Networking Computing FEATURE
Redefining the NOS
May 29, 2000
By Ron Anderson and Mike Lee
What is the NOS of your dreams? Does it have the integration and support of
Microsoft Corp. Windows 2000? Sun Microsystems Solaris 8's superior
availability? Maybe Novell NetWare 5.1's directory capabilities, or Linux's
What about the NOS of your nightmares? That's a system in which each of the four platforms
runs somewhere in your organization, but none work together. Chances are, you're somewhere
between the dream and the nightmare, in a quest for NOS nirvana. Every operating system has
strengths and weaknesses. The key to success is knowing how to leverage each one's best
Like every other networking technology, the NOS is
diverging. File and print services are still essential,
but what strategic decisions have you made lately
that have much to do with those core services?
Rather, the big news in all these operating systems is
their Internet/intranet/ e-commerce services. The
vendor that can best meet these needs is the one
that will likely be seeing the money from your
The ISOS (Internet/intranet services operating
system) is the wave of the present, and each vendor in
this evaluation--Microsoft, Novell, Red Hat and Sun--
recognizes the importance of delivering features that
let your company provide Internet-based services,
beyond the core file and print services. We're here to
help you navigate through the issues, to highlight some critical components and, ultimately, to
help you find a good fit for your company. Because one size doesn't fit all, we didn't select an
Editor's Choice award winner. One company's dream NOS is likely to be another's nightmare
because of different goals, technical expertise and existing infrastructure.
We've identified five categories to help guide the discussion: core services, management
services, scalability, enterprise fit and Internet-specific services. Reliability isn't on the list, though
it may be the most important consideration. Reliability is more like a personality trait than a
feature. Just as you need to see people in a number of different circumstances--relaxed, in
unfamiliar surroundings, under stress, sleep-deprived and so on--to get a realistic picture of their
personalities, these ISOSes must be seen in a number of real-world scenarios. Time will tell the
reliability story, but keep in mind that the best feature set in the world is useless if the ISOS isn't
Core services consist of file, print, security, authentication and directory services. This category
provides a lot to swallow in one bite, but these items represent the basic services necessary to
enable an ISOS in the enterprise. Including directory services in this list may raise some
eyebrows, but we are convinced that directories are critical and that vendors need to articulate
strategies that map their services into a company's directory service.
Novell's NetWare 5.1 dominates the core-services space, and Novell's vision and product
maturity are compelling. Marketplace predictions continue to point to Windows 2000 as the next
dominant player, but Microsoft's single-platform concentration needs to be expanded to attract
serious enterprise attention. We aren't too excited about the core-services offerings from Red Hat
Linux Professional 6.2 or Solaris 8. Operating systems that default to clear-text passwords on the
wire for authentication have a long way to go to meet the bare minimum requirement for core
Management services involve the ability to manage an individual box, hundreds of individual
boxes and, because we're dealing with hundreds and thousands of clients' machines connecting
to the company's intranet, the distributed environment as well. Once again, NetWare 5.1 and
Windows 2000 have the upper hand by providing management services that take the enterprise
desktop into consideration. Not only do they offer easy-to-use management utilities for their
boxes, but they provide directory-enabled management tools for the masses. Windows 2000 will
take care of its own, but NetWare is an equal-opportunity manager, covering Windows 9x, NT
You can look at scalability a few different ways. Vertical scalability lets you pack processors,
memory and storage space into a single box until it's got power to burn. Vertical scalability and
Solaris go hand in hand; Sun Microsystems sells the Enterprise 10000 Server with up to 64
SPARC processors. Horizontal scalability lets you take a number of boxes and team them up so
the sum is greater than the individual parts. Windows
2000 Advanced Server lets you load-balance IP-based
applications across 32 nodes. Advanced Server also
supports eight-way SMP (symmetric multiprocessing).
Then there's the scalability that results from
parsimonious use of hardware resources, which lets you
get more bang from your buck. Linux falls into that camp.
NetWare was once the king of frugality, but our testing
revealed that feature creep is starting to show where
memory requirements are concerned.
We define enterprise fit in part as the ability for any
vendor's ISOS to work with and add value to the
heterogeneous environment in which the system will be
running. NDS is Novell's value proposition for the
enterprise, and its cross-platform support is second to
none. NDS is a good example of how to leverage
proprietary technology in the enterprise by fitting it into and adding value to what's already there.
Support for open standards and open-source code are also good indicators of how well an ISOS
will fit into your environment, especially if you have an active staff of developers. Linux is the
master of open-source computing, and Sun has seen the light (see "Small Steps for Sun").
Novell's strategy to provide a standards-based development environment around Java and its
inclusion of IBM's WebSphere application server in the box are noteworthy. Windows 2000 is the
most challenged in terms of enterprise fit. Microsoft supports open standards, but some twist
invariably makes it difficult for Microsoft's products to play well with others.
All the vendors include DNS, DHCP and Web-server services in the box. Red Hat Linux includes
IMAP, POP3 and sendmail for a complete Internet-based mail infrastructure. In fact, it's a good
bet you could browse the Web and find source code to compile any desired Internet service for
Linux or Solaris. Versions of Unix, like Solaris, have been running the Internet since its inception;
Linux grew out of that fertile ground and has been Internet savvy since its start. NetWare and
Windows 2000 are the newcomers to the Internet arena. They have added value to this space by
directory-enabling traditional Internet services such as DNS and DHCP, but this infrastructure
space will continue to be difficult for these companies to crack because Unix is so well ingrained.
Microsoft has been particularly influential in the Web services arena by providing numerous
programmatic interfaces for the legion of Windows developers. Microsoft's Internet Information
Server (IIS) is in its fifth iteration and continues to gain industry support, though Apache Web
servers still dominate numerically. The Holy Grail for all these firms is gaining a commanding
piece of the trillion dollar-plus pie that e-commerce will represent in a year or two.
We performed file and Web services benchmarks on NetWare, Red Hat Linux and Windows 2000
Advanced Server (see "How We Tested."). Sun opted out of the benchmarking for Solaris
because we were using 600-MHz Pentiums on the Intel side, and the fastest SPARC processor
runs at 450 MHz.
NOSes Enhance Internet Accessibility
Win2000 is tops for all-Windows shops, NetWare for cross-platform support, and Solaris for ERP
and e-commerce. Linux can do anything, if you can figure it out. By Ron Anderson and Mike Lee
Microsoft Corp. Windows 2000 Advanced Server
For administrators with large Win-dows NT domains, Windows 2000 with Active Directory (AD)
is the stuff of dreams. Migrating your domain infrastructure to AD provides a manageable
environment that will reduce your TCO (total cost of ownership) over time. If you also migrate
your desktops to Windows 2000 Professional, you'll reap AD's full benefits, including policy-based
management of the masses.
But that's mostly a Microsoft dream. Mixed-environment
shops face a different reality. Microsoft's AD is anything
but inclusive; the service is about Microsoft Windows 2000
Windows 2000 server platforms make evolutionary
changes from the NT environment. Even AD, which has
made great strides in scalability and manageability over
the old domain model, has a good bit of that model buried
under its slick new exterior.
Windows 2000's evolutionary nature is a double-edged
sword. On one side, evolutionary upgrades can be
implemented as add-ons to your existing environment
without much re-engineering. They don't require wholesale
adoption to provide enhanced features and services. On
the other side, many shops would be well advised to
closely examine the benefits, or lack thereof, in making a
change. Maybe your old environment is sufficient and you
can avoid the cost and anguish of switching, at least until
the dust around this new construction settles.
Microsoft has included file and print service enhancements to beef up Windows 2000's enterprise
and Internet capabilities. Quota support, file system encryption, offline folders for synchronizing
disconnected users' server-based files, WebDAV (Web-based Distributed Authoring and
Versioning) access to the file system for an IP services tie-in and Internet printing based on IPP
(Internet Printing Protocol) have helped Microsoft extend file and print services to the Internet.
In security, Windows 2000's biggest change is AD's inclusion of the Kerberos version 5
authentication protocol. Kerberos is the default network authentication method for Windows 2000
users. AD also includes Windows NT LAN Manager (NTLM) authentication for backward
compatibility with Windows 9x and NT clients. The Kerberos method is more secure and efficient
than NTLM and is standards-based. Windows 2000 supports minimum password lengths, intruder
detection and lockout, unique passwords and enforcement of complexity requirements, but it has
no built-in method for identifying weak passwords.
Like NetWare 5.1, Windows 2000 supports a roll-your-own PKI (public key infrastructure) that is
tied to its directory service. Through the included Certificate Server, you can become your own
CA (certificate authority) and create, issue and manage x.509 certificates for your applications
and users. This infrastructure lets you avoid the hassle and expense of applying for certificates
from an external authority. Windows 2000 supports SSL (Secure Sockets Layer), IPsec (IP
security) and smartcards as complementary components to its overall PKI.
Windows 2000's Internet/intranet service offerings are impressive. Microsoft has done a good job
of extending its traditional LAN-based file and print services to the Internet. Like Novell, Microsoft
delivers the requisite spate of IP services, as well as DHCP and dynamic DNS services tied to a
directory service. Terminal Services gives remote users access to server-hosted Windows
applications; Linux, NetWare and Solaris don't do that.
In almost every category of our Web-server testing, Microsoft's IIS outperformed Novell's
Enterprise Server and the Apache Web server on Red Hat Linux 6.2. These results didn't surprise
us. IIS is in its fifth revision and, despite perpetual security concerns, has garnered a 22 percent
market share, according to Netcraft's March survey of 13 million Web servers. Apache continues
to lead this race by a wide margin, with 58 percent in the same survey, and is gaining ground.
Microsoft has influenced the Web-services arena by providing numerous programmatic interfaces
for the legion of Windows developers. IIS' new XML (Extensible Markup Language) parser
complements Internet Explorer 5.0's XML support and puts IIS in position to benefit from XML as
this new technology matures.
AD has the potential to be Windows 2000's most far-reaching component. Like Novell's NDS
eDirectory, AD provides a single point of administration for servers, services, users, printers and
other network resources. This consolidation of resources scores Windows 2000's manageability a
big win. NDS has been in production since late 1993, and has a big lead in experience and better
cross-platform support than AD. However, both have the same management goals: lower
overhead, reduced TCO and, ultimately, the ability to let you manage complex environments.
The Microsoft Management Console (MMC) is all you need to administer AD and the server
software. The MMC provides a shell into which you plug the management modules and lets you
include services from many servers for a single point of administration. This handy tool is a great
improvement over NT's scattered management model. Microsoft does not provide a general-
purpose Web-based management console; you can gain access to the MMC from anywhere on
the Internet via the Terminal Services client, which is included in every server box. We use this
facility extensively in the lab and are sold on its utility. At one point during our testing, we wanted
to log on to an AD domain via a cable modem Internet connection but hadn't yet set up the
remote-access service. Using Terminal Services, we connected to the domain controller, set up
Remote Access and had a VPN (virtual private network) logon to AD within five minutes. This is
Microsoft includes two tools, Sysprep and Syspart, to help deploy Server and Advanced Server.
Sysprep prepares a Pro or Server installation for duplication to identical hardware. Syspart can be
used for faster installations to dissimilar hardware.
Windows 2000 Server, Advanced Server and yet-to-be-released Datacenter Server support four,
eight and 32 processors, respectively; zero-, two- and four-node clusters for failover and high
availability; and 4, 8 and 64 GB of RAM. Additionally, the Advanced and Datacenter Server
versions support 32-node load-balancing for IP-based applications. Unlike NetWare and Red Hat
Linux, Windows 2000 makes good use of multiple processors. Windows 2000 can't scale
vertically as well as Solaris, but its horizontal scalability is adequate for most large-scale
deployments of IP-based applications.
In the mixed-I/O performance portion of our file server test, peak performance increased 37
percent when going from one processor to two. Assuming that your I/O subsystems aren't a
bottleneck, adding a processor to a Windows 2000 server provides respectable performance
gains. In fact, in the two-processor test, peak performance was achieved at more than twice the
user load of the one-processor peak. With two processors, going from 512 MB to 1 GB of RAM
resulted in a 28 percent performance boost, but we got only a 7 percent improvement when we
took one processor from 256 MB to 512 MB of RAM.
When we wrote that Microsoft's interoperability features were more like a short story than a novel
in our March 6 review, we got this note back from Microsoft: "Actually, Microsoft does offer
directory synchronization and interoperability technologies for managing a number of important
platforms from Active Directory." Microsoft made our point for us. The company wants to fit into
your existing IT infrastructure--but on its own terms. Most companies you do business with would
like to be your sole supplier, but the modern IT infrastructure in corporations today needs to be
Take Kerberos, for example. Microsoft supports Kerberos in AD but uses a data field in the
Kerberos ticket that nobody else uses. The field is part of the specification, so Microsoft is
adhering to the letter of the law. However, the end result is to increase your workload dramatically
or decrease your security. To add Windows 2000 servers to your existing Kerberos environment,
you'll need to implement AD, create a trust relationship between your current KDC (key
distribution center) and the AD KDC, and either perform one-to-one user account synchronization
between the two realms or use one-to-many account mapping. The latter simplifies administration
at the cost of audit tracking and security; the former maintains an audit trail but adds significant
overhead to management and administration. Either way, it's a trade-off you'd rather not make.
Windows 2000 Advanced Server, $3,999 with 25 client access licenses, Microsoft Corp
So what is the ideal NOS? Sun Solaris beats the rest in Internet services, Novell NetWare still
rules the traditional NOS arena, and Microsoft Windows 2000 and Red Hat Linux make a strong
showing in both sets of services. But as for picking the best one, you know the answer as well as
we do. It's 42.
Redefining the NOS
May 29, 2000
Novell NetWare 5.1
With the concurrent releases of NetWare 5.1 and NDS eDirectory, Novell continues to try to
redefine itself as an Internet-savvy player in the e-commerce market. Although Novell has gotten
plenty of positive press recently, many people still worry that the company won't survive the
intense competition. Based on the integrated technologies Novell is constructing, the partnerships
it has forged and the leadership it has shown in developing a robust full-service directory service,
we disagree with the naysayers.
NetWare 5.1/NDS eDirectory is the dream NOS for the enterprise that wants to use a product
with a proven track record and minimize TCO. NDS gives customers a single point of
administration for a wide range of Internet and intranet services. NDS also provides integrated
management of users, servers, printers, file systems, access control, network policies, desktop
systems and enterprisewide application deployment. Fewer dedicated personnel are required for
administration, so more people are free for projects that affect the bottom line.
Novell built its business and reputation over more than a decade by delivering bulletproof file and
print services for NetWare. NetWare 5.1 expands on the NOS' traditional file services by adding
standards-based, secure Internet accessibility via WebDAV. Armed with only a browser, users
gain access to their home directories over the
Internet via WebDAV, and, when SSL is enabled,
they do so in a secure fashion. Users no longer
need to send a clear-text password via an FTP
client to gain access to their network file stores.
Novell's core-services story is wrapped around
NDS eDirectory, a robust, cross-platform directory
service. NDS eDirectory ships with NetWare 5.1
and is available in versions that run natively on
Linux, Solaris, and Windows 2000 and NT--no
NetWare required. NDS is NetWare's central
feature. All the services that ship in the NetWare
5.1 box, all those available from Novell separately
and even most third-party additions plug into the
directory to become part of a fabric of integrated
services. This integration gives administrators a
replicated, fail-safe, single point of administration.
Users, meanwhile, get one place to search for
enterprisewide resources and one point of authentication to gain access to those resources.
NetWare 5.1's security is built on an RSA dual-key-encrypted security store. Several
authentication methods--among them, passwords, tokens, biometrics, smartcards and X.509
certificates--provide modular access. Cryptography services in the form of Novell's International
Cryptographic Infrastructure (NICI) ship with and plug into NetWare's modular security services
and provide DES/RC2/RC4 data encryption of 56-bit to unlimited strength. When NetWare 5.1 is
installed, it automatically creates a directory-based CA and generates a server certificate, which it
uses for the Web-accessible NetWare Management Portal (NMP) and the Enterprise Web
Server. You're SSL-enabled and secure out of the box with NetWare 5.1.
NetWare supports minimum password lengths, intruder detection lockout and unique passwords,
but it does not have a built-in method for identifying weak passwords or forcing users to use
punctuation marks or other special characters in their passwords.
NetWare 5.1 includes an outstanding Web-based management tool, the NMP. Using the NMP,
we created and deleted NDS users and groups, managed the Enterprise Web Server, the
NetWare Web Search Server and the NetWare News Server. NetWare administrators can access
volume management, trustee assignments, server management, NDS management, remote-
server access to other NetWare 5.1 server portals and limited access to the file systems on
NetWare 5 and 4.x servers in the same tree. The NMP also provides hardware information,
console screens and server-health monitors. We used NMP to mount and dismount volumes, set
volume attributes and server parameters, restart servers, manage connections, broadcast
messages to connected users, view statistics and graphical representations of server
performance, debug problems, and execute console commands.
As a Web-based tool, the NMP is unrivaled. The Microsoft Management Console is NMP's
closest competition, but falls short because it isn't accessible via the Web. NetWare also provides
ConsoleOne, a Java-based management console. It's a work in progress. Because Novell hasn't
yet converted everything from the Windows-based NWAdmin, ConsoleOne does not provide a
single point of administration for all services.
NetWare 5.1 includes RConsole, RConsoleJ and, of course, the NMP for remote management.
Of the three, the NMP provides the best security infrastructure. It uses SSL by default and is
browser-accessible. RConsole's security has improved, but RConsole and RConsoleJ are
inherently insecure because each needs a password supplied during start-up. Administrators
typically put these passwords into the start-up files in clear text or in an easily cracked encrypted
format. Gaining access to the start-up files gives intruders easy access to the console.
Internet Services and Application Support
Novell's biggest problem over the years has been attracting the cadre of developers needed to
push NetWare to critical mass. NLM (NetWare Loadable Module) development is difficult and
proprietary, and the tools Novell provides have
left something to be desired--not a good
combination. Novell has been pushing a new
development model based on open
standards--primarily Java. The company was
ahead of the curve when it began moving in
this direction, but the industry is catching up.
NetWare 5.1's biggest application news is its
inclusion of IBM's WebSphere application
server, a scalable, standards-based Web application server (see "Third Time Proves To Be the
Charm for IBM's WebSphere"). NetWare 5.1 also includes the Enterprise Web Server, an LDAP
server, the NetWare Management Portal, a Web-search server, an FTP server, a news server, a
multimedia server, Oracle 8i and WebDB, and Halcyon's InstantASP for ASP (Active Server
Pages) compatibility. A directory-enabled DHCP server and a dynamic DNS server are also in the
box. This list of included services is as impressive as that of any vendor in this evaluation.
NetWare supports SMP (symmetric multiprocessing) for certain applications, such as Novell's
Java virtual machine. But until the spring 2001 release of Six-Pack, Novell's SMP enhancement
pack, NetWare's general SMP support is almost nonexistent. File and Web services, the features
we tested in the lab, don't have direct support for SMP, nor do Novell's protocol stacks. About the
most you can expect from a second processor in a NetWare system is the offloading of interrupt
handling--unless the application has been written specifically for SMP. Pushing interrupts to the
second processor provides some performance improvements but probably isn't worth the extra
Even without full SMP support, NetWare has rightfully gained a reputation for providing fast core
services. It's not unusual to see a system with a 166-MHz Pentium processor and 256 MB of
memory supporting file and print services for 400 simultaneous users.
With the release of NetWare Cluster Services 1.01, NetWare 5.1 supports up to 32-node clusters,
16 times as many nodes as Windows 2000 Advanced Server and eight times as many as
We were disappointed in NetWare 5.1's file-service test performance, as it was throttled in the
256-MB memory configuration. Throughout testing, we configured our NetWare computer as a
heavy-use Web server. During our file-services testing, we ran Web services, with directory
services and the NMP. The results demonstrated that a NetWare
server configured for Web services would benefit from at least 512 MB
of RAM and really shines with 1 GB.
Our testing also made it evident that Novell built Client32 to work hand
in glove with NetWare in a distributed computing environment. Novell
has enabled opportunistic locking as the default in the 4.7 version of
the NT and Windows 2000 Client32 software. Opportunistic locking is
an aggressive form of file caching that transfers a file from the server to
the client for operations when the client can get an exclusive lock on
We reached two conclusions about client software from our testing.
First, use Client32 rather than the Microsoft Client for NetWare
Networks in a NetWare environment. Test performance on Client32
was 575 percent better than on Microsoft's client. Your gains won't be
this spectacular, but we can guarantee that Client32 is faster. Second,
make sure your clients are up to snuff because they are part of the distributed fabric. We
witnessed a substantial performance difference between a 600-MHz Pentium III client with 512
MB of memory running Client32 and a 600-MHz client with 256 MB. There was also a big
difference between the 600-MHz clients and our 200-MHz Pentium Pro clients. Memory and
processor speed on the client side make a big difference to overall performance in a NetWare
Novell is working hard to play a part in the enterprise by fitting into what already exists--perhaps
harder than Microsoft, Red Hat or Sun. The company is writing services to open standards,
partnering with third parties to provide open solutions and porting eDirectory to other platforms to
ensure that NetWare fits your environment. Novell has made significant strides in this area and
has turned a weakness into a strength. With NetWare 5.1 and NDS eDirectory, Novell has the
potential to regain its leadership role in enterprise computing.
NetWare 5.1, $1,345 with five connections, $3,155 for 25-connection additive license, Novell
Redefining the NOS
May 29, 2000
Red Hat Linux Professional, version 6.2
Red Hat is becoming the industry's most popular Linux distributor, garnering direct support from
major computer and device manufacturers, especially on the server end. Although Linux runs on
many hardware architectures, Red Hat's 6.2 package runs on the Alpha, Intel and SPARC
Red Hat introduced version 6.2 of its NOS in early April. As a point release, there are no major
design improvements over version 6.1, but the packaging has changed somewhat. In particular,
the Professional version now comes with an SSL-enabled version of Apache and some extra e-
commerce tools. And you can always get the Red Hat kernel and standard packages for free from
the Red Hat Web site.
Everything in the Red Hat box can be
changed. In fact, Linux's strongest point is its
versatility. Because of its open-source nature,
people have made it do just about anything.
Linux can work with other operating systems
and programs, and still obey open standards.
Along with thousands of open-source
development projects, major application
vendors have been porting their software to
Linux, and the selection keeps getting better.
The perception of Linux as lacking in
commercial support channels is beginning to
change, too. Companies have found good,
free support from newsgroups, on the Web
and in IRC channels. At the same time, commercial support channels are cropping up from the
distribution vendors and from separate consulting firms, such as Linuxcare, 800Linux.com and
That said, all is not perfect. Improvements need to be made in the areas of scalability, high-end
hardware support and integrated directory services.
Some organizations don't need a full-blown Windows 2000 or NetWare implementation to
perform many tasks. This is where Linux fits in very well. Linux's core services are extremely
flexible. Linux uses NFS, Samba and Novell's NCP (NetWare Core Protocol) for file services, and
standard BSD and Samba/SMB printing drivers; Linux can serve as an inexpensive alternative to
the other NOSes if that's all you need.
Microsoft and Novell both had enough vision to see that directory services could tie user and
systems management, and authentication. As is the case with Sun Solaris, Linux's directory story
is weaker. True, LDAP is there, as it is in the other NOSes; however, no real workgroup or
enterprise applications take advantage of it. A version of Novell's eDirectory is available on the
applications CD but may be used by only a handful of users.
Linux's authentication schemes are flexible and strong, but we'd like to see the security defaults
for the distributions, including Red Hat, shored up. Red Hat Linux and other Linux distributions
have adopted Sun's PAMs (Pluggable Authentication Modules) for logging in with different
authentication schemes such as LDAP, RADIUS (Remote Authentication Dial-In User Service)
and Kerberos. Programs no longer need to be rewritten to take advantage of the different
schemes; build a new Linux PAM, and you're done.
It's possible to make Linux machines relatively secure by shutting off unused services; obtaining
services, such as SSH (Secure Shell), that don't let passwords go across the network
unencrypted; and maintaining some level of patch maintenance. It's very easy to be irresponsible,
however. People with strict security requirements may want to look at OpenBSD or, perhaps in
the distant future, TrustedBSD.
In Red Hat's current release, IPv6 support is still experimental, and many of the network
programs don't have it enabled. Linux and Windows support QoS (Quality of Service) standards
better than Solaris and NetWare. Linux also supports the IPsec protocol with the FreeS/WAN
package, but it's not available with the Red Hat distribution. You'll have to download it yourself at
Internet Services and Application Support
For Web development, Red Hat Linux's selection of tools is top-notch right out of the box.
Apache, Mod_perl and PHP have a huge user base, and organizations from Slashdot to e-Toys
develop large, complex Web sites on the Linux platform. Thousands of open-source products and
tools are available for Linux, and commercial vendors now consider Linux a strategic platform.
Red Hat's Professional version comes with an SSL-enabled version of Apache's Web server and
discounts for either Thawte or Verisign certificates. After some digging, we found that Red Hat
doesn't provide the software necessary to generate your own certificates; however, you can use
the open-source toolkit for SSL/TLS. The Professional version also provides a trial version of
CCVS, a Perl extension for handling financial transactions. An Enterprise Edition is a souped-up
version specifically for running Oracle.
Linux's management story is a mixed bag. Its software packaging is stronger than the others' for
single-machine installations. The Windows installation service has too many limiting factors--
including Internet connectivity needed from each machine. However, no one has built a cohesive
solution to tie this single-machine management together for multiple machines.
Although graphical configuration tools are available, most Unix administrators find it easier to rely
on text configuration files for applications and network services. And driver vendors are
sometimes reluctant to follow the open-source conventions that would let users reconfigure the
kernel at will. So much for versatility and flexibility.
Red Hat provides several tools on top of the basic Unix configuration files. Linuxconf provides a
graphical interface for managing your machine and its services. However, it's up to the application
writer to make sure that Linuxconf is configured for that specific application. You may have to
resort to configuration files and the command line.
If you could choose a software packaging tool for your ideal operating system, you would start
with the Red Hat Package Manager (RPM). It does a better job with both versioning and quality
control than the other package managers, as everything you need to know about software and
versions is available with a single command. Most software running on the Red Hat operating
system can be installed, uninstalled and updated with ease using the RPM. Although Solaris'
packaging system is similar, Red Hat's also provides version information for every package
you've installed in a single RPM query, so you'll never be confused about the patch level at which
your software is running. Unlike the Windows Installation Service, the RPM manages both
applications and server-related files, right down to the kernel. Quality control is better--if you've
got a problem, you can pinpoint the cause much more easily.
The RPM's downfall is that it installs software only on a single computer. A directory-service-
enabled application could manage your applications throughout the network, and this is where
Novell and Microsoft have won out.
Hardware support is growing. It's good on the low end but needs work on the high end. Vendors
must figure out how better to provide drivers for their hardware. In our test configuration, Dell
provided a binary driver for the Adaptec RAID array, but not the source code. As a result, it's
difficult to recompile the kernel with modifications and continue to have a working driver. This is
something you'll want to be very careful about when choosing vendors for server accessories.
Although Linux is generally easy to modify, this driver problem may limit that benefit.
Scalability and Availability
The Linux 2.2 kernel, which Red Hat Linux Professional 6.2 uses, isn't very scalable. We saw little
difference in performance between the single- and dual-processor versions in our tests.
Scalability will improve once Red Hat incorporates the 2.4 kernel (under development), which
includes systemic enhancements to the kernel architecture.
Red Hat Linux 6.2 runs in 64-bit mode on the architectures that support it--Alpha and SPARC.
The Trillian project ports Linux to Intel's IA64 architecture as well. Modifications have been made
to support LFS (large file systems), available with the SBE (System Builder Edition), for database
server support. The Enterprise Edition is optimized for Oracle8i.
Linux clustering is available with Piranha (included in the Red Hat distribution) for high-availability
Web sites and FTP sites.
Red Hat Linux did very well in our performance tests, though if you're looking for improvements,
adding processors won't help. Linux does a better job with memory than with processor
scalability. It doesn't need as much RAM as the other NOSes to perform well.
We did have some stability problems with our Samba tests. With both our SMP tests, after
pounding on the server, a Windows 2000 client machine would complain of locking problems and
abort the test. This didn't happen with the single-processor tests, nor with any other operating
systems in any configuration. When we asked Red Hat for information, the company said it had
not yet tested the Samba server extensively with Windows 2000 clients, and the problem was
probably because of a subtle change in the Windows 2000 client. Red Hat added that if you are
using Windows 2000 clients, aggressive opportunistic locks should be turned down a notch or
shut off completely until a patch is produced. This will obviously hurt performance, but accuracy is
more important than speed.
We ran our Web performance tests first with the installed version of Apache (version 1.3.12-2),
and patched it with an SGI experimental accelerator that improves throughput, especially for
small files (available at oss.sgi.com/projects/apache/). In general, Apache's performance on Linux
lags behind that of Windows 2000's IIS, even with the accelerator.
Historically, Linux hasn't been considered an enterprise solution. It's still not. Client application
support would have to improve tremendously before it becomes commonplace at the regular
corporate user's desktop, and a more well-integrated management system needs to be put into
place. Linux does have its role as a Swiss Army knife, as it can do just about anything with few
resources. Therefore, Linux pops up within the enterprise as a point solution for many problems.
Linux does a solid job as a Web server with strong Web applications tools, and it has a strong
Internet presence. Upcoming improvements to the kernel should improve scalability and
performance and give it a stronger Web presence.
Red Hat Linux Professional 6.2, $179.95, Red Hat,
Redefining the NOS
May 29, 2000
Sun Microsystems Solaris 8
As an ISOS, Sun's Solaris is the most mature
NOS. Solaris 8 builds on many of the operating
system's core strengths by adding tools and
hooks for availability the others just don't
provide...that is, if you run it on a SPARC
Solaris runs on Intel processors but has limited
hardware support, and you can't take advantage
of most of the high-availability features of the
SPARC platform. And although it's generally
easy to compile applications on either platform,
application vendors aren't flocking to add
support for Solaris on Intel.
If you envision your dream NOS running in a data center or a Web server farm, Solaris provides
great benefits. As a workgroup solution, however, it still needs work. Sun has attempted to add
directory-service integration and integrated systems-management tools, but as with Red Hat,
Solaris doesn't compete with Novell or Microsoft as an enterprise/workgroup NOS solution.
We didn't test Solaris 8 for performance. Although we agreed with Sun that it wouldn't be fair to
compare its performance on the fastest SPARC system (450 MHz) with that of the operating
systems running on our 600-MHz Pentium III testbed, Sun also turned down our offer to do
Solaris performance testing on the Intel platform. However, you can see some of Network
Computing's comparisons between Solaris 7 and Solaris 8 in our Sneak Preview of Solaris 8 (see
"Solaris 8: Better Features and Performance for Web Servers").
Historically, Sun has been an innovator when a problem needed a solution. Sun invented NFS
(Network File System), NIS (Network Information System) and PAM, and Sun's core
competencies--proven availability and scalability--reside in the data center and as a Web server.
So it's possible to run all the necessary tools to get your job done, but Solaris doesn't supply a
great centrally managed solution. For example, NIS is not secure, and NIS+, which was meant to
address NIS' security weaknesses, hasn't been accepted by the industry. The iPlanet directory
server and directory-service extensions attempt to address the need for a centralized directory-
services solution, but they have yet to become the directory solution that Microsoft's Active
Directory and Novell's NDS are.
Sun's PAMs allow flexible authentication schemes. With PAMs, you can log in with standard
password mechanisms, Kerberos, LDAP or smartcards without having to rewrite applications
every time a new authentication scheme comes out.
Sun's WebNFS is the successor to NFS, the standard file-sharing system for Unix systems. With
WebNFS, files can be shared over the Web. So far, however, the Internet community has largely
ignored WebNFS in favor of WebDAV. For Windows/SMB (Server Message Block) access,
Samba can be compiled and run for free. Sun's PC NetLink comes with new SPARC systems or
can be purchased from Sun separately.
Sun, like Novell, has added support for the SLP (Service Location Protocol), an IETF standard for
discovering shared resources such as printers and file servers. Along with the iPlanet Directory
Services, it's a good step toward becoming a workgroup solution, but Solaris still needs
something to pull the pieces together.
Sun provides ways to deal with systems' pervasive insecurities. Sun has incorporated Kerberos
hooks into the NFS system but doesn't provide a Kerberos server nor the necessary Kerberos
hooks for rsh, telnet, rlogin or FTP and their corresponding daemons out of the box. Those come
separately with SEAM (Sun Enterprise Authentication Mechanism), which is available for free
from Sun's Web site as part of the Solaris 8 Admin Pack but isn't packaged with the operating
system. Solaris 8 also includes IPsec, a secure connection solution, but its compatibility with
other IPsec implementations still needs to be sorted out.
Sun has supported IP for many years; now, Solaris 8 supports IPv6 out of the box. Sun has
reworked all the standard network services and added tools for helping with the IPv4-to-IPv6
transition. In addition, the Solaris Bandwidth Manager, an add-on, provides IP QoS guarantees
for network resources. A separate add-on, the Solaris Resource Manager, provides similar
guarantees for system resources.
Application, Internet, E-Commerce Support
With the release of Solaris 8, Sun has finally added a slew of public-domain programs and
utilities, such as traceroute and Perl, gnuzip and zip, and zsh, bash and tcsh, saving users the
time of downloading and installing them once the operating system is installed. Sun has also
bundled the Apache Web server along with mod_perl to the core operating system distribution.
Java2 is included, and Java support is built into the kernel.
Support for Sun's older technologies, such as SIMS and Sun Directory Services, is quietly
vanishing. Although the technologies still exist, their logical replacements come in the form of the
Sun-Netscape Alliance's iPlanet Web server, directory server, messaging server and CA server.
Oracle 8i is also bundled with the operating system. Most of these additions, however, come at a
price. If you want to use them in a production environment (with the exception of the directory
server), you'll have to pay a licensing fee. Of course, there are public-domain versions of most of
One of the strong points of Solaris is application support. Open-source programs are generally
ported to Solaris about as fast as they are ported to Linux. Because of its stability, Sun is well-
known in the industry for ERP (enterprise resource planning), e-commerce and back-end data
Like Red Hat Linux 6.2, Sun manages individual machines well but lacks a cohesive solution for
the workgroup or set of networked machines. Sun has implemented WBEM (Web-Based
Enterprise Management) as an SDK, but other vendors must provide management solutions. Sun
has also introduced the Solaris 8 Admin Pack as a free add-on, available from its Web site. The
Admin Pack includes SEAM for Kerberos authentication, and the SMC (Solaris Management
Console) and Solaris AdminSuite for management.
Both SMC and Solaris AdminSuite are still an afterthought. They lack the integrated functionality
of Microsoft's and Novell's management suites. For look and feel, the Java-based SMC shows
promise, but its utilities are nowhere near complete. For example, we found that you can use
SMC to change the DNS client settings, but not the IP settings. Solaris AdminSuite provides
complementary functionality, such as NIS administration. Sun plans to merge the two and add
functionality in the near future.
With Solaris 8, Sun introduced RBAC (Role-Based Access Control)--Sun's answer to "sudo"
(superuser do), which gives more granular privileged access than the standard root user has.
RBAC lets you create roles that serve limited purposes--such as one that would let junior
administrators change passwords for other people but not give them full root access. RBAC is a
good first step, but it is implemented on only a machine-by-machine basis, rather than
It's easy to attach a terminal server or a modem to maintain--or even reboot--a SPARC server
remotely. This is a key feature for both management and availability, something that's not
normally available on Intel-based machines.
Scalability and Availability
Solaris' availability remains unmatched, and its scalability is top-notch, too. In both areas, Sun
has made specific improvements. Most notably, with dynamic configuration and hot patching,
both new to Solaris 8, it's possible to add and remove processors, memory, SCSI devices, NICs
and portions of the kernel without shutting down the entire system.
Sun has supported the SPARC 64-bit architecture since Solaris 7. It will run as an SMP system
across 64 processors, and it also supports processor sets--a device that lets you divide up the
processors in one machine and assign them different tasks. Solaris will support 64 GB of physical
Sun provides a cluster solution with four-node failover.
Solaris has an impressive history in the data center and on the Internet. Sun's operating system is
more scalable and has better availability than the other systems, with features traditionally found
in mainframe environments. For important ERP and e-commerce problems, Solaris is an easy
choice. Linux and Windows are both trying to move up the chain, however, and Sun will have to
keep improving to stay ahead.
The price for Sun's operating environment has dropped through the floor. You can get a binary
license for free, and Sun has decided to provide limited public access to the source code for
Solaris. Although you'll still pay a premium for the SPARC hardware, the price point is much more
competitive now that the operating system is free.
The common perception is that Solaris on SPARC hardware is the most expensive solution. The
entry-level Sun Enterprise Workgroup Server 250 with unlimited user licenses and one 300-MHz
processor is $4,995 (from Sun's site). A beefier Sun Enterprise 250, with unlimited user licenses,
two 400-MHz processors, 1 MB of cache, 1 GB of memory and two 18-GB drives, costs about
$17,200. A similar Dell PowerEdge 4200, with dual 533-MHz processors, 256 KB of cache and a
25-user license for Windows 2000, is priced at about $11,500. The same Dell PowerEdge
machine with unlimited Red Hat user licenses is about $8,400, making it the most economical
solution. With a 25-user license, NetWare is $11,900. On the other hand, if you increase the
number of NetWare user licenses to a more realistic 100, the price jumps to $18,000.
Sun has made some client-side enhancements, such as PIMs (Personal Information Manager)
and a calendar, and it is incorporating the iPlanet directory services into Solaris' management
schemes. However, Sun hasn't aggressively focused on providing an integrated workgroup
Very recent additions, including free downloads of the Solaris 8 Admin Pack, show that Sun may
finally have seen the light.
Solaris 8, free, Sun Microsystems
Redefining the NOS
May 29, 2000
Network Operating Systems
Looking for the ideal NOS? In this review of Microsoft Windows 2000
Advanced Server, Novell NetWare 5.1, Red Hat Linux Professional 6.2
and Sun Microsystems Solaris 8, we do the legwork for you so you can
get a good night's sleep. The name of the game today is IP-based
services both for the Internet and for your intranet. The products in this
evaluation are redefining the NOS. The future is the ISOS
(Internet/intranet services operating system).
We evaluated each product according to five categories: core services,
management services, scalability, enterprise fit and Internet-specific
services. Windows 2000 Advanced Server and NetWare 5.1 are still the
best choices for intranet file-and-print-services deployments. With the
release of Windows 2000, Microsoft has joined NetWare by offering a full-
scale directory service. The directory enhances core services and
manageability and, in the case of NDS eDirectory, improves cross-
platform integration as well.
All the products tested offer a full plate of Internet services, from Web to
DHCP and DNS. Windows 2000 and NetWare integrate these services
into the directory, but Solaris and Linux were designed for the Internet
from the beginning. Companies implementing a purely Internet-based
service would do well to look at Solaris or Red Hat first.
Solaris on SPARC is the clear winner when considering single-box
computing power with support for up to 64 processors. Windows 2000
Advanced Server does a good job with horizontal scalability supporting up
to 32 nodes via load-balancing for IP-based applications.
Redefining the NOS
May 29, 2000
How We Tested
Network Operating Systems
We tested each of the four operating systems for functionality and all but
Solaris for network file-system performance and Web-server performance.
Sun didn't have a processor to compare with the 600-MHz processors in
our Dell servers; therefore, we agreed not to test the slower SPARC
For our servers, we used Dell Computer Corp. PowerEdge 2400s with
600-MHz processors, 512 MB of RAM and internal SCSI drives for the
operating system. For the file performance tests, we added a four-channel
PERC2 RAID controller and two eight-drive nStor Technologies RAID
enclosures containing 16 9-GB drives, with four drives on each channel.
The drives were configured as a hardware RAID 0 stripe for maximum
performance. The clients were a mix of 10 Dell GX1 units with 512 MB of
RAM, six GX1s with 256 MB of RAM and seven Cubix Corp. ERS-Fault
Tolerant II, 200 MHz, for a total of 23 client machines, all running Windows
The systems under test were each connected to an Extreme Networks
BlackDiamond 6800 switch. The servers were connected through an Intel
Corp. Pro/1000 gigabit adapter, and each of the clients was connected to
the switch through a 100-Mbps full-duplex port.
Our functionality testing for Solaris was performed on a SPARC Ultra 80
with 1 GB of RAM and a fast-wide SCSI controller with two disks and a
100-MB Ethernet card.
We tested file-system performance of four server configurations: single-
processor with 256-MB memory and 512-MB memory, and dual-processor
with 512-MB memory and 1-GB memory to see how changing processor
and memory configurations might affect server performance.
Representatives from Microsoft and Novell came into our Syracuse
University Real-World Labs® to tune their respective operating systems.
Red Hat preferred to do its tuning via phone and e-mail.
We used Client/Server Solutions' Benchmark Factory version 2.0 build
238 for our file performance testing. We ran a mixed-I/O test that created
and deleted directories and files, performed sequential and random reads
and writes from files, and performed a shared random read on a 1-GB file
to simulate launching an application that resided on the server. We
gradually increased the load on the server by adding four virtual clients at
a time until we reached the server's capacity. Toward the end of the
testing cycle, we discovered that a flag that was supposed to be set for
write-back was actually set for write-through. Client/Server Solutions
supplied a patch, but it arrived too late for us to redo the testing. Because
of this problem, we weren't able to provide comparative information for the
file-server-performance part of this review.
For our Web-server testing, we used RadView Software's WebLoad
version 3.52. All Web tests were performed on servers with two
processors and 512 MB of memory. We tested both SSI and static HTML
pages of various sizes. We ramped up the number of clients for each test
until the server's performance no longer improved. For small, static files,
we didn't have enough clients to max out the servers in some cases; they
are marked specially in the graphs.
Windows 2000: Worth the Pain (Almost)
March 6, 2000
By Ron Anderson
They said it would be worth the wait. They said it would be more reliable, more
scalable and faster. They said it would be manageable and would reduce the
costs of computing in your organization. Maybe you're willing to take their word
for it, but we think we know you better than that. Like you, we aren't willing to
endure the pain and expense of an operating system upgrade unless we can see
clear benefits. So we put Microsoft Corp.'s Windows 2000 Professional, Windows
2000 Server and Windows 2000 Active Directory to the test in our Real-World
Labs® at Syracuse University, the University of Wisconsin-Madison and
Washington to answer the question: Is it really worth the pain?
We hammered on Microsoft Windows NT 4 and Windows 2000 file servers, application servers
and Web servers, observing their behavior and performance under stress (see "How We Tested,"
page 44). We scrutinized Windows 2000 Professional, Server and Active Directory to determine if
the claims of manageability would hold up. After all, how could these new products be any worse
than what we have now?
When all was said and done, we found the answer to our question to be an unequivocal "It
depends." Windows 2000 is really five products: Professional, Server, Advanced Server, the yet-
to-be-released Datacenter Server, and Active Directory, which is a component of the Server
editions and can be implemented or not at the user's
discretion. Each product has strengths and
weaknesses, and each may or may not be a good fit
for your enterprise organization.
Microsoft Windows 2000's breadth of technologies will
make it difficult for organizations to quickly evaluate the
operating system's features and plan for their use. We
tested several of these new and improved
technologies, and included them here and in our
companion article "Win2000: New and Improved
Internet?" (see page 54). We can't touch on all the
features in this article, but we do plan a number of
follow-on stories that will more fully explore additional
Here, we've concentrated on the Windows 2000
products we believe will have the most immediate
impact on your organization: Windows 2000 Professional, Windows 2000 Server/Advanced
Server and Active Directory.
All or Nothing
For shops looking to run a desktop/notebook operating system that's more reliable and easier to
manage than their current mix of Windows 9x and Windows NT, Windows 2000 Professional is
the way to go. There's no question about it--you'll want
to upgrade to Windows 2000 Professional as quickly
as you can, even if you don't plan to implement Active
We encourage Microsoft shops to be as cautious as
with any new product, but to plan on upgrading to
Windows 2000 Professional, Server and Active
Directory sooner rather than later. The payoff will be a
computing infrastructure that's actually manageable.
But you'll have to go the whole way. Remember,
Windows 9x and NT machines can authenticate in an
Active Directory environment but not in much else, so
you'll need to install Windows 2000 from the server to
the desktop to reap your rewards.
For organizations with long-standing multivendor IT
infrastructures, a full-blown implementation of
Windows 2000, including Professional, Server and Active
Directory, will be as much a political undertaking as it is a technical one--and about as pleasant
as a trip to the dentist.
For example, Active Directory relies heavily on a well-functioning DNS environment that includes
support for SRV RR (Service Resource Record) lookups and dynamic updates. If Active Directory
isn't working right, look for DNS problems first. Even if your Unix folks agree to set up this
environment, fingers will be pointing in every direction the first time something goes wrong, and
the struggle for control will be on.
Large enterprises that rely on Windows NT for critical functions should plan to implement
Advanced Server because of its built-in high-availability features, including TCP/IP network load-
balancing and clustering services. We'll look more closely at these features in a future article, so
NetWare Shops: Hang Back
Our advice for mixed shops that include Novell NetWare and its NDS is to stay the course. Active
Directory is young; it needs to mature and prove its mettle. It's also a single-platform environment.
NDS has been there and done that, and it supports multiple platforms. NDS with Novell's
ZENworks already provides many of the manageability enhancements that Microsoft is just now
including in Active Directory, and you can easily continue to manage Windows NT, Windows 9x
and even Windows 2000 desktops with ZENworks. In fact, you'll be ahead of the game because
Active Directory doesn't provide management tools for Windows 9x or NT.
Windows 2000 Reliability
Before we get to the details of Windows 2000's elements, let's say a word about reliability, since it
plays a critical part in determining the operating system's prospects. We didn't have any reliability
problems with Windows 2000 Professional or Server during our tests. We never had one blue
screen, even though we pounded hard.
We think this bodes well for Microsoft's reliability claims. However, the reliability story won't be
fully told until Windows 2000 gets a real-world shakeout over the next few months.
Windows 2000: Worth the Pain (Almost)
March 6, 2000
How We Tested
Our test bed for file and application services included dual 500-MHz Pentium III servers with 512
MB of RAM and five UW-SCSI disks--one for the C drive, one for D and three for E in a striped
set. One of the servers was running Windows NT 4 with Service Pack 5 and also served as a
primary domain controller.
The second server was running Windows 2000 and
served as a domain controller. Our client machines
were Pentium III 600s with 512 MB of RAM. Each
client was connected to an Alteon WebSystems'
Aceswitch 180 10/100/1000 switch at 100 Mbps, full-
duplex. The servers were connected to the same
switch via an Alteon ACEnic Gigabit Ethernet adapter.
Setting Up the Benchmarks
To conduct the file server benchmark, we used Client/
Server Solutions' Benchmark Factory 2.0 software.
We ran a mixed I/O test that included file and directory
creation and deletion, sequential and random reads,
and sequential and random writes. The writes were not cached, so the scores were much lower
than they would have been in a cached environment.
The test scaled from 20 to 200 virtual clients in steps of 20, and ran on seven 600-MHz Pentium
III Windows 2000 Professional machines (see File Server Comparison in PDF format). Each step
included 5 minutes of ramp-up time, 3 minutes 45 seconds of execution time, 1 minute 15
seconds of ramp-down time and 30 seconds of quiet time.
To perform the application server benchmark, we used Microsoft's Exchange Server 5.5
Enterprise Edition with Service Pack 3 and Microsoft's LoadSim program. Using the Microsoft
Exchange Optimizer, we optimized Exchange for the server and prepared it for heavy loads by
applying the specifications listed in Microsoft's Knowledge Base article Q234702, "MTA Queue to
Information Store Processing Slowly."
Using LoadSim, we simulated for a period of three hours the activity of 2,800 simultaneous heavy
Microsoft Outlook users. Four-hundred users were simulated on each of seven 600-MHz Pentium
III-based Windows 2000 Professional machines; this ratio was well within the parameters
specified by the LoadSim documentation. Prior to running the test, we pre-initialized each of the
client mailboxes with a populated folder hierarchy and calendar.
During the test, we tasked the clients with a series of typical Outlook user activities: creating,
sending, forwarding, moving, deleting and replying to mail; changing and deleting appointments
and responding to appointment requests; browsing, creating and deleting folders; and journaling
(see Exchange Server Comparison in PDF format).
During the first 30 minutes of the test, the server was brought to a steady state. We used the next
two hours of the test for computing the results, leaving the last 30 minutes for ramp-down.
To compare Web server performance, we used a Compaq Computer Corp. ProLiant 6000 server
with quad 500-MHz Xeon processors, 1 MB of Layer 2 cache and a RAID 5 disk array. This
machine dual-booted between Windows NT 4 and Windows 2000. We used 41 Pentium 200
client NT workstations connected to a Lucent Technologies Cajun switch running at 100 Mbps,
full-duplex. The server was connected to the same switch via multiple network cards. To perform
the benchmark, we used RadView Software's WebLoad 3.01 software.
Prior to running the Web benchmark, we followed the tuning guide found at msdn.microsoft.com/
workshop/server/feature/tune.asp for the Windows NT 4 server, and we followed a performance-
tuning guide supplied by Microsoft for the Windows 2000 server.
The Web benchmark consisted of numerous tests, ranging from static Web pages to pages that
contained server-side includes. For the tests with multiple network cards, the clients were evenly
distributed between the server's network cards--that is, in the two-NIC test, half the clients used
the IP address assigned to one network card, and the other half used the IP address assigned to
the second card.
IIS Performance: Both on in PDF format
Static Requests Per Second and SSI requests Per Second
IIS Performance: Both on in PDF format
Static Throughput and SSI Throughput
March 6, 2000
Win2000 Server: Proceed With Caution
Although Windows 2000's Server and Advanced Server versions have compelling new features,
they offer few, if any, performance advantages over Windows NT 4.0. By Ron Anderson
Microsoft Corp. Windows 2000 Server and Advanced Server
Our server-performance test results surprised us. Based on performance briefings from
Microsoft, we expected Windows 2000 to outperform NT 4 by a wide margin. It didn't. In fact,
Windows 2000 and NT 4 were pretty much neck and neck in just about every test, with NT 4
usually ahead by a nose. Windows 2000 performed better than NT 4 as a Web server, worse as
an Exchange server, and about the same as NT for file services. Clearly, performance is not an
indicator for upgrading to Windows 2000.
Windows 2000 Server and Advanced Server are virtually identical products; the difference
between the two is the level of support. Windows 2000 Server supports four-way SMP and up to
4 GB of RAM. Advanced Server supports eight-way
SMP and up to 8 GB of RAM on machines equipped
with Intel's Physical Address Extension (an increase
from NT Enterprise Edition's 4-GB limit). Advanced
Server also supports 32-node TCP/IP network load-
balancing, and has two-node server clustering for high
availability. Both packages include Terminal Services,
but client-access licenses must be purchased
separately. A 25-user Server license costs $1,799; a
25-user Advanced Server license, $3,999.
The physical specifications for 2000 Server are nearly
the same as they are for NT Server; ditto for the
specifications for 2000 Advanced Server compared
with NT Server Enterprise Edition. The most
compelling reasons to consider the move to the
Windows 2000 editions include Directory Services,
Terminal Services, support for disk quotas (a feature
previously available through third parties only), and DFS (Distributed File System) support.
Microsoft has included two tools, Sysprep and Syspart, to help you deploy Server and Advanced
Server. Sysprep is used to prepare a Professional or Server installation for duplication to other
identical hardware. Syspart is similar, but can be used for faster installations of the OS to
dissimilar hardware. Among other things, Sysprep and Syspart remove the source servers' SID
(system identifier), so the resulting image can be installed numerous times without duplicating the
Terminal Services, which installs in either applications mode or remote administration mode, is
now a built-in feature of both Server and Advanced Server. Even if you don't plan to use Terminal
Services for running applications remotely, install this feature for remote administration. We used
remote administration mode on all our test servers; it let us manage local servers from home, and
servers in Madison, Wisc., and Washington from Syracuse. At one point during our tests, we
wanted to log on to an Active Directory domain via a cable-modem connection to the Internet, but
hadn't yet set up the remote-access service. Using Terminal Services, we connected to the
domain controller, set up remote access, and had a VPN (virtual private network) logon to Active
Directory within five minutes. This is good stuff.
Terminal Services is one of the IP-based services that can take advantage of Advanced Server's
network load-balancing. You can establish a server farm of up to 32 Terminal Services servers
that are accessible via a single IP address. Network load-balancing plugs new sessions into the
server with the lightest load. Internet Information Server (IIS) as well as other TCP- and UDP-
based applications also will benefit from this feature.
The DFS is a high-availability feature that requires Active Directory. DFS creates an Active
Directory-based share of replicated directories that exist on two or more Windows 2000 servers.
A user connects to the directory-based representation of the share, and Active Directory connects
the user to one of the available replicated file stores. Active Directory first tries to connect the
user to the closest server using site information. If that server is unavailable, others are tried
automatically until the user is connected.
March 6, 2000
Microsoft Windows 2000 Professional
Windows 2000 Professional provides the best of both worlds: It offers the ease of use and
driver support of Windows 98, and the security, performance and reliability of NT Workstation. We
deployed Windows 2000 Pro in our Real-World Labs® and used it day-to-day on our notebooks
and desktop machines, and were thrilled by its support for Plug and Play, its ACPI (Advanced
Configuration and Power Interface) and its compatibility with existing 32-bit Windows applications.
Compared with Windows 9x, Pro on a notebook is
nirvana. Our portables went from docked to undocked
and from wired Ethernet to wireless networking
without missing a beat or a packet. Power
management worked like a charm, as did automatic
reconfiguration when we added and removed PC
Cards. This is the way an OS should work on a
A new shutdown option, hibernation, has been added
to reduce boot time as well. Hibernation is activated
from the power control panel, and you'll need enough
free disk space to equal the amount of memory in your
machine so RAM can be copied to disk. Hibernation
saves your Windows state, including any open applications. Subsequent startup takes about 30
seconds, as opposed to more than two minutes from a standard shutdown, and you're back
where you were before you shut down.
Lest you think we're all work and no play, we performed extensive testing of Windows 2000 Pro
using the classic trial of OS power and compatibility: Microsoft Flight Simulator. While we were at
it, we also played hundreds of rounds of Microsoft Links LS 2000. The OS passed the tests with
The hardware entry point for upgrading to Windows 2000 Pro is a Pentium Pro 200 with 128 MB
of memory. We found that trying to upgrade with anything less is just too painful.
When used in conjunction with Active Directory, Windows 2000 Pro really shines. Adding greatly
to the manageability matrix when Active Directory and Windows 2000 are paired are computer
and user group policies for management; application installation and maintenance; offline folders
for mobile workers; and RIS (Remote Installation Services) for deployment and emergency repair.
We looked at the deployment and management tools with an eye toward TCO (total cost of
ownership) and found well-conceived but restricted offerings; the TCO advantages really come
into play only in the Win2000 Pro environment--not in earlier versions.
We used RIS in the labs to deploy our clients for testing. We took seven 600-MHz Pentium III
clients from no OS to Windows 2000 Pro, Office 2000 Premium and logon in 26 minutes. We
were able to do the same thing with seven 200-MHz Pentium Pro clients in 33 minutes. That's
pretty good, considering we did all 14 clients simultaneously--and, after the PXE (Preboot
Execution Environment) boot, the process was completely hands-off.
RIS's images are generic, so you won't need to spend much time building images whenever a
new type of PC comes in the door. As long as the HAL (Hardware Abstraction Layer) and support
for ACPI are the same for two machines, you can use the same image to install the OS via RIS--
even if the video, network and disk drivers are different. RIS lets you know early on if the image
you're trying to install will work on the target machine. RIS supports only Windows 2000 Pro, and
can't be used for Windows 2000 Server, with notebooks since they can't yet take advantage of
PXE, or with any other OS deployment.
Once the OS is installed and users log on, Active Directory Group Policies take over. Active
Directory Group Policies for Windows 2000 Pro make Microsoft's previous Group Policy efforts
look like child's play. The multitude of available settings is both overwhelming and incredibly
powerful, and is clearly the strength of this first release of Active Directory. We used policies to
set roaming-user profiles, deploy applications including Office 2000, restrict user access to their
computers and a variety of OS features, and redirect user folders to network storage.
Windows 2000: Worth the Pain (Almost)
March 6, 2000
Microsoft Active Directory
Active Directory has the potential to be the farthest-
reaching component of the Windows 2000
technologies because of the critical importance
directory services will have in organizations in the
coming months and years. However, we think
widespread adoption of Active Directory is still a year
or more out because the technology is both critical
and new--a precarious combination. Also, Active
Directory's out-of-the-box benefits are too narrowly
focused on Windows 2000 Pro workstations and users
to make implementation compelling for organizations
with large installed bases of Windows 9x and NT.
We created a multisite, single-domain Active Directory using four domain controllers--two in
Syracuse, one in Wisconsin and one in Washington. The systems were connected via a frame
relay network. Unlike our experience with an early build of Windows 2000 (back when it was still
NT 5.0--see "NT 5.0 Testing: Nice Faucets, Lousy Plumbing,"
www.networkcomputing.com/921/921f13.html), the connections among our sites were easy to
establish and worked well. Microsoft has been busy and productive in the past year.
Current NT shops will have the pleasure of replacing their badly outdated domain model with a
directory. A significant investment in training will be required, even for the Microsoft faithful,
because Active Directory is that different. Given the sorry state of NT domain management, the
pain of planning and performing the upgrade to Windows 2000 and Active Directory will quickly
give way to feelings of euphoria when you begin to realize the benefits on a day-to-day basis.
If you've never administered a directory service before, do your homework. You'll do some things
differently and other things for the first time. If you're a veteran NDS admin, you may wish your
knowledge base could be magically removed. Forget what you know about partitions and
replication. Active Directory doesn't use time stamps, except in very unusual situations--for
example, to break ties. And Active Directory doesn't have different types of replicas, opting for
multimaster replication instead. Forget about managing access rights to network resources at the
OU (organizational unit) level, too; Active Directory supports only users or groups for access-right
assignments. Based on our experience with NDS, we think Microsoft's decision to ignore OUs as
a security consideration is a mistake that will create additional work for administrators. We've
found OUs to be very useful for assigning rights, and hate the thought of having to create groups
that mimic our OUs.
Active Directory will be a great addition to organizations that plan to implement Windows 2000
Pro and Server throughout the organization. You'll benefit from reduced TCO because of the
enhanced management capabilities inherent in an Active Directory/Windows 2000 infrastructure.
Active Directory needs to broaden its limited focus, however, to be more compelling for enterprise
customers. If you plan to live with Windows 9x and NT workstations, you'll be better off with NDS.
NDS has a rich enterprise focus, including cross-platform server versions for Novell NetWare,
Sun Solaris and NT, and soon for Windows 2000, Linux and Compaq Tru64 Unix. NDS will
include Windows 2000 Pro in the management mix and won't leave your Windows 9x and NT
users out in the cold.
March 6, 2000
Win2000: New and Improved Internet?
The new services Windows 2000 includes make it easier to manage printers and Web sites, but
don't necessarily speed up the process. By James E. Drews
In the area of Internet services, Windows 2000 has
enhanced many of its technologies and has added
new features and functionality. Internet Information
Server (IIS) is the starting point, and it includes
improvements of its own. WebDAV (Web-based
Distributed Authoring and Versioning), IPP (Internet
Printing Protocol) and integrated DHCP/DNS servers
are also part of Windows 2000 Server and Advanced
Server. WebDAV simplifies Web-site maintenance.
IPP is a cool improvement for managing and using
printers, even over the Internet. And with an integrated
DHCP/DNS server, it's easier to maintain the DNS
hierarchy for your system.
Windows 2000 Server and Advanced Server feature
an updated version of IIS, which Microsoft claims
performs better and has improved tuning features
compared with earlier versions. For example,
Microsoft says the new IIS 5.0 can be set to limit both
a site's CPU utilization and bandwidth. When we
tested these controls, the bandwidth limit worked as
advertised, but we didn't observe any effect on CPU
utilization. The limit applied to the out-of-process
applications IIS may use, but in our tests we used no
processes that fell under this load restriction.
To investigate Microsoft's claim of better performance, we repeated the tests that appeared in our
article "The Best Bets for Web Development" (www.networkcomputing.com/1020/1020f1.html).
As with that story, we used a Compaq ProLiant 6000 quad-processor box, along with 41 Pentium
200 PC clients and a Lucent Cajun switch. Our client computers read Web pages of two different
sizes: 1 KB to 10 KB up to 100 KB to 200 KB. We followed these tests with one in which the
same-size pages were generated via server-side includes.
We found the performance difference between NT 4 and Windows 2000 insignificant in terms of
serving static pages. However, Windows 2000 did provide a performance boost when serving
pages with server-side includes--at least until the size of the Web pages increased and the
network became a bottleneck.
It's notable that in the static Web-page tests and in the server-side include pages with larger data
payloads, both NT 4 and Windows 2000 still had CPU cycles to burn on our systems. This would
indicate a bottleneck somewhere in our test environment. After adding a third NIC to the test
setup, we didn't see an 80-Mbps throughput increase. It's quite possible that we were pushing the
limits of the Lucent Cajun switch at this point.
You Down With IPP?
IIS includes support for IPP, which allows clients to use a printer just by knowing its URL. To see
printer status, users simply point their Web browser to hostname/printers/; this calls up a list of
printers installed on that machine. On client machines, Microsoft's Internet Explorer 5.0 is
required in order to authenticate to and view this URL because of IIS's authentication mechanism.
Some printers can even display current status information, such as the amount of paper left in the
trays, front-panel status and status of the toner cartridge. We found this ability quite handy as it
lets administrators view print status from anywhere on the network. During our tests, we were
able to check the status of printers in Syracuse from the Wisconsin lab simply by using our Web
browser. Helpdesk staff will appreciate this feature.
The easiest way we found to install a printer on clients' local machines is to locate the /printers/
URL and select the clients' printer of choice. Next you'll see an option to "connect" to the printer.
After you select it, the printer drivers will be downloaded and installed on the local machine. Of
course, this option will appear only if you're using a Windows 2000 client. With IPP, users can
send print jobs over the Internet. We sent a test print document to the printer in Syracuse from
the Wisconsin lab without any mishap. An IPP printer can be configured directly from the control
panel by supplying the full URL to the printer.
With the inclusion of WebDAV, IIS 5.0 benefits from several additions to the HTTP 1.1
specification, such as the actions "move" and "copy." Eager to examine WebDAV's ability to help
publish Web pages and sites, we enabled it on our test system and called on Microsoft's
FrontPage 2000 to import a small portion of a personal home page. We then made a few
modifications and told FrontPage to publish our work. After providing the URL to publish to on our
test server, we were prompted to log in. A few seconds later, our new site was up and ready to
WebDAV also makes Web folders available on Windows 2000 machines or on Windows 9x
machines with Internet Explorer 5 or Microsoft Office 2000 installed. On a Windows 2000 client
workstation, we added a new network place in the Network Neighborhood and were impressed by
WebDAV's thoroughness. After opening the Web folder in Windows Explorer, we moved some
images to a new folder. We expected that the pages linked to these images would be broken, but
we were pleasantly surprised when those pages were updated automatically. This bit of trickery
alone should save people time when they're updating Web sites through Web folders. WebDAV is
also supported by NetWare 5.1.
Windows 2000: Worth the Pain (Almost)
March 6, 2000
Internet Services DNS
Administrators will quickly notice that Active Directory uses DNS as its main naming hierarchy.
Windows 2000 prefers the ability to add entries to DNS dynamically when adding new
subdomains or even servers and workstations. While this sounds like a good idea, it's likely to
cause a little stir in your IS department over who controls the DNS servers. We can hear the Unix
bigots shouting now--"Windows-based DNS? No way, not on my network."
The good news is, administrators who want to maintain their DNS system on a non-Windows-
based platform can do so and coexist with the Windows 2000 rollout. Two options are available:
The first is to make sure the DNS system running on the Unix (or another) platform is compatible
with BIND 8.2.2; this version supports the extensions Windows 2000 needs--in particular, the
SRV RR lookups defined in RFC 2052 and dynamic updates defined in RFC 2136. Alternatively,
some administrators may choose a hybrid approach. The Unix-based DNS system is run as the
main DNS system, and Windows 2000 is given a subdomain to work with. The DNS server
provided in Windows 2000 can then manage and control this subdomain.
For ease of testing our Windows 2000 environment,
we chose the hybrid approach. We created the sub-
domain w2k.nwc.com and made the Windows 2000
server the authoritative DNS server over this domain.
Our Active Directory domain started with the root
domain of w2k.nwc.com and was built up from there.
Getting our DNS server up and running under
Windows 2000 was quick and painless. Using
"Configure your server" from the administration tools
menu, we simply selected "Set up DNS" from the
Networking->DNS area and automatically installed the
needed Windows components for the DNS server.
Smaller companies and even divisions of larger
companies that lack the Unix expertise to maintain
DNS will appreciate this simplicity.
We noticed a slight difference in the default setup
when the server running DNS was a domain
controller. When we added DNS services to a domain
controller on the other side of our WAN link, the DNS
server was preconfigured to serve DNS information
for our w2k.nwc.com domain. A different server that
was not promoted to a domain controller had no
preconfigured information present.
Nevertheless, it was extremely easy to configure the
server that was not a domain controller. We selected
the "configure server" option after right-clicking on the server object in the DNS administration
tool. A wizard popped up to guide us through setting up DNS services. Most common DNS tasks
are done with wizards--they're helpful for the novice DNS administrator. Once set up, the DNS
server can be configured to allow dynamic updates. If the server is a domain controller, the
updates can be restricted to authenticated Active Directory clients. One useful and uncommon
feature of the DNS server is its ability to query a WINS (Windows Internet Name Service) server
for a client's DNS information. This feature can be helpful while migrating to Windows 2000 or for
locating other legacy clients that use WINS.
Configuring clients to use IP can cause administrators headaches, but DHCP (Dynamic Host
Configuration Protocol) can be used to ease some of the pain. A DHCP server will manage a pool
of IP addresses and "lease" them out to clients. For larger networks, getting DHCP to work can
sometimes be tricky. DHCP uses broadcasts for communication between the client and server
when obtaining an IP address. Thus, you need either a DHCP server on every subnet (not likely)
or some kind of device to forward DHCP requests on to the DHCP server. Most routers can
perform this function.
As with the DNS server, we found the DHCP server easy to configure and set up. Microsoft's
DHCP server uses "scopes," which are ranges of IP addresses the server can give to clients, plus
a network mask. For each scope, the administrator can configure what DHCP options should be
returned to the client. These include common options such as DNS servers, default router, WINS
server and domain name.
In each scope, the administrator can hard-code IP addresses to specific Ethernet MAC (Media
Access Control) addresses. This lets a client obtain the same IP address every time the client
requests one. By doing this, administrators also have the option of overriding information sent
back to the client. This includes changing the DNS server, router/gateway, and other equipment
the client should use.
The DHCP server can also be configured to update the DNS information when a lease is given
out or expires. For clients that include the "host name" option when making the DNS request, this
is the name that will be attempted to be added/removed from the DNS server. The DNS zone in
which the workstation should appear is configured in each DHCP scope.
The DHCP server can also be configured to update DNS only for clients that request it, or to
always update DNS. We ran into only one problem while testing the DHCP server: It took us time
to realize that the DHCP server had to be authorized by a domain administrator before it would
give out addresses. This measure helps prevent unauthorized DHCP servers from showing up on
the network. Once we logged in as a domain administrator and authorized the DHCP server, it
worked like a charm--the DHCP server updated the DNS server exactly as expected.
Windows 2000: Worth the Pain (Almost)
March 6, 2000
Microsoft Windows 2000 is best viewed as an amalgam of three product
classes: a desktop operating system, a server operating system and a
The new desktop--Windows 2000 Professional--is the big winner of the
three. Modern desktop and notebook features include support for USB,
Plug and Play and an ACPI (Advanced Configuration and Power
Interface). This is the best notebook OS we've ever used. In conjunction
with Windows 2000's fledgling directory service, Active Directory,
Professional is more manageable than any previous iteration of Windows.
In its first incarnation, Active Directory has a narrow focus that will make it
a tough sell in many heterogeneous enterprises. Active Directory is really
about Windows 2000, providing only rudimentary support for Windows 9x
and NT clients. For NT Domain shops, Active Directory is a giant leap
forward. However, DNS integration into Active Directory may lead to turf
wars in your organization.
Apart from Active Directory, Windows 2000 Server and Advanced Server
don't raise the bar much over NT 4 Server and NT 4 Enterprise Edition.
During our performance tests, we stressed our servers with severe loads
and they didn't skip a beat. Our experience bodes well for Microsoft's
claims of enhanced reliability. We can't say the same for Microsoft's claims
of enhanced performance. Our tests revealed similar or slightly worse
performance for Windows 2000 Advanced Server when compared with NT
4 Server. When deployed in conjunction with Active Directory, enhanced
functionality and manageability make the server products tantalizing.
Windows 2000: Worth the Pain (Almost)
March 6, 2000
COMmoditizing the Application Server
With Windows 2000, Microsoft has made the move from COM (Component
Object Model), implemented in earlier versions of Windows, to the next
step, COM+ Services 1.0. On the surface, COM+ may appear to be
primarily marketing hype, giving a new name to a bundle of existing
technologies. But look a little deeper: Beyond the incremental changes,
what's going on is significant. Microsoft is moving toward commoditizing
the application server market by pulling major portions of typical middle-tier
functionality into the base OS, just as it did with browsers. Such a move
should allow Microsoft--in theory--to tightly tune and integrate the middle-
tier features now included for free in the OS.
Microsoft's COM technology, which has evolved from earlier technologies
such as DDE (Dynamic Data Exchange) and OLE (Object Linking and
Embedding), is widely implemented throughout the company's products.
(For a more complete discussion of COM/ DCOM and the competing
component models, CORBA and Enterprise JavaBeans, see "Sneaking Up
on CORBA: The Race for the Ideal Distributed Object Model,"
www.networkcomputing.com/1009/1009f2. html). Microsoft is working
toward simplifying the development and deployment of COM objects--"zero
plumbing," in Microsoft jargon. So to create an object, you check a
property box. To make an object transactional, you check another box.
The upside is that you can quickly create components. But that's the
downside too. That is, it's easy to create inefficient or poorly designed
objects. However, for many organizations with limited staff and expertise,
check boxes let you do what APIs can't--they let the OS deal with issues
such as concurrency and threading, error-handling and transaction rollback
The seven basic areas of COM+ Services 1.0 are servers, transactions,
security, administration, load-balancing, queued components and events.
In the past, Microsoft Transaction Server (MTS) handled the first four of
these for components under Windows NT 4.0; now Windows 2000 has
absorbed MTS, and the COM and MTS development teams have been
merged. The resulting changes range from trivial to substantial. For
example, it's now possible to quickly set components as auto-complete or
auto-abort, but this just simplifies a task you could do before
programmatically. On the other hand, it's also now possible to set role-
based security at both the method and component level for COM
components, centralizing security management for COM-based systems--
an important addition. Another useful change is a specifically defined way
to let components inherit the security and other attributes (context) of their
parent components. To address administration concerns, the COM+
Administrator is a Microsoft Management Console (MMC) snap-in.
Administration for COM+ features should be familiar to Windows system
administrators, but as with other MMC components, the administration
features are also accessible via APIs.
Microsoft Message Queue (MSMQ) is being more tightly coupled to the
base OS, and Microsoft is pushing MSMQ as a way to "throttle" high
system load through transaction queues, even in systems that
predominantly use synchronous transactions. We haven't had a chance to
deploy any high-load systems under Windows 2000, so it remains to be
seen whether this method (which Microsoft terms "queued components") is
an effective way to handle large volumes of transactions.
Other additions are COM+ event services, a basic publish-and-subscribe
model for event handling between COM objects, and some basic load-
balancing features for COM objects, using what Microsoft calls a
"response time tracker" to send the request for an object to the least
loaded server. The load-balancing seems fairly rudimentary at present,
with little administrator control possible over the mechanism, though
Microsoft has stated its intent to publish the interfaces to let end users
write their own load-balancing algorithms. Another acknowledged and
much needed enhancement would be a managed object-persistence
architecture, such as that defined in Enterprise JavaBeans 1.1.
With these additions, Microsoft has stated that it intends Windows 2000 to
be "the best application server in the world." If the company is even
marginally successful, independent application-server vendors are in for a
A Calculated Decision
There's a new cost equation for Windows 2000, but it doesn't work for
By Aaron Ricadela
Get out the cost/benefit calculators. When Microsoft unveils Windows 2000 in San Francisco this
week, the pitch will go something like this: More functionality plus easier administration, for the
same price as Windows NT, equals lower cost of ownership and greater business value. It's a
formula that adds up for some Microsoft customers-but not all.
At $400 or more per desktop for software, services, and training, an upgrade to Windows 2000
would cost a business with 1,000 PCs a minimum of $400,000-and, by some estimates, closer to
$1 million. That doesn't even include the cost of server migration. So just what-and when-is the
payback on that sizable investment?
There's no consensus. According to an InformationWeek Research survey of 200 IT managers at
companies that plan to test or deploy Windows 2000, an optimistic one-third expect an immediate
decrease in total cost of ownership on deployment, and nearly half anticipate lower costs within
two years. But 27% are bracing for a near-term increase-and 18% think costs will be higher even
over the long haul. The survey was completed last week; for more results, see here.
"Cost of ownership is the big question, and we won't know the answer until we change over the
initial PCs and servers," says Bob Zoellner, a systems manager with integrator EDS who's on
assignment at Kellwood Co., a St. Louis apparel maker. During the next two years, EDS will
convert 500 PCs and 70 servers to Windows 2000, but Zoellner isn't expecting an immediate
payback. "It will take a good two years before we can hope to see costs level out to something
similar to what we're experiencing now with Windows 95 and NT," he says.
The uncertainty seems to be little deterrent. According to the InformationWeek Research survey,
nearly three-quarters of respondents plan to deploy Windows 2000 widely on PCs and servers
within 12 months, a rapid ramp-up. "It's the first release of Windows where the things that end
users get excited about, and performance and reliability, are balanced by the things that IT
people want organizationally-security, software deployment, management of the PCs," Microsoft
chairman Bill Gates said in an interview in November.
Online retailer Nordstrom.com isn't waiting around. It has been
running Windows 2000 in production on about 60 Web servers
for a little more than a week. "We're moving so fast that it's
almost like one day we decide we need Windows 2000, and the
next day we start," chief technology officer Paul Onnen says.
"With Internet companies, things move so fast that you don't
have time to measure things or do a formal analysis
beforehand-you just do it."
The E-retailer is already experiencing fewer system crashes
and may be able to reassign at least one IT staffer from server
maintenance to site productivity, a meaningful gain, Onnen
says. More important, fewer system failures mean better online
service. "We're measured on customer satisfaction, the number
of people coming to our site, features to help them buy, and how easy it is to make returns,"
This week, Microsoft will present case studies of Micronpc.com and military contractor United
Defense that are intended to demonstrate Windows 2000's potential to lower PC ownership costs.
Bottom-line results: IT budget reductions of 15% and downtime costs cut in half. Microsoft hired
Gartner Group to audit the results.
In a second set of customer examples, Microsoft will make a bolder assertion-that Win2000's
greater value comes from measurable business advantages. It will pitch a methodology it calls
"rapid economic justification" that assigns dollar values to benefits related to the use of Windows
2000, such as increased worker productivity or faster time to market. "Some of the thinking
among customers, analysts, and ourselves was that in addition to focusing on the cost portion of
IT, you also have to look at the top-line revenue increase you get as a result of IT," says Deborah
Willingham, Microsoft VP of marketing.
The studies of Panasonic Consumer Electronics, retailer Marks and Spencer, and others show
upgrade costs of $900 per PC, but forecast return on investment of 400% during the next three
years. Giga Information Group audited the results. Microsoft will release a toolkit to let customers
crunch the numbers themselves. (Our survey puts the upgrade cost at $400 per PC, excluding
Metrics that justify IT investment based on revenue contribution aren't new-consulting firms have
been applying them for years. "We've tried to take some of that same kind of thinking and put it in
a model that's straightforward for customers," Willingham says.
But even Microsoft's own customers are wary of using a Microsoft-supplied tool to measure
Windows 2000 payback. "You have to be careful, because they're always interested in the
positive aspects of that analysis," says Gregor Bailar, executive VP and CIO at the National
Association of Securities Dealers. The company has seen performance increases on the 40 Web
servers it has migrated to Windows 2000, and Bailar is bullish on prospects for lower costs. "We
won't need to buy new machines as quickly, because we saw a 25% to 30% capacity increase"
just by installing Windows 2000, he says.
Microsoft has long argued that its computing model, based on widely available, low-cost Intel
systems, yields a lower cost of ownership than proprietary Unix environments. Windows 2000
advances that argument. For example, the new Active Directory enables management features
such as SysPrep for cloning PC configurations across a network, and IntelliMirror, which lets
users access their data on workstations around a network.
Lockheed Martin Corp., the $25.4 billion aerospace and defense contractor, plans to migrate
120,000 desktops and 700 servers to Windows 2000 during the next three to five years. "The full
benefit of Windows 2000 is really when the servers and desktops are deployed together," says
Massimo Villinger, chief technology officer at Lockheed Martin Enterprise Information Systems,
the company's IT services arm. Lockheed Martin's rollout plan will capitalize on the benefits of
Windows 2000 Server first. Villinger estimates, for example, that one of the company's four
business units can drive 10% out of its costs by consolidating 200 servers down to half that.
More important, moving to Windows 2000 can accelerate the company's E-business capabilities
by enabling an infrastructure for sharing purchasing information and design drawings with
partners and reallocating IT staff from maintenance to product development. "We want to
participate in the advantages of business-to-business E-commerce as quickly and aggressively
as possible," Villinger says. "The advantage we see in Windows 2000 is that instead of spending
time in day-to-day operations, we'll be able to devote more resources to rolling products out
For all of Windows 2000's cost-saving features-electronic software distribution among them-
bottom-line benefits may be hard to come by without adequate planning. "Windows 2000 isn't a
magic bullet," says Michael Gartenberg, VP and research director at Gartner Group. "Your real
bang for the buck is using Windows 2000 as the catalyst for a well-managed environment."
Gartenberg estimates companies that enforce PC policies, train IT staff on remote software
installation, and implement other controls can save up to 26% with Windows 2000.
But the up-front cost and complexity will cause some businesses
to proceed judiciously. On Friday, Microsoft's stock dropped
more than 5% on news of a Gartner Group report warning that
some Windows 2000 rollouts will encounter compatibility
problems with existing IT environments.
"It's kind of scary when they throw all these things at you, like
Active Directory," says Tim Lassance, VP of IS at Heartland
Financial USA Inc., a Dubuque, Iowa, financial-services
company with more than $1 billion in assets. "Our total budget
for IT is $250,000, with $80,000 to $100,000 for networks. We
could spend all of that on Windows 2000."
Still, Lassance expects his cost of ownership to fall this year as
Heartland replaces Windows 95 and 98 on about 500 desktops.
"We're very dispersed geographically, so we want to be able to install software quickly and send
out updates without sending people out," he says. The company wants a "cookie-cutter
approach" when setting up computers at new branches. "You take a quantum leap with Windows
2000-that's going to be hard for some network staff," Lassance says. "But there will be a plan we
have to stick to. Windows 2000 forces you to plan things out to get all the benefits."
Other uncertainties cloud the cost-containment picture. IntelliMirror, for instance, promises to cut
down on "sneakernet" administration and was even called "zero-administration Windows" for a
while. Yet 65% of IT managers surveyed by InformationWeek Research say Windows 2000 won't
reduce their number of system administrators or related costs a year from now.
David Shomette, senior manager of IT administration and support for the Public Broadcasting
Service, the non-profit TV network in Alexandria, Va., is among those expecting near-term costs
to increase with Windows 2000. PBS plans to deploy Windows 2000 Professional across more
than 600 workstations during the next few months. "I've never found cost of ownership to be less
with newer versions of Microsoft operating systems because there's always a learning curve," he
says. "When you implement a new package, you continue to pay for training and support-those
are the real costs."
The need to train and certify IT staff for Windows 2000 ranked among the top challenges
companies face as they migrate to the system (see story, p. 123). In all, 70% of respondents cited
training as a challenge in the InformationWeek Research survey, topped only by application
upgrades. "Skills is certainly an area of concern," says Lockheed Martin's Villinger. There are
other variables. If customers want 32-way processing, they'll have to wait for Windows
2000 DataCenter Edition, expected this summer. Analysts estimate the vendor will
charge a high premium over the $4,000 price tag on Win2000 Advanced Server. But as
businesses try to keep up with the pace of the Internet economy, some are simply
throwing caution to the wind when it comes to the cost analysis on Windows 2000.
Forget cost; think opportunity. Says Nordstrom.com's Onnen, "I don't think total cost of
ownership holds nearly as much weight as it did in the past." --with additional reporting
by Larry Greenemeier and Jennifer Mateyaschuk