TechTalks Transcript
Where, When and How to Do NT/Windows 2000
 Judith Boettcher [JB] |
 Howard Strauss [HS] |
 Mark Poepping [MP] |
 Ken Klingenstein [KK] |
May 27, 1999
Audio
• Streaming
MP3
• Download
MP3 (Download
Tips)
JB: Welcome to the CREN TechTalk series for Spring of 1999, and to this session on "How, When and Why to Do NT/Windows 2000." You are here because it's time to discuss the core technologies in your future.
This is Judith Boettcher, your CREN host for today for our last session of the '98-99 year, for this session on NT (à la Windows 2000) and for this first TechTalk sponsored by Microsoft. As part of this session, Microsoft and CBT Systems have collaborated on a special NT training package that includes the beta of Windows NT 2000, and I invite all of you to spend more time on the Webpage after the session for more info on this.
I'm pleased to be here with Howard Strauss from Princeton, back in his familiar role as technology anchor. Howard is a well-known Web and all-around information technology expert. Welcome, Howard.
HS: Thank you, Judith.
I'm Howard Strauss, the technology anchor for the TechTalk series of technology Webcasts. The job of the technology anchor is to engage our guest experts in a lively technical dialogue that will answer the questions you'd like answered and ask those very important follow-up questions. You can ask our guest experts, Mark Poepping and Ken Klingenstein, your own questions by sending e-mail to expert@cren.net anytime during this Webcast. If we don't get to your questions during the Webcast, we'll provide an answer in the Webcast archives.
Yesterday, the Justice Department continued its questioning of witnesses in the Microsoft antitrust case. Edward Felton, a Princeton professor, and Microsoft lawyers were having a lively debate over whether the Microsoft Web browser was a set of functions (asserted by Ed Felton) or a collection of computer code (asserted by Microsoft). Is there anyone who can really understand what all this means, or who knows who is winning this case? Or even what winning this case means?
While these arcane points are being argued in Washington, DC, in Redmond, Washington, there is a more important battle being waged -- one that Microsoft is clearly winning. That battle has been to take over the enterprise servers at corporations, colleges and universities.
We've gotten used to the fact that Microsoft is the de facto standard for desktop operating systems. Most of us, however, thought that Unix and the operating systems from IBM and Novell could not be challenged by the likes of Bill Gates, who brought us the forgettable Windows 3.1 operating system and the quirky operating system named "Bob." Even Microsoft's first attempts at an enterprise operating system fell flat and paled in comparison to the more robust and mature offerings available elsewhere.
Only the brave and foolhardy relied upon the early versions of NT. NT, you may have forgotten, stands for New Technology, although it may seem silly to think of NT as being anything new today. But Microsoft has always been willing to play the tortoise to the hare and to slowly and persistently refine and improve their software and their market position.
No doubt, you now have at least one NT server somewhere on your campus. In the future, you'll inevitably have many more. But Novell, IBM and the purveyors of Unix in its many flavors are moving rapidly ahead with their own new and compelling versions of operating systems. Microsoft has joined the fray and upped the ante with its long-delayed NT 5.0, which has been renamed Windows 2000.
Windows 2000 (which we will still often call NT 5.0) is targeted not only at the enterprise server market, but also at the desktops that all of us use every day to do our e-mail and Web browsing. Microsoft's plan seems to be to have a single operating system for servers, workstations and the everyday machines used by our students, faculty and staff.
Windows 2000 is not yet released, but it is likely to be available very soon. There is no way you'll be able to avoid dealing with it. One way or another, it'll be running on every sum of your computers. And given its many new features, it is likely that it will be very advantageous for you to embrace it.
But what features does it have? Can it coexist with your existing infrastructure? And how can you go about deploying it? For the next 45 minutes (while you turn your attention away from that riveting case in Washington, DC), our guests will delight you with a discussion of Windows 2000. They'll tell you what it is and what it does, why you need to get involved. And they'll discuss four NT deployment options, one of which is bound to be just right for you. While we may never know who wins the Microsoft anti-trust case, I know that you'll win by getting a better understanding of how to deal with Windows 2000 on today's Webcast of TechTalk.
Judith?
JB: Well, thank you very much, Howard.
And we are very fortunate today to have two experts with us that have already been involved with gaining practical experience about deploying this new version of this new operating system. Our two experts are Ken Klingenstein from the University of Colorado and the UCAID Internet2 project, and Mark Poepping from Carnegie-Mellon University.
Ken has been active in national and regional networking since 1985, serving on numerous IT and networking boards, councils and advisory groups. Ken serves on the steering committee for the Coalition for Network Information and is a member of the CREN board of trustees. He has testified before Congress on networking, and regularly presents to professional networking and computing groups. Ken is now on loan to the Internet2 project to focus on the middleware initiative.
Mark Poepping is Technical Director for Systems and Network Development in Computing Services at Carnegie-Mellon, where he has responsibility for technical leadership in the development and evolution of the computing infrastructure on campus. This infrastructure includes the Andrew computing environment and project Orpheus, which is focused on engineering a Windows 2000 environment for full support within the Andrew environment. Prior to joining Computing Services, Mark managed the computing facilities systems group at the Software Engineering Institute.
There is much more on both Ken and Mark and their projects and their pictures at the Website.
Howard?
HS: Okay, Ken and Mark, what I'd like to do is just sort of set the stage for the questions we're really going to ask you later, just so that folks know where we are right now. And as I said in my opening, I said that Windows 2000 was going to be used for every kind of computer in all circumstances and anything. Does that mean that Windows 2000 is going to be the operating system that Microsoft is going to offer.
Hello? Ken?
MP: Well, we're just so terribly polite that one waits for the other!
I think that the answer really is that the current release is, you know, Windows 98 and the NT 4.0 stuff. And there are really a couple different versions of NT 5.0, or Windows 2000, that are going to be available.
One of them is Windows 2000 Professional and that is really meant to take the desktop. And then there are a couple different options on the server side. There's Server, Advanced Server and then there's the, I think it's called Enterprise or ComCenter (or something like that) that actually is for just various different sizes of computers -- both large multiprocessors, things like that, lots of memory.
KK: And Howard, I would think that Windows 2000 will be widespread on our campuses. I think since we do have embedded bases already of other operating systems, one of the key things for us to look at is interoperability and integration with our existing infrastructures such as Unix, etc.
HS: But if I understand what you're saying, Mark and Ken, it's that people who are running other versions, non-NT versions of Windows -- Windows 3.1, Windows 95, Windows 98 -- when they go to upgrade, they will have only one place to go, and that's going to be Windows 2000.
MP: Windows 2000 will supersede the stuff that's currently there. That's my understanding.
HS: Okay. Just one concern that a lot of people have about Windows 2000 (both in its server version and especially in the sysop version) is, is it going to take lots more resources? Are we going to need a much bigger computer to run this thing?
MP: Yes.
JB: That was simple!
HS: That's the short answer.
KK: It wants -- it would like to have about 111 megs of memory all by itself. It would like to have a large amount of disk space, so it is remarkably complex as a piece of software. And it places similar demands upon your hardware. It's also the case that, because they've redone the device drivers in particular in NT 5.0, that older hardware may not work under NT 5.
HS: I assume that information about that is available at the Microsoft Website. I mean, if you have some hunk of hardware, can you -- how do you find out if it's going to work before you actually try it?
MP: As with every other release today, there's a hardware compatibility list that you can pull off their Website anytime.
KK: But I wouldn't call this a mere upgrade.
HS: Okay, how soon is Windows 2000 going to be available? Is there a release date for the thing now?
KK: Internally inside Microsoft, they're talking about pumpkin season.
JB: Pumpkin? Hmm.
HS: Halloween. Yeah, it turns out that Princeton's colors are the same as Halloween, so that's something very familiar to us here.
KK: And pumpkins ripen at different times across the country, so it may be pumpkin season in deep south by the time that it actually gets out the door.
MP: I think the main thing that I have heard is, you know, they won't release it until they're comfortable with it. And they're comfortable with slipping the dates more so than releasing something which isn't ready.
HS: So despite the fact that it's called Windows 2000, it may not be around -- well, I think you're saying it may not be around on January 1 of 2000.
MP: Well, it may not be around before 2000. It's certain that it will be around in 2000. You know, it's one of those sliding scales. I mean, everybody who has tracked any release, you know, as you get closer to the publish dates, you gain more confidence exactly when it is. You're sort of a sliding scale. If you're six months away, you probably have a two to three month confidence in the slip factor. As you get to two to three months, you know, it may be a month or so.
JB: I'm sorry, Mark. Would one of you like to address the fact that there's an awful lot of beta testing going on right now, and there's beta releases available?
KK: I was going to suggest that even though it may not be released until significantly later, it's going to appear on your campus much sooner.
MP: Right. I think that's very important, that actually at this point, Dell and I think a few others will actually ship it. Beta 3 was released about a month ago and it is, I think -- probably Microsoft will tell you it's the broadest beta test ever. And you can actually get it shipped with a machine if you want. Just ask the manufacturer, and there are at least a few who will put it on there when they ship it to you.
HS: Okay, I can understand some people might use a beta version of, like, Windows 2000 professional, but are you suggesting that people actually use the server version, the beta version?
MP: I don't think anybody should ever use or depend on these things, but clearly there will be those who will get it and start working with it. And so that means it's very important in an IT organization to understand what this thing means, what's the whole environment?
It's not just grabbing a Windows box and dropping it in and letting somebody use it. There's a lot of enterprise services that are really made available through the full suite. And it's important that as you begin to experiment with it, you realize that, "oh, so this is the active directory." And there is Profiles and there are lots of other things which might, in fact, replicate or perhaps interfere with other infrastructure that you've already got in place.
HS: And will Microsoft make the beta version freely available? I mean, can anybody get a copy of the beta?
MP: As I understand it, sure, you can pull it off their Website now. I'm pretty sure there is a request for it. I think you might have to pay for media if you're going to get a CD.
KK: And again, I want to underscore the importance of IT organizations getting up to speed immediately on NT 5.0, because as it will appear on your campus, it has the ability to disrupt your existing infrastructure. And so it's very important to understand those pieces and make sure that it doesn't.
MP: And that actually is going to be the case with other operating systems as we move forward. I mean, Macco, SX, etc. -- there are going to be other machines, other operating systems, as they begin to leverage network infrastructure like directory services, DACP, Dynamic DNS, things like that. These are things which are beginning to find their way into OS's, and so they're going to depend on these things existing.
And anybody who's trying to provide a complete solution from the desktop to the enterprise services is going to provide options in those areas. So if you already have services that provide DNS (which, of course, we all do) and directory services (which some of us do) and other network services, then you've got this issue of, are they replicated? Are they cooperating, or are they in competition?
KK: Howard, I should mention under Truth In Advertising that I'm at Microsoft today, and there is neither a stack of thousand dollar bills sitting in front of me --
HS: Too bad, Ken.
KK: Or a low voltage running through the chair that I'm sitting in. So I trust the conversation will be neutral. But we've had two days of Internet2 briefings on a whole range of Microsoft research projects, including NT 5.0, and one of the questions that we've just left Microsoft with is what do we need to turn off in order to make sure that we're safe on a campus? And what is shipping turned on that we may want to urge our users to turn off until we know how to accommodate it?
JB: Oh, those are some good questions. So are you going to come to some of those, building a list of those kinds of things as part of your projects on your campus?
KK: I think so. Microsoft has been very willing. I think it's important to note at the outset that the involvement of higher ed in NT 5.0 -- both through the pilot projects at MIT, Carnegie-Mellon and at Boulder, and then through this I2 meeting -- Microsoft has been quite open in their engagement with higher ed to make sure this works for them. And they intend to develop a number of deployment strategies and documents which I think will serve us well.
HS: Is Windows CE clearly affected by Windows 2000? Is it going to pick up some Windows 2000 features, or just become Windows 2000 Junior?
MP: Windows CE is actually a separate development train. It's the auto PC stuff. It's the hand-held -- the palm -- and then the embedded stuff.
And so far, I actually haven't seen a lot of literature on integration with Windows 2000 Server or I'm sure there will, of course, be the synchronization issues. With Windows 2000 Pro, you can run the CE software on Windows 2000 that works today. But it is really a separate development train.
By the way, I did find you can get the beta for 20 bucks just ordering it on site.
HS: Okay, a lot of folks are well aware (and I mentioned it in my opening piece) that Windows NT 5.0 has been delayed for quite a long time. And some people have said, "Well, that's because it's really just not stable." Are there special features or new features that have been added to Windows 2000 to make it more crash-proof.
KK: Mark, do you want to take that?
HS: I thought that Judith and I had the problem.
MP: Well, I mean, it depends on what you're comparing it against. I mean, NT to start with really had memory protection and a lot of the -- you know, all of real OS features that can sort of try and protect a single device driver from messing you up. Even today, I know if you talk to the Microsoft folks, they'll tell you that most of the bug reports they get really aren't their code. It's somebody else's drivers trying to work with their code.
But it certainly is more crash-proof than Windows 98 or any of the DOS-based stuff because you have real memory protection and you have driver development environments. You don't have program provability and all that other kind of stuff, which can really end up protecting you.
But you know, I've had Windows NT Server basically running at home for over a year and it really has only crashed a few times. It really is every bit as good as the Lenix box that I've got. Of course, I'm running a different set of things between the two of them, but you know, it just depends upon what you're trying to run and what the services are.
Certainly from an OS level, it's far more robust than anything else that Microsoft has put out before, and far more robust than a lot of other operating systems that I choose not to name.
KK: And that's a fairly remarkable accomplishment, given the scope and complexity of NT 5.0.
MP: Yeah, clearly the number of services and the breadth of what it's trying to do -- particularly in terms of the integration of ITF standard protocols and whatever -- it's a huge undertaking.
JB: Maybe we should expand on that comment just a little bit, Mark, and that is just -- you want to expand on what networking standards and protocols are being incorporated into the system?
MP: Well, some of the things that it relies on, of course (and this sort of comes back to the comment I made earlier about Microsoft providing actually an enterprise solution), so one of the knocks that they've gotten also is, you know -- "embrace and extend" is that catch phrase.
So if you're designing an enterprise operating system and you want to try and use Internet standards -- say, LDAP is one of the things, Kerberos is in there, DNS services, DHCP, Dynamic DNS, there are QoS types of things for RSVP and others -- you know, the difficulty is if you are actually designing this code to bring it all in, you're going to try and integrate all this stuff.
The tendency is to want to make changes to make it fit together very well. The problem with doing that is that it makes it difficult to sometimes interoperate with a standard that exists or an implementation that already exists somewhere else.
So for example, a lot of us have Kerberos -- stock MIT Kerberos KDC out there -- and Windows 2000 comes with Kerberos. It supports Kerberos and it's one of the great tag lines on Windows 2000. However, the implementation of Kerberos is more along the lines -- or it uses a specific feature in the way that DCE did, and they stuck some authorization stuff actually into the stuff that Kerberos passes around.
So you actually can't directly use an MIT KDC for Windows 2000 authorization. There are some things to work through that, but there's work to be done in order to make that actually work out OK. So if you don't actually have a Kerberos KDC, this isn't an issue for you. But if you do, it certainly is an issue.
Likewise (I can go on for a while) but likewise for LDAP services. If you already have Enterprise Directory, Windows 2000 comes with what's called the "Active Directory," and it also does LDAP on the wire. That's really great. The difficulty once again is if you've already got an enterprise LDAP service, you've got to try and figure out how you're going to try and share some of this data. Are you going to replicate these things between your existing LDAP service and AD or are you going to try and do something else?
KK: Mark's example about Kerberos is quite interesting in that we just finished a couple-of-hour discussion with Microsoft over their use of Kerberos. And they have stayed within the RFC, but pushed every available envelope within that, and they've taken Kerberos farther along than anybody in higher ed has done. That's wonderful, and at the same time, that causes compatibility issues.
HS: It sounds like there's an awful lot of new stuff in Windows 2000, and so it sounds to me like people are going to need lots and lots of training. Are there some training opportunities that you folks are aware of?
MP: Well, there is the stuff that you guys put together -- that CREN put together along with Microsoft and CBT, I think.
JB: Yes.
MP: So I actually haven't seen those materials, but that's a good start.
There are also, you know, the TechNet stuff. There's the Tech Ed conference that's actually going on this week, and there is the developers' conference in the fall -- every fall -- that generally has a lot of really, really useful information.
But as far as specific other training, you know, there's all of the Microsoft certification stuff which is probably a little ways off yet. I'm not sure of the timetable on that.
HS: All of our campuses today have all kinds of stuff on them. In fact, if anything, universities are known for having one of everything out there. How's Windows 2000 going to fit into this kind of heterogeneous environment that we have today?
KK: Again, Windows 2000 is pretty much envisioned as a complete solution, so if you happen to have existing pieces of infrastructure such as a KDC or an LDAP, then you've got some fundamental design issues to consider about how you map out your domain name space in a way that creates an NT domain that can be dynamically managed and still statically manage your larger domain.
So I think there's some key design issues that we're going to have to think through. As Mark said earlier, the directory structure is another place where we need great thought about what is the primary directory for the campus and what's fed-in information from the primary directory to, let's say, Active Directories.
MP: I think that the issue (just to add a little bit of technical detail to what Ken said) the issue is that the name registration of particular desktops -- the net BIOS naming and whatever, a lot of that stuff, the network neighborhood issues, how do I find things? That stuff is all done through Active Directory.
So there is enterprise information about names -- user names and organizations and all of that -- that's in there, which is fairly static. But there's also a lot of dynamic information about a system that boots. What's it's name? It tries to register a net BIOS name basically by doing dynamic DNS after doing a DACP to get an IP address, and then it tries to say, "Well, I'm Poepping and I want to register my name as being whatever IP address I happen to get this time around."
KK: And this issue of fitting it in with the existing infrastructure doesn't just apply to, let's say, Unix based services, but in NT 5.0, they've cleared up a whole lot of clutter from previous versions of NT.
But that means the NT 4.0 to NT 5.0 transition needs to be handled fairly carefully on campus so that the NT 4.0 machines know where to go when you've installed your NT 5.0 subsystem.
HS: Well, does that mean they won't coexist? I mean, can people not have NT 4.0 and NT 5.0 running in the same campus?
MP: Actually, from what I've seen, it appears that it's more concerned -- NT Windows 2000 is more concerned about making sure that that compatibility is there than removing those services if that compatibility isn't needed.
So it's sort of hard to not have the compatibility stuff turned on, and in certain areas, I certainly would like to have it off.
JB: It sounds as if it's a good thing we're talking about it, because it sounds like there's some real cautious planning that needs to occur as the transition is occurring. Would it be fair to ask just where is the best place to begin deployment on campus? Is that an answerable question?
MP: I think maybe we should take that one aside -- ask Ken to talk just a little bit about these various deployment options that we had talked about and we talked about a little bit on the side. And so maybe if you want to chat a little bit about that, Ken, then we can try and fill in, because I think that will lead a little bit to your question, Judith.
JB: Okay, and Ken, just before you do that, let me just remind our listeners to go ahead and to send their questions in to expert@cren.net. Back to you, Ken.
KK: Thanks, Judith. As Mark suggested, we've thought through some deployment strategies and we've identified a minimal strategy which makes sure that the NT 5.0 machines do not break the existing infrastructure, but you can have a happy coexistence.
JB: That sounds like a good thing to do!
KK: And it's certainly a starting point, and one that one needs to think about today as the beta copies roll out the door.
MP: Yeah, clearly it's something that you cannot avoid unless you're going to ban NT 5.0 altogether, which, you know, I don't expect anybody will be able to do.
KK: The stage, or the next level beyond minimal, is a basic deployment where you begin to integrate the core authentication services in NT 5.0 with your existing authentication services. And that may mean both Kerberos, PKI -- there's Smart Card support inside NT 5.0, so you might want to be doing that. You may also trot in some uses of Active Directories and integrate them with the existing directory structures. You might step into authorization, though that's a very difficult area for us at this point.
Beyond basic, there's a full deployment model where this is a full part of the infrastructure. You find all of the native services inside NT 5.0 working fine. Across campus, you've set up a campus-wide file and print environment, etc. And then there's, again, under the Kitchen Sink philosophy, there's a number of extended tools or an extended deployment which would make use of distributed authoring and versioning components inside NT 5.0, using Com services, Web tools. There's just a whole raft of very seductive components inside the system.
MP: Yeah, there are a number of networking options for NAT routing, Quality of Service, RSVP types of things that are actually built in, layered into Windows 2000.
KK: It should be noted that you can't deploy everything, in that "all of the above" is not an option any more than it is in other technology areas.
There are pieces of the Internet environment today where the left hand and the right hand are working independently. And so if you try to bring all those together -- for example, there's an IP SEC component inside NT 5.0. Very attractive, gives you protection on the wire for a lot of forms of communication. But you can't use IP SEC and desktop video, for example, and use IP SEC and some other features.
So even in the extended model, you're not going to check all of the boxes because they don't all work together.
MP: Right, and that's really part of dealing with a lot of the different features. I mean, there are several interesting interactions between the Windows terminal services -- type services -- and just your basic productivity suite, Word and Excel and things that you might otherwise expect to do.
So the other thing I wanted to add on those four featured or four different phases or options that we'd talked about is that from the user's perspective, a minimal deployment basically means that you can run Windows 2000. You get it, you buy it, you drop it on your desk, and the IP police aren't going to come and disconnect you. So that's sort of the perspective from that side.
In terms of Basic, with you adding the authentication, that might mean that you really end up with a single password. You might actually have some support for rolling profiles, things like that.
From a Full Deployment perspective, well, that might mean that most native services actually work like they're expected and maybe they're even supported by somebody. And Extended, of course, if you can do all that cool stuff that you see on TV.
HS: Before we go and explore some of the details of these four options, we have a couple e-mail messages. One, a very short one, comes from Hugh Costello, and Hugh says, "Did I hear correctly, that an NT 5.0 client will need 111 megabytes to run?" Could you respond to that?
KK: I don't think it needs 111 megabytes, but it would like it.
HS: I think that's just going to get us more mail from Hugh Costello!
MP: The smallest systems -- I have actually tried to reduce systems to see what it does. But you know, Pro actually works pretty well on a 233 laptop with 128 megs of memory. I mean, it's appreciably reasonable. I don't know what that means, but it's plenty fast. And, you know, it works fine.
I don't know whether you can reasonably take it to 64 and expect that it's going to do very well.
HS: So should our NT machines have 128 or should we be sure to have 256 meg of memory? What should we put on machines that we know are going to run NT?
KK: A lot. I would use a quote here from Nathan Mervil (who's the Chief Technology Officer for Microsoft) who says, "Software is a gas. It expands to fit whatever container you put it in."
HS: Right. Unfortunately, you have to pay for the container, and I think people are concerned --
JB: We have to watch the memory chips again!
MP: I think for the most part, you know, we're kind of recommending 128 as kind of a base config, and I think that'll run it.
HS: Okay, we have another question from Richard Danielson at Laurentian University, and Richard says, "I'm getting the impression that it will be easier for universities further behind in development to move into Windows 2000 than it is for those who are already ahead. Is this true, and if so, how far back is best?"
MP: Well, as in anything, I think that a lot of it depends upon the size of your legacy. And we actually have joked about that a fair amount -- that the bigger jumps and the fewer that you can make, the easier in many cases that that can be. But frankly, we have portions of our university which are further back and further up, so maybe that's the best of both worlds.
HS: Okay. In your four scenarios, obviously all of them involve some kind of migration from where-you-are-today to some form of NT. Could we talk a little bit about the migration paths, like the migration paths -- I think you mentioned a little bit about NT 4.0 to NT 5.0, and maybe you want to talk more about that, but also what about folks who are in Windows 95 or 98 and go into Windows 2000? Or people who are using the Novell operating systems to replace them with NT?
KK: Mark, do you want to start that one?
MP: Well, I guess I want to go back a little bit to the point of right now: we're pretty much concentrating not so much specifically on replacement as trying to understand exactly how well it fits in. And then you deal with it on a service-by-service basis.
If you specifically want to replace something, then you still have to look at it on how are you depending upon this other environment, and how might you rebuild that environment using Windows 2000? So there's the client side and then there's the server side.
So from the client side, there are -- you know, you can upgrade from 95 or 98 to 2000. The software -- basically, you pop it in and it will do an upgrade and it will leave your data in place. Exactly how well each of the applications works under that scenario is a bit of a crap shoot. Sometimes also the upgrade itself is a little bit -- you know, it's not quite so clean because it ends up leaving things in certain places. And there are compatibility modes for, say, where the profiles and preferences and things are, or how many you have for the particular machine that you're logging into and stuff.
On the server side, I think (just going back to the point that I made before about if you rely on NetWare for printing and for file services and/or for NDS directory services) you need to look at each of those and figure out, are these things that I actually want to migrate or not? And if I do, how would I do that in a Windows 2000 environment?
I should add that Microsoft clearly has information and white papers on how to move from NetWare to AD and Windows 2000, and I'm sure they would do the same for any other server operating system that has market share.
KK: Mark makes a good distinction there in considering the client and the server differently.
On the client side, I would think that because it cleans up a lot of the mess from NT 4.0 that you really want to look for applications that have the logo on it -- that the Windows 2000 logo is a certification by Microsoft that the application is reasonably well-behaved, and as Mark said, that the preferences etc. are stored in the proper locations. So on the client side, I think for applications, you may need to make sure that your applications are Windows 2000 certified.
On the server side, Mark again was right on -- that you really want to go on a service-by-service basis through the set of services that you offer. And this is where that earlier question about if you're not offering a lot of services today so that you don't have to worry about the interoperability, then Windows 2000 gives you a huge leapfrog forward. There's a public key certificate infrastructure there, and few campuses have one, so there's a real strong temptation to use the one inside Windows 2000.
As always, Windows 2000 is a tightly coupled system. And so once you get into it, there's a strong temptation to continue to use other services within Windows 2000 because they work well together.
MP: And it's very difficult to plug in alternate implementations which seem like they should be unpluggable. It comes back to part of the operating system argument (which is part of your introductory comments at the beginning), and I don't think we want to debate those here.
JB: So we're coming up with an interesting point here about the distinction between the client and the server applications and then also the types of servers and services that an NT manager may want to offer on his campus.
In terms of the initial implementation, in terms perhaps of insuring that you don't break anything that you already have fixed, is there one particular service that is easier to "get started with" than any of the others?
MP: I think that the technical people that you have are going to be able to look at this stuff. They need to have it in a lab area. They need to begin to set up some of these services and then see how they interact. They need to take a look at what MIT's site says about things that they've learned. You look at Colorado, about what they've learned. You look at CMU, about what we've learned. And try and come up with an idea of how you're going to put these services together in terms of, you're going to set up a little environment, you're going to see what it does, and you're going to try and figure out, "Well, which am I going to rely on? Which aren't I?"
Part of, again, the idea of these four different ways of deploying it are just four different levels of how much you're going to depend on it. And you may easily start with one, go to two, and decide, hey, for these other services, I don't want to have my enterprise directory (if I have one) to be on AD, you know? AD is going to have to be there in order to operate my Windows 2000 environment, I'm going to use it for that, but I'm going to replicate data into it. I'm going to do add-user via the same existing staff outload of -- you know, they add users, they're not going to add it using Microsoft tools to Active Directories, so I'm going to get some dump from the mainframe that these are all the new people. I've got to figure out where that data flow is.
HS: By referring to this thing called AD or Active Directories, could you tell us more about Active Directory? That sounds like a new thing for most of us.
KK: Active Directory is the centerpiece of NT 5.0, and part of the clutter-cleaning that we referred to earlier is to move outlying storage and file components into AD.
And if you have a limited amount of time to study NT 5.0, begin with AD. Inside there is the security model, the account management, all of the services. DNS keeps its records inside the Active Directory. So the Active Directory is the centerpiece of everything.
JB: That sounds like a really important --
HS: Could you tell us just a little more about it?
MP: Well, I guess one of the things that might be worthwhile is that Windows 2000 really is moving in the implementation of what the Burton Group many years ago had called the "network services architecture." So you've got directory services, you've got file services, you've got print services. And you get these things through the network.
So what does AD actually do? It's rolling together your password file and it's rolling together your where-are-my-service-and-location, where are my printers? It's rolling together what-are-all-my-operating-systems? It's an inventory of the systems that you've got, the users that you've got, things about all those users, things about all those systems. It's the centerpiece for controlling the Quality of Service that's delivered, if you choose to use it this way, Quality of Service that's delivered across the network.
It is clearly, as Ken said, it's the centerpiece. And the basic underpinnings on the wire are using LDAP, so it's an Internet standard on the wire. The interfaces to it are what's called ADSI, the Active Directory Service Interface, and that's how you actually would do software development in order to interact with it.
KK: In addition to your printers and your hardware and your users and your services all being located inside Active Directory, it's also a place where all the group information is kept. So most of the logical couplings that you want to do across a campus will be done through Active Directories.
MP: It's a way of shifting from the existing model of when I want to find a printer, I do a broadcast location, looking for this thing. I basically change that to just looking it up in this directory to try and figure out where it is.
So in the NetBIOS in the existing model, when I want to find a machine or when I want to tell other people who I am, there's a lot of broadcast traffic going back and forth. In this case, with Active Directory, there's a registration and then a lookup. So it's a slightly different model.
HS: Another term I've heard with respect to Windows 2000 that was new to me was something called IntelliMirror. Could you tell us a little bit about IntelliMirror?
KK: Mark, do you want to take that?
HS: Don't fight over this one!
MP: Well, IntelliMirror is -- There actually are a lot of really, really good white papers on -- this is to put in a plug for Microsoft's Website, there are a lot of really good white papers in it and there is one in particular on IntelliMirror.
And IntelliMirror is really the marketing term -- it actually has changed definitions several times over the course of the last two years since I first heard it, but it sort of incorporates technologies that take care of the rolling profile stuff now, application validation.
So if I move from one machine to another, I log into another machine, my profile information gets delivered. My desktop, my applications are supposed to run there, so it's a set of technologies that ostensibly enable that sort of portability of users. We called it nomadic users, actually.
Exactly how well that works, we really haven't had a whole lot of chance to experiment with that. One of the difficulties in particular of the timing of this particular talk is, as you said, beta 3 really has only been out for a few weeks now. So a lot of the initial reactions that we've had over the last year, we haven't really been able to go back and re-validate some of that stuff.
KK: And in IntelliMirror and in other features such as the Zero Administration Workstation, ZAW aspect of NT 5.0, you see Microsoft making a concerted effort to reduce the cost of management to address issues like version control, the roaming profiles, remote backups, remote desktop management. There's a whole lot of features in each of those areas coupled together.
HS: Okay, we have a question from John Mirtz at Wesleyan University. He actually has two questions here. He's trying to sneak two questions into one e-mail, which I think we'll allow today. What he asks, he says, "From an end-user perspective, what are the reasons to move from Win 95/98 to Windows 2000?" That was his first question. I'll give you the second question after you talk about this?
JB: Well, why don't we ask the other question? Oh, I'm sorry. You go ahead. I jumped in too fast. Go ahead, Ken?
HS: That's okay. Ken?
KK: Well, let's see. First of all, on most campuses, we're not in charge of when and where users move to. So, again, this is inevitable in some sense. This is also likely the future direction of all Microsoft products, so there will be feature sets and applications that really will want NT 5.0, and I don't think it's resistible.
MP: Yeah, I think it's a leading edge sort of -- I don't know whether it's trailing edge, but leading edge and mainstream kind of issue.
We're going to end up with both of them, so from my perspective, I'm going to have both of them for a while and I'm not going to be able to tell people necessarily what to do, and it's okay for them to run whatever fits into the environment. So if it works, I'm going to try and figure out what are the main environments that people are going to want to try and use -- make sure that we can provide some reasonable configuration information to make them play nice. And if we can try and support them because they will be excessively valuable to people, really valuable, then that's where we go on to the extended or full support or extended support.
KK: And the inverse question is interesting as well. End users will do it because it's the latest and greatest, but I think there's incentive for the central IT organization to also move to NT 5.0 because of its management capabilities, because of its reduction of clutter.
MP: Right. And as you said before about the robustness of the OS itself, the features that are there, the games actually will work on this NT, that kind of thing.
HS: Okay, John's other question was -- I guess we're going to get a lot like this -- he says, "We heard about the memory (Ouch!) What about the processor speed?" I think he's saying how robust a processor do we need to run NT?
KK: Well, as Mark said earlier, 233 megahertz probably is adequate. It may not be so much what you need to run NT, but with all of the advanced applications that will be built on top of NT, how much multitasking you're going to be doing because you have new capabilities.
MP: And I have, you know, a 180 that doesn't do very well running Windows 98 now either, so I'm not sure how low you want to try and go. Clearly, you know, with what's out there, in terms of what's installed, a lot of that stuff is just going to be very painful to run Windows 2000, but that's the nature if people want to sell hardware and the gas that is software, right?
KK: One fortunate aspect of this is that some of that old hardware wasn't Y2K compatible anyway, so we needed to get rid of it. So Y2K and W2K have a certain coincidence to them.
JB: Then this says that maybe we do want to put the beta on our systems before January 1 then? Anyway, yes.
KK: That won't fix the NetBIOS issues.
JB: Okay. I'd just like to remind our listeners that we're close to closing here. If you have a final question, we'll fit it in very quickly. Howard?
HS: Okay, and if we don't answer your question on the air, remember that we will answer it anyway and you'll see the answer in the archive.
Yes, it's kind of amazing that we are, I think, according to my clock two minutes past the end of this Webcast and we have many, many more questions to ask. We're just going to try to sneak in a few more, though.
MP: I did notice the last one, Howard. Unfortunately, I'm reading e-mail at the same time. But one of the things that's probably worth adding quickly is that there are specific interoperability add-on packages called "Services for Unix" and "Services for Macintosh," so while I personally have not experimented with those too much, you know, -- END OF SIDE A�
MP: -- also for Unix, I think there's an [inaudible] and a few others. I would encourage people, if they're very concerned about some of that, to go ahead and take a peek.
Again, it's one of those encouraging people to use Windows 2000 at the center. So these are all services that will allow you to replace whatever Macintosh or Unix servers you have with Windows 2000 and you can have your clients talk to this stuff. That's generally the way these things are structured.
KK: And an important point to note in those compatibility issues is that Cisco has said that they're porting Active Directory over to Unix.
HS: Okay, you've talked about these four different options, and you also said that people should get the beta versions immediately. But in terms of universities thinking of production Windows 2000 deployment, when do you think universities should be targeting that? And for your four options, what level of effort do you think it's going to take to actually make this thing work?
KK: Whew! Well, again, I think for the minimal option, we have no choice but to do that. The best defense is a good offense, and I think that that's what really applies here. Time frames are hard to say. I think that leading edge campuses will find that their user base is frequently way out in front of them, and so they're going to have to scurry to get the wherewithal inside the [inaudible].
MP: Right, and particularly, one of the issues with the directory services itself -- the nature of a directory. A directory is all about naming, and so if you end up with a couple of different name spaces popping up on campus, the interoperability of those things is going to be -- you know, we had a TechTalk a couple of weeks ago talking about some of that. And I think that it's very important if you haven't already started thinking about that, you need to think about it and need to consider the ramifications of Windows 2000, the Active Directory in that context.
So it may be that AD is your central directory service, but I would expect that for most larger campuses or most campuses who have already begun to work on actual directory interoperability that it's going to be something that is going to be on the side. It's going to be a directory that's there to operate Windows 2000 and it's going to be exchanging data with your enterprise directory.
KK: And again (identifying some of the benefits of this), many of us who are running Exchange and Outlook have problems with getting our existing directory information into directory lookups inside Exchange now. We're going to have to have separate directories for that. In the new version of Exchange, which is called Platinum, it uses Active Directory as its directory service, which is a wonderful way to reduce the clutter of directories.
HS: Okay, this has all be very interesting. I wish we had more time to ask more questions. The one last question I'd like to ask, one that we could perhaps end on, is where can people find out more about NT -- both about training, installation, configuration, etc.? Where do folks go? (Once, of course, this Webcast is over.)
MP: The place to start, I would say, is www.microsoft.com/windows, and off of there, there's a Windows 2000 link. Also, there is the campus link, which I think you have a pointer to on the CREN site.
JB: Yes, in fact, I think the URL you just mentioned is also up on our Website there, Mark.
MP: And there are also links to MIT, Colorado and Carnegie-Mellon's efforts on there. And I presume, I expect that there are contact names through those so if you have any issues with those folks, there may be some assistance that could be offered there too.
JB: Right. And obviously we want to invite everyone to take a look at the NT training package that was put together and that includes a nice resource kit that is available free from Microsoft, so that's a good place to start as well.
HS: Okay, Judith, I think it's time to wrap this thing up.
JB: It's time to wrap it up. All right, well I would like --
HS: Actually, that was time to do that, oh, about seven or eight minutes ago.
JB: I know, we're running over here! I wish we did have more time. I think people would like to hear a bit more about these four levels of deployment that you all have mentioned, and perhaps we can add some more about that on the Website and add a few more resources for folks there.
MP: Yeah, the other thing I would add too is that if people have other experience -- I'm sure there is additional experience that isn't captured in those three to four Websites -- by all means, we'd be very interested in trying to pull that together, too. So we're always interested in what other people are doing.
JB: That's a good suggestion. In fact, people could send things to the expert@cren.net e-mail and we could forward those on.
All right, very good. Listen, thank you all. I'd like to thank all of our Web participants for being with us here today for this time with Ken and Mark. And as a reminder, more information is at the CREN Website, as we've mentioned, and invite you to come to there. As mentioned at the beginning, this is our last TechTalk for this season and archives of all the TechTalks are available at the CREN site. And we're starting to update some of those as important information gets suggested.
We're also in the middle of planning the next series of TechTalks, starting in the Fall, and we'll be staying with the Thursday at 4:00 sessions. So for all of you on the west coast, try and plan your fall so you can join us. Also, take a minute right now, if you would, to send a note to expert@cren.net with suggestions for experts and topics that you'd like to hear about in the fall. Some of the things we're planning right now include more on NT, digital library projects and tools, more on directories and networking and security as well.
Thanks to all who helped make this possible today: the CREN member institutions and the board of CREN; to our corporate sponsor, Microsoft and Microsoft representatives Roberto Amberger and John DuBois; our guest experts, Ken Klingenstein and Mark Poepping; technology anchor, Howard Strauss; Web content producer, Terry Calhoun; Harold Ansell and Lee Perlis of CREN; Paul Bennett and Martha Van Der Kolk from UM Web Services; Laurel Erickson, TechTalk Editor; and Personal Scribe-ers Judith Skiff and Susie Berneis and all of you for being here. You were here because it's time.
Bye, Ken. Bye, Mark. Bye, Howard.
KK: Bye.
MP: Bye-bye.
HS: Goodnight, Judith. Goodnight, Ken, goodnight, Mark.
JB: Goodnight, all! All right, have a great summer. Bye-bye.
