OS
in a truly heterogeneous world. Systems administrators who
value Linux, Unix, NetWare or OS/2 for their streamlined
efficiency will find little gain from moving to a Windows
platform.
Alan Zeichick is principal analyst with Camden
Associates and a contributing editor to InternetWeek. He can
be reached at zeichick@camdenassociates.com.