Tools and techniques to ensure network availability
Maintaining network availability in Windows 2000 is an entirely new ball game for network administrators. To effectively support Win2K networks and maintain the same levels of network availability that your previous Windows networks provided, you must perform network-management activities beyond the steps you've taken with earlier Windows versions. As with any computer network, monitoring crucial statistics such as server CPU, memory and disk utilization, and network connectivity statistics is imperative. However, Win2K introduces additional components, services, and dependencies that you must also monitor regularly.
These new elements, which collectively make up Win2K's core infrastructure, include Active Directory (AD) databases and services, DNS servers, the Global Catalog (GC), and Operation Masters. Win2K and Win2K-centric applications rely heavily on these services and components for proper network operation. Thus, network administrators must be able to guarantee not only these components' general availability but also an acceptable performance baseline. Failure to do so can result in severe, networkwide problems, including slow or failed user logon authorizations, inconsistent data across AD servers, the inability to access crucial applications, and printing problems. To properly maintain your Win2K infrastructure, IT shops' network administrators need specific knowledge about which components you need to monitor as well as which full-featured Win2K-aware monitoring tool is right for your organization.
AD: Win2K's Backbone
Before delving into the specifics of AD, let's review the general terms and concepts related to directory-enabled networks. In a hierarchical structure that makes the information easier to understand and access, a directory (aka a data store) maintains data about objects within a known framework or environment such as a network. These objects include traditional network resources such as user and machine accounts, shared network resources such as shared directories and printers, and resources such as network applications, services, and security policies.
Directory service is a composite term that includes the directory data store as well as the services that make the information within the directory available to users and applications. Directory services come in various types and from different sources. OS directories, such as Microsoft's AD and Novell's Novell Directory Services (NDS), are general-purpose directories that vendors include with a network OS and design to be multipurpose directories that a variety of users, applications, and devices can access. Some applications, such as enterprise resource planning (ERP), human resources (HR), and email systems (e.g., Microsoft Exchange Server) provide directories for storing data specific to their functionality.
Why is a directory essential? A directory provides a central repository for all of an enterprise network's crucial data, including information about user accounts, computers, printers, applications (e.g., an HR database), security, and system configuration policy. Over time, organizations can use a central directory, such as AD, to consolidate the majority of their crucial data into one shared network resource. This consolidation improves organizational efficiency and significantly reduces a network's total cost of ownership (TCO).
Although data centralization and consolidation is a key benefit of directory services, this functionality also represents one of directory services' greatest potential weaknesses. Moving crucial information from a distributed model to one that is highly centralized considerably reduces a network's tolerance for downtime and problems and increases the risk of loss as a result of downtime. Thus, a considerable portion of a network administrator's monitoring efforts needs to be focused on AD and its subcomponents.
In most cases, AD is the compelling feature that is driving enterprise customers toward migrating to Win2K. With AD, Microsoft has finally delivered a directory that can support large and multisite networks. Although plenty of alternative directory products have been on the market for some time (e.g., Banyan's StreetTalk and Novell's NDS), many Microsoft- and Windows NT-centric organizations have chosen to wait and use AD as the foundation for their enterprise networks. As a result, AD represents the first foray into the world of directories and directory management for many organizations and network administrators.
One or more Win2K domain controllers host AD, which the domain controllers replicate in a multimaster fashion to ensure increased availability of the directory and the network. In this replication scenario, multiple read/write copies of the database exist simultaneously. This setup differs from NT 4.0's single-master PDC and BDC replication topology wherein one domain controller, the PDC, houses a read/write copy of the database. In addition to providing a central repository for network objects and services for accessing those objects, AD furnishes security in the form of discretionary access control lists (DACLs). AD applies DACLs to directory objects to prevent unauthorized parties from accessing those objects.
At a physical level, AD uses Microsoft's Extensible Storage Engine (ESE) to store the directory database. Exchange Server also uses ESE. Like Exchange Server, AD's database employs transaction log files to help ensure database integrity in the case of events (e.g., power outages) that interfere with the successful completion of database transactions. AD also shares Exchange Server's ability to perform online database maintenance and defragmentation.
AD is a database, so all your Win2K domain controllers are essentially crucial database servers. Therefore, you should treat your Win2K domain controllers no differently than you treat any other important database server in terms of fault-tolerance preparation (e.g., disk redundancy, backups, power protection) and capacity planning.
Although AD's management interfaces and APIs mask the building blocks that make up the directory, AD's physical configuration is nonetheless an important consideration for Win2K administrators. For example, all volumes on domain controllers that host the AD database and its transaction logs must maintain adequate levels of free disk space at all times. For performance reasons, you must ensure that the AD databases on domain controllers don't become too heavily fragmented. In addition, administrators need to be aware of the services and components that ensure an AD-enabled Win2K network's stability.
DNS: Gateway to AD
The TCP/IP network protocol plays a larger role in Win2K than in earlier NT versions. Although Win2K also supports other legacy protocols, such as IPX and NetBEUI, Microsoft based most of Win2K's internal mechanics, including AD, on TCP/IP. In AD-enabled networks, as in all TCP/IP-based networks, the ability to resolve names to IP addresses is an essential service. A bounded area within which a resolution service can resolve a given name is a namespace. In NT-based networks, NetBIOS is the primary namespace and WINS is the primary name-to-IP address resolution service. In Win2K, Microsoft has abandoned the use of NetBIOS as the primary network namespace and replaced it with DNS. Like AD, DNS employs a hierarchical namespace and uses domains, but DNS defines domains differently than AD does.
Although you can incorporate a DNS namespace into an NT network for name-to-IP address resolution, this use of DNS is optional and mainly of interest to enterprises running heterogeneous environments or Internet-based applications. However, in AD, DNS plays a more crucial role. In addition to replacing NetBIOS as the default name resolution service in Win2K, Microsoft designed Win2K domains to use a DNS-style naming structure that ties the namespace of AD domains directly to the network's DNS namespace. (However, only companies that use separate DNS configurations for the internal LAN and the Internet—the Microsoft-recommended configuration—
usually experience this namespace duplication.) Finally, Win2K uses DNS as its default locator service, which is the service that the OS uses to convert items such as AD domain, site, and service names to IP addresses.
Previous
Register
