progress of the desy windows project - building a new domain with windows 2003 server
DESCRIPTION
Progress of the DESY Windows Project - Building a new domain with Windows 2003 Server. Reinhard Baltrusch, DESY IT. Situation. The project starts in march 2002 with the goal to build a new, active directory based Windows domain for DESY. - PowerPoint PPT PresentationTRANSCRIPT
HEPiX-HEPNT Amsterdam 21.05.2003
Progress of the DESY Windows Project - Building a new domain
with Windows 2003 Server
Reinhard Baltrusch, DESY IT
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
2
SituationSituation
The project starts in march 2002 with the goal to build a new, active directory based Windows domain for DESY.In the first phase a sitespreading test environment with Windows 2000 was installed and filled with life (win2k.desy.de).Meanwhile Windows XP has become the preferred client operating-system for administration. But we have seen always some conflicts between Windows 2000 and XP (e.g. policies !) and restrictions of Windows 2000 (e.g. Dfs).Since 24. April Windows Server 2003 (.NET) is available and we have seen in preceding tests with the RC2 that many problems are solved. New features make the life easier and there is no need to spend time for later migration.So we decided to avoid the deployment of Windows 2000 and go forward with Windows Server 2003 and Windows XP SP1.By now new hardware is waiting to start in the next phase of the project : Construct the real production environment for the domain win.desy.de.
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
3
Useful Windows Server 2003 Useful Windows Server 2003 featuresfeatures
Group Policy Management Console (GPMC)Volume Shadow Copy Services / Shadow Copy ClientAutomated System Recovery (ASR)Dfs (enhanced, more then one root possible) RIS (advanced, server OS also supported) Schema management (deactivate/activate classes and attributes)inetOrgPerson object class built-in (in W2K extension)Metadirectory support (enterprise edition)Better support for migration of NT4 (ADMT, e.g. password migration)CHKDSK Performance (over 20 % faster than W2k)Windows Sharepoint Services (later update for W2K3, beta)Rename domain
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
4
Group Policy Management Group Policy Management ConsoleConsole
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
5
Shadow CopiesShadow Copies
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
6
Hardware for the new DESY Hardware for the new DESY domaindomain
Available :– 3 HP/Compaq Proliant DL380 G3
as Domaincontroller (computer centre, machine controls in Hamburg, computer centre in Zeuthen).
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
7
Hardware for the new DESY Hardware for the new DESY domain (II)domain (II)
– 4 HP/Compaq Proliant DL360 G3 for several services (like Web, SUS, Transaction, NetInstall)
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
8
Hardware for the new DESY Hardware for the new DESY domain (III)domain (III)
– 1 Compaq/HP Proliant DL380 G2 Packaged Cluster with StorageWorks Array for RIS, DFS and other
fileservices.
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
9
Hardware for the new DESY Hardware for the new DESY domain (IV)domain (IV)
Not delivered jet :– Storage system for homedirectories in Hamburg :
HP StorageWorks MSA1000 with 4 HP blade server(6 TB für win.desy.de and DESYNT)
– Storage system for homedirectories in Zeuthen : HP StorageWorks MSA1000 with HP DL380 cluster(1 TB für win.desy.de, expandable)
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
10
StorageWorks MSA 1000StorageWorks MSA 1000
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
11
General build up planGeneral build up plan
After installing three domain controller the replication behavior and the DDNS functionality (site spreading) must be smooth before going ahead !In the test domain proofed services, tools and scripts will be integrated in the production domain. The basic Active Directory structure (namespace container) with delegation and basic grouppolicies will be inserted.In first step we are looking for max. 500 test users, who should try to do there normal work on XP clients configured for the domain.But the reservation is to install the domain a second time if something is going absolutly wrong in this test phase of the production domain. Otherwise necessary improvements will be made on the services, structure, policies and security.If all is running in a good way further services and users will be migrated.
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
12
Active Directory structureActive Directory structure
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
13
Basic services in the new Basic services in the new Windows domain at the Windows domain at the beginningbeginning
Homedirectory, quota management (native) and backup inclusiv (TSM, TSM-Client V. 5.16 is ready for Windows Server 2003).Dfs (active directory integrated and standalone) - the homedirectory path in the user profile will be a Dfs link.Remote Installation Service for basic OS installation.Usage of the Software Update Service from the beginning (Windows update push mode).Application provision over grouppolicies and later over NetInstall.Deployment of McAfee VirusScan Enterprise 7.0 (one version for server and workstation), update over the AutoUpdate Architect.Mail and printing is at first functional over the old domain.
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
14
Distributed file serviceDistributed file service
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
15
Software Update ServicesSoftware Update Services
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
16
VirusScan Enterprise 7.0VirusScan Enterprise 7.0
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
17
AutoUpdate ArchitectAutoUpdate Architect
Windows Project
HEPiX-HEPNT Amsterdam 21.05.2003
18
Future look on ..Future look on ..
Exchange Titanium (2003, beta, E2k is not supported for W2K3)SharePoint Portal Server v. 2 (2003, beta)ePolicy Orchestrator version 3 (beta, McAfee scanner administration)Samba version 3 (alpha)Advanced quota management tool (for group quotas)