Feature: Managing the Windows mixed-mode monster

Third-party utilities make it easier to run Windows 2000 when you haven't yet migrated everything to Active Directory.

By Drew Robb
Network World, 07/09/01

Many companies that adopted Windows 2000 are wrestling with a mixture of directory structures, configuration tangles and a potpourri of network and system challenges. Unwilling or unable to migrate entirely to Active Directory, they're stuck using two or three administration screens for daily tasks - Microsoft Management Console for Win 2000, User Manager for NT and Exchange Administrator.

To get the most out of Win 2000 in mixed mode, consider adding utilities that can improve performance and overall manageability. While directory migration tools get the most attention, there are several other types of third-party management tools that can make your job as a Win 2000 administrator easier. We've highlighted some of those products.

See also:
ROLLING OUT WIN 2K
Related links from print
Windows 2000 adoption
Subscribe to the Network/Systems Management newsletter

Network management

Win 2000 Server comes with more network management tools than its NT predecessor. Along with an improved performance monitor to analyze vital signs such as CPU usage and network traffic, the operating system includes Network Monitor, a lightweight packet sniffer.

Cartoon

However, these tools are inadequate for many IT executives in large companies. For example, what if you want to compare CPU and memory usage on 10 servers during the last eight months? This isn't possible with off-the-shelf Win 2000 Server. Similarly, when it comes to measuring latency of applications over time, or how the network has performed in recent months, Win 2000 won't be much help.

"Windows 2000 is a server [operating system], not a network management system," says Gerhard Waterkamp, an executive consultant with IBM. "If you only have a few servers and a centralized user base, the built-in tools that come with Windows 2000 may be sufficient, but for a larger or more distributed network you need robust management tools."

However, management frameworks such as Computer Associates' Unicenter, Hewlett-Packard OpenView and Tivoli Systems come with an expensive price tag. The state of Maine instead chose to implement Somix's WebNM network management suite. WebNM's NT/2000 compatibility and relatively modest price range of $25,000 to $50,000 make it a good fit for companies struggling to control migration budgets.

Now in the early stages of migration to Win 2000, the state uses WebNM to monitor the status of critical network components, says Duncan Bond, a data network analyst. If a particular network interface card driver is faulty, a couple of clicks reveal every machine on the WAN using that driver.

"We use WebNM to check utilization and error statistics whenever we get complaints of slowness at particular sites," Bond says.

Configuration management

When Win 2000 first shipped, the hoopla around IntelliMirror convinced many shops there was no need to purchase additional management tools such as Microsoft System Management Server (SMS). IntelliMirror uses policy-based change and configuration management to let users log on at any workstation and retain the same applications, data and settings.

Yet out-of-the-box Win 2000 Server with IntelliMirror is designed for small networks rather than larger deployments, says David Hamilton, Microsoft's director of management technologies.

He recommends adding SMS into your Win 2000 upgrade plans.

SMS provides network monitoring, hardware and software inventory, application metering, remote software distribution, diagnostics and troubleshooting. The latest version has been developed to make full use of Windows Management Instrumentation. What's more, the impending release of Microsoft Operations Manager adds event and performance monitoring and reporting to the Win 2000 management arsenal.

Despite these improvements, some say there are still major configuration management gaps in the Win 2000 line-up. Configuration caused considerable headaches at Volvo Finance North America. The company's Montvale, N.J., headquarters has about 50 NT/2000 servers and more than 300 workstations running NT/2000/9x. The WAN encompasses four data centers around the country.

Anthony DeVoto, Volvo Finance's NT systems administrator, says his department constantly has to troubleshoot server configurations. Instead of using Active Directory, IntelliMirror or Win 2000's Group Policy capabilities, he favors Enterprise Configuration Manager (ECM) from Configuresoft.

"ECM's niche is in collecting and storing a vast amount of information about our system in a single database, and recording the changes over time," DeVoto says.

The tool was helpful when Volvo added new software to the standard Win 2000 build. Shortly into the rollout project, the build broke. It previously would have taken days to pinpoint the problem, but with ECM, it took only 10 minutes.

ECM is especially helpful during a migration because it reports what hardware and software are compliant, as well as which drivers require updates. The tool can also be used to change local and global passwords.

Task management

Task delegation is another area where Win 2000 Server may require third-party assistance.

Siemens Energy & Automation has a network consisting of about 50 servers, mostly NT and Win 2000, as well as Exchange and Win 2000 Advanced Server. On the workstation side, the company has moved about 70% of its 1,500 workstations to Win 2000. As a result, administrators had to switch from screen to screen to administer tasks on the various Windows platforms.

"Windows 2000 Server is missing granular task delegation rights and can't create distribution lists based on global groups," says Scott McIlrath, network operations manager at Siemens Energy in Alpharetta, Ga.

In mixed mode, McIlrath says it's hard to limit the rights of an administrator to no more than resetting passwords. He says this gives too much freedom to help desk staff and could lead to accidental deletion of accounts or the unauthorized creation of accounts on the master domain. To prevent the possibility of manipulation, he implemented MDD's Trusted Enterprise Manager (TEM).

TEM handles task automation, delegation, auditing and reporting in a Win 2000 or mixed environment. Siemens uses the tool to create distribution lists and simplify task management via a single screen.

McIlrath plans to complete the move to Win 2000 next year. "Once we go to [Active Directory] in native mode, user management is going to become a whole lot easier," he says. 'But even then, I'll probably still keep using TEM."

System latency

System latency is a frequent concern in Windows-based organizations. It is usually traceable to disk fragmentation. Win 2000 sports a manual defragmentation utility that's useful for standalone workstations, but isn't suited for enterprise deployment.

"Microsoft has not done enough to correctly set expectations on the functionality of Windows 2000's built-in tools," says Laura DiDio, an analyst with Giga Information Group. "They put a plain Jane, vanilla defragger in Windows 2000 that is of little use in the enterprise as it only runs manually. In a company of any size, you need a full-featured networkable defragmenter."

Fragmentation is achieving more attention among network managers as failure to address it often results in users incorrectly targeting the network as the reason for delay. Wade Eilrich knows this from experience.

Eilrich, an IT manager at network services firm Staffordware in Watsonville, Calif., received a string of user complaints about applications that were taking a long time to open.

He realized the 100M bit/sec Ethernet backbone wasn't the problem, so he investigated further.

"I compared measurements to those taken two days after Windows 2000 installation and found that it took 30% to 240% longer to read and write data due to fragmentation," he says.

Eilrich first tried using the Win 2000 defragmenter, but it was too slow for the size of the disk and the number of fragmented files. He now runs Executive Software's Diskeeper every night to keep fragmentation levels less than 2%.

Kevin Reiley, a senior technical assistant with AT&T, also found the Win 2000 defragmenter lacking. Reiley supports more than 500 NT servers and several thousand Win 2000 servers from his office in Bridgewater, N.J.

"Strangely enough, a clean install of NT/2000 leaves you with a 40% fragmented drive. That causes slow reboots and a generally sluggish machine," he says.

The built-in defragger took too much time to run, so he too turned to Diskeeper. "Using Diskeeper regularly, the average machine takes 15 to 20 minutes to defrag," Reiley says. "If you try the Microsoft defragmenter, you could be there for many hours."

Drawing the line

While some may take these shortcomings in functionality as an excuse to criticize Microsoft, you have to take into account the size and purpose of the operating system. Perhaps in the future, everything a company would ever require will come on one CD. But that day is a long way off and may never arrive.

"There is no way that Microsoft could possibly do everything in the management space," Microsoft's Hamilton says. Instead, the company is focusing on two areas: change/configuration and operations management. He says Microsoft is pleased to partner with third-party vendors to provide customers with the tools they need to facilitate better management and performance of Win 2000 and mixed Windows networks.