MCSE: Windows® 2000 Network Infrastructure Design, Exam Notes™
William Heldman
SYBEX®
MCSE: Windows 2000 Network Inf...
27 downloads
977 Views
1MB Size
Report
This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form
MCSE: Windows® 2000 Network Infrastructure Design, Exam Notes™
William Heldman
SYBEX®
MCSE: Windows 2000 Network Infrastructure Design Exam Notes
This page intentionally left blank
MCSE: Windows® 2000 Network Infrastructure Design Exam Notes™
William Heldman
San Francisco • Paris • Düsseldorf • Soest • London
Associate Publisher: Neil Edde Contracts and Licensing Manager: Kristine O’Callaghan Associate Developmental Editor: Elizabeth Hurley Editor: Julie Sakaue Production Editor: Liz Burke Technical Editor: Joshua Konkle Book Designer: Bill Gibson Graphic Illustrator: Tony Jonick Electronic Publishing Specialist: Judy Fung Proofreaders: Leslie E.H. Light, Jennifer Campbell, Liz Burke, Laurie O’Connell Indexer: Nancy Guenther Cover Designer: Archer Design Cover Photography: Natural Selection Copyright © 2001 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, magnetic, or other record, without the prior agreement and written permission of the publisher. Library of Congress Card Number: 00-107348 ISBN: 0-7821-2767-3 SYBEX and the SYBEX logo are trademarks of SYBEX Inc. in the USA and other countries. Exam Notes is a trademark of SYBEX Inc. Screen reproductions produced with Collage Complete. Collage Complete is a trademark of Inner Media Inc. Microsoft, the Microsoft Internet Explorer logo, Windows, Windows NT, and the Windows logo are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. SYBEX is an independent entity from Microsoft Corporation, and not affiliated with Microsoft Corporation in any manner. This publication may be used in assisting students to prepare for a Microsoft Certified Professional Exam. Neither Microsoft Corporation, its designated review company, nor SYBEX warrants that use of this publication will ensure passing the relevant exam. Microsoft is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer. The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied by software manufacturer(s). The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book. Manufactured in the United States of America. 10 9 8 7 6 5 4 3 2 1
To KL—thanks for hanging with me.
Acknowledgments With grateful acknowledgment of all those who helped me with these books. I’m especially grateful to the Sybex associate publisher in charge of the study guides, Neil Edde. He was the one who graciously gave me my start in writing computer books—and I feel that I’m privileged to write for the best computer book company on earth. I’d also like to thank the editors of this book: Elizabeth Hurley, associate developmental editor; Julie Sakaue, editor; Liz Burke, production editor; as well as Joshua Konkle, the technical editor who helped with this book. I’d also like to acknowledge the artists and layout people, Tony Jonick and Judy Fung, without whom a book would have no pizzazz. You can’t begin to know the patience of a wife who must put up with someone who comes home from work tired, hungry, and grumpy and who must hit the word processor for a good solid two hours in order to get the next chapter in on time. Thank you so much Kimmie Lou for your loyalty, endurance, and patience with my second career—my first love. Last, but certainly not least, I want to thank God, the giver of gifts and of life.
Contents Introduction Chapter
Chapter
1
2
x Analyzing Business Requirements
Analyze the existing and planned business models. 3
Analyze the existing and planned organizational structures. Considerations include management model; company organization; vendor, partner, and customer relationships; and acquisition plans. 12
Analyze factors that influence company strategies. 24
Analyze the structure of IT management. Considerations include type of administration, such as centralized or decentralized; funding model; outsourcing; decision-making process, and change-management process. 35
Analyzing Technical Requirements
Evaluate the company's existing and planned technical environment and goals. 49
Analyze the impact of infrastructure design on the existing and planned technical environment. 66
Analyze the network requirements for client computer access. 86
Analyze the existing disaster recovery strategy for client computers, servers, and the network. 93
1
47
viii Contents
Chapter
Chapter
Chapter
3
4
5
Designing a Windows 2000 Network Infrastructure
Modify and design a network topology. 101
Design a TCP/IP networking strategy. 107
Design a DHCP strategy. 122
Design name resolution services. 133
Design a multi-protocol strategy. Protocols include IPX/SPX and SNA. 149
Design a Distributed file system (Dfs) strategy. 161
Designing for Internet Connectivity
Design an Internet and extranet access solution. Components of the solution could include proxy server, firewall, routing and remote access, Network Address Translation (NAT), connection sharing, web server, or mail server. 172
Design a load balancing strategy. 185
Designing a Wide Area Network Infrastructure
Design an implementation strategy for dial-up remote access. 192
Design a virtual private network (VPN) strategy. 215
Design a Routing and Remote Access routing solution to connect locations. 228
99
171
191
Contents
Chapter
Index
6
Designing a Management and Implementation Strategy for Windows 2000 Networking
Design a strategy for monitoring and managing Windows 2000 network services. Services include global catalog, Lightweight Directory Access Protocol (LDAP) services, Certificate Services, DNS, DHCP, WINS, Routing and Remote Access, Proxy Server, and Dfs. 238
Design network services that support application architecture. 255
Design a plan for the interaction of Windows 2000 network services such as WINS, DHCP, and DNS. 262
Design a resource strategy. 266
ix
237
274
Introduction Microsoft’s new Microsoft Certified Systems Engineer (MCSE) track for Windows 2000 is the premier certification for computer industry professionals. Covering the core technologies around which Microsoft’s future will be built, the new MCSE certification is a powerful credential for career advancement. This book has been developed, in cooperation with Microsoft Corporation, to give you the critical skills and knowledge you need to prepare for one of the core requirements of the new MCSE certification program, Designing a Microsoft Windows 2000 Network Infrastructure. You will find the information you need to acquire a solid understanding of the design of a Windows 2000 network infrastructure, to prepare for Exam 70-221: Designing a Windows 2000 Network Infrastructure, and to progress toward MCSE certification.
Is This Book for You? The MCSE Exam Notes books were designed to be succinct, portable exam review guides that can be used either in conjunction with a more complete study program (book, CBT courseware, classroom/lab environment) or as an exam review for those who don’t feel the need for more extensive test preparation. It isn’t our goal to give the answers away, but rather to identify those topics on which you can expect to be tested and to provide sufficient coverage of these topics. Perhaps you’re already familiar with the features and functionality of Windows 2000. The thought of paying lots of money for a specialized MCSE exam preparation course probably doesn’t sound too appealing. What can they teach you that you don’t already know, right? Be careful, though. Many experienced network administrators have walked confidently into test centers only to walk sheepishly out of them after failing an MCSE exam. As they discovered, there’s the Microsoft of the real world and the Microsoft of the MCSE exams. It’s our goal with these Exam Notes books to show you where the two converge and where they diverge. After you’ve finished reading
Introduction
xi
through this book, you should have a clear idea of how your understanding of the technologies involved matches up with the expectations of the MCSE test makers in Redmond. Or perhaps you’re relatively new to the world of Microsoft networking, drawn to it by the promise of challenging work and higher salaries. You’ve just waded through an 800-page MCSE Windows 2000 study guide or taken a class at a local training center. Lots of information to keep track of, isn’t it? Well, by organizing the Exam Notes books according to the Microsoft exam objectives, and by breaking up the information into concise manageable pieces, we’ve created what we think is the handiest exam review guide available. Throw it in your briefcase and carry it to work with you. As you read through the book, you’ll be able to identify quickly those areas you know best and those that require more in-depth review.
NOTE The goal of the Exam Notes series is to help MCSE candidates familiarize themselves with the subjects on which they can expect to be tested in the MCSE exams. For complete, in-depth coverage of the technologies and topics involved, we recommend the MCSE Windows 2000 Study Guide series from Sybex.
How Is This Book Organized? As mentioned above, this book is organized according to the official exam objectives list prepared by Microsoft for Exam 70-221. The chapters coincide to the broad objectives groupings, such as Designing a Wide Area Network Infrastructure. These groupings are also reflected in the organization of the MCSE exams themselves.
xii Introduction
Within each chapter, the individual exam objectives are addressed in turn. Each objective’s coverage is further divided into the following sections of information: Critical Information
This section presents the greatest level of detail on information for the objective. This is the place to start if you’re unfamiliar with or uncertain about the objective’s technical issues. Exam Essentials
In this section, we’ve put together a concise list of the most crucial topics that you’ll need to comprehend fully prior to taking the MCSE exam. These summaries can help you identify subject areas that might require more study on your part. Key Terms and Concepts
Here you’ll find a mini-glossary of the most important terms and concepts related to the specific objective. This list will help you understand what the technical words mean within the context of the related subject matter. Sample Questions
For each objective, we’ve included a selection of questions similar to those you’ll encounter on the actual MCSE exam. Answers and explanations are provided so you can gain some insight into the test-taking process.
How Do You Become an MCSE? Attaining MCSE certification has always been a challenge. In the past, people could acquire detailed exam information—even most of the exam questions—from online “brain dumps” and third-party “cram” books or software products. For the new MCSE exams, however, this simply will not be the case. To avoid the “paper-MCSE syndrome” (a devaluation of the MCSE certification because unqualified individuals manage to pass the exams), Microsoft has taken strong steps to protect the security and
Introduction
xiii
integrity of the new MCSE track. Prospective MSCEs will need to complete a course of study that provides not only detailed knowledge of a wide range of topics, but true skills derived from working with Windows 2000 and related software products. In the new MCSE program, Microsoft is heavily emphasizing hands-on skills. Microsoft has stated that “nearly half of the core required exams’ content demands that the candidate have troubleshooting skills acquired through hands-on experience and working knowledge.” Fortunately, if you are willing to dedicate time and effort with Windows 2000, you can prepare for the exams by using the proper tools. If you work through this book and the other books in this series, you should successfully meet the exam requirements.
TIP This book is part of a series of MCSE Study Guides and Exam Notes published by Sybex that covers the five core requirements as well as the electives you need to complete your MCSE track.
Exam Requirements Successful candidates must pass a minimum set of exams that measure technical proficiency and expertise.
Candidates for MCSE certification must pass seven exams, including four core operating system exams, one design exam, and two electives.
Candidates who have already passed three Windows NT 4 exams (70-067, 70-068, and 70-073) may opt to take an “accelerated” exam plus one core design exam and two electives.
NOTE If you do not pass the accelerated exam after one attempt, you must pass the five core requirements and two electives.
xiv Introduction
The following tables show the exams that a new certification candidate must pass. All of these exams are required: Exam #
Title
Requirement Met
70-216
Implementing and Administering a Microsoft Windows 2000 Network Infrastructure
Core (Operating System)
70-210
Installing, Configuring, and Administering Microsoft Windows 2000 Professional
Core (Operating System)
70-215
Installing, Configuring, and Administering Microsoft Windows 2000 Server
Core (Operating System)
70-217
Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure
Core (Operating System)
One of these exams is required: Exam #
Title
Requirement Met
70-219
Designing a Microsoft Windows 2000 Directory Services Infrastructure
Core (Design)
70-220
Designing Security for a Microsoft Windows 2000 Network
Core (Design)
70-221
Designing a Microsoft Windows 2000 Network Infrastructure
Core (Design)
Introduction
xv
Two of these exams are required: Exam #
Title
Requirement Met
70-219
Designing a Microsoft Windows 2000 Directory Services Infrastructure
Elective
70-220
Designing Security for a Microsoft Windows 2000 Network
Elective
70-221
Designing a Microsoft Windows 2000 Network Infrastructure
Elective
Any current MCSE elective
Exams cover topics such as Exchange Server, SQL Server, Systems Management Server, Internet Explorer Administrators Kit, and Proxy Server (new exams are added regularly)
Elective
NOTE For a more detailed description of the Microsoft certification programs, including a list of current MCSE electives, check Microsoft’s Training and Services Web site at www.microsoft.com/trainingandservices.
Exam Registration You may take the exams at any of more than 1,000 Authorized Prometric Testing Centers (APTCs) and VUE Testing Centers around the world. For the location of a testing center near you, call Sylvan Prometric at (800) 755-EXAM (755-3926), or call VUE at (888) 837-8616. Outside the United States and Canada, contact your local Sylvan Prometric or VUE registration center.
xvi Introduction
You should determine the number of the exam you want to take, and then register with the Sylvan Prometric or VUE registration center nearest to you. At this point, you’ll be asked for advance payment for the exam. The exams are $100 each. Exams must be taken within one year of payment. You can schedule exams up to six weeks in advance or as late as one working day prior to the date of the exam. You can cancel or reschedule your exam if you contact the center at least two working days prior to the exam. Same-day registration is available in some locations, subject to space availability. Where same-day registration is available, you must register a minimum of two hours before test time.
TIP
You may also register for your exams online at
www.sylvanprometric.com or www.vue.com.
When you schedule the exam, you’ll be provided with instructions regarding appointment and cancellation procedures, ID requirements, and information about the testing center location. In addition, you’ll receive a registration and payment confirmation letter from Sylvan Prometric or VUE. Microsoft requires certification candidates to accept the terms of a nondisclosure agreement before taking certification exams.
What the Designing a Windows 2000 Network Infrastructure Exam Measures This exam is going to test your ability to recognize ways that you can provide connectivity to outside users. For example, you’ll be tested in Virtual Private Network (VPN) installations—security, authentication, the why and how of building a VPN. You’ll also be tested on your understanding of Routing and Remote Access Services (RRAS), Windows 2000’s capability of providing connectivity for telecommuting users. Windows 2000 Server can function as a router—you’ll be tested on router protocols and why and when you’d use Windows 2000 routers.
Introduction
xvii
There are sections in this book on DHCP, WINS, DNS, Dfs, and other Windows 2000 TCP/IP features. Also, you’ll be asked to test your knowledge of TCP/IP subnetting principles. This book delves into network hardware and infrastructures. The goal of the design test is to help the administrator understand the enterprise concept—that there’s more to the network than simply the server farm, there’s so much more.
Tips for Taking Your Exam Here are some general tips for taking your exam successfully:
Arrive early at the exam center so you can relax and review your study materials, particularly tables and lists of exam-related information.
Read the questions carefully. Don’t be tempted to jump to an early conclusion. Make sure you know exactly what the question is asking.
When answering multiple-choice questions you’re not sure about, use a process of elimination to get rid of the obviously incorrect questions first. This will improve your odds if you need to make an educated guess.
This test has many exhibits (pictures). It can be difficult, if not impossible, to view both the questions and the exhibit simulation on the 14- and 15-inch screens usually found at the testing centers. Call around to each center and see if they have 17-inch monitors available. If they don’t, perhaps you can arrange to bring in your own. Failing this, some have found it useful to quickly draw the diagram on the scratch paper provided by the testing center and use the monitor to view just the question.
You are allowed to use the Windows calculator during your test. However, it may be better to memorize a table of the subnet addresses and to write it down on the scratch paper supplied by the testing center before you start the test.
xviii Introduction
Once you’ve completed an exam, you’ll be given immediate, online notification of your pass or fail status. You’ll also receive a printed Examination Score Report indicating your pass or fail status and your exam results by section. (The test administrator will give you the printed score report.) Test scores are automatically forwarded to Microsoft within five working days after you take the test. You don’t need to send your score to Microsoft. If you pass the exam, you’ll receive confirmation from Microsoft, typically within two to four weeks.
Contact Information To find out more about Microsoft Education and Certification materials and programs, to register with Sylvan Prometric, or to get other useful information, check the following resources. Outside the United States or Canada, contact your local Microsoft office or Sylvan Prometric testing center. Microsoft Certified Professional Program—(800) 636-7544
Call the MCPP number for information about the Microsoft Certified Professional program and exams, and to order the latest Microsoft Roadmap to Education and Certification. Sylvan Prometric Testing Centers—(800) 755-EXAM
Contact Sylvan to register to take a Microsoft Certified Professional exam at any of more than 800 Sylvan Prometric testing centers around the world. Microsoft Certification Development Team—http:// www.microsoft.com/trainingandservices
Contact the Microsoft Certification Development Team through their Web site to volunteer for participation in one or more exam development phases or to report a problem with an exam. Address written correspondence to the Certification Development Team, Microsoft Education and Certification, One Microsoft Way, Redmond, WA 98052.
Introduction
xix
Microsoft TechNet Technical Information Network—(800) 344-2121
The is an excellent resource for support professionals and system administrators. Outside the United States and Canada, call your local Microsoft subsidiary for information.
How to Contact the Publisher Sybex welcomes reader feedback on all of its titles. Visit the Sybex Web site at www.sybex.com for book updates and additional certification information. You’ll also find online forms to submit comments or suggestions regarding this or any other Sybex book.
This page intentionally left blank
Chapter
1
Analyzing Business Requirements MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER: the existing and planned business models. Analyze (pages 3 – 12)
Analyze the company model and the geographical scope. Models include regional, national, international, subsidiary, and branch offices.
Analyze company processes. Processes include information flow, communication flow, service and product life cycles, and decisionmaking.
the existing and planned organizational Analyze structures. Considerations include management model; company organization; vendor, partner, and customer relationships; and acquisition plans. (pages 12 – 23) factors that influence company strategies. Analyze (pages 24 – 35)
Identify company priorities.
Identify the projected growth and growth strategy.
Identify relevant laws and regulations.
Identify the company's tolerance for risk.
Identify the total cost of operations.
the structure of IT management. Analyze Considerations include type of administration, such as centralized or decentralized; funding model; outsourcing; decision-making process, and change-management process. (pages 35 – 45)
W
e’ll start by reviewing the makeup of a company, probably your company. We’ll analyze the company’s management organization, its funding model, tolerance for risk, priorities, and so forth. Looking above, you can see that the exam objectives that revolve around this topic are numerous and yet nontechnical. Why are they important? Because, to get your hands around a Windows 2000 deployment, you need to thoroughly understand the way your company ticks. Windows 2000 has so many new features that you may decide one fits in a given circumstance where another feature would work better in a different place. Recognizing the way that your company works, how it is built, helps you understand how to introduce Windows 2000 into the environment.
Analyze the existing and planned business models.
Analyze the company model and the geographical scope. Models include regional, national, international, subsidiary, and branch offices. Analyze company processes. Processes include information flow, communication flow, service and product life cycles, and decision-making.
Microsoft, while a software (and hardware) company, is also in the business of making you successful by using their software. People at Microsoft are great project managers, and they realize that in order to make Windows 2000 successful you need to understand how your organization works, so that you can precisely place different Windows 2000 features where needed.
4 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Critical Information In the following exam objectives, we’re interested in taking apart a company’s logical makeup and seeing if we can define the company’s model, its geographic scope, the processes that are in place and are routinely followed, and the existing and planned organizational structures in the company. It will probably be a great help to you to think about your own company in the context of this section. It is important to thoroughly understand the concepts outlined here in order to succeed with a Windows 2000 deployment, our second objective. (Our first, of course, being to pass the test.)
Analyzing the Company Model and the Geographical Scope Let’s take a moment to review the various company models and what they encompass. Notice that the subobjective says, “Models include…” implying that the list isn’t limited to only the models suggested. The point here is not that you memorize the models, but that you recognize the model(s) your company uses. Here are some of the models and geographical scopes that you might encounter: Local A local company is only in business within a city or the very localized surrounding area relative to a city. For example, suppose that you work for a flower company that has retail stores in several suburban towns and cities close to its headquarters. None of the retail stores are out of state, and all are within a few miles of one another. This would be an incidence of a local company. Regional A regional company operates in several widely geographically dispersed cities within a state, in several states, or both. Suppose, for example, that you work for a company that operates a chain of restaurants localized within one large state, but that it has a presence in different cities within that state. This would be an example of a regional company. National A national company is one that has a presence of some kind within its country of origin. In a U.S. example, this does not specifically imply that there is an office in every state or an office of great proportions, but it does imply that there is some presence in every state. The
Chapter 1
Analyzing Business Requirements
5
most basic and common example is a company that requires a small office in each state to maintain a sales force local to that state. An office might be comprised of just a few people, but it would, nonetheless, be part of your company and make for very interesting connectivity and computing planning. International A company that has offices all over the world is said to have an international presence. Again, these offices don’t necessarily have to be very large to influence your evaluation and planning. A company might have a distributed environment with its headquarters in, say, Chicago, another large one in the U.K. (perhaps a “mini-HQ”), and several smaller offices staffed predominantly with salespeople and support personnel in many other countries. Subsidiary Offices Some companies specialize in a certain venture and then find that they need something else to make their particular area of expertise more palatable to the public. So, rather than reinventing the wheel, they buy a company that’s already doing whatever they need done. A company that is purchased and yet retains its own identity is a subsidiary. Subsidiaries present unique challenges to network designers and IT people, because typically you inherit a legacy group of administrators who are accustomed to doing things their way and who may not necessarily be amenable to re-inventing their lives in order to fit their new parent’s mold. Branch Offices Some companies may maintain one central headquarters office but also have several branch offices that have some autonomy relative to HQ. A company’s size and the nature of its business will determine how many branch offices it may have. The geographical scope of a company really presents an interesting twist to the whole network design scenario. One must consider a series of things: the area that your network must traverse, it’s geographic placement, and the resources and funds it will take to set up communications between sites. Another thing to consider while using the Windows 2000 design is the concept of a Single Point of Failure (SPOF) and bottlenecks. A SPOF is a place or places where only one connection or part holds up the system. A server with only one hard drive in it has a SPOF—the hard drive. If that hard drive goes out, the server’s down until you get it repaired.
6 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
A bottleneck is a place where things slow to a crawl as data crosses that place. Bottlenecks are like chameleons and take on the characteristics of where they’re living. There are some Windows 2000 features such as System Monitor that can help you identify bottlenecks, but it’s pretty apparent that your own instincts are going to be the biggest tool you have in helping you discover and eradicate bottlenecks.
Analyzing Company Processes Some companies do quite a bit of their information interplay by paper or word of mouth, not thinking that computer systems can accomplish the same goal. If your company wants to say something new—to go where no one has gone before—how does it accomplish that? How does your company get information from one point to another? Common corporate processes include using collaborative frameworks in Lotus Notes, public folders on an Exchange server, mainframes, and intranets—or a combination of these things. This is one of the elements you’re looking to discover when you do your network design and diagramming. Information and Communications Flow
In terms of network design, there are generally two practiced forms of communications. The first is inter-company communication such as e-mail, intranets, and virtual meetings. The second area of information and communications flow is the more abstract communications ethos. Virtual Communications This is where you sit down and take a physical inventory of how your company handles its intercommunications. You would be examining areas such as your phone system, for example. The majority of intra-company communications are either voice-based or e-mail-centric. As companies migrate more and more to network-based communications, e-mail has become the central method of communicating. People Communications This area is much more nebulous. You must be able to assess areas such as how people interact in their daily business dealings, how management communicates with their direct reports, and how requests for information are handled. As a network
Chapter 1
Analyzing Business Requirements
7
designer, you need to understand how interpersonal communication at your company works, before you start interrogating people about their technical and business needs. If you don’t adapt your approach to the company culture, then your message will never get across. Product and Service Life Cycles
Products ride a life cycle very similar to the famous bell curve that seems to crop up in most of life. Many products that were leaders just five to ten years ago are either nonexistent or have been incorporated in solutions or packages. Figure 1.1 shows a standard product life cycle. This isn’t quite a fair representation of what really happens, because a company that is dynamically trying to improve and release upgrades to their software actually spawns a lengthening of the bell curve, or, more practically, generates a whole new bell curve. Most users never get to the product decline stage, because they’ve adopted the new software upgrade and the old software version is allowed to die quietly. Nevertheless, software and hardware products go through distinct product life-cycle stages. Service life cycles consist of roughly the same concepts. F I G U R E 1 . 1 : The product life-cycle curve Product is at the apex of its use—for new usage to continue, new developments and improvements must be made.
Product gains wide acceptance, moves into the fore of standard software.
Product begins to assimilate marketshare.
Competitors enter in with superior products or company fails to produce new improvements. Product begins its decline.
8 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Decision-Making Processes
This is probably the most complicated part of your network design segment to try to figure out. You must be able to identify who makes the decisions and how the information generated from those decisions is disseminated. Some companies have an “Emerging Technologies” department that’s charged with the research and recommendation of new technologies. Other companies use the “architect” concept—people who have tons of everyday experience in the industry and are now equipped to make corporate decisions regarding technical direction.
Exam Essentials Know your company’s overall business model. By identifying which business model your company falls into, you can effectively provide a standardized desktop and overall consistent computing environment. Understand the geographical scope of your company. This scope will help you determine what kind of economic, geographic, facilitation, and political issues you will face with a given connection. Know why your company does what it does. Understanding your company’s processes will help you figure out how to do your job better. Know your company’s virtual and people-to-people communications flow. Good communications will facilitate a Windows 2000 rollout. Bad communications will destroy any chance you have of being successful. Know what product and service life cycles are. An understanding of the product life cycle of software (these days about one year or less) and the accompanying service life cycles are crucial to your applications integration into Windows 2000 rollouts. Example: You have an enterprise fax software program that you’re using in the enterprise. You’re on version 6, the company that wrote the software is now at version 7 and fixing to roll into version 8. You’re out of the product (and probably the service) life cycles.
Chapter 1
Analyzing Business Requirements
9
Know who makes the decisions in your company and why. Getting a Windows 2000 rollout nailed down is all about making sure that the big decisions you need finalized are made, accepted, and not reversible.
Key Terms and Concepts bottleneck A place where things slow to a crawl as data crosses that place. international A company that has offices and does business in countries that are foreign to its own home headquarters. local A company that does business only within a city or region. national A company that does business within its home country. regional A company that operates in its own city and several geographic regions nearby. The term “regional” might mean operating in several key cities in adjoining states or simply in suburbs of a city, depending on the size of the company. Single Point of Failure (SPOF) That place or places where the system is held up by only one connection or part. subsidiary A part of a company that’s involved in an activity that’s distinct from the parent company.
Sample Questions 1. You have a transoceanic connection between your sites in Madrid
and Haifa. Your boss has told you to eliminate all SPOFs on this circuit. How can you make sure that you accomplish this task? Select all that apply. A. Set up a land-based WAN circuit that acts as a backup to the
main circuit. B. Create a satellite-based connection between the two sites.
10 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
C. Set up two Windows 2000 demand-dial routers, one for each site. D. Set up a dial-up connection in Windows 2000 RRAS.
Answer: A, B, C. Options A, B, and C are all valid, though one may be more expensive than the other. There is some latency associated with the satellite-based solution, but it may still be more cost-effective than nailing up a land-based WAN circuit (since you’d have to traverse the Mediterranean coast to get the circuit going). Probably the most cost-effective and simplest solution would be to simply set up a set of Windows 2000-based demanddial routers. Transoceanic circuit craters? Start talking to the other site with the Windows 2000 routers instead. 2. You have a database system that has many users utilizing it on a
daily basis. There appears to be a bottleneck in the system, and you’ve traced the 100-BaseT infrastructure, client computers, and servers and have not found anything wrong other than the fact that the server that houses the database is heavily overused. How would you fix this problem? Select all that apply. A. Upgrade the database server’s hardware. B. Upgrade the network to gigabit ethernet. C. Set the database server up in a clustered environment. D. Limit the maximum connections to the server.
Answer: A, D. We’re told in the question that the problem does not lie with the network so option B isn’t valid, at least in context of the question. Option C is tricky because databases aren’t ideal candidates for clustered environments. You could opt to upgrade the server’s hardware. Often that fixes stodgy bottlenecks, especially when it comes to RAM. Limiting the maximum connections to the server so as to maintain decent response times based on user expectations isn’t an ideal workaround, but it is nonetheless a workaround. 3. It might be an intrusion to users when network admins have to
upgrade the network operating system and associated back office
Chapter 1
Analyzing Business Requirements
11
applications from time to time. Why is it important to keep up with updates? Select the best option. A. Sticking with the latest and greatest software improves
productivity. B. Staying at or near the top of the product life-cycle curve pre-
vents having to go through costly upgrades later on. C. Changes in the network operating system provide better
throughput. D. As software evolves, business problems are simultaneously
solved. Answer: B. Companies that stubbornly refuse to upgrade their network software slowly drift behind in version releases to the point where it is quite costly to upgrade. The other reasons are good ones as well, but the product life-cycle curve has the most practical ramifications for a business. 4. Why would it be important to spot your company’s acquisition
plan? Select all that apply. A. Your company might have to change to the software the newly
acquired company is using. B. Your company might need to migrate the newly acquired com-
pany to the software you’re using. C. Your company may need to provide a transitional environment
while the newly acquired company is brought online. D. Your company may need to provide translational software for
the newly acquired company. Answer: B, C, D. In most cases, the company that’s being acquired is the one that must buckle under and adapt to their parent’s standards, so A is probably not an accurate answer. The other three may very well come into play. 5. You work as a network architect for a multinational firm with
offices all over the world. What would be one of the chief practical
12 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
considerations you would need to take into account when planning a Windows 2000 upgrade? A. Geographical scope B. Language issues C. Administrative issues D. WAN circuitry problems
Answer: B. Obtaining and installing Windows 2000 Server in all of the languages that might be in use at your diverse company will be of very practical concern to you. If you have an admin in Brazil who needs to upgrade his server, will you be able to obtain Windows 2000 software in Portuguese?
Analyze the existing and planned organizational structures. Considerations include management model; company organization; vendor, partner, and customer relationships; and acquisition plans.
W
ow! Quite the subobjective, isn’t it? It all depends on the size of your company and the extent to which you’re involved with a Windows 2000 rollout, but analyzing existing and planned organizational structures could take up quite a bit of your design time. Nevertheless, this is an all-important highly non-technical area that will definitely demand your time.
Critical Information Let’s review a typical management hierarchy from the top down, then segue into the management structures that get adopted as a result of various leadership styles.
Chapter 1
Analyzing Business Requirements
13
Identifying Organizational Structure Since a publicly held company is obligated to comply with a fiduciary duty—a responsibility to act as the trustee on someone else’s behalf with respect to an organization’s funding; in this case, shareholders— often there’s a board of directors that oversees the company’s operations. A chairperson heads up the board; this is most often not the same person as the president. The board is typically comprised of several stakeholders, often those with a heavy venture capital risk at stake, and various officers, including a secretary, a financial officer, a chief technical officer, and so forth. The board of directors is responsible for the hiring and firing of officers in corporate law. Board meetings are held to identify the leaders of the company, and then the positions are appointed. Figure 1.2 shows a typical organization’s org chart. F I G U R E 1 . 2 : A typical organization’s org chart CEO
Chief General Counsel
President
Sr. Vice President
Vice President
Sr. Manager
Board of Directors
Vice President
Director
Sr. Vice President
Vice President
Sr. Project Manager
Manager
Scientist
Supervisor
Supervisor
Team Leader
You?
Director
Technical Advisor
Vice President
Sr. Manager
14 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Most companies operate with some sort of senior leader, be that a president, a chief executive officer (CEO), or someone who holds the combination of those two roles. In a privately held company, the president is the owner of the company, frequently the person who started the company in the first place. Often, as a company goes from private to publicly held, the role shifts from president to CEO, but owners can tend to retain some semblance of the old mixed in with the new. The CEO is usually looked at as the visionary. Beneath the board of directors/CEO layer are the senior vice presidents and vice presidents. These individuals, the president, CEO, and board, together with an occasional benefactor chair or chief legal counsel, compose senior management. Directors and managers make up mid-management. Depending on the makeup of the company, they may or may not have input into the company’s direction—that is, they have different levels of power. Supervisors (aka line managers), team leaders, and the regular working folks round out the rest of the company. Some companies equate team leaders with supervisors, but I tend to look at team leaders as supervisors without any power. There are two main differences between a team leader and a supervisor. A supervisor handles budgeting and employee performance reviews. Team leaders are the overseers of a technical endeavor and the chief knowledge-keepers for a given group. Now your company may be laid out very differently. It’s up to you to decide exactly how your company is laid out and determine its structure so that you can create and maintain the most effective network design for it. In doing so, you must also consider all of the different types of management styles in your organization and how they might play a role in formulating your Windows 2000 design.
Management Models The autocratic leader is one who dictates that something should be done a certain way and expects to see it accomplished in that way. An autocratic leader typically allows little give-and-take and tolerates little variance in a project’s timeline or budget.
Chapter 1
Analyzing Business Requirements
15
The French phrase laissez-faire means “to allow to do.” The laissezfaire management style is typical in most computer environments where there are many software developers or administrators. Another word you might use in place of laissez-faire is “professional.” Workers are allowed to come and go as they like. I’ve never seen this style labeled quite like this in any business book, but some managers live by the loose-bundle system. What I mean is that the manager, as good as his intentions are, cannot quite get all of the loose ends to come together so as to finalize a project. Hands-on managers are those who aren’t terribly interested in the budgetary and performance evaluation aspects of their jobs, but instead like to get their hands dirty helping you out with a project. As you can imagine, this can have tremendous positive consequences if the manager knows what she’s doing. On the other hand, if the manager is completely incompetent (relative to the project at hand, of course), her interaction will be more of a thorn in your side than a help. A neutral style of management is one in which your manager really couldn’t care less one way or the other what projects a person is involved in. This might have to do with any one of a number of reasons. For example, suppose that a manager is promoted into a department and, after working there awhile, finds that she doesn’t really care for any of the people in the department. But the people working under her are vital to the department’s continuing function, so she opts for a manager-neutral approach. The political manager is one who manages for political expedience, not necessarily for the common good of a project or the department as a whole. The goal here is individual promotion, not departmental success. Sometimes a project completion happens to align with the goals of the manager, so things appear on the surface to be motivated by company goals, but this is really not the case. The project-oriented manager is one who focuses more on projects than on day-to-day activities and is effective with someone who must manage large project deployments. It can be bad when the manager must manage a team of individuals who are involved in the daily
16 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
operation of a network and are also responsible for implementing various network upgrades. The daily operation will be neglected in favor of the project, or someone on the team must take responsibility for daily operations just to make sure those needs are met. There are two situations in which an administrator or designer might have unique considerations different from those of a private company: not-for-profit organizations and governmental bodies. Both of these kinds of organizations have budgeting, management, and process differences that can contrast drastically with a private company, whether the private company is public or privately held. Working for a government organization is completely different from working for a private company. There are many reasons for this, such as the following:
The level of red tape and bureaucracy goes up by two to 10 times the amount you’d find in the average private company.
The pay is often less than the corporate average, so you’re either understaffed or else staffed with people who’ve come up through the ranks and who may not have as keen a grasp as you do of networks and networking.
Usually some legislative body (which may or may not understand exactly what the organization does) gives a governmental body its direction, so you may have little direct control over how you accomplish a given objective.
The budgetary cycle is often one in which the money for the year is doled out all at once, and managers have to be careful about how they allot their funding so that they don’t run out too soon.
The public has a great effect on how you do your job, either indirectly through the legislative body or directly on you, primarily generated from a “civilian” complaint.
Business directions can change as elected officials change, even if your job description does not.
Chapter 1
Analyzing Business Requirements
17
Because your executive management is motivated by political concerns, not business or technical concerns, your objectives may be in direct conflict with theirs.
Vendor, Partner, and Customer Relationships Vendors are those who sell you the equipment, software, and services you need to get your job done. Some companies that manufacture things also act as the vendor for those things. An example would be a company such as Dell or Gateway. Partners are companies or individuals who are in the business of helping you do business. The most successful model would be that of a company that thrives on partnerships and takes advantage of the additional marketing exposure and presence that partnerships offer. It should be a mutually beneficial relationship in which both parties feed off of one another’s success. Understanding a company’s customers directly correlates to the kind of enterprise software the company will use in addressing the needs of its customers and hence will reflect on the Windows 2000 choices you make. Example: Your company uses a specific manufacturing package because it is the only manufacturing software that can handle the particular assembly line structure you use. But there’s one problem: the software manufacturer has no plans to upgrade to Windows 2000 compliance. Now your Windows 2000 rollout has a problem.
Spotting Potential Acquisition Plans Some company CEOs, especially those who head up small businesses, are interested in grooming the company to a state of health where it’s ready for an acquisition of some kind. The company has a product that’s unique, the engineering and marketing forces are in place, and the firm is moving forward strongly. There are different reasons for acquisitions. Some companies are so huge that, when they need something that fits into the profile that they’ve established for a given product or service, they often buy a company making that very same thing rather than make it themselves. Another reason for acquisition is that a company is doing
18 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
something that the company looking to acquire wants to get into. Often a company is overwhelmed by its competition. A brutish little firm somehow manages to make a far better product than its oversized competitor, and, in many cases like these, it’s simply bought by the bigger industry leader. Finally, there are also times when a large company will buy a firm that has developed a part, device, service, or software solution that they desperately need. The flip side of an acquisition is the act of one company purchasing another, called a takeover. There are two kinds of takeovers, hostile and non-hostile. A hostile takeover occurs when the company that wants the goods or services of the target company simply barges in and acquires controlling interest. This can happen, for example, when a company has managed itself so poorly that it’s weakened to the point where it’s a good target for takeover. Provided, that is, that its goods or services are something that are desired in the industry. Non-hostile takeovers happen when a company is amenable to the proposition of being taken over by another company. Some companies are founded and managed in such a way as to drive the company toward a takeover. There’s huge money in it for the officers of such a company. A person starts the company, preferably with a product or service offering that’s hot, hot, hot, then manages it well until it’s highly attractive to other companies. Then the company introduces an initial public offering (IPO). So, when designing your network you must bear in mind the following two questions:
Is your company in business-acquisition mode? You may have noted a new trend in business where it’s not necessarily the gargantuan company that winds up buying out the smaller one.
Is your company setting itself up to be acquired by another company? I guess that I can offer no clear indicators of exactly how you would know that your company is in this state, apart from the concepts described above. Is your company small but provides a
Chapter 1
Analyzing Business Requirements
19
unique presence in your particular industry, one that others clamor for? Have you had an IPO—are you publicly held? Is your company financially strong and well managed? These are all indicators of a company that’s a sitting duck for an acquisition. Then again, you might be internally aware that your management is the worst there ever was, but the scenario that’s portrayed to the public at large is that they’re geniuses, so it’s all relative.
Exam Essentials Be able to diagnose the management model of your company. What is the in toto management structure of your company? (When your company management faces you in a unified front, what does their face look like?) What is the management style of each individual stakeholder manager? Understand your company’s organizational makeup. What does your company do? How does it do it? Is it good at what it does? Analyze vendor, partner, and customer relationships. This little gem will show up on the test numerous times in the form of Virtual Private Network (VPN) connectivity between your network and a partner relationship network. What are the relationships that your company has with its various vendors, partners, and, most importantly, with its customers? Spot any acquisition plans. A near-future acquisition could be the project killer for your Windows 2000 deployment.
Key Terms and Concepts autocratic A leader who uses the capacity of his office with unlimited power and authority. fiduciary A type of responsibility held by company officials who act in a special relation of trust, confidence, or responsibility to others. “Fiduciary” responsibility is normally used in the context of corporate monies or stocks.
20 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
hands-on A manager who likes to get his “hands dirty,” working alongside you when assembling and configuring a computer or figuring out how things work. A hands-on manager likes to participate in the activities his people are involved in. hostile takeover A takeover that is resisted by the management of the target company. Initial Public Offering (IPO) The formal process of a company making itself public by offering stock for sale for the first time. laissez-faire Noninterference in the affairs of others. A laissez-faire manager lets his direct reports go about their jobs with minimal input or interference. loose-bundle A manager who is inherently disorganized or communicates in a way that makes it hard to understand what’s being said. Loose-bundle managers aren’t stupid or bad communicators; they’re just interested in many other things going on at the same time! neutral A “neither hot nor cold,” “neither good nor bad” stance taken by management on a particular topic. Neutrality can be good if there is a holy war going on over a given topic. But neutrality can be a bad thing when an employee needs to know that the stance taken on a particular subject is unshakeable. non-hostile takeover A takeover in which both the management of the company and the entity taking over the company agree to the terms. political A political manager is one who strives to satisfy upper management’s concern that the projects and decisions handed down are being fulfilled all the while attempting to make employees happy with these same projects and decisions. It’s a very delicate tightrope that must be walked. Not all managers succeed but some are brilliant at it. project-oriented A manager who views things from a projectmanagement standpoint. All assigned tasks are filtered through a project management system and are handled using project management techniques.
Chapter 1
Analyzing Business Requirements
21
takeover A new management team begins managing the company, with or without approval of the current management.
Sample Questions 1. Your manager possesses a very laissez-faire management style.
What does this mean? A. She wants to know everything you’re doing. B. She is very hands-off and lets you run things the way you see fit. C. She doesn’t understand the things you’re talking about. D. She is interested only in the things that will get her promoted.
Answer: B. Laissez-faire managers are very prevalent in the IT field. They expect admins to be professional in their work ethic and generally return a hands-off management style as a reward for professionalism. 2. From a Windows 2000 perspective, why do you think it would be
important to understand a company’s organizational makeup? A. To make sure all managers are in agreement with the Win-
dows 2000 design B. To identify areas that need to be upgraded C. To understand the breakout of business functions D. To correctly identify forest, tree, domain, and AD design
parameters Answer: D. All of the options above are fine. But the one that has the most to do with Windows 2000 centers around the fact that you need to understand the organization so you can make intelligent decisions about what the forest(s) will be, the trees and domains in them, and how you’ll roll out Active Directory. 3. You work for a company that has recently converted to Win-
dows 2000 Server. The network is now running AD in native mode. You’ve overheard that the company is planning on
22 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
acquiring a new manufacturing concern that will help them increase the production of widgets. What will you need to identify so that this acquisition can take place smoothly? Select all that apply. A. What kind of NOS the company is running B. What enterprise applications are running C. What the new company’s name-resolution techniques are D. What special concerns there are that would prohibit an
upgrade of their network to Windows 2000 E. If the acquired company will need to migrate to Windows 2000
Answer: A, B, D, E. You’re definitely going to be interested in the NOS the soon to be acquired company is running. While there are tools that can help you interoperate with non–Windows-2000 NOSs such as NetWare, your ultimate goal will probably be to convert the network to pure Windows 2000. That is, unless, of course, the managers of the company say that this new acquisition will be an autonomous entity, in which case you may not need to care about the NOS. You’ll still care about enterprise applications, especially messaging (e-mail) and how the users in the new acquisition are going to talk to your current users. 4. What effect, if any, might an initial public offering (IPO) have on
your plans for a Windows 2000 conversion? A. Absolutely none B. Massive C. Minimal D. Moderate E. Depends
Answer: D. IPOs require that the Securities and Exchange Commission (SEC) thoroughly examine the bookwork of the company requesting permission for an IPO. Which means that the corporate financials are going to be heavily scrutinized. In a company as
Chapter 1
Analyzing Business Requirements
23
small as a hundred nodes, generally there is some server-based software where the financials are kept and maintained. Therefore, were you to forge ahead with your Windows 2000 rollout plans without bothering to take into consideration what impact the conversion would have on the financials (and associated documents hanging out there on user and hard drives), you’d not get far. Chances are that in the middle of an IPO, your rollout won’t proceed until the IPO is completed anyway, unless some aspect of the IPO predicates that you’ve got the conversion done. When an IPO happens, everybody is focused on making the company public. 5. You’ve just heard that your company is going to be subject to a
hostile takeover. You’ve just recently finished converting the DCs to Windows 2000 Advanced Server and you were getting ready to convert the rest of the servers and workstations when you heard this news. What impact will this news have on your rollout plans? A. Absolutely none B. Massive C. Minimal D. Moderate E. Depends
Answer: E. It depends on the hostility of the takeover. There are some companies that acquire another company through hostile means and then immediately sell off every component of the business. They do this for a variety of reasons—to get rid of competition, to strip the company of its assets, etc. But other companies that are acquired through hostile means are very much needed by the company doing the acquiring. Chances are that your rollout will stay on hold in its present state until such time as management (whether your old managers or the new managers) tell you to move forward.
24 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Analyze factors that influence company strategies.
Identify company priorities. Identify the projected growth and growth strategy. Identify relevant laws and regulations. Identify the company's tolerance for risk. Identify the total cost of operations.
A
long with understanding a company’s management makeup and its organizational structure, we also need to clearly define intangibles—things such as the company’s priorities, its growth strategies, laws and regulations that affect it, its tolerance for risk, and the cost of operations that it incurs as it does business. These are tough things to define objectively, but they come into play as you make decisions about your Windows 2000 rollout.
Critical Information By analyzing the factors that influence your company’s strategies, you will be better able to assess its priorities and, in turn, better assess your own as an administrator. Understanding how your company got started and why will help you understand what your network needs in order to support the goals of your company.
Identifying Company Priorities People who work for governmental and not-for-profit organizations will have a much easier time identifying these priorities than corporate workers will. Nevertheless, the exercise is ours to accomplish, no matter who you work for. Let’s start with some ways that you can begin to identify your company’s priorities. There are lots of places where you can begin to look
Chapter 1
Analyzing Business Requirements
25
for clues about your company’s main concerns. Following are a few of them:
Does your company print an annual report? Most publicly held companies will print an annual report, and usually, somewhere near the front, you’ll find the company’s mission statement. If your company has an intranet or newsletter, you’ll probably also find the mission statement posted there.
Did you attend an orientation when you went to work for this company? If so, the presenters undoubtedly gave you a clue about what the company considers important somewhere along the line.
Do you have all-company meetings in which the CEO gets absolutely everybody together to discuss issues? If so, that’s very good! And if you listen closely, you’ll probably hear some priorities coming out.
Are your company’s priorities clearly reflected in the communications that managers send down to their employees? If the company’s big enough, the answer is probably not, but it’s still important to see whether you can hear it in your manager’s communications to you.
What do people stress in team meetings? What consistently comes up as the most crucial part of any project? Often, you get the clearest sense of what a company’s priorities are by listening to employees at the grass-roots level—that’s where the burden of a company’s goals usually falls.
If you work for a not-for-profit organization, do you know the mission of your organization? Here, more than in any other organization, mission statements are important, highly utilized, and fundamental in the organization’s operation.
If you work for a governmental entity, do you know why the legislature spun that entity into motion? Or has the entity spun so far off of its orbit that the initial mission isn’t recognizable anymore?
Think about your company. What are your company’s actual priorities? Certainly making money is the obvious one, but what I
26 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
mean here is, how do they go about making money? Do your company’s leaders take the market into consideration when they make a decision? Are they fast paced and quick to act, or are they stodgy about the decisions they make? Some companies have gotten into trouble when they stayed with the “tried and true,” only to find that the market was outpacing them.
Identifying the Projected Growth and Growth Strategies The secret is in the planning for growth: planning for the capitalization of the growth, training the managers, preparing a special one way by which things are to be done. You must have plenty of capital to pull off such a venture. It’s a risky thing, and you have to plan for the potential for some failure, no matter how minute. Upgrading a network from Windows NT to Windows 2000 is going to imply that you spend money on the server farm, the infrastructure, training the admins, and training the users, and spend lots of time gaining buy-in among the various management players. Then, too, there is the problem with non–Windows-compliant apps. All of these are relevant growth questions that must be answered completely before pursuing and, more importantly, funding a Windows 2000 rollout. The first thing a good manager should look at when pondering a company’s potential for growth is the risk-management aspect. How much can I grow this company before it’s in a danger zone and I’ve gone too far with it? How little do I want it to grow? When should I stop growing the company so that it stays manageable? The answers to these questions are as far reaching as the managers that are asking them.
Identifying the Company’s Tolerance for Risk So, there’s risk associated with both kinds of endeavors, but the risk for the ambitious entrepreneur is far greater than for the corporation that’s starting up its 1,000th restaurant, you see? Maybe it’s that way where you work. You want to roll out a Windows 2000 solution. You’ve got plenty of managerial backing, the
Chapter 1
Analyzing Business Requirements
27
financing is there, you have people who can help you with the rollout— people who are anxious to get the experience. You’ll prepare a project plan and go slowly. The risks are not that great because, if you fail, you’ll only have failed in one tiny segment of your rollout. You can back it out and see what fix is needed. On the other hand, the administrator who works by himself with a handful of servers—the kind who troubleshoots user problems by day and only has the luxury of configuring Windows 2000 rollouts at night—is in much greater danger of failure. Risk assessment is tricky. Risk is like a chameleon, taking on the shape and form of the project being considered. Risk is at once your nemesis and, managed wisely, in small ways, an asset. You have to know what kind of risk you’re looking at. Below, you’ll find some kinds of risk that I’ve run into over my years in business. I’m sure you’ll think of more. Technology Risk Companies put themselves at risk when they put technology to the stress test, an unpleasant strategy that can be done in a couple of different ways. One way is to try to blend two (or more) unique technologies together in such a way as to form one whole entity. I can’t tell you how much this is done in business… and how often it fails. The managers that make these kinds of decisions wouldn’t dare dream of putting a Chevy water pump in a Ford engine, but they’ll take multimillion-dollar systems and try to tinker with them in the hopes of accomplishing basically the same thing! It doesn’t add up. Don’t get me wrong here. There are ways of getting systems to talk to each other, most often with Application Programming Interfaces (APIs). I’m talking here about ways of putting two technologies together that should not be thought of. Another way that a company puts itself at technology risk is when it launches out into a totally new, completely unproven technology that almost nobody has a handle on. Technology risk assessment means asking the question: Are we ready for this technology, and is it ready for us?
28 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Minimal Skill Risk Very often minimal skill risk follows hand-inhand with technology risk. Minimal skill risk is incurred when the people to whom you’re trusting a system can’t possibly maintain the system. Often this kind of false trust (hope?) leads to a decision to bring in scads of contractors to help maintain the system and paint some kind of successful face on it. Strategic Overshoot Risk This is a fun one, and easy to spot. You take a company that’s staffed by highly professional, highly qualified people. Put them in a room with lots of money, an ambitious project, and the promise of a wonderful payoff for them if the whole thing succeeds, and you've just mixed yourself up a big batch of strategic overshoot risk. The conversation in the meetings starts out pretty realistic. “We need such-and-such,” the CIO says, “The users are demanding it!” “Great,” the senior developer says, “I think we could go about it in this direction.” And then, all of a sudden, somebody stands up in the meeting and says something, a “I know! We do this…” moment, that becomes a turning point in the project—the kind of turning point that interstellar probes encounter when they’re shot around the earth in order to propel them deeply out into space. Before you know it, the project winds up having many different bells and whistles, most of which don’t meet the actual stated need but are “nice to haves.” Disney’s First Law Risk A hopelessly inept manager, deep into the last days of a multimillion-dollar IT project that would inevitably fail big-time, actually asked her developers, “Can’t you code faster?” Then, not a month later, she fired all 100 of them. She was personally let go just one quarter after that. Some companies actually subscribe to Disney’s first law: wishing will make it so. We wish our payroll system talked to our tax accounting system, so we’ll just hire the expertise to make it happen. We wish that our fleet’s GPS system could also be used to manage our inventory database. We wish that all types of different disparate systems could be combined into one huge GUI. We wish that our telephony gear could talk to our mainframe and that everything could talk to our video production studio.
Chapter 1
Analyzing Business Requirements
29
Quite frequently, Disney’s first law risk manifests itself in the form of two totally dissimilar software products being somehow jammed together with the belief that there will be a cohesive fit, a molecular kind of thing will happen, and the business will be healthier and better. No-Pain No-Gain Risk In “no-pain no-gain,” we have a “reverse” risk. There are companies out there that don’t see the sense in strategically investing in technology in such a way as to enhance their future. I’m not talking here about companies that are afraid of running beta software on their network. I’m talking about companies that are still running DOS and Windows 3.1 because they work perfectly fine and, well, this whole Windows 95 thing isn’t proven to their satisfaction yet. Companies like this actually put themselves at a competitive disadvantage, because they’re not taking advantage of the kinds of smart features that updated software can bring to the table to help them get their jobs done more quickly and with less hassle. Managers of these kinds of companies are living in some kind of vague, “it’s good enough” world, thinking they’re saving money, when in reality their risky behavior is costing them money.
Identifying Relevant Laws and Regulations When you create a network design, you have to take into account how governmental regulations affect the way your company does business. You must be able to determine what kinds of legal ramifications a company can face in its decision-making efforts, especially relative to a Windows 2000 rollout. The point here is to get you thinking about what sorts of laws and regulations you work with and how they might impact you in your efforts. Medical Laws and Regulations Areas such as a medical facility, a medical equipment manufacturing firm, a pharmaceutical company, or some other entity that somehow touches the medical community face endless rules and regulations. Interstate Commerce Rules Industries like trucking routinely put GPS systems on their trucks, so they can keep track of their location, their load, and their expected time of destination arrival. All of these situations are regulated closely and would provide some interesting
30 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
challenges for you in terms of setting up fault-tolerant networks that could support such endeavors. Utilities Frequently, public utility commissions (PUCs) act as oversight committees for their state legislatures. The PUC’s sole purpose in life is to make sure that the utility is doing its level best to satisfy the needs of its customers, without raking them over the coals in terms of the rates they charge. Utilities, even though they’re private companies, wind up being looked at as semi-governmental agencies because they’re so strictly regulated. It turns out that the laws and regulations that companies face have serious effects on the technological decisions that get made by a company’s officers. It’s up to you to familiarize yourself with your company’s purpose in life and the legal necessities that it’s forced to adhere to.
Identifying the Total Cost of Operations The total cost of operations—the costs incurred by procuring, installing, and maintaining a specific system—is another factor in how a manager chooses to grow the business. There are many factors in the total cost of operations question, many considerations and details to think about. One of the biggest factors is identifying what risks there would be in undertaking a new venture. You must be able to weigh purchase costs considerations, identify surprising problems that were not clear to you at the time of acquiring this new company, and finally take on the challenge of running a cost-effective operation. A company’s return on investment, or ROI as it’s called, represents the time that must elapse before a company can expect to realize the benefit from its initial investment in a project. ROI can be thought of in terms of the number of years that elapse before a system pays itself back in time and operations savings or as a percentage returned over (an assumed) time frame. Now think about the importance of a smoothly operating network. As the administrator, you must be able to effectively choose and design a network that will benefit the company financially. When
Chapter 1
Analyzing Business Requirements
31
thinking about how ROI fits into a network plan, you must take yourself out of the technological picture and ask yourself the questions that the financiers of the project, typically non-technical types, are going to ask you.
Exam Essentials Be able to elucidate your company’s priorities. Knowing what your company does helps you match a Windows 2000 fit to the company’s needs. Understand your company’s growth and growth strategies. Windows 2000 scalability features and associated infrastructure designs, not to mention acquisition of legacy systems, will all come into play with growth plans. Identify relevant laws and regulations. Heavy emphasis on the word “relevant.” Identifying relevant laws and regulations could have great import on how you roll out Windows 2000. Assess your company’s tolerance for risk. Some people love roller coasters. Some get sick just watching people ride a roller coaster. Where does your company fit in the business roller-coaster ride? Pinpoint your company’s total cost of ownership. Know how to choose and design a network that will benefit the company financially.
Key Terms and Concepts Return on Investment (ROI) Generally speaking, the income that an investment returns in one year. In computing terms, the “income” wouldn’t be measured in dollars, but in added bandwidth, faster, smarter applications, more secure enterprises, and so forth. risk In the business sense, that portion of a project or system that may be prone to failure, extra costs, unpredictability, hazard, or other unknown complications. Risk-takers in business often reap big rewards, but they also often have projects fail because they overestimate the size of the risk.
32 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
total cost of operations The total cost of performing a certain function on the network. For example, the total cost of operations would answer this question: What is the cost, in terms of dollars per thousand e-mails sent out, to maintain an Exchange server?
Sample Questions 1. Your company’s management has heard that a Windows 2000
Datacenter Server will have the capability of talking to up to 32 processors, which is far above the amount of parallel processing that computer systems running other Network Operating Systems (NOS) that are in the same price range are capable of. The engineering modeling applications they run can benefit from the parallel processing features of this new OS. They want to move forward with an immediate Windows 2000 Datacenter Server rollout. What things might you advise them of when going forward with this project? Select all that may apply. A. Windows 2000 Datacenter Server is new and largely untested. B. You’ll need a lab to test the installation before rolling it out. C. This is not a practical decision because there is too much risk
associated with it. D. Stabilize the server environment first, then go into experimen-
tal areas such as this. Answer: A, B. The people telling you they want to go to Datacenter Server have evidently played around with other alternatives before, because they’re the ones telling you that it does what they’re looking for. But it’s up to you to tell them they’re venturing where very few have gone before and that you’d like to thoroughly evaluate and test the system before you go forward with a live deployment. A lab environment is always called for in situations such as this before you put a system out into production. 2. You work for a governmental agency that handles the investiga-
tion, inspection, and licensing of new medical devices that utilize high-power lasers. You’re interested in deploying Windows 2000,
Chapter 1
Analyzing Business Requirements
33
but your managers have some security concerns about this new OS. Specifically, they want to guarantee that the kind of information they’re keeping will not be privy to prying eyes. You are able to assure them that this new OS has very robust security features. What nuances have you been able to identify in their questioning? Select all that apply. A. Risk assessment B. Risk aversion C. Growth strategies D. Priorities
Answer: A, D. Risk assessment does not imply risk aversion. Just because a manager is trying to weigh the risks of migrating to a new OS doesn’t mean he is averse to the new platform. On the other hand, managers must make decisions that revolve around what’s working now, what happens if we go forward and it breaks, and what the risks are of it breaking. You need to ask that question as well. The security question is very legitimate and one you’ll have to quickly and intelligently answer if you want to get anywhere with Windows 2000 in governmental rollouts. The managers in the question are also interested in priorities. Where does this rollout fit into the priorities of testing laser equipment and making sure that medical regulations are being satisfied? These are two highly valid concerns that you would do well to come to the table prepared to answer. 3. You work for a securities company that is highly risk-averse.
What are some sound arguments that you could present to management to make your case that a Windows 2000 rollout is not that risky? Select all appropriate options. A. There are multiple multinational companies that have been
running the software in production environments since it was beta. B. You’ll go through a thorough testing and evaluation stage
before you put the software into production.
34 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
C. You have several third-party whitepapers that detail the expe-
rience that others have had during the transition from NT 4 to Windows 2000. D. You can improve the Total Cost of Ownership (TCO) by pro-
viding a more stable, more secure computing environment. Answer: B, C, D. It probably wouldn’t be wise to say the things that option A is saying, even though it’s true it doesn’t mean anything to managers who have their own company to run. Would you jump off a cliff just because Johnny did? But options B, C and D are all viable, though B and C will carry the most weight, especially if you can provide whitepapers from other securities companies stating the issues they’ve experienced and the answers they’ve obtained during their rollout. For companies that are interested in deploying beta code in production environments, there is an entity called the Joint Deployment Program (JDP) that provides a different support mechanism while companies go through this kind of trial. 4. You really believe that Windows 2000 Server would be of great
benefit to your company. But you can’t seem to convince your managers. You currently run Windows NT 4 and associated BackOffice products, along with most of the Oracle financials suite. You haven’t had all that many problems, but you think computing technology, throughput, and business readiness might improve if you could only upgrade. What might be your management’s reasoning? Select all that apply. A. Risk B. Priorities C. TCO D. Laws and regulations E. Testing of financials
Answer: A, B, D, E. All of the options could qualify. The best option is probably B because your management just doesn’t see a Windows 2000 rollout as a priority. As the saying goes, “if it ain’t
Chapter 1
Analyzing Business Requirements
35
broke, don’t fix it,” and your network runs just fine. An upgrade is risky, too. Are you personally willing to go through the pain of making sure the upgrade goes smoothly? The disparate financials application presents additional problem scenarios for you as well. This network, even though it might be small, presents some challenges to upgrade to Windows 2000. 5. You work for a large pharmaceutical company. You’re in discus-
sions with your teammates about upgrading your NT 4 network to Windows 2000. What might be the biggest single factor that you’ll have to take into account as you go forward with your project plan? A. Risk B. Priorities C. TCO D. Testing of financials
Answer: D. Pharmaceutical companies are heavily regulated by the Food and Drug Administration (FDA). Of all the factors that moving a large pharmaceutical company from Windows NT 4 to Windows 2000 entails, certainly the laws and regulations that might affect such a move should be considered first.
Analyze the structure of IT management. Considerations include type of administration, such as centralized or decentralized; funding model; outsourcing; decisionmaking process, and change-management process.
Y
ou need to assess what level of centralization (or decentralization) your IT organization uses, what its funding model is like, whether you’re outsourcing certain components, what the decision-making processes are, and if there are change-management processes in place.
36 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Critical Information Now we will review how IT operations are funded and possibly outsourced, review the decision-making processes, and conclude with change-management processes. This section will recap the way in which IT specifically is structured. You will need to be able to target its funding model so you can decide how to acquire the funds necessary to accomplish a rollout. You need to understand whether outsourcing components are required for a rollout. You will also need to ascertain what decision-making models are in place, so that stakeholders who have a say in the rollout are informed and are able to make solid decisions about how the rollout should go forward. You would be wise to have viable change-management solutions in place as you go forward.
Analyzing IT Funding The word funding has drastic differences in meaning when we examine it from the perspective of someone in the government versus the private sector or a not-for-profit organization. Governmental Funding Unlike their private-sector counterparts, governmental IT departments are not distinct profit-center entities that have the ability to make major corporate decisions. The government has a fiduciary duty to assure that the taxes are spent with the greatest benefit to the taxpayer in mind and officials must decide whether your IT department is worthy of government spending. If not, then you won’t get approval. That’s how governmental IT departments are funded. Private Sector Funding In the private sector, funding for IT shops is much freer and allows for projects to be implemented more spontaneously. The first thing to establish is whether your IT department constitutes a cost center or a profit center. If your IT department helps to create
Chapter 1
Analyzing Business Requirements
37
software that your company is selling, then your contribution is intrinsic to the company’s success, and you are involved in a profit center. You help make a profit for the company. On the other hand, if you are involved with an IT department whose mission is simply to keep things on the straight and narrow on a daily computing basis— meaning that the servers stay up, the databases stay fast, and so forth—then you probably are considered a cost center. You cost the company money to maintain, and you really don’t contribute much toward helping them earn a buck. Funding in Not-for-Profit Organizations Funding for not-for-profits comes from the donors, so it is a really tough one to design for. The goal of a not-for-profit is to provide some service that’s a benevolence to mankind. While computers certainly are bought and networks are installed by not-for-profits, they are nowhere near the size or grand design of business networks. IT managers/administrators must take on the hybrid role of both maintaining their departments and guarding the funds that are acquired to keep it afloat. Many times, the “funding” is in the form of donations of older equipment that somebody else can no longer use but you can. A Windows 2000 rollout in an environment like this is going to take lots of planning, careful consideration, and, most importantly, lots of time to see the project from start to completion.
Outsourcing Risks You must be able to examine the risks associated with an outsourcing maneuver. You must be able to weigh the benefits of reducing overhead costs against the risks of outsourcing IT functions. Here are some key arguments that sum up the mindset you need to apply when examining the risk of outsourcing: “Outsourced entities can’t understand internal functionalities.” Companies that have spent thousands, hundreds of thousands, or millions of dollars developing internal software programs that are specifically customized for their business can’t expect outsource entities to come right in and understand the ramifications of their program.
38 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
“Companies don’t typically save money by outsourcing; they lose money.” Outsourcing isn’t cheaper, it’s more expensive. You must be able to confidently say that the entire cost of outsourcing the project would be less expensive than handling the project internally. You must be able to factor in the time it will take for your contractor to become acquainted with the work as well as find an hourly rate that’s equal to or lower than the rate of a salary employee. Often, this is not practical. “Consultants, like trainers, are not geniuses; they’re ordinary Joes.” There’s an old computer joke: “Q: What’s the difference between you and the trainer you’re taking the NT class from? A: About two pages in the manual.” The same is true of consultants. Unless you pay the big dollars for a very specific knowledge category—a highly specialized person who knows all about one specific subject—you’re wasting your time and money. The people you have on staff are as adequately prepared (or can quickly become that way) as the people you bring in. “Outsourcing doesn’t work if you use the consultants as the project managers.” This is often true. Generally speaking, it is the project manager who understands the project from stem to stern. Independent contractors aren’t equipped with any background knowledge of how your business operates, and therefore it’s challenging for them to make effective decisions. “It’s not true that the company isn’t in the IT business.” Regardless of what kind of products your company makes, if it uses computers to track and maintain its business, then you’re automatically in the IT business. There are two distinct situations where you might get involved with outsourcing and you will need to think about yourself and your company’s involvement. They are as follows:
Outsourcing a specific IT project
Outsourcing the entire IT staff
Chapter 1
Analyzing Business Requirements
39
Outsourcing a Specific IT Project When designing a Windows 2000 network, outsourcing a specific IT project is going to be of importance to you. This is because your company is going to bring in contractors who have a given objective in mind, to assess the current environment— probably not asking questions about the future environment—and then design a solution that fits today’s network. That may or may not be tomorrow’s network, so it’s important for you to monitor all aspects of an outsourced job and raise the flag when you need to. Your operating principle should be to tell everybody, all project players including the contractors, what all of your plans are for your environment. Outsourcing the Entire IT Staff What can I say about this? If you’re pretty sure the entire IT operation is going to be outsourced, I’d bag any notion of going forward with a Windows 2000 deployment and hope that in your next job you get to do such a deployment. Stuff happens.
Creating and Managing a Change-Management Process Finally, we want to discuss the change-management process. Mainframers have used change management for decades to make sure that changes are well documented and that there’s a backout methodology in place before a change is implemented. Well-implemented changemanagement techniques can all but guarantee a much safer and more successful rollout of an application or project. Change-management programs require that you document any changes that you make to a system by going through a series of steps in your documentation procedure. Figure 1.3 shows a sample change-management document.
40 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
F I G U R E 1 . 3 : A sample change-management document
Change Management Document Proposed change (please supply full written details):
Server or servers impacted:
Application or applications impacted:
Network infrastructure changes needed:
Estimated time to make change: Persons involved:
How the change will be tested to assure that it is complete & satisfactory:
Backout procedure if change is unsuccessful:
Date and time change is to take place: Stakeholders involved:
Approvals:
Change-management documents are usually very official documents that are signed off by managers. If the evidence that you’re sure the change won’t crater something is insufficient, managers will often either refuse to sign off on the change or they’ll require that you watch the change and implement backout procedures as soon as you see something wrong happening. The owner of the change-management document (the one making the change) is the one who must be with the
Chapter 1
Analyzing Business Requirements
41
system (or be immediately available) the entire time the change is being made. With your Windows 2000 upgrade, change management should start with making sure you test things in a lab environment. Having worked through things in the lab, you file a change-management document stipulating what your intentions are, what’s going to happen, what people should observe happening, how you’re going to test the rollout, and what your backout policies are. Get it approved by all of the stakeholders, set a time to deploy it, and follow the letter of the document. Decision-Making
There are two facets of decision-making: a thorough analytical process that takes into consideration all the pros and cons of a new approach or tactic and then the sheer gutsy going forward with that new approach or tactic. Management will have to make the decision to go forward with the Windows 2000 rollout, but they’ll go forward on the evidence and facts that you’ve given them. Management won’t go forward if you don’t make them feel comfortable that you know where things need to go and how you’re going to get them there. Which is why this and other Windows 2000 exams are so different from older Microsoft exams. Microsoft is trying to get you to understand the reality that knowing your business is the first step toward a good deployment. Understanding how project management works and how to design and implement is second. Then and only then can you go forward with your project. Decision-making happens when people are sure that there’s a clear-cut need, that the time to go forward is now, and that there’s adequate funding for the project.
Exam Essentials Identify whether your IT makeup is centralized, decentralized, or somewhere in between. Knowing what state of centralization you’re in helps you figure out who the stakeholders are, what sort of autonomy various groups enjoy, how the funding is distributed, and so on.
42 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Identify how IT is funded. Understand how your IT operation is funded. Know how your Windows 2000 rollout will create capital for your company. Will outsourcing be a part of IT? Outsourcing is a big component of today’s IT mechanism. Learn how to balance the need versus the risk of outsourcing in your department. What are the decision-making processes and how are they enacted in your company? Identifying the decision-making processes helps you get things done faster. Understand change management. A change-management ethos is wonderfully viable in any shop.
Key Terms and Concepts backout The proposed sequence of steps to undo a change that you’ve just made. All good change management includes a backout plan (though that backout plan may well say, “We can’t do anything to back this out once it’s implemented.”). change management The process of describing a change to a system, detailing what the change affects, how it will be affected, how long the change will take, what the ramifications are of going through with the change, what they are if it is decided to not go through with the change, and the backout procedure. cost center A group within an organization that costs money to maintain. decentralized When a group of individuals with a common collective mission reports to more than one leader, the group is said to be decentralized. outsourcing The process of permanently hiring an entity to perform work that was once performed by somebody inside the company, or the process of hiring an entity to perform a specific task for the company.
Chapter 1
Analyzing Business Requirements
43
strategic planning The ability to think and plan long-term. Looking down the road several years and creating a long-term plan for your department.
Sample Questions 1. You are rolling out a Windows 2000 deployment. You’ve set up a
lab and tested various phases of your rollout before going forward. The next component of your rollout is to notify stakeholders of what you’re doing and present them with a proposed backout plan. What function are you involved in relative to this phase of the deployment? A. Risk assessment B. Strategic planning C. Change management D. Decision-making assessment
Answer: C. You’re going through a change-management phase. Bully for you! A backout is a portion of a change-management document. The backout says, “OK, if this step craters, here’s how I’m going to revert things back to normal.” 2. Juan works in your Argentina office. He reports to your boss, the
operations manager. Nihdi works in the New Delhi office and reports to a network manager who, in turn, reports to your operations manager. Nuk works in the Cairo office and reports to his network manager who, in turn, reports to your operations manager. How is the network management structure organized? Select the best answer. A. Centralized B. Decentralized C. Hybrid of centralized/decentralized D. Not enough information
44 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Answer: C. A tricky question. Unless your operations manager is so busy that she can’t possibly keep in contact with all of your multinational offices (a very real prospect), it’s safe to say that you’re functioning under a centralized methodology. What she says gets out to the network managers, who in turn get the information to you. If communications weren’t very well established between the operations manager and her network managers, then you might wind up with a hybridized methodology. 3. You work for a securities company that is highly risk-averse but
wants to proceed with a Windows 2000 Server rollout on all network servers. As the chief admin for the company, you want to make sure that the rollout happens smoothly. What steps might you take to assure that your design and rollout are faultless? Select all that apply. A. You’ll outsource the design components that you don’t know
anything about. B. You’ll go through a thorough testing and evaluation stage
before you put the software into production. C. You’ll go through a user evaluation and approval process. D. You’ll go to formal Windows 2000 training.
Answer: A, B, D. In the case of network operating system upgrades, it’s probably not going to be to your benefit to run through a user evaluation and testing period. You might do that if you were rolling out client software that directly affected the user’s desktop. In this case, however, the user shouldn’t see anything different than before. Options A, B, and D are highly recommended. 4. You work for a small non-profit cable TV station that runs Public
Broadcasting System (PBS) programming. Your little network currently runs on NT 4, but you want to upgrade to Windows 2000 because of the multicast enhancements that you can get out of the new network operating system (NOS). What will be the single biggest
Chapter 1
Analyzing Business Requirements
45
obstacle you’ll likely have to overcome when proposing this rollout to the brass? A. Risk B. Priorities C. TCO D. Laws and regulations E. Funding
Answer: E. Often in small networks, the question isn’t about what’s nice to have, it’s about what’s necessary to have. While you may reap benefits from the multicasting features that are offered through Windows 2000, funding will be a huge question on the lips of the managers able to OK the project. 5. Your network is out of control! Admins all over the place are
applying changes to the servers without notifying anybody. You want to design an intranet-based change management document. What might be some options that you’d include with such a document? Select all that apply. A. Risk B. Backout C. Date/time D. WAN circuits affected E. Cost of change
Answer: A, B, C. You’ll probably want to know what the risk is if you make the change. You’d also likely want to know how to undo the change if it craters things. And you’d certainly want to know the date and time that this transaction will happen. You’ll less likely want to know the WAN circuit that’s affected because it’ll go on running even if the change presents problems to the server. The cost of the change isn’t usually moot in a change management document.
This page intentionally left blank
Chapter
2
Analyzing Technical Requirements MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER: the company's existing and planned techEvaluate nical environment and goals. (pages 49 – 66)
Analyze company size and user and resource distribution.
Assess the available connectivity between the geographic location of worksites and remote sites.
Assess net available bandwidth and latency issues.
Analyze performance, availability, and scalability requirements of services.
Analyze data and system access patterns.
Analyze network roles and responsibilities.
Analyze security considerations.
the impact of infrastructure design on the Analyze existing and planned technical environment. (pages 66 – 86)
Assess current applications.
Analyze network infrastructure, protocols, and hosts.
Evaluate network services.
Analyze TCP/IP infrastructure.
Assess current hardware.
Identify existing and planned upgrades and rollouts.
Analyze technical support structure.
Analyze existing and planned network and systems management.
the network requirements for client Analyze computer access. (pages 86 – 93)
Analyze end-user work needs.
Analyze end-user usage patterns.
the existing disaster recovery stratAnalyze egy for client computers, servers, and the network. (pages 93 – 97)
T
his objective grouping addresses the business side of a Windows 2000 rollout, but it is also technical in nature. You will be discovering and analyzing your technical environment. You should be able to evaluate your existing technical environment in order to make decisions about how to roll out Windows 2000. You will need to be familiar with areas such as bandwidth, applications, the user environment, the server farm, and so on.
Evaluate the company's existing and planned technical environment and goals.
Analyze company size and user and resource distribution. Assess the available connectivity between the geographic location of worksites and remote sites. Assess net available bandwidth and latency issues. Analyze performance, availability, and scalability requirements of services. Analyze data and system access patterns. Analyze network roles and responsibilities. Analyze security considerations.
W
e start by reviewing how to examine a company’s existing and planned technical environments and identifying the goals involved in getting the company from the existing to the planned. It’s highly important to recognize within this objective the word planned because it implies that you’ll want to incorporate your Windows 2000 deployment into the existing network in such a way that it is fully capable of absorbing any new changes that may arise further on down the road.
50 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Critical Information This section deals with various components of the technical environment. As you read the following subobjective sections, remember to think about your company and how these things break out there. Bear in mind the people in charge of the various components and what they might have to say about the impact that a Windows 2000 rollout will have on them. If you can think in these terms, you’ll soon have the flavor of what the framework type exams are all about, and you’ll be much better prepared to take them.
Analyzing Company Size and User and Resource Distribution When analyzing your company size against user and resource distribution, you will need to think about and define what the resources are in your technical environment. Resources can be divided into the following six categories:
Servers and associated tie-in gear, such as Redundant Array of Inexpensive Drives (RAID) array controller cards, fax boards, CDROM towers, etc.
Routers and associated internetworking gear such as Carrier Sensing Unit/Data Sensing Units (CSU/DSUs)
Network infrastructures, including cable plants, network closets containing the patch panels and switches and hubs, and the actual switches and hubs themselves
Telephony gear not used for internetworking (RAS devices, for example)
Printers and network printing gear (JetDirect cards, etc.), including scanners, plotters, and other miscellaneous peripheral gear used in day-to-day business activities
People
This list is certainly not all-inclusive. For the purpose of studying for the exam, you may add other items to this list.
Chapter 2
Analyzing Technical Requirements
51
Servers and Associated Gear
You need to document the location of every server within the scope of your Windows 2000 rollout, its function in life, and how it will play into your upgrade plans. Information that you glean about each server should include the current version of Windows NT it’s running (if, indeed, it’s running NT), as well as information on the processor, memory, hard drives, fault-tolerance gear, brand of computer, network connectivity, drivers, peripherals, installed software, and users working on it. The biggest problem you’ll run into here will be finding Windows 2000 device drivers for peripheral gear you’ve got hanging off of the servers or for RAID array adapters that are already in the box. You may wind up having to go to the vendor to get updated Windows 2000 drivers for these devices. Routers and Associated Internetworking Gear
The biggest challenges that Windows 2000 network planners are going to run into, in terms of working with in-place internetworking gear, fall into the following two categories:
Replacing older routing equipment with Windows 2000 routers
Using modern routers that are capable of hosting Domain Name Service (DNS) and Dynamic Host Configuration Protocol (DHCP)
You may opt to replace some of your older routing equipment with a Windows 2000 router (that’s precisely one of the topics covered later in this book). Windows NT 4 Server was capable of acting as a Routing Information Protocol (RIP) router pretty early on in its release period. Now Windows 2000 routers can use RIP, Open Shortest Path First (OSPF) or Internet Group Management Protocol (IGMP). Network Infrastructures
Another resource at your disposal, one that you may not think of as a resource, is your actual network infrastructure. You need to take a serious look at all network infrastructures on every campus. Diagram where the switch and hub closets are. Identify the core closets and core switches, then identify your spanning switches. Brand names
52 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
and model numbers of switches and hubs are necessary, including any updates that have been applied to the firmware. Document all add-on cards in the switches or hubs. As long as you’re budgeting this rollout, you need to budget for the replacement of networking gear that won’t cooperate with Windows 2000 or design around slow low-intelligence gear. Non-Internetworking Telephony Gear
You also need to clearly document telephony gear used in the network that will be affected by Windows 2000. I can think of two very specific categories, but you can probably come up with more:
RAS switches, devices specifically designed to function as a RAS interface on your network, that are not servers
Interactive Voice Response (IVR) servers
Administrators often buy boxes that act as RAS devices; these little things have gotten pretty sophisticated. You need to figure out where all of these RAS devices are, what they have on them, what firmware revision they’re at, whether they’re using authentication packages, and what your upgrade path is going to be, if any. Key in this will be the decision about whether to use Remote Authentication Dial-In User Service (RADIUS) with these devices. When using IVR technology, learn to document where your IVR boxes are, what version of server software they’re running, what version of IVR software they have installed, and how they’re going to affect your deployment. Printers and Network Printing Gear
First, you need to figure out what servers are acting as NT print hosts for your network-connected printers. Some companies have only one or two Windows NT boxes that act as print servers for all of their printers! Next, you need to try to get a handle on where the printers are, what they are, and how they’re connecting. One very good thing that will arise from this work is identifying old and ailing print server boxes or JetDirect cards that need to be updated. You’d probably like to try to
Chapter 2
Analyzing Technical Requirements
53
figure out what level of firmware your print boxes (i.e., specialized boxes that you can buy and plug your printers into, so that they run off of the network) and cards are at as well, so that you know which ones need updating. Cards and boxes that can’t be updated to the latest and greatest firmware need to be replaced. Figure out whether your printers are using Line Print Daemon (LPD) via TCP/IP or Data Link Control (DLC) to talk to the servers. All of this information needs to be mapped out so that you know what printer talks to what print server using what LPD port and IP number. You also need to document the share names and the permissions associated with each printer share. People
Finally, you need to map out the personnel at each site, their level of responsibility, applications managed, and so forth. Include internetworking personnel, NT server admins, Unix admins, PC techs, and any others that will be affected. Anyone that may come in contact with this Windows 2000 upgrade—not as a user but as a participating technology owner—must be included in the list. It’s up to you to communicate your Windows 2000 plans to the people targeted in this documentation and then keep them updated as you go along. A small desktop intranet page or an Exchange distribution list is an excellent way to maintain communications such as these.
Assessing the Available Connectivity between the Geographic Location of Worksites and Remote Sites These days, of course, the words “network” and “connectivity” can mean many things, and you’ll have to judge their meanings before you can assess the real intent behind the words. When we discuss the phrase “network connectivity assessments,” we find three distinct connotations to it:
You need to assess how disparate networks connect to each other. How do offices in Chicago and Tokyo talk to each other, if at all?
54 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
You must determine how telecommuters connect to the network. Do you have RAS servers, VPNs, high-speed telephony interfaces, or some other method of allowing contact with your network?
You must determine how users connect to the network.
The first bullet item is a straightforward one to assess. A simple call to the internetwork WAN people will yield the appropriate information. They might even be able to provide a Visio drawing of the network for you. The second bullet item is probably more difficult to assess, and the second half of this book talks in detail about telecommuters and their special needs. Microsoft has done tremendous work with Windows 2000 to provide enhanced connectivity for telecommuters. Finally, an assessment of how users connect to the network is important. First, find out what kinds of clients are connecting. There is a profusion of connectivity options. Users can connect through NetWare or via a Macintosh. The OS makes a difference in the connection client; OS/2 clients have a client that looks (and acts) different than Windows for Workgroups, and Windows 3.x and 9x clients even differ among themselves. Then, there’s the protocol issue: what protocol are clients connecting with—and for multiple protocols, which one is at the top of the stack?
Assessing Net Available Bandwidth and Latency Issues Internetwork managers and network managers are typically the ones who watch the bandwidth. Bandwidth is defined as the amount of data that can be transmitted in a fixed amount of time. WAN circuits are often measured in some amount of bits per second. A typical T1 line runs at 1.544 million bits per second (Mb/sec). Regular LAN networks are also measured in the amount of bits per second they can transmit, but fortunately you don’t have any Committed Information Rate (CIR) to worry about. When you set up a frame relay circuit with a telephony provider (such as Sprint, AT&T, etc.) you purchase a certain speed on the circuit, say 128 Kb/sec, plus you agree to
Chapter 2
Analyzing Technical Requirements
55
a CIR. If the data flow over the circuit goes above 128Kb, the packets that are over the data rate are considered to be discard-eligible, meaning that the telephone company can drop them if they so choose. A big problem with corporations today is that they undersize their CIR, thus putting data in jeopardy of being discarded (forcing a retransmit on the data) and actually slowing the network down even more than it already was. Today’s common standard in internal network speed is 100 million bits per second, but a relatively new speed, 1 gigabit per second, is quickly becoming vogue. Oftentimes the closet, sometimes called the Intermediate Distribution Facility (IDF), and the core (Main Distribution Facility [MDF]) switches are connected together at gigabit speeds. This back-end connection is called the backbone. Servers often connect directly to the backbone at the same speed. Users then connect at either 100 Mb/sec or 10 Mb/sec. Internetwork managers also look at the overall latency of the network: the speed with which a packet can travel the network from point A to point B relative to the expected speed. It’s all about deltas (changes or differences in speed). The slower the packet is traveling, the more that internetwork managers wonder about incorrectly configured routers or Virtual LANs (VLANs), pointers to invalid VLANs, poor name resolution, cards or switches going bad, even bad wiring. Virtual LANs are created in switches and have to do with the ability you have to logically group users, or like entities, together in order to cut down collision and broadcast domains and to more logically segment your network. If you decide to go through Cisco Certified Network Associate (CCNA) training, you’ll get a healthy dose of VLAN creation and maintenance.
Analyzing Performance, Availability, and Scalability Requirements of Services Here you must pause and take a good long hard look at how the network is used. Often, you’ll find it utilized in a totally different way than you might have imagined it to be. When studying, use the following guidelines of network utilization as categories to be aware of.
56 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Messaging Services
Users use the network for e-mail and calendar-sharing purposes. Generally, in a Windows NT environment, there is at least one Exchange server where Exchange clients inherit the right to use Schedule+, and Outlook users can opt to use Schedule+ or Outlook calendars. Calendars can be shared to schedule meetings, and users can actually view one another’s free and busy times. The concept is that users can virtually share their appointment information and possibly even virtually collaborate on an item using messaging and collaboration components (such as NetMeeting, for example). Virtual collaboration is starting to step up to the plate now that networks are slowly being upgraded to intelligent switched backbones. For example, Oracle Corporation has a proprietary Web-based collaboration setup known as “Webex” where Oracle developers, DBAs, and so forth can go online and discuss a particular site’s deployment with one another. Microsoft, of course, has had NetMeeting in place for years, allowing for video, audio, and desktop takeover in virtual collaboration settings. Oftentimes, conference-calling for the voice portion of the collaboration comes into play as you set up these network-based collaboration scenarios, simply because the network either cannot transport the telephony data because the routers and switches aren’t equipped for it, or because it doesn’t have the bandwidth to be able to handle voice transport. Virtual collaboration: a) is very cool and b) has come alive with Exchange 2000 Server. File Server Services
File serving is a huge part of any user’s network utilization, even though the user may not realize that he is getting files from the network. Many shops provide large RAID arrays with gigs of hard drive space that are made available to users so that they can store all kinds of important documents, which are then subject to routine tape backups. Windows 2000 IntelliMirror will allow users to work on networkbased copies of their files, then take those with them when they disconnect from the network. When the user reconnects, IntelliMirror kicks in and synchronizes the files worked on in stand-alone mode with the files kept on the server.
Chapter 2
Analyzing Technical Requirements
57
Print Server Services
Print serving is another widely used feature. You set up one or two NT Server computers and then just set up a bunch of printers through either LPR or DLC connections. (You can also use Jet Direct connections.) Application Server Services
Users access the network for applications, all kinds of applications. They might be using applications you weren’t even aware were loaded on the network. Some of the kinds of applications that can be used on a network can be described as follows:
Server-based applications such as SQL Server or Exchange Server, which typically require some kind of user interface or application.
Internet/intranet-based applications requiring only a browser for access to the application. This is called thin-client computing.
Terminal applications that need terminal emulation software, which then allows users to access a Windows terminal server or Citrix MetaFrame server (or a combination of the two). A Systems Network Architecture (SNA) Server also requires a client that acts as a front end to an NT computer, which in turn communicates with a mainframe host.
n-tier client/server applications that depend on some sort of user application, which talks to the NT computers that talk to a Unix or mainframe back-end host, sometimes using middleware to do so.
Remote Bootstrap Protocol (BootP) devices that, upon bootup, send out a BootP request to look for a validation server that can supply the credentials (and apps) needed to participate on the network. Windows 2000 Remote Installation Services (RIS) works similar to this, allowing BootP or PXE-enabled devices to obtain an image of the Windows 2000 software.
TCP/IP Configuration Services
You don’t often think of DCHP, DNS, or WINS as applications, but they really are. The user boots up and sends out a DHCP request, a DHCP server answers because it’s running the DHCP application,
58 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
and the user is equipped with the proper TCP/IP credentials. DHCP is an application running on the server, providing TCP/IP configuration services to users.
Analyzing Data and System Access Patterns It’s not enough to know what user components are accessing the network. You also need to determine the times of the day that users access the network more heavily and which applications or files garner the most access. This has a very practical application; it allows you to determine how the infrastructure handles things when the network is at critical mass. Knowing usage patterns also allows you to make scalability decisions about servers that are constantly being hit. You can use NT’s performance monitor (now called System Monitor in Windows 2000) for a lot of the usage tracking you need, and several good, third-party products can help you get more details. Your network manager can sniff the network and give you some concepts about which packets are traversing the LAN at what times. Knowing usage patterns helps you strategically place servers that will handle the most load and beef up infrastructures that are too weak to handle user onslaught.
Analyzing Network Roles and Responsibilities Although network management appears to be straightforward, by now you’ve learned that there are many areas to manage. Let’s review some of the different concepts. Physical Network Management
The physical management of the network has to do with the people that sit and watch the status of the network infrastructure. In a switched virtual LAN (VLAN) environment on a large network, this activity can be a full-time job for one or more people. Using Hewlett Packard (HP) OpenView, Computer Associates (CA) Unicenter, or another network management system (NMS), network managers watch Simple Network Management Protocol (SNMP) traps for specific events on different pieces of network gear.
Chapter 2
Analyzing Technical Requirements
59
Another management technique is network sniffing, where somebody does an actual network protocol capture and thoroughly analyzes what’s happening on the network. Internetwork managers might use software from Network General or Fluke Systems for their network sniffing needs. Network managers are typically internetworking experts who know their way thoroughly around OpenView or other NMSs. Logical Network Management
Another internetworking bailiwick lies in the fascinating, complicated, and highly evolved world of logical network layout—the internal management of VLANs on switches and routers. You can significantly isolate portions of the network that do the most talking to each other, keeping them from other similar network environments, all through the magic of VLANs. Managerial Network Management
This is probably the most fascinating aspect of network management, simply because it revolves around how the people are arranged to accomplish solid network management. Become aware of the many ways that a manager can set up staff so that the network is competently managed. Following are just a few:
Segmenting internetworking (router/switch) people, server people, apps people, PC techs, and help-desk personnel all into different camps (you might possibly hear these referred to as technical silos).
Train your server admins to also function as server application admins. The help-desk and PC tech people stay where they are, but the server and application admins are one and the same.
Implement the jack-of-all-trades manager. This person runs help desk, maintains PCs, configures servers, and installs and supports application software. Typically this is seen in very small (500 nodes or fewer) networks.
Utilize the PC techs as the help-desk personnel and vice versa. Note that this person isn’t yet a full-fledged administrator, but is functioning in the dual role of help-desk and PC tech. You’ll see this a lot in very small networks.
60 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Analyzing Security Considerations Network security has some of its own unique ramifications, some of which are completely beyond the scope of this book (security being a career unto itself) and others of which you can manage in your project plans. Use the following considerations as guidelines when reviewing network security. Protecting the Network from Outside Intruders
Firewalls and proxy servers protect networks from outside intruders, but they’re only as good as the people that program them and the network design. If a hacker can come in from the outside and figure out the IP address of the Web server he’s hitting, and if he can ascertain the port that the Web server’s using, he’s essentially got all he needs to get inside the corporation and poke around a bit. You should be aware of common security threats such as the SYN and ICMP attack. A SYN is a TCP/IP synchronization request sent by a user trying to contact one of your external servers, typically a Web server. The concept here isn’t to hack into your private network, it’s to disrupt you. If someone wrote a program that would send a SYN request to a server, then somehow mask their IP address and resend the very same SYN, mask their IP again and resend the SYN again, doing this thousands of times in a few seconds, they could theoretically overload a server that’s trying to acknowledge all of the SYNs. A SYN attack is sometimes called a denial of service (DoS) attack. The ICMP attack (or PING for packet Internet groper) is simply a hacker pinging the box millions of times, the result of which is to bring the server to its knees. Protecting the Network from Inside Intruders
Every network has a dumping ground where users place their common stuff for other users to be able to see. If the rights on the shared directory aren’t sufficiently examined, a user with Change permission to absolutely everything can simply drag and drop a critical folder somewhere else in the system with one click of a mouse button and not even know it happened. Know how to keep your public folders safe from harm by knowing how to assign security features to them.
Chapter 2
Analyzing Technical Requirements
61
Now your coders, engineers, and power users present a whole different kind of threat. They’re (usually) smart enough not to drag an entire shared folder to a different spot on the RAID array. But that’s the problem—they’re smart. They can figure out workarounds for situations you’re trying to guard against. You must be able to plan, relative to a Windows 2000 rollout and internal user security, for a way to identify who has what rights today and to either mimic those rights on the new system or to crack down even further. Documenting all of the users and groups is going to present you with a large challenge, but it should be done. Protecting the Network from Terminated Employees
Terminated employees, especially network admins or programmers (aka coders) and engineers with tons of rights, need to be observed very closely at termination time. A Windows 2000 designer should confer with the security person who handles the terminations and determine how they’re handled. The designer should insist on either deleting the account or, at a bare minimum, disabling it. And this deleting/disabling activity should happen the day the person is terminated.
Exam Essentials Identify the company’s size and its user and resource distribution. Identify the six categories of resources outlined earlier, noting where they are geographically, how many users are involved with each resource, and how the resources interplay within the environment. Determine the connectivity between geographic locations. Assess the kind of connectivity you have between geographic sites, its speed, its CIR, and its availability. Determine if it is sufficient for Windows 2000 needs. Assess any remote connectivity needs such as RAS. Determine if there are any bandwidth or latency issues. By identifying WAN circuits and LAN backbone speeds, you’ll know the bandwidth. Make a determination as to how fast the network is keeping up with user demand.
62 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Analyze the network services, taking into account how available they are, how effective they are in their performance, and any scalability issues you might encounter in a Windows 2000 rollout. Use the various service categories listed earlier to help identify service issues. Analyze data and system access patterns. Answer the following questions: How do users use the systems? What are the data needs for various systems? How well do systems behave as users access them? Determine network roles and responsibilities. Be able to describe who the players are in the network, what their jobs entail, and their responsibilities. Discover security considerations. Make a determination as to the current state of security on the network, where it needs to go, and how to get it there.
Key Terms and Concepts Bootstrap Protocol (BootP) A TCP/IP protocol that allows a computer to boot up and find a server that can equip it with its IP configuration. Committed Information Rate (CIR) When working with a frame relay service, a specified amount of guaranteed bandwidth (measured in bits per second). When purchasing frame relay service from a provider (typically the telephone company), a company can specify the CIR level they wish. The provider guarantees that packets not exceeding this level will be delivered. It’s possible that additional traffic may also be delivered, but it’s not guaranteed. Packets that are above the CIR are considered to be discard-eligible and could possibly be thrown away. Data Link Control (DLC) Every network card has a Data Link Control (DLC) address known as the DLC identifier (DLCI). Some topology protocols used in networks, such as Token Ring and Ethernet, use this address to identify nodes on the network. Others use the logical link layer, but ultimately all network addresses are translated to this DLCI address. The DLC resides at layer two of the OSI model—the data link layer.
Chapter 2
Analyzing Technical Requirements
63
discard-eligible Packets that are being sent above the committed information rate (CIR) may be discarded. These packets are marked discard-eligible. ICMP attack A malicious attack using thousands of PING commands to ping a specific network. Interactive Voice Response (IVR) Telephony systems that provide a series of voice messages that guide a caller through menu selections; e.g., “Press 1 for Sales or 2 for Marketing.” Internet Group Management Protocol (IGMP) A TCP/IP standard (RFC 1112) that details the routing of multicast traffic over the Internet. latency There are two acceptable ideas behind the concept of latency. The first is the notion of how long a computer component spends time waiting on another component to finish what it’s doing and honor a request. The second has to do with the amount of time that a packet takes to get from one point to another across a network. Line Print Daemon (LPD) A printer service that runs on Unix computers. Microsoft Print Services for Unix also includes an LPD service. Open Shortest Path First (OSPF) A routing protocol developed using the link-state algorithm. Preboot Execution Environment (PXE) An Intel standard that allows a computer to find a boot server. PXE is used with RIS implementations. Routing Information Protocol (RIP) A small lightweight routing protocol that allows for routing between small- to medium-sized networks. Limited to routes no more than 15 routers away. Simple Network Management Protocol (SNMP) An early set of protocols that were designed to facilitate the management of network equipment. SYN attack The act of a hacker sending thousands of Synchronize requests to a server, flooding the server so badly that the network cannot send or receive packets. Also known as a denial of service (DoS) attack.
64 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Sample Questions 1. You have a network at your main site and one at a satellite office
several hundred miles away. The sites are connected together with a T1 frame relay circuit with 512 CIR. There are about 500 users at each site. Recently you’ve implemented a thin-client database system where the client uses a browser to connect to the database in order to retrieve information from the database. You’ve noticed that performance has decreased in the satellite site since you’ve implemented this system. What could the nature of the problem be? A. Bandwidth B. Latency C. Poorly normalized databases D. Poor client computers
Answer: A. There’s not a lot of information to go on here, but you know enough to take a guess that you’ve got a problem with bandwidth, specifically the poor CIR. Without a good trace on the network to see what sort of bandwidth the WAN circuit’s actually utilizing, it’s hard to say, but the problem most probably lies with packets becoming discard eligible because they’ve gone over CIR and are being tossed. 2. You have offices in the United States, Canada, and the United
Kingdom. You want to implement Windows 2000 in all offices, but you’ve run into a snag in terms of your connections with the other sites. It seems as though you’re restricted as to the kind of encryption that’s allowed in other countries. What sort of issue are you facing here? A. Bandwidth B. Latency C. Security D. User environment
Chapter 2
Analyzing Technical Requirements
65
Answer: C. You have a security issue. Only 40- and 56-bit DES encryption are allowed in countries other than the U.S. and Canada. Clearly some planning will have to take place on your part to facilitate good quality encryption at all sites. 3. In preparing your Windows 2000 design, you’ve asked that an
internetworking expert come in and sniff the network. She is now telling you the amount of time it takes for a packet to get from one server to another is very slow. What problem is she describing? A. Bandwidth B. Attenuation C. Latency D. Wait state
Answer: C. She’s describing the network’s latency to you. This may be a one-time phenomenon, a recurring thing, or a continuous problem. You’ll have to figure that out and fix the problem before proceeding with the upgrade. 4. In considering scalability issues you might encounter in your roll-
out, what could potentially be the most costly to fix? A. Server upgrades B. Network infrastructure upgrades C. Both A and B D. Neither A nor B
Answer: C. Scalability implies that you have reserve capacity that can be used to add processes or processing without stressing a system. If you’re considering clustering for some of your new Windows 2000 processes, the operation could become quite expensive, not only because you’re throwing redundant gear at the problem, but also because you’re probably buying enterpriseclass gear that can handle many processes. Infrastructure upgrades are not cheap. Vendors don’t give away switches, routers, and cabling upgrades.
66 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
5. You work as a network architect for a multinational firm with
offices all over the world. What would be one of the chief physical considerations you would need to take into account when planning a Windows 2000 upgrade? A. Servers at each site B. Language issues C. Administrative issues D. WAN connections
Answer: D. Your biggest concern should ultimately center around the WAN connectivity between sites. It doesn’t matter how sophisticated the server farm or the network operating system (NOS) is if the computers can’t talk to one another very well.
Analyze the impact of infrastructure design on the existing and planned technical environment.
Assess current applications. Analyze network infrastructure, protocols, and hosts. Evaluate network services. Analyze TCP/IP infrastructure. Assess current hardware. Identify existing and planned upgrades and rollouts. Analyze technical support structure. Analyze existing and planned network and systems management.
Next, we’ll review network infrastructure. This is a very loosely used phrase, but when we think of network infrastructures, typically we’re thinking of the cable plant, the server farm, the switches, hubs, routers, and WAN connectivity that make it so. Microsoft adds to this list the TCP/IP infrastructure and technical support structure, in addition to how the network is being managed using systems management tools.
Chapter 2
Analyzing Technical Requirements
67
Critical Information This is a fun section. We start by recapping current applications running on the network. Next we’ll cover the actual infrastructure itself, including the evaluation of network services, TCP/IP infrastructure and hardware involved. You should be able to identify any planned upgrades or rollouts then take a look at the technical support structure. Finally, we’ll review both network and systems management. Of all of the components you’ve covered, the most critical is probably the identification of the applications on the network. Nothing will bring your rollout to a stop more quickly than a mission-critical app that can’t hang with Windows 2000.
Assessing Current Applications There are two separate distinctions we need to make here: the app’s scope—whether it is enterprise or workgroup—and, regardless of scope, whether the app is client/server or Web-based. Enterprise or Workgroup Scope?
Network applications can be split into two different varieties: enterprise and local. An enterprise application is one that is used daily by a lot of people. Exchange is an enterprise application, but that’s an obvious one. An intranet app that lives on a Web server and is used with IE is a different story. The number of users and daily volume of use could be vast. Think of enterprise applications as those that have a missioncritical status, are being used by large numbers of people, and are in use almost all of the time during working hours. Workgroup apps live on a server and serve a purpose specifically for one group of people. Financials are probably the most common of several good examples. Not everybody in the company needs to use server-based financial software—typically, only the accountants and payroll people. Nevertheless, the software is large and expensive, requires tons of training for the admins and end users, and needs a lot of care and feeding. Often a client-based GUI has to be installed and periodically upgraded.
68 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Another good example to use as a guideline might be Visual SourceSafe (VSS) for coders. Few people in the company need VSS, but the software lives on a server and requires a lot of admin maintenance. The scope of an app such as this one is not that it’s an enterprise tool; it’s local in nature and shouldn’t be considered enterprise software. Client/Server or Web-Based?
A second distinction, independent of the scope of the app, is the way that the app is distributed across the environment. Following are some differentiating characteristics that distinguish the various client/ server iterations, so you can get a feel for how very complicated an apps disbursement can be. 2-Tier Client/Server Typically, this means that a client software piece is installed on several computers and then this client component talks to the server. A database is usually involved. Exchange Server is a good example of a 2-tier client/server. It includes a set of centralized databases and a client such as Exchange client, the Outlook client, or Outlook Web Access (OWA). Clients can be homegrown with tools such as PowerBuilder or Visual Basic, or they can come with the application (as in the case of Exchange Server). 3-Tier Client/Server A third piece called middleware that’s introduced into the client/server picture; middleware usually (but not always) resides on an NT computer. The user makes a request to the middleware box, which in turn passes the request on to the Unix host and then sends the result set back to the user. Thus, there are three components and a 3-tier client/server model. n-Tier Client/Server The phrase n-tier client/server is given to systems with much more complicated levels than standard 2-tier or 3-tier systems. The design dictates how many tiers deep you go. Databases that replicate and consolidate with other databases might also qualify as n-tier systems. n-tier systems are highly complicated and require careful attention by server and application admins and DBAs. Thin-Client Client/Server Thin-client computing is truly client/ server computing, called “thin” because very little processing goes on at the client level (and much at the server). Thin clients access server applications via a Web browser, the best example being access to an
Chapter 2
Analyzing Technical Requirements
69
Exchange server for e-mail. When you access an Exchange server via OWA, you’re accessing a database and using a browser to read it. Web-Based Web-based apps rely on a browser, but their functionality rises entirely from coding paradigms that center around the Web, things like ASP, HTML, XML, Java, and VBScript. When you use a browser to access an intranet app that talks to a database, you’re using 3-tier client/server, but you’re working in a strictly Webbased environment. Microsoft Transaction Server (MTS) could run as a middle tier allowing Common Object Model (COM) objects to run within its context potentially in any of the above-mentioned configuration scenarios. What about the Clients?
When dealing with client/server apps, there are two factors that the Windows 2000 network designers need to keep in mind. The first is to know what the clients are using, and the second is to know the origins of the application. Be able to identify how it was coded and developed and whether the client will continue to use this app in an upgraded environment. With off-the-shelf client software, you have a little bit of a better opportunity to find out what sorts of compatibility issues you’ll run into. The company that wrote the software should be able to give you a good idea of the client component’s capability of working with Windows 2000. You must also be able to anticipate if the server software will behave in the Windows 2000 environment. BackOffice and Off-the-Shelf Server Applications
Some apps are designed to run in a heavy enterprise environment. All of the Microsoft BackOffice suite is, of course, built that way. But there are many other server software programs that reside on NT boxes and provide large user support for a specific function. It’s important to identify these apps and then check with the vendor to make sure they’re going to be able to keep up with the Windows 2000 environment. Test these apps before things get too far down the road just to make sure everything will work.
70 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
When working out your Windows 2000 design on paper, part of the activity that you’ll perform—a big part—is describing all of the different apps that are installed on servers throughout your enterprise. You need to determine the type and scope of each app, its use in the company, and whether it’s going to cooperate with Windows 2000. You’ll also need to know how to test apps before they are moved into the Windows environment.
Analyzing Network Infrastructure, Protocols, and Hosts If you’re not the internetworking and/or infrastructure keeper of the knowledge, that person’s going to have to be available when you begin this undertaking. There are three separate issues that you need to review here: infrastructure, protocols, and hosts. Infrastructure
The infrastructure involves the way that the various buildings your company occupies are wired, the health of the various switch closets, the backbone that connects the switch closets, and the switches, hubs, and routers that build the switching matrix of each building. When designing Windows 2000 for your company, select a building for examination. Take a walk through the building, getting a feel for where the wiring closets are and how they’re wired. Figure 2.1 shows an example of what you may see. Here, there are three wiring closets, two of which are “user closets”—that is, users connect from their office to the switches in the closet. Data travels the backbone to the core switch and thence to the server.
Chapter 2
Analyzing Technical Requirements
71
F I G U R E 2 . 1 : A typical network infrastructure model. Client
Client
Fiber optic backbone
Patch panels
Closet switches
Core switch
Server
Infrastructures are complicated little beasts. You have to watch the connections at the patch panel terminators to make sure they’re professionally installed. You want to run plenum Cat5 through ceilings, and it should be solid, not stranded, wire. Don’t run the wire parallel to any lights or up chases with phone lines (crosstalk occurs in both cases), only across lights. The jumper cables and user connection cables should be stranded, not solid (this keeps them from slipping out of the RJ-45 jack easily). You should always outsource your fiber optic cable installations, and I would certainly recommend that you outsource all cable installations. Your cable plant is your lifeblood, so have an expert build it. Routers are an entire science unto themselves. You might want to consider outsourcing your router purchase, configuration, and maintenance.
72 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Protocols
There are several kinds of protocols in use on Windows 2000 networks: LAN protocols (those in use on the network itself), WAN protocols (those used by the routers and frame relay gear to get your packets to outlying destinations), connection protocols that manage the connection between a remote user and the network, and encryption protocols and authentication protocols. Routers make conversion of almost any LAN protocol into packets the WAN can understand very seamless, so you don’t have many concerns there. It’s up to you to ascertain what protocols are on the LAN side of the house and make plans to get rid of unsupported protocols. This may involve a server-to-server visit just to find out what’s on each computer and thus what’s running on the LAN. Supported Windows 2000 Protocols
NetBEUI is still supported, but why do you want that old thing? Sure, it was fast, but it wasn’t routable. IPX/SPX is also supported for backward compatibility to legacy NetWare boxes. NetWare went straight TCP/IP a few years back, and they’ve never gone back to IPX. But there are scads of old NetWare 3.11 boxes still hanging around, running only IPX, with users needing to access them. You’ll use IPX/SPX in a legacy NetWare environment, but only long enough to convert the NetWare boxes to TCP/IP (or to Windows 2000). Windows 2000 supports the IPX/ SPX protocol with the Microsoft implementation of IPX/SPX, a protocol called NWLink. An AppleTalk network integration is included for continued support of Macintosh clients. Both Intel-based and Apple clients can share files and printers using this feature. The Point to Point Tunneling Protocol (PPTP) is a VPN connection protocol that is supported in Windows 2000. Its single purpose is to assist with the nailing up of virtual private networks (VPNs). PPTP has been around the Microsoft camp for several years now and works well.
Chapter 2
Analyzing Technical Requirements
73
A second VPN connection protocol, newer than PPTP, is the Layer 2 Tunneling Protocol (L2TP). It, too, is used for VPNs, but does not rely on vendor-specific encryption technologies. Microsoft expects this protocol to wind up being the industry VPN standard. Microsoft Point to Point Encryption (MPPE) and IP Security (IPSec) are two encryption protocols supported by Windows 2000. Microsoft Challenge Authentication Protocol version 2 (MS-CHAP v2), as well as MS-CHAP, CHAP, SHIVA, and PAP are authentication protocols—validating that a remote user is who she says she is. The RADIUS protocol is a connection protocol predominantly used for dial-up users accessing a third-party RAS server device, but ISPs also use it for tunneled network users. All three protocols—PPTP, L2TP, and RADIUS—use the tunneling method. What this means is that the user’s packets are buried deep in TCP/IP packets as they fly along the Internet. At the place where they knock on the door of the network, they are authenticated and unbundled, and the data is read. SNMP, a network management protocol, is still supported in Windows 2000. With this protocol, your network monitoring software, such as HP OpenView, can obtain information from network gear and other equipment that has the ability to send SNMP traps. The Hewlett-Packard DLC protocol is also included for backward compatibility with DLC connections to shared printers. There are other specialized protocols (such as the exotic infrareddevice protocols IrDA-FIR and IrDA-SIR), but, for the most part, the above protocols are the ones you’ll be using most often. Hosts
The word “hosts” is a TCP/IP word. Whenever anyone says the word “host,” you should think of “computer.” A host is simply another computer out in the big bad network world. That’s why the old Unix file that translates IP addresses to FQDN is called hosts; it lists the hosts on your network. (The hosts file, by the way, was a great idea back in the early ’80s. Today, with so many TCP/IP hosts, it’s a terribly inefficient way to maintain name resolution.)
74 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
What’s being asked of you in this particular topic is that you assess the kinds of hosts you have on the network. I would look at that task as assessing what kinds of operating systems are loaded on your computers, because the operating system essentially defines the host.
Evaluating Network Services Microsoft has really broken the infrastructure objective into small pieces, haven’t they? Without some context “Evaluate network services” could mean a lot of things. You must be able to choose services consisting of either software or hardware that will come to the aid of the network in order to formulate a stronger, better-functioning system. Network Monitoring
Network monitoring services typically consist of network monitoring software coupled with a computer that’s designated to handle only the influx of SNMP and RMON traffic from the LAN. (RMON is a more robust, scalable, and intelligent iteration of a network management protocol.) The combination of the network monitoring software and hardware is called a network management system (NMS). Some companies have many NMS computers housed in one area strictly for the purpose of monitoring their huge networks. The combination of lots of NMS computers in one location is called a Network Operations Center (NOC). Network devices report their status to the NMS via the SNMP protocol. Management Information Bases (MIBs), object descriptions stored in SNMP databases, that are loaded on the NMS know how to prepare and present the freshly reported data. The most common NMS software around the world is HP OpenView or CA Unicenter TNG, though there are others. Metrics Monitoring
The concept of metrics centers around ascertaining how much uptime the servers have had the luxury of experiencing. There are two methods of determining uptime, each at opposite ends of the scale. You could opt to manually keep track of every time that a server went down, how long it was down for, and what the cause of the outage was.
Chapter 2
Analyzing Technical Requirements
75
The number of outages that occur on a specific server can be quite revealing information. If you know, for example, that a server was down four times in one month, you might find out that an application had been recently loaded on the server and that this was the cause for all the outages. What you’d do to correct that problem is another story, but at least you may have a handle on what’s causing the outages. A more elegant solution is software that handles metrics monitoring. NetIQ, BMC Patrol, and ManageX are all designed to give you super granularity in terms of watching critical servers and services, handling problems with them, and alerting you of the issues. TCP/IP Services
TCP/IP services consist of things like DHCP, WINS, LDAP, and DNS. The most interesting of these is DHCP and DNS. While Unix boxes don’t readily do DHCP (though I understand some Unix software applications can now handle this function), they do DNS pretty darn well. And in legacy environments where DNS servers are already running and handling things nicely, you might have a really hard time convincing people that DNS needs to move to Windows 2000. Lucent Technologies offers a replacement DNS/DHCP/WINS application called QIP, which lives on servers and takes the place of regular NT services. Some switch and router gear can host TCP/IP services. Again, it’s not feasible for switches to do your DNS work, because you need Windows 2000 to do it for you. Security Monitoring
Security monitoring, in my mind, has to do with the alerting that goes on with proxy and firewall servers. A firewall product is expected to alert the administrator that some sort of attack is transpiring. Moreover, good firewall software should have some method of ascertaining when it’s being hit by an attack and be able to dismantle the attack before it craters the network. Microsoft Proxy Server supports Internet Server API (ISAPI) filters— customized filters that third-party vendors write in order to prevent
76 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
users who are coming in or going out from performing some specific activity. ISAPI is a Microsoft API that developers can utilize to hook into proxy servers. Fault-Tolerance Monitoring
When you install tools like HP’s TopTools or Compaq’s equivalent, Insight Manager, one of the things you do is monitor the fault-tolerant gear that’s installed on the server. This is fault-tolerance monitoring. SNMP could be said to be acting in a fault-tolerance monitoring capacity when it sends out a trap alerting the administrators that a redundant link (a special port on switches that allows you to set up a second, fall-back link into them) has gone down. When this happens, of course, the switch represents a Single Point of Failure (SPOF) and needs to be addressed quickly. Web Monitoring
A new kind of monitoring activity that administrators have to be cognizant of is monitoring the company’s Web sites, both internal and external. With Web sites, you’re interested in a variety of things: monitoring traffic, front and back load management, capturing visitor information, and most importantly site security.
Analyzing TCP/IP Infrastructure Assessing the TCP/IP infrastructure is probably going to be one of the simpler tasks that you’ll be involved with in your Windows 2000 network design. You need to know where key servers are and what their names and IP addresses are. You need to know the network IDs and subnet masks in use on the network. You need to know what the router, firewall, and proxy server IP addresses are. Here are the kinds of things you’ll be watching out for:
Key servers are the DNS, DHCP, and WINS servers in the environment. Find out these servers’ names (both NetBIOS and FQDN) and IP addresses and where they’re located. While you’re locating this information, also identify the server scopes: where they are,
Chapter 2
Analyzing Technical Requirements
77
what they’re composed of, and the various global or scope settings that are applied.
Identify all of the network IDs. Also, find out what subnet masks are in use throughout the various parts of your network.
Obtain all of the critical connector server information, such as router addresses (typically the network ID with a .1 address—e.g., 10.1.1.1). You’ll also want to know the NetBIOS and FQDN names and the IP addresses of the various proxy servers and firewalls on the network.
Obtain the IP addresses of the printers and the locations of their LPR, DLC, or HP ports.
List the IP addresses and NetBIOS and FQDN names of the servers.
If a BootP server is in use for thin-client workstations that have no hard drive and use BootP to boot off of the network, identify the server names and IP addresses.
Identify any RAS servers, their names, and IP addresses. While identifying these boxes, it’d be a good idea to jot down the phone numbers that are associated with the servers.
It’s not important to know the IP addresses of the switches in the closets. Chances are you won’t be connecting to them for any reason.
Assessing Current Hardware Depending on the size of your network (and whether you have Microsoft Systems Management Servers [SMS] installed), you might have to spend several weeks getting information about the hardware on your network. SMS, of course, allows you to garner asset and network information and keep it stored in a SQL Server database. You’ll need to diagram several different categories of hardware in order to have a more complete understanding of the hardware on your network. In larger installations, a complete view might be impossible, but it’s at least possible to ascertain what servers are in the domain. Once you know that, the very least that you should do is to find out what hardware the servers are using. You must be able to find weak
78 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
spots on the network that need to be addressed before you go forward with the design and deployment. Also, be mindful of your department budget. Below are some logical steps you can take in your hardware discovery process:
Figure out which servers are on the network.
Identify networked printers by type, manufacturer, and model.
Ascertain the type of switches and hubs you have on the network.
Repeat the same kind of work for the routers.
Tape backup systems should be revisited at this time.
RAS servers such as those made by Shiva, US Robotics, and 3Com—stand-alone devices that provide telecommuting interfaces for your network—are also going to come into play on the new Windows 2000 network.
Miscellaneous devices that you should know about when considering the Windows 2000 upgrade should appear on the list as well. There are all kinds of devices that come to mind.
Identifying Existing and Planned Upgrades and Rollouts It is highly critical that you identify any existing or planned upgrades or rollouts that might be affected by your Windows 2000 plans. Let us identify the difference between an upgrade and a rollout. Upgrade An upgrade is something that happens to an already extant system or device—an improvement over a like existing system. Rollout An entirely new thing—a new hardware device, a new way of doing a business task, or a new software application—is a rollout.
Analyzing Technical Support Structure After you’ve analyzed the equipment and the code, it’s time to find out what people and procedures your company uses to maintain all of that. There are two ways of looking at this exam objective, and I
Chapter 2
Analyzing Technical Requirements
79
think it’s probably safe to examine both. You need to identify what kind of technical support is in place for the administrators who are going to own the system and for the users who will utilize it. Network Manager Support Identify the technical support infrastructure that you and your deployment managers will require for the Windows 2000 rollout. User Support Be sure that the structure you’re implementing is one that your users will expect. Always make them aware of changes you plan to make—putting your users on a knowledge level where they can use the network the way they used it before the rollout.
Analyze Existing and Planned Network and Systems Management Finally, you will need to know how the network is being managed today and how the Windows 2000 change is anticipated to affect the network managers. You’ll also need to consider any network or systems management software that’s in place. Managers of the Network
Depending on the size of your network, you’ll find that network managers fall into several different categories. It’s important that you determine the various layers of network management that are involved at your site, who manages what, and to what depth each person’s knowledge goes when it comes to Windows networks and TCP/IP. A training chart is called for, one that has “Current” and “Windows 2000” as column headers. Write the network manager’s name, the type of management she is responsible for, and the level of knowledge currently possessed. Then you can write in the Windows 2000 column how much training is required for this person and how involved she will probably be in the new network. Use this list of network management tasks as a study tool: Backup Managers These people are responsible for nothing other than the backup of the network. It’s possible that these are Unix people that happen to also back up the NT network, a very feasible paradigm.
80 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Internetwork (Data-Comm) Managers These people are responsible for the routers and WAN connections, though they may not be responsible for the infrastructure. There may be a logical separation of the two camps (internetwork and infrastructure). Infrastructure Managers These people manage the overall infrastructure of the network. They handle the cable plant, the wiring closets (don’t forget the cool internetworking buzz phrases Intermediate Distribution Facility/Main Distribution Facility [IDF/MDF]), the patch panels, and the hubs and switches. Applications Managers Someone is responsible for the enterprise applications on the network. Often they have one or, at the most, two separate applications that they manage. There might be several different applications managers. Print Managers In larger companies, believe it or not, there are people who do nothing but handle print queues all day long. If you’ve ever hassled with JetAdmin software over a new printer on the network, you’ll know how challenging this job can be. Database Administrators (DBAs) DBAs set up tables, create namespaces, write stored procedures, perform business analysis on new database systems, and so forth. They’re usually very skilled, in terms of the database software, and are wonderful resources for you. NOS Managers Some companies have people that strictly handle the set up of servers and the installation of the NOS. These people would not be terribly application-aware, but chances are they would be highly aware of the changes coming their way in Windows 2000. E-mail Managers E-mail systems can grow to be so large and ponderous that dedicated administrators are required. This part of network management would then be relegated to the e-mail managers. Web Managers For both Internet and intranet sites, dedicated Web administrators are sometimes required. Telephony Systems Managers Here we have the rare breed of individual who is responsible for the telephony systems (and the associated interfaces that are related to the corporate network). Windows NT 4 was highly CTI-aware, and Windows 2000 will be even more that way.
Chapter 2
Analyzing Technical Requirements
81
Security Managers These folks create and manage user accounts, groups, NTFS permissions, mainframe logons, Internet usage accounts, and so forth. More than one of these network management roles could be occupied by the same person. It’s possible that one entity might not even know that another exists. Nevertheless, all of these various management components need to know and be aware of the ramifications of a Windows 2000 network that’s barreling their way. Network and Systems Management Software
Different kinds of software products are available to help manage the network. Network management software typically looks at SNMP traps and helps the operators evaluate problems on the network. Systems management software, such as Microsoft’s Systems Management Server, allow administrators to gather asset inventory, roll out software packages, remotely control client computers, and perform other management functions.
Exam Essentials Identify and understand the current applications. Become familiar with enterprise applications that are being used by users. Also be aware of and familiar with workgroup apps that may live on servers. Determine the network infrastructure, the protocols in use, and the types of hosts on the network. Know how the network is built, its cabling plant, the switches and hubs, the server farm, the WAN connections, what the TCP/IP infrastructure is like, and the protocols in use. Understand the various types of hosts that are using the network. Understand the services that are in use on the network. Utilizing the above definitions of network services, know and understand what’s in place on your network. Evaluate and understand the TCP/IP infrastructure. Completely understand how TCP/IP is integrated into your network.
82 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Evaluate the hardware in place on the network. Know the components that make up your network including servers, hubs, switches, routers, and other hardware componentry. Be aware of any upgrades or rollouts that are planned or currently underway. Know the difference between a rollout and an upgrade. Possess an awareness of any existing or planned rollouts or upgrades. Evaluate and understand the technical support structure. Know where your technical support will come from, both for the administrative staff who has to manage the new Windows 2000 network and for the users who must utilize it. Evaluate the existing network and systems management structures and any new plans for such structures. Know who the various managers of the network are. Know what network and systems management components are in place.
Key Terms and Concepts 2-tier client/server A system with a fat client (one which runs a lot of the application code) coupled with a server. A good example might be the Exchange Server system talking to an Outlook client. 3-tier client/server A system that consists of three different computers running three separate processes. The computers can be of different platforms: client computer, middle tier, or database tier. client/server A computing and network architecture that relies on servers and clients. Servers handle applications, files, print sharing, and other large tasks. Clients use servers. In a client/server environment, the client may be a fat client, meaning that it offloads some of the work from the server, or a thin client, meaning that it does no work at all. Layer 2 Tunneling Protocol (L2TP) An extension of the PPP protocol that enables the implementation of VPNs through either ISPs or private networks. The protocol is a combination of the best of Microsoft’s PPTP and Cisco’s L2F.
Chapter 2
Analyzing Technical Requirements
83
network management system (NMS) A system that allows you to monitor the network for errors and provides alerting if an error takes place. n-Tier client/server A client/server environment that contains multiple server and/or client layers. Point to Point Tunneling Protocol (PPTP) A protocol invented by Microsoft and several other partners in a collaborative membership known as the PPTP Forum. PPTP is designed to facilitate the setting up of a virtual private connection with a client coming over the Internet to a private network. The data is tunneled inside TCP/IP packets. Remote Authentication Dial-In User Service (RADIUS) A server that functions both as an authentication and an accounting server. You pass your logon credentials to a RADIUS server, where they are validated and accounted for. Remote Monitoring (RMON) Similar to SNMP, though much richer in the context of what it can do. Where SNMP could accept one Management Information Base (MIB) from a client such as a router, switch, or hub, RMON can receive ten separate specialized MIBs, thus creating far more granularity in the kind of monitoring that can go on. rollout The deployment of a new project. thin client A client that holds very little responsibility for the processing involved in a client/server application. Browsers make great thin clients. thin-client client/server A client/server model that includes a thin client as its client of choice. upgrade An updated version of an existing hardware or software component. workgroup A grouping of computers that is not associated with a domain.
84 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Sample Questions 1. What network component will you not need to consider for your
Windows 2000 evaluations? A. Servers B. Mainframes C. Telephony gear D. Routers
Answer: B. You don’t have to worry about mainframes; they’re handled by somebody else entirely and won’t affect your rollout. The 3270 emulation software, the code that allows PC users to talk to the mainframe, is another story and may require a good hard look from you before a Windows 2000 rollout. 2. In your company of 5,500 employees, about two-thirds of the
people use a client/server front-end application that talks to the company’s back-office databases. Select the kind(s) of applications this represents. A. Client/server B. Workgroup C. Enterprise D. Mainframe
Answer: A, C. An application that uses a client component and a back-office component (I’m speaking generically here when I use the term back-office—meaning that there is some server process running—not necessarily that Microsoft BackOffice is in place) is said to be a client/server. Since so many users are using it, it also qualifies as an enterprise application. 3. You’ve successfully upgraded your Domain Controllers (DCs) to
Windows 2000 Server and enabled Active Directory. Now you’re ready to proceed with the upgrade of the rest of your servers. What will be the biggest issue that you face as you upgrade these servers?
Chapter 2
Analyzing Technical Requirements
85
A. Enterprise applications running on apps servers may not work
on Windows 2000 B. The servers might need a hardware upgrade before proceeding C. The servers might need to be put on a gigabit network before
proceeding D. The servers will need to be on the Windows 2000 Hardware
Compatibility List (HCL) Answer: A. Option D is especially important as is Option B. But Option A is the most problematic issue you’ll face—one that could potentially blindside you if you’re not careful. Option C, while a nicety, doesn’t enter into the area of problems with servers, unless, of course, your infrastructure is slow. But hopefully you’ve already taken care of that problem. 4. Halfway through your Windows 2000 upgrade design, you find
that the applications team is right in the middle of an Oracle release 8i to release 11 (R11) upgrade. How will this affect your upgrade plans? A. It won’t affect it at all. B. Stop everything! C. Need to gather more information. D. Who cares?
Answer: C. You’re pretty close to stop everything mode with this news. Oracle is a vast product that requires a lot of attention to detail. An upgrade of this nature (from 8i to R11) means that you’ll have to get involved as well and make sure that the software will reside OK on Windows 2000 servers. If R11 isn’t certifiable on Windows 2000, then those servers will have to remain NT 4 until such time as Oracle is ready. This is part of knowing your applications because a Windows 2000 installation could have a potentially disastrous impact on apps that used to run just fine. Check first!
86 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
5. You’ve been retained as a design consultant to work for a large
retail outlet that’s currently using NetWare 3.11 as its NOS. You have been given the duty to upgrade the servers to Windows 2000. What will be your first objective? A. Discover what protocols are running. B. Discover what apps are running. C. Determine the hardware capabilities of the current servers. D. Procure adequate licensing.
Answer: A. TCP/IP is critical to Windows 2000 functionality. You cannot get along without it because name resolution in a Windows 2000 network revolves around DNS, which is a TCP/IP thing. Since the current network is NetWare 3.11, it’s highly likely that the only protocol you’re running is IPX. This discovery has a major impact on your design, especially relative to client software. You or somebody else will have to physically visit each work station on the network, remove the NetWare client, and install both TCP/IP and the Microsoft Client for Networks before anyone can talk to the new network. This will require exquisite project planning and timing on your part.
Analyze the network requirements for client computer access.
Analyze end-user work needs. Analyze end-user usage patterns.
F
inally, you should know how the users are actually utilizing the network. This may be the most important step of all because it will yield information about how adequately the network is meeting the needs of the users and what steps need to be taken to improve it.
Chapter 2
Analyzing Technical Requirements
87
Critical Information There are two facets to analyzing client computer access: first, understanding how users work and how their work needs are met by the network computing environment, and secondly understanding the pattern that users follow as they access the network. Knowing when and how users access the network will go far in your understanding of the enterprise as a dynamic whole.
Analyzing End-User Work Needs If you stand back and take a good hard look at why and how users access the network, I’m sure that you’ll find yourself putting users into different stereotypes that describe their behavior. Knowing user patterns helps you plan more airtight implementations of future network rollouts. Let’s take a look at a few of the types of users you may encounter. Power Users
The power user is one who is potentially dangerous. This person knows enough about computers to be able to do things like erase critical files, hack the Registry of the local machine, change .INI files, and so forth. Though you’ll find power users in any department that accesses the network, I’d say that they are predominantly the engineers, software developers, and some financial types. This kind of person is potentially dangerous, but they can also be helpful. This might be the kind of person that offers to help a less knowledgeable user out of a jam when tech support for the network is busy and not quickly available. 3270 Emulation Software Users
These folks don’t use their PC for a whole lot, maybe the Web and e-mail. Typically, they’re either mainframe programmers running 3270 emulation software to access the mainframe in order to do their programming, or they’re order entry or billing folks that use the mainframe to check records and edit data that’s already in the system. There are also operations people who schedule jobs to run, review
88 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Job Control Language (JCL), a mainframe language that allows for the scheduling and running of jobs, and so forth, but they’re better categorized as mainframe programmers. Macintosh, Unix, Linux, OS/2, or VAX Users
These kinds of users have extremely special needs that you’ll have to handle on an OS-by-OS basis. For example, a Linux user might want to mount a Samba NFS share for people on the Windows 2000 network to look at. Or, quite the opposite, the Unix host might need to extract files from a Windows 2000 host by using FTP. Linux users will also want to surf the Web, exchange e-mail, and create documents that are available for non-Linux users. Macintosh users have very specific computing needs, and my experience has been that they typically like to save their large graphics files out to a RAID array on the Windows NT or Windows 2000 network. That’s a perfectly fine use for them and one that you should sanction (because the files are privy to backup at that point). Windows 2000 has visited the whole Macintosh access issue and has, it’s hoped, made it easier (more crash-proof) for administrators to maintain. Mac users will also want to surf the Web and exchange e-mail and documents. Unix users access the Unix servers either via an emulation host on their PC or through a Unix workstation that sits next to their PC. The basic needs are the same, with the exception of Unix admins, who require the ability to modify server files. Though you might not have many dealings with OS/2 users, they’re definitely out there, and the OS is still quite common. Typically, OS/2 requires its own special software for anything that you might want it to do on the Windows 2000 network. OS/2 users are often power users who choose that OS for very special reasons. VAX systems are still in use throughout the world, especially in the manufacturing sector. I find VAX systems to be very complicated and (for me) annoying. Nonetheless, VAX administrators have to be able to find ways to share files and data on the regular network. Those methods are probably already in place, and the VAX admin will typically be aware of them.
Chapter 2
Analyzing Technical Requirements
89
Managerial/Professional/Executive Users
These users are usually accustomed to having things move quickly, and they expect you to take every bit of time you need in order to get their computing needs solved, even though the entire network may be burning down around you! It seems as though the higher you go up the food chain, the more demanding they seem to get. That’s not exactly fair, because they’re usually quite nice about the way that they go about getting you to fix the problem, but they’re firm in that managerial kind of way. I, for one, always feel a little tense when I have to work on an executive’s computer. Cowboys
How does a cowboy user differ from a power user? Both are power users, but I’d say it has to do with the tendency that cowboys have of installing rogue software on their PCs and then calling the help desk for support when things auger. Ordinary Joe and Jenny Users
These are the ordinary people who just want to log on and get a day’s work done. The standard user e-mails, probably surfs the Web, uses Microsoft Office, and possibly runs some specialized apps that pertain to his area of the company.
Analyzing End-User Usage Patterns Watching users is one way to analyze user behaviors. Try to spend some time just watching a variety of user types. Watch for the apps they load up in the morning, how long their log time is, and the quality of their login time. See if you can glean any information about how ordinary users go about their computing lives. It’ll be very informative and time well spent. You can also run performance monitoring on the main servers (such as Exchange and the file and print servers) to get information about the load at specific times. If you run Performance Monitor (System Monitor in Windows 2000) scans periodically over the course of a day, you’ll have good benchmarks as to how the network performs.
90 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Most shops are fairly e-mail-centric now, so it’s a good bet that the server is in heavy use throughout the business day. You can get a good feel for e-mail traffic by watching the Exchange Performance Monitor (System Monitor in Windows 2000) threads and by checking out the Internet Mail Service (IMS) queues. Network managers might be able to sniff the network and give you some idea of usage patterns, though the information will mostly be about broadcasts and the amount of traffic going across the wire. Some metrics software such as NetIQ or ManageX might be helpful to you, too, in your quest for user-behavior information.
Exam Essentials Know and understand your end-user habits, work needs, and usage patterns. Possess a keen understanding of how, when, and why the network is accessed. Be able to clearly elucidate network usage patterns.
Key Terms and Concepts cowboy An individual who either feels christened as a super user or is actually a true super user. Cowboys are people who tend to want to play with their computers and can make more trouble for administrators than ordinary users—simply because they can play. power user A computer operator who has a firm grasp of computing technology and can easily and quickly assimilate the tasks that need to be done in order to effect a computing endeavor. Frequently, power users are given more control over a computer than they might need, sometimes resulting in problems. VAX A Digital Equipment Corporation (DEC) minicomputer, still in use and still for sale, though now called servers instead of minicomputers.
Chapter 2
Analyzing Technical Requirements
91
Sample Questions 1. Which of the following qualify as user work needs? Choose all that
are correct. A. Connectivity to e-mail systems B. 21-inch monitor C. Connection to the network D. Local printing E. 800MHz processor
Answer: A, C, D. Differentiating between need to have and nice to have is a tough decision that administrators make about enduser support on a daily basis. Where needed, A, C, and D are all valid choices. Option E probably falls within the “nice to have” category; most users could get along nicely with less. 2. You work in a plant that is open 24/7/365. What will be the most
fundamental assessment you’ll have to make about your end users? A. Usage patterns B. Work needs C. Network connectivity D. Growth plans
Answer: A. User usage patterns will be a very important consideration to you with a network like this. Especially important will be considerations such as using the Windows Installer to download packages to end users. If the network is always in use, which shift should be the one that gets the packages? 3. You have several Macintoshes on your network. While the net-
work is running NT 4, these users are fine. Once you convert to Windows 2000, how will these users be affected? A. They won’t be affected at all.
92 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
B. You’ll have to install the Microsoft Macintosh Client for Win-
dows 2000 (MCW2K). C. Each Mac client will have to have TCP/IP installed on it. D. Mac clients will have to run third-party emulation software.
Answer: A. If you upgrade a server that has the NT 4 Services for Macintosh (SFM) running on them, the Windows 2000 Server upgrade will take this into account and retain the AppleTalk and SFM services. If you have an NT 4 server that’s currently hosting SFM and you don’t intend to upgrade it until later, the Macs are still OK. It would be best to get the Macs on TCP/IP and get rid of AppleTalk, but you can accomplish that step later. 4. You work for a company that has a mainframe computer. It used
to be that users who needed to access the mainframe had an IBM terminal on their desktops. Today, they can access the mainframe from their PC. How is this able to happen? A. TCP/IP B. SNA C. FTP D. 3270 emulation software
Answer: D. Emulation software written by corporations such as Attachmate allow PC users to access mainframe sessions from their PC. In a Windows 2000 upgrade design, it would be important for you to evaluate the software users are using to get to the mainframe prior to upgrading them to Windows 2000 Professional. Make sure the 3270 emulation software will work with Windows 2000! 5. You want to purchase some software that will give you informa-
tion about services that go down, outages on computers, reboots that have occurred on servers, and other uptime information. What kind of information are you looking for? A. Uptime B. Metrics
Chapter 2
Analyzing Technical Requirements
93
C. Response times D. Usage patterns
Answer: B. Monitoring a network for changes that happen to the servers, then preparing a report that details these changes in an evaluative sort of format is called metrics, or more appropriately, metrics reporting. Windows NT and 2000 can help with some of the metrics information that you need. For example, Uptime.exe is available from the Resource Kit. But your larger concern might be to monitor when a service fails because even though it isn’t construed as an outage, a service failure really does cause users to go without a function.
Analyze the existing disaster recovery strategy for client computers, servers, and the network.
Disaster recovery (DR) is a computing science unto itself. Large enterprises spend millions of dollars each year to maintain DR implementations that can save the company in the event of a catastrophe, such as the company’s headquarters office building burning to the ground. It is highly important that every network, no matter how small, have a DR plan in place, tested, and ready to go.
Critical Information Where fault tolerance means building in protection against emergencies, disaster recovery (DR) is making and testing a plan for the complete restoration of critical systems in the event of a catastrophe, after the fact. It is not good enough to have a DR plan; it’s vital that you also periodically go through a DR test, so that your plan makes sense and includes recent changes.
94 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Establishing Disaster Recovery for Servers and the Network You can employ some interesting DR techniques. Real-time data mirroring allows for data to be copied from one server to another, preferably one that’s offsite, in order to protect that data. There are variations on this theme, but it’s a good (and expensive) DR strategy. Tape backup operators, the administrators who maintain the backup system(s), are charged with making sure that the backups are reliable and that they occur on a regular basis. These systems require a plan for backing up the servers and critical workstations on your network; this plan must be revisited frequently as your network changes almost constantly. Many tape backup systems require that you install a software agent on each computer. Redundant routes on network routers and a redundant, yet geographically separate, Web presence should be investigated as a bigger part of the network DR picture.
Establishing Disaster Recovery for Client Computers Hopefully, you’ve examined your user behaviors, and you know who your power users are—the critical ones who save lots of important files to the local disk. You have to target these individuals first, making sure that you have some fault-tolerance methodologies in place for them. Step two is to communicate strongly. Make sure that all end users understand that company-critical data needs to be saved to file servers, not to the local, unprotected drive.
Exam Essentials Possess a very clear understanding of how your company has implemented a DR strategy for all of the networking components: servers and network and client computers. If a company’s administrators do not understand the completeness that an enterprise entails, they’ll get the whole DR thing wrong. It’s important that you be able to
Chapter 2
Analyzing Technical Requirements
95
clearly explain how each component is being protected in the case of a catastrophe.
Key Terms and Concepts disaster recovery (DR) The process of restoring a network to the condition it was in prior to some sort of disaster, whether natural or caused by humans.
Sample Questions 1. What is the single most important disaster recovery methodology
that you can implement? A. Redundancy B. Tape backup system C. UPS D. RAID
Answer: B. Option A is also awfully good, but it’s critical that you have a backup system in place, back up your network data regularly, and check to make sure that the backups are correctly working. This is by far the most elemental and supreme fault-tolerant procedure that you can implement. Then, after you’re done with that, the others are great ideas as well! 2. Rotating backup tapes offsite is often a very good fault tolerance
and DR approach. Why is this? A. Tapes that are offsite can’t be stolen as easily. B. Tapes that are offsite can be used to restore computers in the
event of a disaster. C. Tapes that are offsite aren’t as likely to suffer from potential
erasure. D. You won’t be as prone to try to reuse a good tape if it’s offsite.
96 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Answer: B. A set of backup tapes that are stored offsite is an excellent fault tolerance and disaster recovery measure. You’re assured that some sort of data is available for recovery in the event of a catastrophe. Of course, this all depends on the data that is on the tapes being good. 3. Suppose that you’re considering a disaster recovery (DR) strategy
for your network. What would be one DR item that you might be likely to overlook? A. RAID arrays for servers B. SQL agents for backup software C. Periodic testing of restoration processes D. Server room power conditioning
Answer: C. You need to periodically test your backup software’s restoration capabilities. Just because you can prove that you’ve got the data on backup tape doesn’t mean you can guarantee you can restore it! 4. You’re considering a Disaster Recovery (DR) model where you
keep your backup tapes for the last seven days in a highly accessible but very quickly available place. Your goal is to provide a restoration capability that, in the event of a disastrous turn of events, could bring the network back to the previous days’ business. What would be the safest of the alternatives to pick from? A. Take the tapes home B. Keep the tapes in your car C. Buy a fireproof safe D. Retain a service to keep them offsite
Chapter 2
Analyzing Technical Requirements
97
Answer: D. You might think the safe’s a pretty good idea and indeed you can buy "data safes." But, these safes are only rated for 125 degrees, and they’re only good for a maximum of two hours! In a hot fire that spreads throughout your building, it’s very possible that your backup tapes, even in a data safe, would melt down. Your safest option is to retain a service that keeps the tapes offsite in a safe area. You might consider the safe option as a second fallback alternative. Answers A and B are not acceptable. 5. Suppose that you have two sites that act as twins to one another.
You’d like to come up with a method where you keep your sister site’s Disaster Recovery (DR) data and they keep yours. Of the choices below, what would be the best option you could pick? A. Real-time data mirroring B. Exchanging backup tapes C. Setting up Active Directory between the two sites D. Windows 2000 Intellimirror
Answer: A. The best answer would be some sort of real-time data mirroring functionality where your sister site copied data to servers at your site and vice versa on a real-time basis. You could potentially utilize Windows 2000 Network Load Balancing (NLB) for such a function. The biggest thing you’ll have to worry about with real-time data mirroring will be to make sure that the network connection between your mirroring servers is very robust. The exchanging of backup tapes is an OK idea, but time intensive. Active Directory between the sites provides redundancy, but not the capability of restoring enterprise apps. Intellimirror is intended for workstation apps, not big enterprise applications.
This page intentionally left blank
Chapter
3
Designing a Windows 2000 Network Infrastructure MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER: and design a network topology. Modify (pages 101 – 106) a TCP/IP networking strategy. Design (pages 107 – 122)
Analyze IP subnet requirements.
Design a TCP/IP addressing and implementation plan.
Measure and optimize a TCP/IP infrastructure design.
Integrate software routing into existing networks.
Integrate TCP/IP with existing WAN requirements.
Design a DHCP strategy. (pages 122 – 133)
Integrate DHCP into a routed environment.
Integrate DHCP with Windows 2000.
Design a DHCP service for remote locations.
Measure and optimize a DHCP infrastructure design.
name resolution services. Design (pages 133 – 149)
Create an integrated DNS design.
Create a secure DNS design.
Create a highly available DNS design.
Measure and optimize a DNS infrastructure design.
Design a DNS deployment strategy.
Create a WINS design.
Create a secure WINS design.
Measure and optimize a WINS infrastructure design.
Design a WINS deployment strategy.
a multi-protocol strategy. Protocols Design include IPX/SPX and SNA. (pages 149 – 160) a Distributed file system (Dfs) strategy. Design (pages 161 – 170)
Design the placement of a Dfs root.
Design a Dfs root replica strategy.
W
ith this chapter, we now go totally techno and start getting into the nuts and bolts of a good Windows 2000 infrastructure design. Especially important will be the concepts behind DNS. We assume in this book that you’ve already been through the basic Windows 2000 courses, which should leave you with a fairly comprehensive understanding of DNS (assuming you didn’t have one before you started working with Windows 2000). DNS will probably be the biggest trip-up for most administrators simply because, up till now, DNS has been in the Unix camp and very rarely a part of NT. Now DNS is a big player and something you need to get a handle on.
Modify and design a network topology.
W
hat is a topology? Think of it as the way the network is wired up and the Institute of Electrical and Electronics Engineers (IEEE) standard that it uses. The IEEE is the group responsible for setting network topology standards. A more succinct way of putting it would be that a topology is the set of rules that are made for physically connecting and then going about the business of computing on a given medium. The topology determines how the computers are going to connect to each other (a physical component) and the rules that are going to be used when they talk to each other (a logical component).
Critical Information As an administrator you are probably familiar with the basic topologies you might find on a network. Nonetheless, let’s briefly review them. We’ll first talk about the physical components of a topology then discuss its logical components.
102 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Physical Components of a Topology There are three basic physical topologies that are important to us: the bus, star, and ring topologies. The old 10Base-2 network scheme used a bus topology, starting with a string of coaxial cable. In star topologies, each PC or server on the network connected to a central device such as a hub or a switch (preferably a switch). And ring topologies enjoyed a real heyday in the late ’80s and early ’90s, then Ethernet star topologies sort of took over. But, just when it appeared that the battle had totally been won, Fiber Distributed Data Interface (FDDI) and Asynchronous Transfer Mode (ATM) surfaced and recaptured the ring concept, this time on a wide area network basis. A ring merely consists of devices arranged in a ring with the cable passing in one side of each device’s network card and out the other. The network has a token (or sometimes two), hence the original name Token Ring network. Fault-tolerant implementations of ring topologies have two tokens counter-rotating on two different rings. If one ring breaks, the other ring is used as a fallback. This is quite common in Synchronous Optical Network (SONET) implementations where extremely reliable WAN connectivity is desired. All of the various topologies have problems. For example, a ring topology is very fault-tolerant, as long as it’s used on moderately loaded networks, but as soon as the network approaches being heavily loaded, it slows way down. On the other hand, Ethernet networks function well when more heavily loaded, but have a lot of overhead associated with the acknowledging (ACK) and negative-acknowledging (NACK) that goes on when a packet is received or, worse, when it isn’t received. Interestingly, some network designers feel that a Token Ring topology presents an opportunity to find out how the network is going to behave under loaded conditions. Why? Because Token Ring networks are scalable, meaning that you can define how many hosts are allowed on, how long any one system owns the token, and thus you can determine the maximum amount of hosts based upon the maximum latency you’ll allow.
Chapter 3
Designing a Windows 2000 Network Infrastructure
103
Logical Components of a Topology The Institute of Electrical and Electronics Engineers (IEEE) defines standards specifications for new networking technologies. IEEE 802.5 defines the Token Ring topology; IEEE 802.3, 802.3u, 802.3x, and 802.3z define Ethernet topologies, 10Base-T, 100Base-T, full-duplex Ethernet, and 1000Base-T, respectively. Note that logical topologies define more than just the speed of the network. They define aspects like the type of switching that takes place (circuit, message, or packet), the media that they can run on, and the types of connections that can be made.
The Cable Plant—Backbone and User Connections Let’s say that the building housing your network is fairly large. Maybe you have two or three different closets where you have network gear, hubs, or switches. Typically these closets have a wiring rack with a patch panel and the network gear. The wires come in from one or more closets and attach to the patch panel. The wire running from closet to closet is called the backbone. Then you run jumper cables from the patch panel to the hubs or switches. In a scenario like this, there is typically a place where all of the cable runs terminate into a central switch, often called a core switch. This switch usually has enough ports in it for the runs from the various closets to plug into, as well as the servers. Most generally, servers home run directly to the core switch for optimum throughput. The wiring that runs between closets could be fiber optic wire, in which case you very likely have a 100Base-T or 1000Base-T (gigabit Ethernet) backbone. These speeds are 100 megabits per second (Mb/ sec) and 1000 megabits per second, respectively (not megabytes per second, which would be MBps). Ethernet is based on a method called Carrier Sense Multiple Access with Collision Detection (CSMA/CD). In other words, when a host is ready to send data out onto the wire, it listens for a carrier—i.e., is there current on the wire? If a carrier is found, packets are allowed out. But because many computers are on the network, multiple packets are allowed out onto the wire at the
104 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
same time. It’s possible that packets can collide because there’s nothing preventing them from doing so. Thus, there has to be a collision-detection mechanism. The last element provides that if there is a collision (and there will be), the packet is requested to be resent. Because multiple packets can be running around, there are liable to be lots of collisions. As you might imagine, 100Base-T and 1000Base-T consist of fast collision domains.
Exam Essentials Be able to design and modify a network topology. Understand what network topologies are all about, and be able to design them from the ground up or modify existing topologies.
Key Terms and Concepts core switch A network switch that acts as the nexus for a topology. Typically, these switches have enough ports for home runs from closets back to the core and for servers that connect to them. topology The physical layout and design of the network.
Sample Questions 1. Your WAN uses SONET. What kind of topology does it use? A. Bus B. Star C. Modified-star D. Ring
Answer: D. Synchronous Optical Network (SONET) is a form of ring topology.
Chapter 3
Designing a Windows 2000 Network Infrastructure
105
2. You’re retained as the network designer for a small 500-node
network. All nodes reside in one building, but there are 10Base-T hubs in each closet that home run over Cat5 to a central patch panel in the server room. What might be your first two recommendations for this network? A. Replace the hubs switch 10Base-T switches. B. Replace the hubs with 100Base-T switches. C. Change the home run cables to fiber optic. D. Add a core switch in the server room.
Answer: B, D. At a very minimum, it’s advisable to get rid of the hubs and get users onto switches. You’d probably have a hard time finding a new 10Base-T switch these days, so you’ll probably need to go with 100Base-T. Gigabit wouldn’t be a bad option either, but it needs Cat6 to effectively support the bandwidth. Next, add a core switch in the server room, and plug those servers directly into the switch. Just multiplexing (muxing) the data using switching technology makes an incredible difference in throughput. 3. If the backbone of your network is equipped with gigabit switches,
which devices will operate at gigabit speeds? A. Gigabit ports on switches B. 100Base-T ports on switches C. Servers D. Workstations
Answer: A. Neither the servers nor the workstations will operate at gigabit speeds unless they’re equipped with gigabit Ethernet cards, their speed is set for gigabit, and they’re plugged into a gigabit port on the switch. Anything plugged into a 100Base-T port will run at 100Base-T. Of course, once the data leaves the switch and hits the backbone, it is running at or near gig speeds.
106 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
4. You’ve got a small network of about 250 users on two floors that
you’re going to convert to Windows 2000. In examining the closet connection areas, the Intermediate Distribution Facility (IDF), and the main server area, the Main Distribution Facility (MDF), you notice that all of the connection gear is comprised of hubs, not switches. What benefits could you reap by spending the extra money and upgrading the hubs to switches prior to implementing your Windows 2000 rollout? A. It will cut down on the number of collision domains. B. It will cut down on the number of broadcast domains. C. CPUs in switches provide faster throughput of data. D. Uplink port provides a faster backbone.
Answer: A, C, D. Collision domains are isolated at the switch level, broadcast domains at the router level. The CPUs in switches set up what is called a "switch fabric" that provides much faster throughput than you’d get with hubs. Instead of sharing the bandwidth, the CPUs are providing equal (or near equal) bandwidth to all users. A fast uplink port creates a fast backbone. 5. What might be an alternative to Ethernet that is higher speed and
has no collision domains? A. Asynchronous Transfer Mode (ATM) B. Synchronous Optical Network (SONET) C. Fast Token Ring D. VGAnyLan
Answer: A. ATM, while not necessarily the most practical choice because of its cost and complexity, is a high-speed non-collisiondomain alternative to Ethernet. You can gain much higher speeds with ATM than with Ethernet.
Chapter 3
Designing a Windows 2000 Network Infrastructure
107
Design a TCP/IP networking strategy.
Analyze IP subnet requirements. Design a TCP/IP addressing and implementation plan. Measure and optimize a TCP/IP infrastructure design. Integrate software routing into existing networks. Integrate TCP/IP with existing WAN requirements.
I
f you’re not already working with TCP/IP, then you’ve got to get up to speed fast. While Windows 2000 supports other LAN protocols, it was designed with TCP/IP in mind. This section deals with the art of coming up with a high-quality TCP/IP design.
Critical Information We’ll begin by discussing IP subnets then work our way into an addressing and implementation plan. We’ll talk about how to measure and optimize a TCP/IP infrastructure and how to integrate TCP/ IP into existing WANs. We’ll wind up with a discussion on integrating software routing into the network.
Analyzing IP Subnet Requirements What exactly is a subnet anyway? It seems that you can have awfully large subnets, even though the subnet masks that you sometimes work with only allow a few hosts. Subnetting Principles
To use TCP/IP, you must understand its various classes. Class A ranges from 1.x.y.z to 126.x.y.z (127 is reserved for loopback diagnostic testing and will never be given out). There are also four private reserved ranges—10.x.y.z, 172.16.0.0-172.31.0.0, 169.254.0.0, and 192.168.0.0-192.168.255.0—that will never be allowed on the Internet and that you can thus use in your private network. Note that there are two reserved private ranges in Class B. You can dole these out as private IP numbers any way you like, as long as they never see the light of the Internet day.
108 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
The standard Class A subnet mask is 255.0.0.0. Obtaining a Class A network number from an ISP or Internet authority would provide your company with more than 16 million TCP/IP numbers using this subnet mask! Class B ranges from 128.x.y.z to 191.x.y.z. You can use 172.16.0.0– 172.31.0.0 as your private Class B range, because it too will never be allowed out on the Internet. A single Class B network number provides you with 65,534 IP addresses. If you choose to use the entire private range (172.16 through 172.31, along with a standard Class B subnet mask), you’ll have more than 1 million numbers, each of which will be using subnet mask 255.255.0.0.
TIP Remember the special Class B network number, 169.254.0.0, used for Automatic Private IP Addressing (APIPA). Test questions will undoubtedly try to sneak this network number in on you.
Class C ranges from 192.x.y.z to 223.x.y.z. Each Class C network number can fit you with 254 network addresses that you can use for printers, servers, users, and what have you. If you choose to use the entire private suite of Class C numbers (along with a Class C subnet mask), you’ll have 65,534 numbers at your disposal, using subnet mask 255.255.255.0. Table 3.1 lays out the various network numbers in each class. TABLE 3.1:
Available Network Numbers by TCP/IP Class
Class
Public
Private
Standard Subnet Mask
A
1.x.y.z– 126.x.y.z
10.x.y.z
255.0.0.0
B
128.x.y.z– 191.x.y.z
172.16.0.0– 172.31.0.0, 169.254.0.0
255.255.0.0
C
192.x.y.z– 223.x.y.z
192.168.0.0– 192.168.255.0
255.255.255.0
Chapter 3
Designing a Windows 2000 Network Infrastructure
109
Do you work for a company of, say, 5,000 users? If you were to somehow obtain a regular Class B network number (from either your ISP or an Internet authority), you could use 65,000+ numbers. Maybe you don’t need all of those numbers—they’ll go to waste. On the other hand, at 254 numbers per Class C address, you’d need about 20 of those standard Class C network numbers to give you enough IP addresses to work with for all your users, printers, routers, switches, and other gear.
Designing a TCP/IP Addressing and Implementation Plan All you really need to put your company on the Internet is to obtain four solitary Class C addresses from your ISP. Your ISP’s router will use these addresses as pointers to you for any requests that are destined for your company. You, in turn, will have a router that has one of the external IP addresses you’ve been given. The router will point to a firewall, which has the second address, and the firewall will point to a proxy server with the third address. The firewall will keep out unwanted hacker traffic, and the proxy server can filter both incoming and outgoing traffic. What about your inside users? Just pick one of the private TCP/IP network number ranges (probably the Class B range, in this company’s case) and begin to use them instead of public IP addresses. The proxy server and firewall will handle the security and network address translation of the users, so you have that covered—then it really gets interesting in terms of subnetting. Let’s say, just for simplicity’s sake, that you have only one geographic location and no WAN connections to other sites that you have to worry about. You have this huge private network number, 172.16.0.0–172.31.0.0, which gets you 1,048,576 IP addresses that you can use any way you like. There are several ways that you could disperse these numbers in order to logically segment the users. For example, suppose that your Accounting department would get one block of numbers, your sales people another, and so on, as in Table 3.2.
110 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
TABLE 3.2:
Sample IP Segments
Group
Network Number
Servers & Printers
172.16.1.z
Marketing
172.17.1.z
Sales
172.17.2.z–172.17.4.z
IT
172.17.5.z–172.17.6.z
Accounting
172.18.1.z–172.18.2.z
Assembly/Manufacturing
172.19.1.z–172.19.4.z
We’re assuming here that the subnet mask is 255.255.0.0 for all users, making it a nice, flat TCP/IP implementation. In this demonstration, you’ve allocated 254 IP addresses for servers and printers, another 254 for your marketing folks, about 700 for the sales people, about 500 for the IT people, and so on. It doesn’t take much to extrapolate how you’d fit the rest of your company into this design. You’ve done some very basic rudimentary subnetting. If you were to add a second network on the other side of a WAN connection, you’d have to add a second router (all WAN connections require two routers, one on each side), but you’d probably divvy up the network numbers in much the same way as in Table 3.2. Figure 3.1 shows what this network might look like; here you can see that users in Network B have to pass through two routers to Network A, then through the proxy server and the firewall if they need to get out onto the Internet. That sounds like a lot of traveling, but if the WAN connections are OK, it’s really no big deal. Thousands of networks are set up exactly like this.
Chapter 3
Designing a Windows 2000 Network Infrastructure
111
F I G U R E 3 . 1 : A dual network separated by routers
Internet
Network A Router Firewall
Proxy server Router
Network B Router
The problem with both of these setups is that they’re too flat. Everybody’s on one big flat network. There’s a lot of broadcasting going on, and though most internetworking specialists don’t allow routers to forward broadcasts, there’s still a lot going on within both networks. You probably do need to attend to this situation, trying to cut down the number of broadcasts. You can do this by using subnet masks to logically segment your network in a more granular fashion. Suppose that you’re going to use the same Class B private network numbers, but you’re going apply some unique subnet masks. You settle on 172.20.y.z as the network number of choice. If you choose not to apply the 255.255.0.0 subnet mask and instead opt to apply 255.255.240.0, you’ll only be allowed a range of 16 network numbers with your starting point number. Here are the allowed network numbers you could use with this particular subnet mask:
172.20.0.z–172.20.15.z
172.20.16.1–172.20.31.254
172.20.32.1–172.20.47.254
172.20.48.1–172.20.63.254
172.20.64.1–172.20.79.254
and so on, to the last range, 172.20.224.1–172.20.239.254
112 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
You could put Network A in the first network range and Network B in the second. You’ve logically segmented your users into categorical groups—subnets. When broadcasting goes on within a subnet, it doesn’t leave that subnet. Because routers don’t forward broadcasts, you’re effectively keeping the network traffic within a specific group isolated from another group. You could apply even more granularity than this—putting servers and printers in the 172.20.0.z–172.20.15.z subnet, marketing in the 172.20.16.z–172.20.31.z subnet, and so on, effectively isolating individual groups from one another’s broadcast traffic. This is true, provided, of course, that you’re using the 255.255.240.0 subnet mask. You have a problem with all this special subnetting, though. DHCP is broadcast-based. If you have a DHCP server on the 172.20.16.z subnet and a marketing person trying to get a DHCP lease from the 172.20.32.z subnet, it won’t happen! The 255.255.240.0 subnet mask keeps the marketing folks from broadcasting to the servers. You could handle this problem with a DHCP relay agent computer on each subnet that needed to participate in DHCP. Alternatively, you could simply set up a private Class A network, using a separate number for each physical network and a 255.255.0.0 mask. This would also effectively isolate each network from the other. Moreover, it’s easier to set up and much neater to implement. Remote subnets are somewhat different to design than regular LAN/ WAN-based networks. There are three categories of remote subnets to worry about. Point-to-Point and Multi-Point Connections Standard 56K and fractional T1 or full T1 frame relay connections each require their own dedicated subnet. Each router connecting the points must, of course, have its own static IP address. These circuits cannot be seen on public networks. X.25 Networks X.25 networks, which use packet-switching and multiple points, only require one subnet. Virtual Private Network (VPN) Connections VPN connections are not entirely “private,” although one side of the connection is, of course, definitely private. The other side is very public, as it is typically connected to an ISP.
Chapter 3
Designing a Windows 2000 Network Infrastructure
113
Measuring and Optimizing a TCP/IP Infrastructure Design In the early days of TCP/IP, a router wouldn’t support an unusual subnet mask like 255.255.240.0. You had to go with standard flat masks. But then came along the advent of Classless Internet Domain Routing (CIDR) and Variable Length Subnet Masks (VLSM) standards for routers. These standards provided ways that you could depart from a 255.0.0.0, 255.255.0.0, or 255.255.255.0 mask and use subnetting principles to break networks into logical segments. Single subnet mask networks, ones that use the masks just listed, are called class-based networks. In a class-based network, you can only run one subnet mask on the network, as in the example earlier in the previous section. But suppose you wanted to use the 255.255.240.0 subnet mask on one network and 255.255.192.0 on the other? Older router protocols would not support multiple subnets. The Routing Information Protocol (RIP) version 1 is an example of an older routing protocol that couldn’t support multiple subnet masks and hence wouldn’t be useful in today’s complex IP environment. Routers that support CIDR or VLSM—those running RIP version 2, Border Gateway Protocol (BGP), or Open Shortest Path First (OSPF)— allow you to run multiple subnet masks on a network. Look at the “subnet mask ruler,” as shown in Figure 3.2. Each network address has a network portion and a host portion. Class A networks use the first 8 bits, called the first octet, for the network address and then the last three octets for the host address. Class B uses the first two octets for network and the last two for host, and Class C uses the first three octets for the network address and the last octet for the hosts. We have a sliding scale here because if we’re using a Class A network address, we can get many hosts but not very many different network addresses. On the other hand, if we’re using Class C, we can get many networks, but not very many hosts per network. Using a subnet mask, you “borrow” bits from the host portion of the address. By sliding one bit to the right or left (which makes a profound difference in the decimal subnet mask), you wind up either adding or subtracting hosts and doing the opposite subtraction or addition with the amount of networks you can use.
114 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
TIP The CIDR standards help us out with subnet mask nomenclature because they allow us to use “slash” terminology instead of writing out full subnet masks. Since a Class A network with a flat 255.0.0.0 subnet mask has as its network portion up to the 8th bit, we can say that it’s /8 masked. The /8 implies the same thing as a 255.0.0.0 mask. For a Class B mask using 255.255.0.0, we’d just say /16 instead. And for a Class C we’d say /24 for a 255.255.255.0 mask. See http://public .pacbell.net/dedicated/cidr.html for a wonderful overview of CIDR.
F I G U R E 3 . 2 : The subnet mask ruler More hosts
255
.
More subnets
0
.
0
.
0
You can see that there is some sort of TCP/IP axiom at work in this illustration. If your network were to use the 10.x.y.z reserved network number (the one that’s not allowed out to the Internet), you’d have a wide variety of choices for subnet masks. The further to the left of the ruler you go, the more hosts you add; the further to the right, the more subnets you create. There are seven unique subnet masks, not including the 255 mask, and you should memorize them. They are: 128, 192, 224, 240, 248, 252, and 254. Here’s a quick non-binary ordinary math calculation you can use to figure out how many hosts and how many networks you’re going to get out of a unique subnet mask. We’ll start with a Class C example and then tell you how to make the formulas fit Class B and A. Suppose that you want to break your Class C reserved 192.168 network up into 8 subnets of 30 hosts apiece. How could you quickly calculate this? The math is very simple. Subtract the subnet mask you’d like to try. Let’s pick 224 just for grins. The math works out this way: 256 – 224 = 32. The 32 number is the number of hosts that you can use with this particular subnet mask for Class C. But you
Chapter 3
Designing a Windows 2000 Network Infrastructure
115
always have to remember to subtract 2 from this number, one for the network and one for broadcast. So you do the math: 32 – 2 = 30. This is the amount of hosts you can expect out of this unique Class C mask. But how many subnets can you create using this mask? Simply divide 256 by 32 like so: 256 ÷ 32 = 8, and you’ll wind up with the amount of subnets you can generate by using this mask. So, if we wanted to logically break up the 192.168.1 network into departmental units, for example, we’d have the following networks using the 224 mask:
Servers, printers, peripherals, etc.: 192.168.1.0-31
Marketing: 192.168.1.32-631
Sales: 192.168.1.64-95
IT: 192.168.1.96-127
Finance: 192.168.1.128-159
Legal: 192.158.1.160-191
Executive: 192.158.1.192-223
Reserved: 192.158.1.224-255
Remember that for each network you’d lop off two from the host range because you have to reserve a number for the network and a number for broadcast. These numbers would be the first and the last numbers in the host range. Got a Class B address instead? When you calculate how many hosts you have per subnet simply multiply the resulting number by 256. For example, suppose you want to use a Class B address with a 224 mask. Do your math: 256 – 224 = 32, 32 – 2 = 30, 30 × 256 = 7680. This is how many hosts you can expect per subnet using a Class B 224 mask. Notice that we subtracted 2 from every subnet involved. For Class A, you use the same math, but multiply by 512 instead of 256. Measuring how well you’ve implemented your TCP/IP rollout has mostly to do with routers. Internetworking people are going to be able to tell you if there are too many broadcasts hitting a router or if there are an inordinate amount of errors. This implies that the TCP/ IP design needs to be looked at again. The PING command, while
116 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
very useful on the Internet, isn’t quite as useful on networks. However, a PING time of more than a 100 milliseconds (ms) or so implies that there are problems on the network. As a general rule of thumb, well-designed networks usually don’t experience PING times greater than 10 ms. Network Monitor is a useful tool for measuring network performance. Good subnetting techniques using high-quality switch gear (and potentially VLANs) can eliminate lots of TCP/IP issues.
Integrating TCP/IP with Existing WAN Requirements When we talk about TCP/IP implementations, generally we’re talking about something more than a flat little network with a few hundred users. Typically you’ll run into legacy environments where there are geographic separations and the routers and frame relay circuits are already set up. The chore then comes in when you want to “re-IP” the network. In a situation like that, you could simply use one or two of the reserved Class C network numbers with a vanilla Class C subnet mask. But what about a more complicated little site, something on the order of the site in Figure 3.1, only maybe with one or two more networks connected to it? Take a look at Figure 3.3. F I G U R E 3 . 3 : Networking four geographic regions
ISP
Site A 2,000 users
Site B 500 users
Site C 750 users
Site D 1,750 users
Chapter 3
Designing a Windows 2000 Network Infrastructure
117
Figure 3.3 shows four sites separated by routers. The router at Network A has three ports and accepts input from Networks B, C, and D; the other networks each have a single port router that connects to Network A. Note the number of users on each network. Network A also has a proxy server, firewall, and a link to the company’s ISP. Now suppose that you’re going to use the reserved Class A 10.x.y.z network for your users. What would be the best way to apply subnetting so that your users were logically segmented and yet able to effectively work? Start by making things fairly easy. Select 10.1.y.z for Network A, 10.2.y.z for B, 10.3.y.z for C, and 10.4.y.z for D. The largest network is Network A with 2,000 users. You could opt to use the 255.255.0.0 subnet mask and have enough IP addresses to handle all of Network A. But that’s a flat mask and may not be the best choice for a geographically diverse network. A subnet mask of 255.248.0.0 would still supply ample hosts. Let’s take this a little further. What if Network A consisted of 1,500 office workers—people who were responsible for the care and feeding of the business—and 500 sales people? In a case like that, segmenting Network A even further by supplying a subnet mask of 255.255.248.0 would provide you with eight separate network segments in the 10.1.y.z network, each with 254 hosts. You’d use 10.1.0.z–10.1.6.z for the 1,500 and 10.1.7.z–10.1.8.z for the 500, effectively segmenting one group from another. Alternatively, you could simply enlarge your 10.x.y.z set to include 10.1.y.z–10.2.y.z for Network A, and use a 255.248.0.0 subnet mask to keep the clerical staff separated from the sales people.
Integrating Software Routing into Existing Networks Were you aware that Windows 2000 can be a router? If you are in an environment where you can’t afford a router, you can easily install Windows 2000 Routing and Remote Access Service (RRAS) on a computer with a couple of Network Interface Cards (NICs) in it, and you’ll have yourself a router.
118 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
You can use Windows 2000 RRAS to set up several different kinds of routers that use different routing protocols:
Routing Information Protocol (RIP) is very old and has been in wide use for 20 years.
Border Gateway Protocol (BGP) was designed for use within autonomous systems.
Open Shortest Path First (OSPF), a much more efficient protocol than RIP, was designed by the Internet Engineering Task Force (IETF) for the purpose of routing over the Internet.
Internet Group Management Protocol (IGMP) should be used when you need to do some multicasting, as in setting up NetMeeting connections or Windows Media Viewer applications. IGMP is designed strictly for use with multicasting applications.
Service Advertisement Protocol (SAP) is used on IPX-based networks.
Network Address Translation (NAT) hides internal addresses from external networks by translating internal addresses to public external ones.
TIP Despite all these choices, you’re probably going to need to use only RIP or OSPF, depending on the size of your network.
There are four kinds of routing methods at your disposal with RRAS. They are as follow: Static Routing With this method, you actually key in the routes to the other routers on the network. This works fine for routers and routes that aren’t updated very frequently. Auto-Static Routing This feature is available to you in RIP for IP, RIP for IPX, and SAP for IPX. You can set up your routers to perform a periodic request for an update to their route tables. Dynamic Routing Routers that use dynamic routing have algorithms that detect changes to the network environment and update themselves.
Chapter 3
Designing a Windows 2000 Network Infrastructure
119
Demand-Dial Routing Small office/home offices (SOHOs) use this kind of connection for times when they want to send e-mail or connect to the Internet.
Exam Essentials Understand and be able to analyze subnet requirements. Understand what subnets are and how to bring granularity to them with varying subnet masks. Understand the private (reserved) address ranges and how to use them in the network. Design a TCP/IP addressing and implementation plan. Utilize subnetting techniques with VLSM to introduce logical segmenting to the network. Be able to illustrate how to deploy such a plan. Be able to measure and optimize a TCP/IP infrastructure design. Utilize tools and techniques in order to gauge how well the network is segmented. Implement software routing. Utilize Windows 2000 as a software router. Discover existing WAN environments and integrate TCP/IP into them. Few designers get to put up brand new networks. Instead you wind up supporting legacy environments. Understand the routers that are involved and how to integrate TCP/IP into the existing systems.
Key Terms and Concepts Automatic Private IP Addressing (APIPA) A method by which clients can automatically obtain IP configuration information without requiring manual entries or using a DHCP server. APIPA uses the Class B 169.254 network address with a standard Class B subnet mask. Border Gateway Protocol (BGP) An Internet routing protocol that allows groups of routers in autonomous systems to share routing information.
120 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Classless Internet Domain Routing (CIDR) A new method of IP addressing that replaces the old Class A, B, and C scheme. A single IP address can be used to refer to several IP addresses. Internet Group Management Protocol (IGMP) A TCP/IP standard (RFC 1112) that details the routing of multicast traffic over the Internet. Open Shortest Path First (OSPF) A routing protocol developed using the link-state algorithm. Point to Point Protocol (PPP) A connection protocol that connects remote computers to networks. Private Reserved Range A range of IP addresses that are not routed on the Internet. Routing and Remote Access (RRAS) The Windows 2000 service that facilitates various remote access services (such as demand-dial and RAS) and routing services (such as RIP, OSPF, and others). Routing Information Protocol (RIP) A small, lightweight protocol that allows for routing between small- to medium-sized networks. Serial Line Internet Protocol (SLIP) An older predecessor to the PPP protocol. SLIP is a connection protocol that gets clients hooked to remote networks or the Internet. Service Advertisement Protocol (SAP) A NetWare protocol that is used to announce the services and addresses of NetWare servers hooked to the network. small office/home office (SOHO) A very small network. The standard SOHO has a little hub or switch, a few computers, a shared printer, and maybe some other peripheral devices such as a scanner or CD writer. Variable Length Subnet Masks (VLSM) The concept of a variable length subnet mask has to do with changing the bits on the mask to provide more hosts with less possible subnets or more subnets with less possible hosts.
Chapter 3
Designing a Windows 2000 Network Infrastructure
121
Sample Questions 1. What two routing protocols are installed by default with Win-
dows 2000 RRAS? A. IGMP B. RIP C. IGRP D. OSPF
Answer: B, D. Windows 2000 provides support for IGMP, but it is not loaded by default. RIP (version 1) and OSPF are the two default protocols. You’ll have to get third-party support for IGRP. 2. You’re going to use the reserved Class A network address in your
new network. What subnet mask will give you a range of 8 networks of 32 subnets and 4,094 hosts per subnet? A. 255.255.248.0 B. 255.255.224.0 C. 255.248.0.0 D. 255.224.0.0
Answer: D. You’ll have a range of 32 network addresses that you can use. You can have 8 networks consisting of 32 subnets apiece. You’ll have a potential for 16,382 hosts. 3. What is the “slash” terminology you’d use to stipulate a 192.168
network that uses a standard Class C subnet mask? A. 192.168 /8 B. 192.168 /16 C. 192.168 /24 D. 192.168 /32
Answer: C. The segmentation between the network and host addresses is at the 24th bit.
122 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
4. In order to support Variable Length Subnet Masks (VLSM), what
do the routers have to be able to support? A. BGP B. IGMP C. OSPF D. CIDR
Answer: D. Routers must be able to utilize Classless Internet Domain Routing (CIDR) in order to accommodate VLSM. 5. Two autonomous systems (groups) of routers must be connected
together using which routing protocol? A. BGP B. IGMP C. OSPF D. CIDR
Answer: A. A group of routers that share routing tables with one another is an autonomous system. Connecting two autonomous systems of routers together requires BGP.
Design a DHCP strategy.
Integrate DHCP into a routed environment. Integrate DHCP with Windows 2000. Design a DHCP service for remote locations. Measure and optimize a DHCP infrastructure design.
N
ext, we set our sights on what our Windows 2000 DHCP implementation will be like. Perhaps the biggest problems that new administrators run into revolve around TCP/IP: delivering to client computers the IP configuration information they need and providing name resolution services.
Chapter 3
Designing a Windows 2000 Network Infrastructure
123
Critical Information Ah, DHCP. What a wonderful tool for any administrator to use! Think of the time saved not having to manually keep track of every user’s static IP configuration entry. The computer does it for you, and does it well. DHCP has been in use on Microsoft NOS for a long time now. It is well-known and well-understood. New administrators must understand DHCP thoroughly.
Integrating DHCP into a Routed Environment In networks with WAN links going across routers, you might run into some interesting difficulties when you consider your DHCP design. Both DHCP and BootP have the ability to operate across routers, but the majority of the world’s routers have this capability turned off. DHCP and BootP are broadcast-based, message-oriented protocols. So what do you do with a router that doesn’t pass DHCP and BootP requests? You have two choices. You can either set up multiple DHCP servers or install the DHCP relay agent on Windows 2000 computers in each subnet. Either way will work, and there are pros and cons to both.
Designing a DHCP Service for Remote Locations The decision you make regarding the two choices you have on how to handle a router that doesn’t pass DHCP and BootP requests revolve around issues of money, connectivity, and configuration. Look at Figure 3.4. Here you see a site that consists of four geographically separated campuses connected by 128K frame relay circuits. Note that you’ve used the reserved Class A network with Class B subnet masks to effectively segment the subnets within each campus.
124 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
F I G U R E 3 . 4 : A simple network configured with DHCP
Site A (HQ) 10.1.0.0 255.255.0.0 1,500 users
Site B 10.2.0.0 255.255.0.0 1,200 users DHCP server
DHCP relay agent
128K frame relay circuits
Site C 10.3.0.0 255.255.0.0 1,750 users DHCP relay agent
Site D 10.4.0.0 255.255.0.0 1,300 users DHCP server
Now that you have your sites set up, you will want to begin doing some DHCP service within the network. This is a large network, with 5,750 users and an equal distribution of users across the campuses. So if the routers are configured to pass DHCP requests and even if a wellequipped single DHCP server could handle the load, it may not be realistic to have all of the DHCP requests coming across relatively slow wires to a single point. You have two methods of countering this difficulty: you can set up more than one DHCP server and do some scope-splitting for fault tolerance, or you can set up a DHCP relay agent. Multiple DHCP Servers and Scope-Splitting
In large networks, it might not be a bad idea to provide a localized DHCP server at each location. You could handle this in a couple of
Chapter 3
Designing a Windows 2000 Network Infrastructure
125
different ways. For example, working from Figure 3.4, you could place a DHCP server at each location and simply make the scope the appropriate subnet for each campus, as shown in Figure 3.5. F I G U R E 3 . 5 : Multiple DHCP servers in a network
Site A (HQ) 10.1.0.0 255.255.0.0 1,500 users
Site B 10.2.0.0 255.255.0.0 1,200 users DHCP server
DHCP server
128K frame relay circuits
Site C 10.3.0.0 255.255.0.0 1,750 users
Site D 10.4.0.0 255.255.0.0 1,300 users DHCP server
DHCP server
DHCP Relay Agents
If you need to avoid placing so many DHCP servers due to costs or manageability, you could install the DHCP relay agent instead. In the sample network above, you could install the DHCP relay agent on Windows 2000 Server computers in Campuses B, C, and D. Figure 3.6 shows this new setup.
126 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
F I G U R E 3 . 6 : One DHCP server and three DHCP relay agent computers in a network
Site A (HQ) 10.1.0.0 255.255.0.0 1,500 users
Site B 10.2.0.0 255.255.0.0 1,200 users DHCP server
DHCP relay agent
128K frame relay circuits
Site C 10.3.0.0 255.255.0.0 1,750 users
Site D 10.4.0.0 255.255.0.0 1,300 users
DHCP relay agent
DHCP relay agent
The DHCP relay agent isn’t a full-blown DHCP server, so it has to be configured with a pointer to its DHCP server. The DHCP relay agent requests a DHCP lease on a client’s behalf by sending a unicast message across a router to a DHCP server on the other side. The concept behind unicast is that a packet is sent directly to the host it’s intended for, as opposed to multicast where packets are sent to multiple hosts. Broadcast, of course, means that packets are put out there for all to hear and respond to.
Integrating DHCP with Windows 2000 Microsoft has done lots of work with regard to DHCP security. Doubtless you’ll be asked numerous questions on the test relative to these new features. Specialized DHCP Groups
We start with groups. A special local group, DHCP Administrators, is created for the purpose of allowing only certain individuals the ability to administer the DHCP scopes. There is also a second group, DHCP
Chapter 3
Designing a Windows 2000 Network Infrastructure
127
Users. The intent of this group is to populate the DHCP scopes with the user accounts of those who need read access to the DHCP scopes, such as your junior administrators or PC technicians and help-desk folks. Active Directory and DHCP Integration
Working with Active Directory (AD) presents some new challenges with respect to DHCP. Windows 2000 DHCP servers must be authorized in AD to be considered a valid DHCP server. This prevents rogue Windows 2000 DHCP servers from going online and giving out invalid DHCP addresses to users. A rogue Windows NT 4 DHCP server, however, could be brought online, and the Windows 2000 network would not do anything about it! There are two very special rules that need to be followed when setting up Windows 2000 DHCP. They are as follows:
Rule 1—The very first DHCP server you set up must be on a Windows 2000 DC or member server. At least one of the DHCP servers must be able to communicate with AD so it can read the list of authorized DHCP servers. You cannot have NT 4 DHCP servers on the network if you’re going to incorporate DHCP into AD.
Rule 2—All relay agent computers must be Windows 2000–based.
Both of these rules apply whether you’re in mixed or native mode. High-Availability Scenarios
Unlike WINS, there is no backup server for a DHCP server. Splitting up scopes mandates that you have at least two DHCP servers running in your environment. For example, suppose that you have a large single campus of 2,500 users. You could set up two DHCP servers in this single environment. Then you’d have the choice of setting up two different scopes—one for each server—or, more appropriately, setting up a single scope. On the first DHCP server, you’d put a reservation on half of the scope. Let’s say, for example, that you decided to use 172.20.y.z with a subnet mask of 255.255.0.0. You might go to the first DHCP server and set up the
128 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
scope with 172.20.1.0–172.20.15.255 and then reserve 172.20.8.0– 172.20.15.255. This way, the first DHCP server would only use the first half of the scope. Then you’d go to the second DHCP server and configure exactly the same scope, but this time you’d reserve the first half. If the first DHCP server goes down, the second can then begin picking up the slack. The tactic of splitting the scopes will work well across WAN links as well, as long as the routers are forwarding broadcasts. But in a situation such as that, Microsoft recommends that you consider not doing a full 50/50 split on the scopes. You might, instead, want to do an 80/20 split, with 80 percent being on the network that’s more heavily loaded. The goal here is to whittle down the number of requests that have to go across a slow WAN link. The concept behind a Windows 2000 cluster server is fairly straightforward: You provide two servers that are both dedicated to a single server’s function so that if the first server goes away for any reason, the second server sees the fault and performs a failover. Users aren’t supposed to see even a blip on the radar screen when the failover occurs; they can keep working. It’s wonderful that a DHCP server will work with a cluster server. But you’re probably not going to be inclined to set up a cluster server simply for DHCP. More likely, you’ll set up a cluster server for other critical apps that you have running on the network and then decide to add DHCP as well.
Measuring and Optimizing a DHCP Infrastructure Design Are there ways that you can optimize and tune your DHCP configuration? There are three different methods, the first of which has to do with tuning a single DHCP server. The other two have to do with steps that you can take across your entire DHCP implementation.
Chapter 3
Designing a Windows 2000 Network Infrastructure
129
Single-Server Optimization
Slow response from a DHCP server might be the server’s problem or the network’s problem. Since DHCP is message-based and the messages are tiny, there’s a good chance that, unless the network is absolutely saturated, it’s not going to be the slow part of this process. DHCP servers involved with other activities, such as Exchange, SQL Server, or file or print serving, can drastically slow down the response time of the server giving out a lease to a client. Here are some ideas you can use to spruce up your DHCP server’s capabilities:
Offload your DHCP server from any other activities other than providing DHCP.
In multiple-subnet environments, you can multi-home your DHCP server by installing two or more network interface cards (NICs) and pointing each to a different subnet.
Since Windows 2000 DHCP is multithreaded, it can use multiple CPUs: add a second CPU to your DHCP server.
Change out those old 7,500rpm SCSI hard drives for 10,000rpm drives running on a hardware RAID adapter.
If you have a gigabit backbone, add a gigabit-rated NIC to the DHCP server and put it on the backbone.
You can use Network Monitor to monitor DHCP traffic across your network.
Steps like this will greatly increase the efficiency and throughput of your DHCP computer. Increase Lease Length
Perhaps the biggest thing that administrators neglect to think about when designing DHCP deployments is the lease renewal time. What about that eight-day lease expiration time? In the days of cluttered networks, lease expiration times had to be short. But today, we can set up huge pools of reserved IP addresses for our scopes, and we don’t have to worry so much about the expiration of leases.
130 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Set Up Multiple DHCP Servers
By setting up more than one DHCP server, you do two things: you offload each of your servers so that they don’t have to work so much, and you keep DHCP traffic from crossing slow WAN links. DHCP can and should live on a computer all by itself, dedicated to the process, but you could also have WINS occupy the same server. It’s important in a setting like this to make sure that you provide an ample supply of IP numbers in your scope so that no one is in danger of their lease expiring and not being able to get a new one.
Exam Essentials Understand how to integrate DHCP into a routed environment. Understand why routers don’t typically forward DHCP and BootP requests and how to work around this. Know what’s necessary to integrate DHCP with Windows 2000. Understand how to integrate DHCP into Active Directory. Be able to design a DHCP service for remote locations. Be familiar with DHCP relay agents. Understand how to measure and optimize a DHCP infrastructure. Understand scope-splitting, DHCP on a cluster server, and lengthened lease times.
Key Terms and Concepts DHCP relay agent A routing protocol that forwards, in unicast, DHCP requests from a network that has no DHCP server to a network that does. Dynamic Host Configuration Protocol (DHCP) A common TCP/IP protocol that is used to automatically and dynamically allocate IP addresses and configuration information among requesting clients.
Chapter 3
Designing a Windows 2000 Network Infrastructure
131
IPConfig A TCP/IP test utility for Windows NT or Windows 2000 computers that yields the current TCP/IP configuration information for a given adapter. multicast The act of transmitting data in the form of packets to a select group of recipients. Used primarily in video or audio streaming, stock ticker programs, etc. Multicast Address Dynamic Client Allocation Protocol (MADCAP) A protocol that provides support for DHCP-based TCP/IP configuration of multicast clients. unicast Packets that are sent from a source to a single destination are said to be sent in unicast. WINIPCFG A Windows 9x utility that allows administrators or users of computers to determine the computer’s current IP configuration.
Sample Questions 1. You’ve been given a requirement to set up some training servers that
will have computer-based training (CBT) software on them that streams multimedia content over the intranet to students that request it. What DHCP protocol will the DHCP servers need to be configured with to use a correct delivery method? A. MADCAP B. MS-CHAP C. Unicast D. ADCAST
Answer: A. The Multicast Address Dynamic Client Authentication Protocol (MADCAP) is used by DHCP servers that are configured to provide multicast support. Remember that this protocol uses a special set of subnets, 239.253.0.0–239.255.255.255, for this work.
132 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
2. You have a site that is made up of two campuses separated by a geo-
graphic distance. There are two Cisco 1000 routers connecting the WAN circuit. Clients currently use statically entered addresses, but you’ve read about the DHCP server’s conveniences and have decided to set up a server. But when you set up your Windows 2000 DHCP server, clients in the other campus can’t seem to negotiate a new IP lease. What could be the matter? Pick the best answer. A. You need to add the new DHCP server to LMHOSTS. B. Clients must be Windows 2000 Professional workstations to
participate in Windows 2000 DHCP. C. Routers are configured to not allow DHCP or BootP requests
across their backplanes. D. The scope is not correctly set up.
Answer: C. While Option D is certainly a possibility and one that you’d check, the most likely answer is C. Routers are generally configured to not allow the passage of DHCP or BootP broadcast requests. 3. By which method does a DHCP client find a DHCP server? A. Multicast B. Unicast C. Broadcast D. Singlecast
Answer: C. Clients send out broadcasts when requesting DHCP services. 4. Why is it necessary to use a DHCP relay agent when DHCP clients
are separated by a router from the DHCP server? A. Routers cannot provide DHCP services. B. The DHCP protocol cannot talk to more than one physical
LAN segment. C. Routers cannot forward DHCP requests. D. Broadcasting across routers is typically shut off.
Chapter 3
Designing a Windows 2000 Network Infrastructure
133
Answer: D. Internetworking experts typically shut off a router’s ability to forward broadcasts. Some routers can be equipped with a helper address that acts as a pointer to a DHCP server. 5. Pick out two new features within Windows 2000 DHCP. A. It provides IP configuration information to Macintosh computers. B. Windows 2000 DHCP servers must be authorized in AD. C. Support is provided for backup DHCP servers. D. DHCP can supply IP addresses to multicast clients.
Answer: B, D. Windows 2000 DHCP servers must be authorized within AD. The design goal here is to prevent any rogue DHCP servers from coming on line and passing out IP configuration information that isn’t correct. DHCP can provide IP addressing information to multicast clients.
Design name resolution services.
Create an integrated DNS design. Create a secure DNS design. Create a highly available DNS design. Measure and optimize a DNS infrastructure design. Design a DNS deployment strategy. Create a WINS design. Create a secure WINS design. Measure and optimize a WINS infrastructure design. Design a WINS deployment strategy.
Have you ever been in situations where you had a network problem that you thought was enormously complex but it turned out that you had a name resolution problem with one of the name servers? Moving into the DNS environment, we add a whole new layer of complexity to the topic of nameserving. It’s imperative that you completely understand both DNS and WINS in your Windows 2000 work.
134 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
Critical Information Interestingly, even though a heavily modified version of DNS was incorporated into Windows 2000, WINS won’t (can’t) go away because there are so many applications out there that require NetBIOS name resolution. Yes, if your network was entirely Windows 2000 Professional and Windows 2000 Server equipped and you had no NetBIOS-reliant applications (effectively ruling out minor things like Exchange 5.5), you could dismantle WINS; however, this is rarely the case. So, let’s move on to cover name serving using not only DNS but WINS.
The Two-Fold DNS Design Process When you sit down to begin a Windows 2000 DNS design, you must think in terms of how it will integrate into your existing network and how you’ll apply the updated Windows 2000 security features to it. Creating an Integrated DNS Design
Up until now, it’s safe to say that the majority of DNS servers ran on Unix computers. But there are so many advantages to using Windows 2000 DNS that it’s very possible that many administrators will want to move their main DNS server services to their Windows 2000 servers instead. One advantage is the integration with AD. Wherever your AD database winds up getting replicated, there will be your DNS records as well. You can intermix DNS servers using Active Directory–integrated zones and regular DNS servers participating in standard zones. In fact, when you set up DNS on your Windows 2000 server, you can opt to make it a standard primary DNS server, a standard secondary DNS server, or an AD– integrated DNS server. Windows NT 4 DNS servers cannot integrate with AD, but they can participate as a secondary zone to a Windows 2000 DNS server. Make your primary DNS servers the AD-integrated ones and your NT servers the secondary ones. Creating a Secure DNS Design
Active Directory–integrated zones allow for very fine distinctions to be made among those who are allowed to manage the DNS database.
Chapter 3
Designing a Windows 2000 Network Infrastructure
135
Certain groups are automatically given administrative authority over the DNS servers, among them domain admins, enterprise admins, DNS admins, and the Administrators group. The Administrators group lacks Full Control and Delete All Child Objects rights, but retains great control over the DNS databases. An important decision is whether to allow dynamic updates to the DNS database. If you’ve enabled a DHCP server to dynamically update DNS, then Windows 2000 clients can update the DNS database, as can the DHCP server.
Secure Zone Transfers You can set up your DNS zones so that they transfer only to DNS servers that you designate. A screened subnet is one that lies between two firewalls—the private network is on one side of a firewall, the screened subnet is in the middle, and the public (Internet) network is on the other side of the second firewall. You’d encounter this kind of situation if you had a set of Web servers out in a demilitarized zone (DMZ), a semi-public, semi-private zone where Web servers can reside to provide Web services to Internet viewers but prevent access to internal networks. Creating a Highly Available DNS Design
Active Directory integration creates an environment where you don’t have as much to worry about in terms of DNS availability. But, it’s key that you target weak points in your site that may require a second DNS server and then set up servers at those points. You can then create Active Directory–integrated zones between these servers, or you can set up a primary/secondary zone replication scheme. A technique that might work well for you is the concept of delegated domains. Here’s how the concept works. Suppose that you’re an administrator for a company, LargeCompany, with a couple of different sites; let’s call them SiteA and SiteB. SiteA is pretty large and might very well merit its own domain: SiteA.LargeCompany.com. Ditto for SiteB: SiteB.LargeCompany.com.
136 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
What you can do is set up two DNS servers: one at SiteA and one at SiteB. SiteA will have as its primary zone SiteA.LargeCompany.com, while SiteB will have as its primary zone SiteB.LargeCompany.com. Then, each server will have the opposite server as its secondary. In a case like this, you’ve delegated the domain for SiteA to the DNS server at SiteA and vice versa for SiteB. Measuring and Optimizing a DNS Infrastructure Design
Several key components need to be looked at when considering the correct DNS infrastructure for your design. Perhaps the most important question you’ll have to ask yourself is whether it will be desirable to replace the BIND (Unix) DNS servers running in your Windows 2000 environment. This decision will drive everything else in your project. If it’s not acceptable for Windows 2000 to do the DNS work, that’s no big deal. The BIND servers will be the primary DNS servers, your DNS boxes will be the secondaries, and you can still have an integrated Active Directory server that feeds the DNS data into AD. The chart below shows some common BIND versions and the updated support they provide: BIND Version
Supplies
4.9.6 or later
Support for SRV records
8.1.2 or later
Support for a dynamically updated DNS zone database
8.2.1 or later
Support for incremental zone updates
8.2.2
Support for AD
If a DNS server is a standard primary server and it is out on the DMZ, then it might be very possible for someone to hack in and update or change the DNS tables, which would subsequently replicate to the secondary servers. You can fight this problem by keeping your primary DNS server in the private network and replicating only certain zones to the secondary DNS server in the DMZ. Since secondary DNS servers have read-only databases, they can’t be messed with.
Chapter 3
Designing a Windows 2000 Network Infrastructure
137
ZONE-REPLICATION SECURITY
You can handle zone-replication security in a number of ways. Perhaps the most risk will exist when transferring zone information across the Internet from one of your DNS servers to another. Microsoft recommends that you set up a VPN when sending data of this sort over the Internet and that you encrypt the data either through IP Security (IPSec) or VPN technology. On zone replications that take place inside the internal network, the best and easiest way to secure the replication is to set up Active Directory–integrated zones. This data is encrypted as it’s passed along and is highly secure. HIGH-AVAILABILITY SCENARIOS
Perhaps the easiest and cheapest method for providing highly available DNS is to provide lots of redundancy in your DNS design. This kind of technique requires that you think about your delegated domains, how you’re going to split things out among several DNS servers. A second question is whether you provide a backup DNS server at each site. For really important sites that require very fault-tolerant installations, you’ll want to consider a cluster server for your DNS installations. OPTIMIZATION AND TUNING OF DNS
The most basic technique you can use for testing how well DNS is doing is to PING a Fully Qualified Domain Name (FQDN) several times to see what kinds of response times you’re getting out of the system. You’ll also want to time reverse name lookups with NSLOOKUP so you have a feel for how fast the DNS box can respond to those kinds of queries as well. You can also use Performance Monitor to evaluate the performance of your DNS servers. A DNS object and several DNS-related counters are provided with Performance Monitor as soon as you install DNS on a Windows 2000 computer. To optimize performance, you can set up Windows 2000 DNS servers for fast replication. You’ll also want to make sure that the overall network infrastructure can handle what’s being asked of it. Routers with
138 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
10Mbps uplink ports cannot possibly perform well in 100Base-T networks that deliver the data faster than the routers can take it in. Finally, to speed up DNS requests across slow WAN links, you should consider setting up a DNS server to act strictly as a cachingonly server. Caching-only DNS servers do not host any zones of their own, but cache all lookup requests forwarded to DNS servers that do have valid zones. Designing a DNS Deployment Strategy
Certain key benefits from Windows 2000 DNS are not supported in older versions of BIND. For example, the SRV resource record wasn’t supported until BIND version 4.9.6 or later. Support for dynamically updated BIND databases wasn’t provided until BIND version 8.1.2. A relatively obvious concept, incremental zone updates, wasn’t provided until BIND 8.2.1. A visit with your friendly Unix DNS admin is in order so that you can ascertain exactly where you’re at in terms of BIND versions. Windows NT 4 DNS servers don’t support dynamic DNS updates, period, so in terms of backward compatibility with them, you’ll have to make sure that there is always a secondary server to your Windows 2000 primary DNS server. Neither BIND nor Windows NT 4 DNS servers support Unicode character sets, only ANSI. This could be a problem with foreign-language DNS implementations that use characters not found in the ANSI character set. If the chances are that you’ll encounter such sets, you’ll have to set your Windows 2000 DNS servers for RFC-compliance (ANSI) and avoid the Unicode issue. Some vendors supply non-RFC-compliant resource records in DNS. For example, suppose that a manufacturer of a voice card for fax systems decided to include a record such as Digital Synthesis Processor (DSP) in the DNS database. This is not a recognized record type. In BIND and Windows NT 4 implementations, zone replication would cease, stop, go kaput. But, through the magic of Windows 2000 DNS,
Chapter 3
Designing a Windows 2000 Network Infrastructure
139
you can instruct the DNS server to simply ignore strange resource records such as this. If you’re using BIND DNS servers and you decide to set up WINS forward lookup zones, your BIND servers will croak on the WINS and WINS-R records. The decision to use WINS as a forward lookup zone with Windows 2000 or Windows NT 4 DNS automatically indicates that BIND DNS drops out of the picture. Creating a WINS Design
The whole purpose of WINS is to resolve NetBIOS names to IP addresses by sending unicast messages across routers. When you design WINS servers, there are several things that you need to know: Pushing and Pulling Suppose that you have two WINS servers on the network. One of the servers has resolved several names and has dynamically updated its database so that it can continue to resolve these names in the future. Ditto for the other server. In such a situation, you should set up what is called a push/pull partner relationship. If the first server sends its contents to the second, that’s called a push. If the first server obtains the contents of the second server on its own, it’s a pull. WINS Proxy Agents Some (non-Microsoft) NetBIOS clients are not able to work with WINS servers, but require the capability of performing NetBIOS name resolution. A good example of such a client is a CD tower that uses NetBIOS but is not a WINS participant. Windows 2000 Computers Support Multicast WINS Server Discovery Windows 2000 computers have the capability of discovering new WINS server partners via multicast on 224.0.1.24. The default time delay between multicasts is two hours. Order of Name Resolution WINS uses the concept of a node type. These are hexadecimal numbers that you enter in DHCP scopes that tell the WINS client the order of name resolution to use. The most common type, node type H or hybrid node, will check a WINS server first, then check the local LMHOSTS file (discussed in the next section), then broadcast for the name.
140 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
H-Node Search Order NetBIOS cache on client computer WINS Broadcast LMHosts file Hosts file DNS You can check the current listings in your cache, plus obtain the timeto-live (TTL) for cache entries by simply going to a command prompt and entering the command NBTSTAT -c | more. LMHOSTS File In the \Windows directory of Windows 3.x or 9x computers and the \Winnt\System32\Drivers\Etc directory of NT computers, you’ll find a file called LMHOSTS. The file is very easy to use: each line includes the IP address of a server that the client may need to connect to, a tab, then the server’s NetBIOS name. You can install the WINS Server service on Windows 2000 domain controllers. These WINS servers are backward compatible with any Windows NT 4 WINS servers you currently have in your network, including acting as push/pull partners with Windows 2000 servers. Creating a Secure WINS Design
You can secure WINS servers very much the same way that you secure DNS boxes. If you have WINS traffic crossing the Internet, remember that the data is ASCII text and fully readable—probably not a good thing to have going out over a public network. You can get around this problem by setting up a VPN between your sites or by using IPSec to encrypt the data before sending it out. The internetworking (router) guru might have to do some firewall and router work to allow IPSec messages from one server to the other. In a screened subnet design, where you desire to allow Internet clients to be able to reference names registered with corporate WINS servers,
Chapter 3
Designing a Windows 2000 Network Infrastructure
141
consider making the WINS server in the screened subnet a pull partner with the corporate WINS server on the other side of the firewall. WINS servers can be put on a cluster for fault-tolerance purposes. Measuring and Optimizing a WINS Infrastructure Design
Microsoft has done you several favors in terms of tuning and optimizing your WINS deployment. There is a need for making sure that adequate performance tuning techniques are available for admins who need to use this system. These techniques are as follows. SERVER OPTIMIZATION TECHNIQUES
We start with the fact that WINS is now multiprocessor-aware. This means that you can either purchase a dual-processor system for each of your WINS server computers or, if possible, you can upgrade your current WINS servers to dual-CPU. A dual-CPU computer running symmetric multiprocessing (SMP)-aware apps can improve the performance and throughput of your servers. If you have hundreds or thousands of users hitting your WINS servers daily, consider upgrading the servers to dual-CPU boxes. Is your WINS box old? Then you’ve probably got some old SCSI drives running at 7,500rpm. You can do your system a big favor by replacing them with 10,000rpm SCSI drives. If your network infrastructure can support it, set the network card to 100Base-T full duplex. Make sure the switch port is set for 100-Full as well. Windows 2000 WINS servers support a new concept called burstmode name recognition. It counts how many requests the WINS server component is getting, and if the number exceeds 500 right away, the time-to-live (TTL) for the clients making and caching the request is set randomly anywhere between 5 and 50 minutes. Additionally, responses are sent back to the clients prior to actually writing the data to the database, thus slowing things down even more. Supply enough servers for the network to support all of its users without going overboard on the number of WINS servers you have
142 MCSE: Windows 2000 Network Infrastructure Design Exam Notes
installed. Too many WINS servers can create as many problems as not having enough. CLIENT OPTIMIZATION TECHNIQUES
If you extend the client renewal period, you’ll do your network a favor by not hammering it so often with WINS renewals, although Microsoft estimates that only about 1 percent of the network on a typical network is taken up by WINS. Lengthening this renewal period will likely not produce noticeable results unless you’re on an already cram-packed network, in which case you need to review your infrastructure. You can also provide multiple WINS servers for redundancy. Suppose that WINS server A is down when the client renews. WINS server B will pick up the renewal request and register the client’s name in WINS. Then, when WINS server A comes back online and a push/pull happens, WINS server A will also know about the client computer. Check the DHCP scope settings to make sure the node type is set to “0x8, h-node.” If it’s set to some other value, change it back.
Measuring WINS Server Name Resolution Performance First, you should be aware that when WINS is installed on a computer, a Performance Monitor object is added, and there are several counters that you can use to measure the performance of your WINS servers. This is probably the best and most factual way of ascertaining how loaded your WINS boxes are. You can also do a poor man’s test simply by measuring PING times. PING a NetBIOS name, and time how long it takes to return the reply. The