• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Networking Computing

Networking Computing






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft Word

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Networking Computing Networking Computing Document Transcript

    • Networking Computing FEATURE http://www.networkcomputing.com/1110/1110f1.ht ml Redefining the NOS May 29, 2000 By Ron Anderson and Mike Lee What is the NOS of your dreams? Does it have the integration and support of Microsoft Corp. Windows 2000? Sun Microsystems Solaris 8's superior availability? Maybe Novell NetWare 5.1's directory capabilities, or Linux's versatility? What about the NOS of your nightmares? That's a system in which each of the four platforms runs somewhere in your organization, but none work together. Chances are, you're somewhere between the dream and the nightmare, in a quest for NOS nirvana. Every operating system has strengths and weaknesses. The key to success is knowing how to leverage each one's best features. Like every other networking technology, the NOS is diverging. File and print services are still essential, but what strategic decisions have you made lately that have much to do with those core services? Rather, the big news in all these operating systems is their Internet/intranet/ e-commerce services. The vendor that can best meet these needs is the one that will likely be seeing the money from your company. The ISOS (Internet/intranet services operating system) is the wave of the present, and each vendor in this evaluation--Microsoft, Novell, Red Hat and Sun-- recognizes the importance of delivering features that let your company provide Internet-based services, beyond the core file and print services. We're here to help you navigate through the issues, to highlight some critical components and, ultimately, to help you find a good fit for your company. Because one size doesn't fit all, we didn't select an Editor's Choice award winner. One company's dream NOS is likely to be another's nightmare because of different goals, technical expertise and existing infrastructure. We've identified five categories to help guide the discussion: core services, management services, scalability, enterprise fit and Internet-specific services. Reliability isn't on the list, though it may be the most important consideration. Reliability is more like a personality trait than a feature. Just as you need to see people in a number of different circumstances--relaxed, in unfamiliar surroundings, under stress, sleep-deprived and so on--to get a realistic picture of their personalities, these ISOSes must be seen in a number of real-world scenarios. Time will tell the reliability story, but keep in mind that the best feature set in the world is useless if the ISOS isn't reliable. Core services consist of file, print, security, authentication and directory services. This category
    • provides a lot to swallow in one bite, but these items represent the basic services necessary to enable an ISOS in the enterprise. Including directory services in this list may raise some eyebrows, but we are convinced that directories are critical and that vendors need to articulate strategies that map their services into a company's directory service. Novell's NetWare 5.1 dominates the core-services space, and Novell's vision and product maturity are compelling. Marketplace predictions continue to point to Windows 2000 as the next dominant player, but Microsoft's single-platform concentration needs to be expanded to attract serious enterprise attention. We aren't too excited about the core-services offerings from Red Hat Linux Professional 6.2 or Solaris 8. Operating systems that default to clear-text passwords on the wire for authentication have a long way to go to meet the bare minimum requirement for core services. Management services involve the ability to manage an individual box, hundreds of individual boxes and, because we're dealing with hundreds and thousands of clients' machines connecting to the company's intranet, the distributed environment as well. Once again, NetWare 5.1 and Windows 2000 have the upper hand by providing management services that take the enterprise desktop into consideration. Not only do they offer easy-to-use management utilities for their boxes, but they provide directory-enabled management tools for the masses. Windows 2000 will take care of its own, but NetWare is an equal-opportunity manager, covering Windows 9x, NT and 2000. You can look at scalability a few different ways. Vertical scalability lets you pack processors, memory and storage space into a single box until it's got power to burn. Vertical scalability and Solaris go hand in hand; Sun Microsystems sells the Enterprise 10000 Server with up to 64 SPARC processors. Horizontal scalability lets you take a number of boxes and team them up so the sum is greater than the individual parts. Windows 2000 Advanced Server lets you load-balance IP-based applications across 32 nodes. Advanced Server also supports eight-way SMP (symmetric multiprocessing). Then there's the scalability that results from parsimonious use of hardware resources, which lets you get more bang from your buck. Linux falls into that camp. NetWare was once the king of frugality, but our testing revealed that feature creep is starting to show where memory requirements are concerned. We define enterprise fit in part as the ability for any vendor's ISOS to work with and add value to the heterogeneous environment in which the system will be running. NDS is Novell's value proposition for the enterprise, and its cross-platform support is second to none. NDS is a good example of how to leverage proprietary technology in the enterprise by fitting it into and adding value to what's already there. Support for open standards and open-source code are also good indicators of how well an ISOS will fit into your environment, especially if you have an active staff of developers. Linux is the master of open-source computing, and Sun has seen the light (see "Small Steps for Sun"). Novell's strategy to provide a standards-based development environment around Java and its inclusion of IBM's WebSphere application server in the box are noteworthy. Windows 2000 is the most challenged in terms of enterprise fit. Microsoft supports open standards, but some twist invariably makes it difficult for Microsoft's products to play well with others. All the vendors include DNS, DHCP and Web-server services in the box. Red Hat Linux includes IMAP, POP3 and sendmail for a complete Internet-based mail infrastructure. In fact, it's a good
    • bet you could browse the Web and find source code to compile any desired Internet service for Linux or Solaris. Versions of Unix, like Solaris, have been running the Internet since its inception; Linux grew out of that fertile ground and has been Internet savvy since its start. NetWare and Windows 2000 are the newcomers to the Internet arena. They have added value to this space by directory-enabling traditional Internet services such as DNS and DHCP, but this infrastructure space will continue to be difficult for these companies to crack because Unix is so well ingrained. Microsoft has been particularly influential in the Web services arena by providing numerous programmatic interfaces for the legion of Windows developers. Microsoft's Internet Information Server (IIS) is in its fifth iteration and continues to gain industry support, though Apache Web servers still dominate numerically. The Holy Grail for all these firms is gaining a commanding piece of the trillion dollar-plus pie that e-commerce will represent in a year or two. We performed file and Web services benchmarks on NetWare, Red Hat Linux and Windows 2000 Advanced Server (see "How We Tested."). Sun opted out of the benchmarking for Solaris because we were using 600-MHz Pentiums on the Intel side, and the fastest SPARC processor runs at 450 MHz. NOSes Enhance Internet Accessibility Win2000 is tops for all-Windows shops, NetWare for cross-platform support, and Solaris for ERP and e-commerce. Linux can do anything, if you can figure it out. By Ron Anderson and Mike Lee Microsoft Corp. Windows 2000 Advanced Server For administrators with large Win-dows NT domains, Windows 2000 with Active Directory (AD) is the stuff of dreams. Migrating your domain infrastructure to AD provides a manageable environment that will reduce your TCO (total cost of ownership) over time. If you also migrate your desktops to Windows 2000 Professional, you'll reap AD's full benefits, including policy-based management of the masses. But that's mostly a Microsoft dream. Mixed-environment shops face a different reality. Microsoft's AD is anything but inclusive; the service is about Microsoft Windows 2000 everywhere. Windows 2000 server platforms make evolutionary changes from the NT environment. Even AD, which has made great strides in scalability and manageability over the old domain model, has a good bit of that model buried under its slick new exterior. Windows 2000's evolutionary nature is a double-edged sword. On one side, evolutionary upgrades can be implemented as add-ons to your existing environment without much re-engineering. They don't require wholesale adoption to provide enhanced features and services. On the other side, many shops would be well advised to closely examine the benefits, or lack thereof, in making a change. Maybe your old environment is sufficient and you can avoid the cost and anguish of switching, at least until the dust around this new construction settles. Core Services
    • Microsoft has included file and print service enhancements to beef up Windows 2000's enterprise and Internet capabilities. Quota support, file system encryption, offline folders for synchronizing disconnected users' server-based files, WebDAV (Web-based Distributed Authoring and Versioning) access to the file system for an IP services tie-in and Internet printing based on IPP (Internet Printing Protocol) have helped Microsoft extend file and print services to the Internet. In security, Windows 2000's biggest change is AD's inclusion of the Kerberos version 5 authentication protocol. Kerberos is the default network authentication method for Windows 2000 users. AD also includes Windows NT LAN Manager (NTLM) authentication for backward compatibility with Windows 9x and NT clients. The Kerberos method is more secure and efficient than NTLM and is standards-based. Windows 2000 supports minimum password lengths, intruder detection and lockout, unique passwords and enforcement of complexity requirements, but it has no built-in method for identifying weak passwords. Like NetWare 5.1, Windows 2000 supports a roll-your-own PKI (public key infrastructure) that is tied to its directory service. Through the included Certificate Server, you can become your own CA (certificate authority) and create, issue and manage x.509 certificates for your applications and users. This infrastructure lets you avoid the hassle and expense of applying for certificates from an external authority. Windows 2000 supports SSL (Secure Sockets Layer), IPsec (IP security) and smartcards as complementary components to its overall PKI. Internet Services Windows 2000's Internet/intranet service offerings are impressive. Microsoft has done a good job of extending its traditional LAN-based file and print services to the Internet. Like Novell, Microsoft delivers the requisite spate of IP services, as well as DHCP and dynamic DNS services tied to a directory service. Terminal Services gives remote users access to server-hosted Windows applications; Linux, NetWare and Solaris don't do that. In almost every category of our Web-server testing, Microsoft's IIS outperformed Novell's Enterprise Server and the Apache Web server on Red Hat Linux 6.2. These results didn't surprise us. IIS is in its fifth revision and, despite perpetual security concerns, has garnered a 22 percent market share, according to Netcraft's March survey of 13 million Web servers. Apache continues to lead this race by a wide margin, with 58 percent in the same survey, and is gaining ground. Microsoft has influenced the Web-services arena by providing numerous programmatic interfaces for the legion of Windows developers. IIS' new XML (Extensible Markup Language) parser complements Internet Explorer 5.0's XML support and puts IIS in position to benefit from XML as this new technology matures. Management AD has the potential to be Windows 2000's most far-reaching component. Like Novell's NDS eDirectory, AD provides a single point of administration for servers, services, users, printers and other network resources. This consolidation of resources scores Windows 2000's manageability a big win. NDS has been in production since late 1993, and has a big lead in experience and better cross-platform support than AD. However, both have the same management goals: lower overhead, reduced TCO and, ultimately, the ability to let you manage complex environments. The Microsoft Management Console (MMC) is all you need to administer AD and the server software. The MMC provides a shell into which you plug the management modules and lets you include services from many servers for a single point of administration. This handy tool is a great improvement over NT's scattered management model. Microsoft does not provide a general- purpose Web-based management console; you can gain access to the MMC from anywhere on
    • the Internet via the Terminal Services client, which is included in every server box. We use this facility extensively in the lab and are sold on its utility. At one point during our testing, we wanted to log on to an AD domain via a cable modem Internet connection but hadn't yet set up the remote-access service. Using Terminal Services, we connected to the domain controller, set up Remote Access and had a VPN (virtual private network) logon to AD within five minutes. This is good stuff. Microsoft includes two tools, Sysprep and Syspart, to help deploy Server and Advanced Server. Sysprep prepares a Pro or Server installation for duplication to identical hardware. Syspart can be used for faster installations to dissimilar hardware. Scalability Windows 2000 Server, Advanced Server and yet-to-be-released Datacenter Server support four, eight and 32 processors, respectively; zero-, two- and four-node clusters for failover and high availability; and 4, 8 and 64 GB of RAM. Additionally, the Advanced and Datacenter Server versions support 32-node load-balancing for IP-based applications. Unlike NetWare and Red Hat Linux, Windows 2000 makes good use of multiple processors. Windows 2000 can't scale vertically as well as Solaris, but its horizontal scalability is adequate for most large-scale deployments of IP-based applications. In the mixed-I/O performance portion of our file server test, peak performance increased 37 percent when going from one processor to two. Assuming that your I/O subsystems aren't a bottleneck, adding a processor to a Windows 2000 server provides respectable performance gains. In fact, in the two-processor test, peak performance was achieved at more than twice the user load of the one-processor peak. With two processors, going from 512 MB to 1 GB of RAM resulted in a 28 percent performance boost, but we got only a 7 percent improvement when we took one processor from 256 MB to 512 MB of RAM. Enterprise Fit When we wrote that Microsoft's interoperability features were more like a short story than a novel in our March 6 review, we got this note back from Microsoft: "Actually, Microsoft does offer directory synchronization and interoperability technologies for managing a number of important platforms from Active Directory." Microsoft made our point for us. The company wants to fit into your existing IT infrastructure--but on its own terms. Most companies you do business with would like to be your sole supplier, but the modern IT infrastructure in corporations today needs to be egalitarian. Take Kerberos, for example. Microsoft supports Kerberos in AD but uses a data field in the Kerberos ticket that nobody else uses. The field is part of the specification, so Microsoft is adhering to the letter of the law. However, the end result is to increase your workload dramatically or decrease your security. To add Windows 2000 servers to your existing Kerberos environment, you'll need to implement AD, create a trust relationship between your current KDC (key distribution center) and the AD KDC, and either perform one-to-one user account synchronization between the two realms or use one-to-many account mapping. The latter simplifies administration at the cost of audit tracking and security; the former maintains an audit trail but adds significant overhead to management and administration. Either way, it's a trade-off you'd rather not make. Windows 2000 Advanced Server, $3,999 with 25 client access licenses, Microsoft Corp
    • So what is the ideal NOS? Sun Solaris beats the rest in Internet services, Novell NetWare still rules the traditional NOS arena, and Microsoft Windows 2000 and Red Hat Linux make a strong showing in both sets of services. But as for picking the best one, you know the answer as well as we do. It's 42. Redefining the NOS May 29, 2000 Novell NetWare 5.1 With the concurrent releases of NetWare 5.1 and NDS eDirectory, Novell continues to try to redefine itself as an Internet-savvy player in the e-commerce market. Although Novell has gotten plenty of positive press recently, many people still worry that the company won't survive the intense competition. Based on the integrated technologies Novell is constructing, the partnerships it has forged and the leadership it has shown in developing a robust full-service directory service, we disagree with the naysayers. NetWare 5.1/NDS eDirectory is the dream NOS for the enterprise that wants to use a product with a proven track record and minimize TCO. NDS gives customers a single point of administration for a wide range of Internet and intranet services. NDS also provides integrated management of users, servers, printers, file systems, access control, network policies, desktop systems and enterprisewide application deployment. Fewer dedicated personnel are required for administration, so more people are free for projects that affect the bottom line. Core Services Novell built its business and reputation over more than a decade by delivering bulletproof file and print services for NetWare. NetWare 5.1 expands on the NOS' traditional file services by adding standards-based, secure Internet accessibility via WebDAV. Armed with only a browser, users gain access to their home directories over the Internet via WebDAV, and, when SSL is enabled, they do so in a secure fashion. Users no longer need to send a clear-text password via an FTP client to gain access to their network file stores. Novell's core-services story is wrapped around NDS eDirectory, a robust, cross-platform directory service. NDS eDirectory ships with NetWare 5.1 and is available in versions that run natively on Linux, Solaris, and Windows 2000 and NT--no NetWare required. NDS is NetWare's central feature. All the services that ship in the NetWare 5.1 box, all those available from Novell separately and even most third-party additions plug into the directory to become part of a fabric of integrated services. This integration gives administrators a replicated, fail-safe, single point of administration. Users, meanwhile, get one place to search for enterprisewide resources and one point of authentication to gain access to those resources.
    • NetWare 5.1's security is built on an RSA dual-key-encrypted security store. Several authentication methods--among them, passwords, tokens, biometrics, smartcards and X.509 certificates--provide modular access. Cryptography services in the form of Novell's International Cryptographic Infrastructure (NICI) ship with and plug into NetWare's modular security services and provide DES/RC2/RC4 data encryption of 56-bit to unlimited strength. When NetWare 5.1 is installed, it automatically creates a directory-based CA and generates a server certificate, which it uses for the Web-accessible NetWare Management Portal (NMP) and the Enterprise Web Server. You're SSL-enabled and secure out of the box with NetWare 5.1. NetWare supports minimum password lengths, intruder detection lockout and unique passwords, but it does not have a built-in method for identifying weak passwords or forcing users to use punctuation marks or other special characters in their passwords. Management NetWare 5.1 includes an outstanding Web-based management tool, the NMP. Using the NMP, we created and deleted NDS users and groups, managed the Enterprise Web Server, the NetWare Web Search Server and the NetWare News Server. NetWare administrators can access volume management, trustee assignments, server management, NDS management, remote- server access to other NetWare 5.1 server portals and limited access to the file systems on NetWare 5 and 4.x servers in the same tree. The NMP also provides hardware information, console screens and server-health monitors. We used NMP to mount and dismount volumes, set volume attributes and server parameters, restart servers, manage connections, broadcast messages to connected users, view statistics and graphical representations of server performance, debug problems, and execute console commands. As a Web-based tool, the NMP is unrivaled. The Microsoft Management Console is NMP's closest competition, but falls short because it isn't accessible via the Web. NetWare also provides ConsoleOne, a Java-based management console. It's a work in progress. Because Novell hasn't yet converted everything from the Windows-based NWAdmin, ConsoleOne does not provide a single point of administration for all services. NetWare 5.1 includes RConsole, RConsoleJ and, of course, the NMP for remote management. Of the three, the NMP provides the best security infrastructure. It uses SSL by default and is browser-accessible. RConsole's security has improved, but RConsole and RConsoleJ are inherently insecure because each needs a password supplied during start-up. Administrators typically put these passwords into the start-up files in clear text or in an easily cracked encrypted format. Gaining access to the start-up files gives intruders easy access to the console. Internet Services and Application Support Novell's biggest problem over the years has been attracting the cadre of developers needed to push NetWare to critical mass. NLM (NetWare Loadable Module) development is difficult and proprietary, and the tools Novell provides have left something to be desired--not a good combination. Novell has been pushing a new development model based on open standards--primarily Java. The company was ahead of the curve when it began moving in this direction, but the industry is catching up. NetWare 5.1's biggest application news is its inclusion of IBM's WebSphere application
    • server, a scalable, standards-based Web application server (see "Third Time Proves To Be the Charm for IBM's WebSphere"). NetWare 5.1 also includes the Enterprise Web Server, an LDAP server, the NetWare Management Portal, a Web-search server, an FTP server, a news server, a multimedia server, Oracle 8i and WebDB, and Halcyon's InstantASP for ASP (Active Server Pages) compatibility. A directory-enabled DHCP server and a dynamic DNS server are also in the box. This list of included services is as impressive as that of any vendor in this evaluation. Scalability NetWare supports SMP (symmetric multiprocessing) for certain applications, such as Novell's Java virtual machine. But until the spring 2001 release of Six-Pack, Novell's SMP enhancement pack, NetWare's general SMP support is almost nonexistent. File and Web services, the features we tested in the lab, don't have direct support for SMP, nor do Novell's protocol stacks. About the most you can expect from a second processor in a NetWare system is the offloading of interrupt handling--unless the application has been written specifically for SMP. Pushing interrupts to the second processor provides some performance improvements but probably isn't worth the extra expense. Even without full SMP support, NetWare has rightfully gained a reputation for providing fast core services. It's not unusual to see a system with a 166-MHz Pentium processor and 256 MB of memory supporting file and print services for 400 simultaneous users. With the release of NetWare Cluster Services 1.01, NetWare 5.1 supports up to 32-node clusters, 16 times as many nodes as Windows 2000 Advanced Server and eight times as many as Datacenter Server. We were disappointed in NetWare 5.1's file-service test performance, as it was throttled in the 256-MB memory configuration. Throughout testing, we configured our NetWare computer as a heavy-use Web server. During our file-services testing, we ran Web services, with directory services and the NMP. The results demonstrated that a NetWare server configured for Web services would benefit from at least 512 MB of RAM and really shines with 1 GB. Our testing also made it evident that Novell built Client32 to work hand in glove with NetWare in a distributed computing environment. Novell has enabled opportunistic locking as the default in the 4.7 version of the NT and Windows 2000 Client32 software. Opportunistic locking is an aggressive form of file caching that transfers a file from the server to the client for operations when the client can get an exclusive lock on the file. We reached two conclusions about client software from our testing. First, use Client32 rather than the Microsoft Client for NetWare Networks in a NetWare environment. Test performance on Client32 was 575 percent better than on Microsoft's client. Your gains won't be this spectacular, but we can guarantee that Client32 is faster. Second, make sure your clients are up to snuff because they are part of the distributed fabric. We witnessed a substantial performance difference between a 600-MHz Pentium III client with 512 MB of memory running Client32 and a 600-MHz client with 256 MB. There was also a big difference between the 600-MHz clients and our 200-MHz Pentium Pro clients. Memory and processor speed on the client side make a big difference to overall performance in a NetWare network.
    • Enterprise Fit Novell is working hard to play a part in the enterprise by fitting into what already exists--perhaps harder than Microsoft, Red Hat or Sun. The company is writing services to open standards, partnering with third parties to provide open solutions and porting eDirectory to other platforms to ensure that NetWare fits your environment. Novell has made significant strides in this area and has turned a weakness into a strength. With NetWare 5.1 and NDS eDirectory, Novell has the potential to regain its leadership role in enterprise computing. NetWare 5.1, $1,345 with five connections, $3,155 for 25-connection additive license, Novell Redefining the NOS May 29, 2000 Red Hat Linux Professional, version 6.2 Red Hat is becoming the industry's most popular Linux distributor, garnering direct support from major computer and device manufacturers, especially on the server end. Although Linux runs on many hardware architectures, Red Hat's 6.2 package runs on the Alpha, Intel and SPARC architectures. Red Hat introduced version 6.2 of its NOS in early April. As a point release, there are no major design improvements over version 6.1, but the packaging has changed somewhat. In particular, the Professional version now comes with an SSL-enabled version of Apache and some extra e- commerce tools. And you can always get the Red Hat kernel and standard packages for free from the Red Hat Web site. Everything in the Red Hat box can be changed. In fact, Linux's strongest point is its versatility. Because of its open-source nature, people have made it do just about anything. Linux can work with other operating systems and programs, and still obey open standards. Along with thousands of open-source development projects, major application vendors have been porting their software to Linux, and the selection keeps getting better. The perception of Linux as lacking in commercial support channels is beginning to change, too. Companies have found good, free support from newsgroups, on the Web and in IRC channels. At the same time, commercial support channels are cropping up from the distribution vendors and from separate consulting firms, such as Linuxcare, 800Linux.com and Pantek. That said, all is not perfect. Improvements need to be made in the areas of scalability, high-end hardware support and integrated directory services. Core Services
    • Some organizations don't need a full-blown Windows 2000 or NetWare implementation to perform many tasks. This is where Linux fits in very well. Linux's core services are extremely flexible. Linux uses NFS, Samba and Novell's NCP (NetWare Core Protocol) for file services, and standard BSD and Samba/SMB printing drivers; Linux can serve as an inexpensive alternative to the other NOSes if that's all you need. Microsoft and Novell both had enough vision to see that directory services could tie user and systems management, and authentication. As is the case with Sun Solaris, Linux's directory story is weaker. True, LDAP is there, as it is in the other NOSes; however, no real workgroup or enterprise applications take advantage of it. A version of Novell's eDirectory is available on the applications CD but may be used by only a handful of users. Linux's authentication schemes are flexible and strong, but we'd like to see the security defaults for the distributions, including Red Hat, shored up. Red Hat Linux and other Linux distributions have adopted Sun's PAMs (Pluggable Authentication Modules) for logging in with different authentication schemes such as LDAP, RADIUS (Remote Authentication Dial-In User Service) and Kerberos. Programs no longer need to be rewritten to take advantage of the different schemes; build a new Linux PAM, and you're done. It's possible to make Linux machines relatively secure by shutting off unused services; obtaining services, such as SSH (Secure Shell), that don't let passwords go across the network unencrypted; and maintaining some level of patch maintenance. It's very easy to be irresponsible, however. People with strict security requirements may want to look at OpenBSD or, perhaps in the distant future, TrustedBSD. In Red Hat's current release, IPv6 support is still experimental, and many of the network programs don't have it enabled. Linux and Windows support QoS (Quality of Service) standards better than Solaris and NetWare. Linux also supports the IPsec protocol with the FreeS/WAN package, but it's not available with the Red Hat distribution. You'll have to download it yourself at www.freeswan.org. Internet Services and Application Support For Web development, Red Hat Linux's selection of tools is top-notch right out of the box. Apache, Mod_perl and PHP have a huge user base, and organizations from Slashdot to e-Toys develop large, complex Web sites on the Linux platform. Thousands of open-source products and tools are available for Linux, and commercial vendors now consider Linux a strategic platform. Red Hat's Professional version comes with an SSL-enabled version of Apache's Web server and discounts for either Thawte or Verisign certificates. After some digging, we found that Red Hat doesn't provide the software necessary to generate your own certificates; however, you can use the open-source toolkit for SSL/TLS. The Professional version also provides a trial version of CCVS, a Perl extension for handling financial transactions. An Enterprise Edition is a souped-up version specifically for running Oracle. Management Linux's management story is a mixed bag. Its software packaging is stronger than the others' for single-machine installations. The Windows installation service has too many limiting factors-- including Internet connectivity needed from each machine. However, no one has built a cohesive solution to tie this single-machine management together for multiple machines.
    • Although graphical configuration tools are available, most Unix administrators find it easier to rely on text configuration files for applications and network services. And driver vendors are sometimes reluctant to follow the open-source conventions that would let users reconfigure the kernel at will. So much for versatility and flexibility. Red Hat provides several tools on top of the basic Unix configuration files. Linuxconf provides a graphical interface for managing your machine and its services. However, it's up to the application writer to make sure that Linuxconf is configured for that specific application. You may have to resort to configuration files and the command line. If you could choose a software packaging tool for your ideal operating system, you would start with the Red Hat Package Manager (RPM). It does a better job with both versioning and quality control than the other package managers, as everything you need to know about software and versions is available with a single command. Most software running on the Red Hat operating system can be installed, uninstalled and updated with ease using the RPM. Although Solaris' packaging system is similar, Red Hat's also provides version information for every package you've installed in a single RPM query, so you'll never be confused about the patch level at which your software is running. Unlike the Windows Installation Service, the RPM manages both applications and server-related files, right down to the kernel. Quality control is better--if you've got a problem, you can pinpoint the cause much more easily. The RPM's downfall is that it installs software only on a single computer. A directory-service- enabled application could manage your applications throughout the network, and this is where Novell and Microsoft have won out. Hardware support is growing. It's good on the low end but needs work on the high end. Vendors must figure out how better to provide drivers for their hardware. In our test configuration, Dell provided a binary driver for the Adaptec RAID array, but not the source code. As a result, it's difficult to recompile the kernel with modifications and continue to have a working driver. This is something you'll want to be very careful about when choosing vendors for server accessories. Although Linux is generally easy to modify, this driver problem may limit that benefit. Scalability and Availability The Linux 2.2 kernel, which Red Hat Linux Professional 6.2 uses, isn't very scalable. We saw little difference in performance between the single- and dual-processor versions in our tests. Scalability will improve once Red Hat incorporates the 2.4 kernel (under development), which includes systemic enhancements to the kernel architecture. Red Hat Linux 6.2 runs in 64-bit mode on the architectures that support it--Alpha and SPARC. The Trillian project ports Linux to Intel's IA64 architecture as well. Modifications have been made to support LFS (large file systems), available with the SBE (System Builder Edition), for database server support. The Enterprise Edition is optimized for Oracle8i. Linux clustering is available with Piranha (included in the Red Hat distribution) for high-availability Web sites and FTP sites. Performance Red Hat Linux did very well in our performance tests, though if you're looking for improvements, adding processors won't help. Linux does a better job with memory than with processor scalability. It doesn't need as much RAM as the other NOSes to perform well.
    • We did have some stability problems with our Samba tests. With both our SMP tests, after pounding on the server, a Windows 2000 client machine would complain of locking problems and abort the test. This didn't happen with the single-processor tests, nor with any other operating systems in any configuration. When we asked Red Hat for information, the company said it had not yet tested the Samba server extensively with Windows 2000 clients, and the problem was probably because of a subtle change in the Windows 2000 client. Red Hat added that if you are using Windows 2000 clients, aggressive opportunistic locks should be turned down a notch or shut off completely until a patch is produced. This will obviously hurt performance, but accuracy is more important than speed. We ran our Web performance tests first with the installed version of Apache (version 1.3.12-2), and patched it with an SGI experimental accelerator that improves throughput, especially for small files (available at oss.sgi.com/projects/apache/). In general, Apache's performance on Linux lags behind that of Windows 2000's IIS, even with the accelerator. Enterprise Fit Historically, Linux hasn't been considered an enterprise solution. It's still not. Client application support would have to improve tremendously before it becomes commonplace at the regular corporate user's desktop, and a more well-integrated management system needs to be put into place. Linux does have its role as a Swiss Army knife, as it can do just about anything with few resources. Therefore, Linux pops up within the enterprise as a point solution for many problems. Linux does a solid job as a Web server with strong Web applications tools, and it has a strong Internet presence. Upcoming improvements to the kernel should improve scalability and performance and give it a stronger Web presence. Red Hat Linux Professional 6.2, $179.95, Red Hat, Redefining the NOS May 29, 2000 Sun Microsystems Solaris 8 As an ISOS, Sun's Solaris is the most mature NOS. Solaris 8 builds on many of the operating system's core strengths by adding tools and hooks for availability the others just don't provide...that is, if you run it on a SPARC system. Solaris runs on Intel processors but has limited hardware support, and you can't take advantage of most of the high-availability features of the SPARC platform. And although it's generally easy to compile applications on either platform, application vendors aren't flocking to add support for Solaris on Intel. If you envision your dream NOS running in a data center or a Web server farm, Solaris provides great benefits. As a workgroup solution, however, it still needs work. Sun has attempted to add directory-service integration and integrated systems-management tools, but as with Red Hat, Solaris doesn't compete with Novell or Microsoft as an enterprise/workgroup NOS solution.
    • We didn't test Solaris 8 for performance. Although we agreed with Sun that it wouldn't be fair to compare its performance on the fastest SPARC system (450 MHz) with that of the operating systems running on our 600-MHz Pentium III testbed, Sun also turned down our offer to do Solaris performance testing on the Intel platform. However, you can see some of Network Computing's comparisons between Solaris 7 and Solaris 8 in our Sneak Preview of Solaris 8 (see "Solaris 8: Better Features and Performance for Web Servers"). Core Services Historically, Sun has been an innovator when a problem needed a solution. Sun invented NFS (Network File System), NIS (Network Information System) and PAM, and Sun's core competencies--proven availability and scalability--reside in the data center and as a Web server. So it's possible to run all the necessary tools to get your job done, but Solaris doesn't supply a great centrally managed solution. For example, NIS is not secure, and NIS+, which was meant to address NIS' security weaknesses, hasn't been accepted by the industry. The iPlanet directory server and directory-service extensions attempt to address the need for a centralized directory- services solution, but they have yet to become the directory solution that Microsoft's Active Directory and Novell's NDS are. Sun's PAMs allow flexible authentication schemes. With PAMs, you can log in with standard password mechanisms, Kerberos, LDAP or smartcards without having to rewrite applications every time a new authentication scheme comes out. Sun's WebNFS is the successor to NFS, the standard file-sharing system for Unix systems. With WebNFS, files can be shared over the Web. So far, however, the Internet community has largely ignored WebNFS in favor of WebDAV. For Windows/SMB (Server Message Block) access, Samba can be compiled and run for free. Sun's PC NetLink comes with new SPARC systems or can be purchased from Sun separately. Sun, like Novell, has added support for the SLP (Service Location Protocol), an IETF standard for discovering shared resources such as printers and file servers. Along with the iPlanet Directory Services, it's a good step toward becoming a workgroup solution, but Solaris still needs something to pull the pieces together. Sun provides ways to deal with systems' pervasive insecurities. Sun has incorporated Kerberos hooks into the NFS system but doesn't provide a Kerberos server nor the necessary Kerberos hooks for rsh, telnet, rlogin or FTP and their corresponding daemons out of the box. Those come separately with SEAM (Sun Enterprise Authentication Mechanism), which is available for free from Sun's Web site as part of the Solaris 8 Admin Pack but isn't packaged with the operating system. Solaris 8 also includes IPsec, a secure connection solution, but its compatibility with other IPsec implementations still needs to be sorted out. Sun has supported IP for many years; now, Solaris 8 supports IPv6 out of the box. Sun has reworked all the standard network services and added tools for helping with the IPv4-to-IPv6 transition. In addition, the Solaris Bandwidth Manager, an add-on, provides IP QoS guarantees for network resources. A separate add-on, the Solaris Resource Manager, provides similar guarantees for system resources. Application, Internet, E-Commerce Support With the release of Solaris 8, Sun has finally added a slew of public-domain programs and utilities, such as traceroute and Perl, gnuzip and zip, and zsh, bash and tcsh, saving users the
    • time of downloading and installing them once the operating system is installed. Sun has also bundled the Apache Web server along with mod_perl to the core operating system distribution. Java2 is included, and Java support is built into the kernel. Support for Sun's older technologies, such as SIMS and Sun Directory Services, is quietly vanishing. Although the technologies still exist, their logical replacements come in the form of the Sun-Netscape Alliance's iPlanet Web server, directory server, messaging server and CA server. Oracle 8i is also bundled with the operating system. Most of these additions, however, come at a price. If you want to use them in a production environment (with the exception of the directory server), you'll have to pay a licensing fee. Of course, there are public-domain versions of most of these applications. One of the strong points of Solaris is application support. Open-source programs are generally ported to Solaris about as fast as they are ported to Linux. Because of its stability, Sun is well- known in the industry for ERP (enterprise resource planning), e-commerce and back-end data solutions. Management Like Red Hat Linux 6.2, Sun manages individual machines well but lacks a cohesive solution for the workgroup or set of networked machines. Sun has implemented WBEM (Web-Based Enterprise Management) as an SDK, but other vendors must provide management solutions. Sun has also introduced the Solaris 8 Admin Pack as a free add-on, available from its Web site. The Admin Pack includes SEAM for Kerberos authentication, and the SMC (Solaris Management Console) and Solaris AdminSuite for management. Both SMC and Solaris AdminSuite are still an afterthought. They lack the integrated functionality of Microsoft's and Novell's management suites. For look and feel, the Java-based SMC shows promise, but its utilities are nowhere near complete. For example, we found that you can use SMC to change the DNS client settings, but not the IP settings. Solaris AdminSuite provides complementary functionality, such as NIS administration. Sun plans to merge the two and add functionality in the near future. With Solaris 8, Sun introduced RBAC (Role-Based Access Control)--Sun's answer to "sudo" (superuser do), which gives more granular privileged access than the standard root user has. RBAC lets you create roles that serve limited purposes--such as one that would let junior administrators change passwords for other people but not give them full root access. RBAC is a good first step, but it is implemented on only a machine-by-machine basis, rather than networkwide. It's easy to attach a terminal server or a modem to maintain--or even reboot--a SPARC server remotely. This is a key feature for both management and availability, something that's not normally available on Intel-based machines. Scalability and Availability Solaris' availability remains unmatched, and its scalability is top-notch, too. In both areas, Sun has made specific improvements. Most notably, with dynamic configuration and hot patching,
    • both new to Solaris 8, it's possible to add and remove processors, memory, SCSI devices, NICs and portions of the kernel without shutting down the entire system. Sun has supported the SPARC 64-bit architecture since Solaris 7. It will run as an SMP system across 64 processors, and it also supports processor sets--a device that lets you divide up the processors in one machine and assign them different tasks. Solaris will support 64 GB of physical memory. Sun provides a cluster solution with four-node failover. Enterprise Fit Solaris has an impressive history in the data center and on the Internet. Sun's operating system is more scalable and has better availability than the other systems, with features traditionally found in mainframe environments. For important ERP and e-commerce problems, Solaris is an easy choice. Linux and Windows are both trying to move up the chain, however, and Sun will have to keep improving to stay ahead. The price for Sun's operating environment has dropped through the floor. You can get a binary license for free, and Sun has decided to provide limited public access to the source code for Solaris. Although you'll still pay a premium for the SPARC hardware, the price point is much more competitive now that the operating system is free. The common perception is that Solaris on SPARC hardware is the most expensive solution. The entry-level Sun Enterprise Workgroup Server 250 with unlimited user licenses and one 300-MHz processor is $4,995 (from Sun's site). A beefier Sun Enterprise 250, with unlimited user licenses, two 400-MHz processors, 1 MB of cache, 1 GB of memory and two 18-GB drives, costs about $17,200. A similar Dell PowerEdge 4200, with dual 533-MHz processors, 256 KB of cache and a 25-user license for Windows 2000, is priced at about $11,500. The same Dell PowerEdge machine with unlimited Red Hat user licenses is about $8,400, making it the most economical solution. With a 25-user license, NetWare is $11,900. On the other hand, if you increase the number of NetWare user licenses to a more realistic 100, the price jumps to $18,000. Sun has made some client-side enhancements, such as PIMs (Personal Information Manager) and a calendar, and it is incorporating the iPlanet directory services into Solaris' management schemes. However, Sun hasn't aggressively focused on providing an integrated workgroup solution. Very recent additions, including free downloads of the Solaris 8 Admin Pack, show that Sun may finally have seen the light. Solaris 8, free, Sun Microsystems Redefining the NOS May 29, 2000 Executive Summary Network Operating Systems Looking for the ideal NOS? In this review of Microsoft Windows 2000 Advanced Server, Novell NetWare 5.1, Red Hat Linux Professional 6.2
    • and Sun Microsystems Solaris 8, we do the legwork for you so you can get a good night's sleep. The name of the game today is IP-based services both for the Internet and for your intranet. The products in this evaluation are redefining the NOS. The future is the ISOS (Internet/intranet services operating system). We evaluated each product according to five categories: core services, management services, scalability, enterprise fit and Internet-specific services. Windows 2000 Advanced Server and NetWare 5.1 are still the best choices for intranet file-and-print-services deployments. With the release of Windows 2000, Microsoft has joined NetWare by offering a full- scale directory service. The directory enhances core services and manageability and, in the case of NDS eDirectory, improves cross- platform integration as well. All the products tested offer a full plate of Internet services, from Web to DHCP and DNS. Windows 2000 and NetWare integrate these services into the directory, but Solaris and Linux were designed for the Internet from the beginning. Companies implementing a purely Internet-based service would do well to look at Solaris or Red Hat first. Solaris on SPARC is the clear winner when considering single-box computing power with support for up to 64 processors. Windows 2000 Advanced Server does a good job with horizontal scalability supporting up to 32 nodes via load-balancing for IP-based applications. Redefining the NOS May 29, 2000 How We Tested Network Operating Systems We tested each of the four operating systems for functionality and all but Solaris for network file-system performance and Web-server performance. Sun didn't have a processor to compare with the 600-MHz processors in our Dell servers; therefore, we agreed not to test the slower SPARC systems. For our servers, we used Dell Computer Corp. PowerEdge 2400s with 600-MHz processors, 512 MB of RAM and internal SCSI drives for the operating system. For the file performance tests, we added a four-channel PERC2 RAID controller and two eight-drive nStor Technologies RAID enclosures containing 16 9-GB drives, with four drives on each channel. The drives were configured as a hardware RAID 0 stripe for maximum performance. The clients were a mix of 10 Dell GX1 units with 512 MB of RAM, six GX1s with 256 MB of RAM and seven Cubix Corp. ERS-Fault Tolerant II, 200 MHz, for a total of 23 client machines, all running Windows 2000 Professional. The systems under test were each connected to an Extreme Networks BlackDiamond 6800 switch. The servers were connected through an Intel Corp. Pro/1000 gigabit adapter, and each of the clients was connected to
    • the switch through a 100-Mbps full-duplex port. Our functionality testing for Solaris was performed on a SPARC Ultra 80 with 1 GB of RAM and a fast-wide SCSI controller with two disks and a 100-MB Ethernet card. The Benchmarks We tested file-system performance of four server configurations: single- processor with 256-MB memory and 512-MB memory, and dual-processor with 512-MB memory and 1-GB memory to see how changing processor and memory configurations might affect server performance. Representatives from Microsoft and Novell came into our Syracuse University Real-World Labs® to tune their respective operating systems. Red Hat preferred to do its tuning via phone and e-mail. We used Client/Server Solutions' Benchmark Factory version 2.0 build 238 for our file performance testing. We ran a mixed-I/O test that created and deleted directories and files, performed sequential and random reads and writes from files, and performed a shared random read on a 1-GB file to simulate launching an application that resided on the server. We gradually increased the load on the server by adding four virtual clients at a time until we reached the server's capacity. Toward the end of the testing cycle, we discovered that a flag that was supposed to be set for write-back was actually set for write-through. Client/Server Solutions supplied a patch, but it arrived too late for us to redo the testing. Because of this problem, we weren't able to provide comparative information for the file-server-performance part of this review. For our Web-server testing, we used RadView Software's WebLoad version 3.52. All Web tests were performed on servers with two processors and 512 MB of memory. We tested both SSI and static HTML pages of various sizes. We ramped up the number of clients for each test until the server's performance no longer improved. For small, static files, we didn't have enough clients to max out the servers in some cases; they are marked specially in the graphs. Windows 2000: Worth the Pain (Almost) March 6, 2000 By Ron Anderson They said it would be worth the wait. They said it would be more reliable, more scalable and faster. They said it would be manageable and would reduce the costs of computing in your organization. Maybe you're willing to take their word for it, but we think we know you better than that. Like you, we aren't willing to endure the pain and expense of an operating system upgrade unless we can see clear benefits. So we put Microsoft Corp.'s Windows 2000 Professional, Windows 2000 Server and Windows 2000 Active Directory to the test in our Real-World Labs® at Syracuse University, the University of Wisconsin-Madison and Washington to answer the question: Is it really worth the pain?
    • We hammered on Microsoft Windows NT 4 and Windows 2000 file servers, application servers and Web servers, observing their behavior and performance under stress (see "How We Tested," page 44). We scrutinized Windows 2000 Professional, Server and Active Directory to determine if the claims of manageability would hold up. After all, how could these new products be any worse than what we have now? When all was said and done, we found the answer to our question to be an unequivocal "It depends." Windows 2000 is really five products: Professional, Server, Advanced Server, the yet- to-be-released Datacenter Server, and Active Directory, which is a component of the Server editions and can be implemented or not at the user's discretion. Each product has strengths and weaknesses, and each may or may not be a good fit for your enterprise organization. Microsoft Windows 2000's breadth of technologies will make it difficult for organizations to quickly evaluate the operating system's features and plan for their use. We tested several of these new and improved technologies, and included them here and in our companion article "Win2000: New and Improved Internet?" (see page 54). We can't touch on all the features in this article, but we do plan a number of follow-on stories that will more fully explore additional features. Here, we've concentrated on the Windows 2000 products we believe will have the most immediate impact on your organization: Windows 2000 Professional, Windows 2000 Server/Advanced Server and Active Directory. All or Nothing For shops looking to run a desktop/notebook operating system that's more reliable and easier to manage than their current mix of Windows 9x and Windows NT, Windows 2000 Professional is the way to go. There's no question about it--you'll want to upgrade to Windows 2000 Professional as quickly as you can, even if you don't plan to implement Active Directory. We encourage Microsoft shops to be as cautious as with any new product, but to plan on upgrading to Windows 2000 Professional, Server and Active Directory sooner rather than later. The payoff will be a computing infrastructure that's actually manageable. But you'll have to go the whole way. Remember, Windows 9x and NT machines can authenticate in an Active Directory environment but not in much else, so you'll need to install Windows 2000 from the server to the desktop to reap your rewards. For organizations with long-standing multivendor IT infrastructures, a full-blown implementation of Windows 2000, including Professional, Server and Active Directory, will be as much a political undertaking as it is a technical one--and about as pleasant as a trip to the dentist.
    • For example, Active Directory relies heavily on a well-functioning DNS environment that includes support for SRV RR (Service Resource Record) lookups and dynamic updates. If Active Directory isn't working right, look for DNS problems first. Even if your Unix folks agree to set up this environment, fingers will be pointing in every direction the first time something goes wrong, and the struggle for control will be on. Large enterprises that rely on Windows NT for critical functions should plan to implement Advanced Server because of its built-in high-availability features, including TCP/IP network load- balancing and clustering services. We'll look more closely at these features in a future article, so stay tuned. NetWare Shops: Hang Back Our advice for mixed shops that include Novell NetWare and its NDS is to stay the course. Active Directory is young; it needs to mature and prove its mettle. It's also a single-platform environment. NDS has been there and done that, and it supports multiple platforms. NDS with Novell's ZENworks already provides many of the manageability enhancements that Microsoft is just now including in Active Directory, and you can easily continue to manage Windows NT, Windows 9x and even Windows 2000 desktops with ZENworks. In fact, you'll be ahead of the game because Active Directory doesn't provide management tools for Windows 9x or NT. Windows 2000 Reliability Before we get to the details of Windows 2000's elements, let's say a word about reliability, since it plays a critical part in determining the operating system's prospects. We didn't have any reliability problems with Windows 2000 Professional or Server during our tests. We never had one blue screen, even though we pounded hard. We think this bodes well for Microsoft's reliability claims. However, the reliability story won't be fully told until Windows 2000 gets a real-world shakeout over the next few months. Windows 2000: Worth the Pain (Almost) March 6, 2000 How We Tested Our test bed for file and application services included dual 500-MHz Pentium III servers with 512 MB of RAM and five UW-SCSI disks--one for the C drive, one for D and three for E in a striped set. One of the servers was running Windows NT 4 with Service Pack 5 and also served as a primary domain controller. The second server was running Windows 2000 and served as a domain controller. Our client machines were Pentium III 600s with 512 MB of RAM. Each client was connected to an Alteon WebSystems' Aceswitch 180 10/100/1000 switch at 100 Mbps, full- duplex. The servers were connected to the same switch via an Alteon ACEnic Gigabit Ethernet adapter. Setting Up the Benchmarks To conduct the file server benchmark, we used Client/ Server Solutions' Benchmark Factory 2.0 software. We ran a mixed I/O test that included file and directory creation and deletion, sequential and random reads,
    • and sequential and random writes. The writes were not cached, so the scores were much lower than they would have been in a cached environment. The test scaled from 20 to 200 virtual clients in steps of 20, and ran on seven 600-MHz Pentium III Windows 2000 Professional machines (see File Server Comparison in PDF format). Each step included 5 minutes of ramp-up time, 3 minutes 45 seconds of execution time, 1 minute 15 seconds of ramp-down time and 30 seconds of quiet time. To perform the application server benchmark, we used Microsoft's Exchange Server 5.5 Enterprise Edition with Service Pack 3 and Microsoft's LoadSim program. Using the Microsoft Exchange Optimizer, we optimized Exchange for the server and prepared it for heavy loads by applying the specifications listed in Microsoft's Knowledge Base article Q234702, "MTA Queue to Information Store Processing Slowly." Using LoadSim, we simulated for a period of three hours the activity of 2,800 simultaneous heavy Microsoft Outlook users. Four-hundred users were simulated on each of seven 600-MHz Pentium III-based Windows 2000 Professional machines; this ratio was well within the parameters specified by the LoadSim documentation. Prior to running the test, we pre-initialized each of the client mailboxes with a populated folder hierarchy and calendar. During the test, we tasked the clients with a series of typical Outlook user activities: creating, sending, forwarding, moving, deleting and replying to mail; changing and deleting appointments and responding to appointment requests; browsing, creating and deleting folders; and journaling (see Exchange Server Comparison in PDF format). During the first 30 minutes of the test, the server was brought to a steady state. We used the next two hours of the test for computing the results, leaving the last 30 minutes for ramp-down. Web Performance To compare Web server performance, we used a Compaq Computer Corp. ProLiant 6000 server with quad 500-MHz Xeon processors, 1 MB of Layer 2 cache and a RAID 5 disk array. This machine dual-booted between Windows NT 4 and Windows 2000. We used 41 Pentium 200 client NT workstations connected to a Lucent Technologies Cajun switch running at 100 Mbps, full-duplex. The server was connected to the same switch via multiple network cards. To perform the benchmark, we used RadView Software's WebLoad 3.01 software. Prior to running the Web benchmark, we followed the tuning guide found at msdn.microsoft.com/ workshop/server/feature/tune.asp for the Windows NT 4 server, and we followed a performance- tuning guide supplied by Microsoft for the Windows 2000 server. The Web benchmark consisted of numerous tests, ranging from static Web pages to pages that contained server-side includes. For the tests with multiple network cards, the clients were evenly distributed between the server's network cards--that is, in the two-NIC test, half the clients used the IP address assigned to one network card, and the other half used the IP address assigned to the second card. IIS Performance: Both on in PDF format Static Requests Per Second and SSI requests Per Second IIS Performance: Both on in PDF format Static Throughput and SSI Throughput March 6, 2000 Analysis Win2000 Server: Proceed With Caution
    • Although Windows 2000's Server and Advanced Server versions have compelling new features, they offer few, if any, performance advantages over Windows NT 4.0. By Ron Anderson Microsoft Corp. Windows 2000 Server and Advanced Server Our server-performance test results surprised us. Based on performance briefings from Microsoft, we expected Windows 2000 to outperform NT 4 by a wide margin. It didn't. In fact, Windows 2000 and NT 4 were pretty much neck and neck in just about every test, with NT 4 usually ahead by a nose. Windows 2000 performed better than NT 4 as a Web server, worse as an Exchange server, and about the same as NT for file services. Clearly, performance is not an indicator for upgrading to Windows 2000. Windows 2000 Server and Advanced Server are virtually identical products; the difference between the two is the level of support. Windows 2000 Server supports four-way SMP and up to 4 GB of RAM. Advanced Server supports eight-way SMP and up to 8 GB of RAM on machines equipped with Intel's Physical Address Extension (an increase from NT Enterprise Edition's 4-GB limit). Advanced Server also supports 32-node TCP/IP network load- balancing, and has two-node server clustering for high availability. Both packages include Terminal Services, but client-access licenses must be purchased separately. A 25-user Server license costs $1,799; a 25-user Advanced Server license, $3,999. The physical specifications for 2000 Server are nearly the same as they are for NT Server; ditto for the specifications for 2000 Advanced Server compared with NT Server Enterprise Edition. The most compelling reasons to consider the move to the Windows 2000 editions include Directory Services, Terminal Services, support for disk quotas (a feature previously available through third parties only), and DFS (Distributed File System) support. Microsoft has included two tools, Sysprep and Syspart, to help you deploy Server and Advanced Server. Sysprep is used to prepare a Professional or Server installation for duplication to other identical hardware. Syspart is similar, but can be used for faster installations of the OS to dissimilar hardware. Among other things, Sysprep and Syspart remove the source servers' SID (system identifier), so the resulting image can be installed numerous times without duplicating the SID. Terminal Services, which installs in either applications mode or remote administration mode, is now a built-in feature of both Server and Advanced Server. Even if you don't plan to use Terminal Services for running applications remotely, install this feature for remote administration. We used remote administration mode on all our test servers; it let us manage local servers from home, and servers in Madison, Wisc., and Washington from Syracuse. At one point during our tests, we wanted to log on to an Active Directory domain via a cable-modem connection to the Internet, but hadn't yet set up the remote-access service. Using Terminal Services, we connected to the domain controller, set up remote access, and had a VPN (virtual private network) logon to Active Directory within five minutes. This is good stuff. Terminal Services is one of the IP-based services that can take advantage of Advanced Server's network load-balancing. You can establish a server farm of up to 32 Terminal Services servers that are accessible via a single IP address. Network load-balancing plugs new sessions into the server with the lightest load. Internet Information Server (IIS) as well as other TCP- and UDP- based applications also will benefit from this feature.
    • The DFS is a high-availability feature that requires Active Directory. DFS creates an Active Directory-based share of replicated directories that exist on two or more Windows 2000 servers. A user connects to the directory-based representation of the share, and Active Directory connects the user to one of the available replicated file stores. Active Directory first tries to connect the user to the closest server using site information. If that server is unavailable, others are tried automatically until the user is connected. March 6, 2000 Microsoft Windows 2000 Professional Windows 2000 Professional provides the best of both worlds: It offers the ease of use and driver support of Windows 98, and the security, performance and reliability of NT Workstation. We deployed Windows 2000 Pro in our Real-World Labs® and used it day-to-day on our notebooks and desktop machines, and were thrilled by its support for Plug and Play, its ACPI (Advanced Configuration and Power Interface) and its compatibility with existing 32-bit Windows applications. Compared with Windows 9x, Pro on a notebook is nirvana. Our portables went from docked to undocked and from wired Ethernet to wireless networking without missing a beat or a packet. Power management worked like a charm, as did automatic reconfiguration when we added and removed PC Cards. This is the way an OS should work on a portable. A new shutdown option, hibernation, has been added to reduce boot time as well. Hibernation is activated from the power control panel, and you'll need enough free disk space to equal the amount of memory in your machine so RAM can be copied to disk. Hibernation saves your Windows state, including any open applications. Subsequent startup takes about 30 seconds, as opposed to more than two minutes from a standard shutdown, and you're back where you were before you shut down. Lest you think we're all work and no play, we performed extensive testing of Windows 2000 Pro using the classic trial of OS power and compatibility: Microsoft Flight Simulator. While we were at it, we also played hundreds of rounds of Microsoft Links LS 2000. The OS passed the tests with flying colors. The hardware entry point for upgrading to Windows 2000 Pro is a Pentium Pro 200 with 128 MB of memory. We found that trying to upgrade with anything less is just too painful. When used in conjunction with Active Directory, Windows 2000 Pro really shines. Adding greatly to the manageability matrix when Active Directory and Windows 2000 are paired are computer and user group policies for management; application installation and maintenance; offline folders for mobile workers; and RIS (Remote Installation Services) for deployment and emergency repair. We looked at the deployment and management tools with an eye toward TCO (total cost of ownership) and found well-conceived but restricted offerings; the TCO advantages really come into play only in the Win2000 Pro environment--not in earlier versions. We used RIS in the labs to deploy our clients for testing. We took seven 600-MHz Pentium III clients from no OS to Windows 2000 Pro, Office 2000 Premium and logon in 26 minutes. We were able to do the same thing with seven 200-MHz Pentium Pro clients in 33 minutes. That's pretty good, considering we did all 14 clients simultaneously--and, after the PXE (Preboot Execution Environment) boot, the process was completely hands-off.
    • RIS's images are generic, so you won't need to spend much time building images whenever a new type of PC comes in the door. As long as the HAL (Hardware Abstraction Layer) and support for ACPI are the same for two machines, you can use the same image to install the OS via RIS-- even if the video, network and disk drivers are different. RIS lets you know early on if the image you're trying to install will work on the target machine. RIS supports only Windows 2000 Pro, and can't be used for Windows 2000 Server, with notebooks since they can't yet take advantage of PXE, or with any other OS deployment. Once the OS is installed and users log on, Active Directory Group Policies take over. Active Directory Group Policies for Windows 2000 Pro make Microsoft's previous Group Policy efforts look like child's play. The multitude of available settings is both overwhelming and incredibly powerful, and is clearly the strength of this first release of Active Directory. We used policies to set roaming-user profiles, deploy applications including Office 2000, restrict user access to their computers and a variety of OS features, and redirect user folders to network storage. Windows 2000: Worth the Pain (Almost) March 6, 2000 Microsoft Active Directory Active Directory has the potential to be the farthest- reaching component of the Windows 2000 technologies because of the critical importance directory services will have in organizations in the coming months and years. However, we think widespread adoption of Active Directory is still a year or more out because the technology is both critical and new--a precarious combination. Also, Active Directory's out-of-the-box benefits are too narrowly focused on Windows 2000 Pro workstations and users to make implementation compelling for organizations with large installed bases of Windows 9x and NT. We created a multisite, single-domain Active Directory using four domain controllers--two in Syracuse, one in Wisconsin and one in Washington. The systems were connected via a frame relay network. Unlike our experience with an early build of Windows 2000 (back when it was still NT 5.0--see "NT 5.0 Testing: Nice Faucets, Lousy Plumbing," www.networkcomputing.com/921/921f13.html), the connections among our sites were easy to establish and worked well. Microsoft has been busy and productive in the past year. Current NT shops will have the pleasure of replacing their badly outdated domain model with a directory. A significant investment in training will be required, even for the Microsoft faithful, because Active Directory is that different. Given the sorry state of NT domain management, the pain of planning and performing the upgrade to Windows 2000 and Active Directory will quickly give way to feelings of euphoria when you begin to realize the benefits on a day-to-day basis. If you've never administered a directory service before, do your homework. You'll do some things differently and other things for the first time. If you're a veteran NDS admin, you may wish your knowledge base could be magically removed. Forget what you know about partitions and replication. Active Directory doesn't use time stamps, except in very unusual situations--for example, to break ties. And Active Directory doesn't have different types of replicas, opting for multimaster replication instead. Forget about managing access rights to network resources at the OU (organizational unit) level, too; Active Directory supports only users or groups for access-right assignments. Based on our experience with NDS, we think Microsoft's decision to ignore OUs as a security consideration is a mistake that will create additional work for administrators. We've
    • found OUs to be very useful for assigning rights, and hate the thought of having to create groups that mimic our OUs. Active Directory will be a great addition to organizations that plan to implement Windows 2000 Pro and Server throughout the organization. You'll benefit from reduced TCO because of the enhanced management capabilities inherent in an Active Directory/Windows 2000 infrastructure. Active Directory needs to broaden its limited focus, however, to be more compelling for enterprise customers. If you plan to live with Windows 9x and NT workstations, you'll be better off with NDS. NDS has a rich enterprise focus, including cross-platform server versions for Novell NetWare, Sun Solaris and NT, and soon for Windows 2000, Linux and Compaq Tru64 Unix. NDS will include Windows 2000 Pro in the management mix and won't leave your Windows 9x and NT users out in the cold. March 6, 2000 Services Win2000: New and Improved Internet? The new services Windows 2000 includes make it easier to manage printers and Web sites, but don't necessarily speed up the process. By James E. Drews In the area of Internet services, Windows 2000 has enhanced many of its technologies and has added new features and functionality. Internet Information Server (IIS) is the starting point, and it includes improvements of its own. WebDAV (Web-based Distributed Authoring and Versioning), IPP (Internet Printing Protocol) and integrated DHCP/DNS servers are also part of Windows 2000 Server and Advanced Server. WebDAV simplifies Web-site maintenance. IPP is a cool improvement for managing and using printers, even over the Internet. And with an integrated DHCP/DNS server, it's easier to maintain the DNS hierarchy for your system. IIS Windows 2000 Server and Advanced Server feature an updated version of IIS, which Microsoft claims performs better and has improved tuning features compared with earlier versions. For example, Microsoft says the new IIS 5.0 can be set to limit both a site's CPU utilization and bandwidth. When we tested these controls, the bandwidth limit worked as advertised, but we didn't observe any effect on CPU utilization. The limit applied to the out-of-process applications IIS may use, but in our tests we used no processes that fell under this load restriction. To investigate Microsoft's claim of better performance, we repeated the tests that appeared in our article "The Best Bets for Web Development" (www.networkcomputing.com/1020/1020f1.html). As with that story, we used a Compaq ProLiant 6000 quad-processor box, along with 41 Pentium 200 PC clients and a Lucent Cajun switch. Our client computers read Web pages of two different sizes: 1 KB to 10 KB up to 100 KB to 200 KB. We followed these tests with one in which the same-size pages were generated via server-side includes.
    • We found the performance difference between NT 4 and Windows 2000 insignificant in terms of serving static pages. However, Windows 2000 did provide a performance boost when serving pages with server-side includes--at least until the size of the Web pages increased and the network became a bottleneck. It's notable that in the static Web-page tests and in the server-side include pages with larger data payloads, both NT 4 and Windows 2000 still had CPU cycles to burn on our systems. This would indicate a bottleneck somewhere in our test environment. After adding a third NIC to the test setup, we didn't see an 80-Mbps throughput increase. It's quite possible that we were pushing the limits of the Lucent Cajun switch at this point. You Down With IPP? IIS includes support for IPP, which allows clients to use a printer just by knowing its URL. To see printer status, users simply point their Web browser to hostname/printers/; this calls up a list of printers installed on that machine. On client machines, Microsoft's Internet Explorer 5.0 is required in order to authenticate to and view this URL because of IIS's authentication mechanism. Some printers can even display current status information, such as the amount of paper left in the trays, front-panel status and status of the toner cartridge. We found this ability quite handy as it lets administrators view print status from anywhere on the network. During our tests, we were able to check the status of printers in Syracuse from the Wisconsin lab simply by using our Web browser. Helpdesk staff will appreciate this feature. The easiest way we found to install a printer on clients' local machines is to locate the /printers/ URL and select the clients' printer of choice. Next you'll see an option to "connect" to the printer. After you select it, the printer drivers will be downloaded and installed on the local machine. Of course, this option will appear only if you're using a Windows 2000 client. With IPP, users can send print jobs over the Internet. We sent a test print document to the printer in Syracuse from the Wisconsin lab without any mishap. An IPP printer can be configured directly from the control panel by supplying the full URL to the printer. WebDAV With the inclusion of WebDAV, IIS 5.0 benefits from several additions to the HTTP 1.1 specification, such as the actions "move" and "copy." Eager to examine WebDAV's ability to help publish Web pages and sites, we enabled it on our test system and called on Microsoft's FrontPage 2000 to import a small portion of a personal home page. We then made a few modifications and told FrontPage to publish our work. After providing the URL to publish to on our test server, we were prompted to log in. A few seconds later, our new site was up and ready to view. WebDAV also makes Web folders available on Windows 2000 machines or on Windows 9x machines with Internet Explorer 5 or Microsoft Office 2000 installed. On a Windows 2000 client workstation, we added a new network place in the Network Neighborhood and were impressed by WebDAV's thoroughness. After opening the Web folder in Windows Explorer, we moved some images to a new folder. We expected that the pages linked to these images would be broken, but we were pleasantly surprised when those pages were updated automatically. This bit of trickery alone should save people time when they're updating Web sites through Web folders. WebDAV is also supported by NetWare 5.1. Windows 2000: Worth the Pain (Almost) March 6, 2000 Internet Services DNS Administrators will quickly notice that Active Directory uses DNS as its main naming hierarchy. Windows 2000 prefers the ability to add entries to DNS dynamically when adding new
    • subdomains or even servers and workstations. While this sounds like a good idea, it's likely to cause a little stir in your IS department over who controls the DNS servers. We can hear the Unix bigots shouting now--"Windows-based DNS? No way, not on my network." The good news is, administrators who want to maintain their DNS system on a non-Windows- based platform can do so and coexist with the Windows 2000 rollout. Two options are available: The first is to make sure the DNS system running on the Unix (or another) platform is compatible with BIND 8.2.2; this version supports the extensions Windows 2000 needs--in particular, the SRV RR lookups defined in RFC 2052 and dynamic updates defined in RFC 2136. Alternatively, some administrators may choose a hybrid approach. The Unix-based DNS system is run as the main DNS system, and Windows 2000 is given a subdomain to work with. The DNS server provided in Windows 2000 can then manage and control this subdomain. For ease of testing our Windows 2000 environment, we chose the hybrid approach. We created the sub- domain w2k.nwc.com and made the Windows 2000 server the authoritative DNS server over this domain. Our Active Directory domain started with the root domain of w2k.nwc.com and was built up from there. Getting our DNS server up and running under Windows 2000 was quick and painless. Using "Configure your server" from the administration tools menu, we simply selected "Set up DNS" from the Networking->DNS area and automatically installed the needed Windows components for the DNS server. Smaller companies and even divisions of larger companies that lack the Unix expertise to maintain DNS will appreciate this simplicity. We noticed a slight difference in the default setup when the server running DNS was a domain controller. When we added DNS services to a domain controller on the other side of our WAN link, the DNS server was preconfigured to serve DNS information for our w2k.nwc.com domain. A different server that was not promoted to a domain controller had no preconfigured information present. Nevertheless, it was extremely easy to configure the server that was not a domain controller. We selected the "configure server" option after right-clicking on the server object in the DNS administration tool. A wizard popped up to guide us through setting up DNS services. Most common DNS tasks are done with wizards--they're helpful for the novice DNS administrator. Once set up, the DNS server can be configured to allow dynamic updates. If the server is a domain controller, the updates can be restricted to authenticated Active Directory clients. One useful and uncommon feature of the DNS server is its ability to query a WINS (Windows Internet Name Service) server for a client's DNS information. This feature can be helpful while migrating to Windows 2000 or for locating other legacy clients that use WINS. DHCP Configuring clients to use IP can cause administrators headaches, but DHCP (Dynamic Host Configuration Protocol) can be used to ease some of the pain. A DHCP server will manage a pool of IP addresses and "lease" them out to clients. For larger networks, getting DHCP to work can sometimes be tricky. DHCP uses broadcasts for communication between the client and server
    • when obtaining an IP address. Thus, you need either a DHCP server on every subnet (not likely) or some kind of device to forward DHCP requests on to the DHCP server. Most routers can perform this function. As with the DNS server, we found the DHCP server easy to configure and set up. Microsoft's DHCP server uses "scopes," which are ranges of IP addresses the server can give to clients, plus a network mask. For each scope, the administrator can configure what DHCP options should be returned to the client. These include common options such as DNS servers, default router, WINS server and domain name. In each scope, the administrator can hard-code IP addresses to specific Ethernet MAC (Media Access Control) addresses. This lets a client obtain the same IP address every time the client requests one. By doing this, administrators also have the option of overriding information sent back to the client. This includes changing the DNS server, router/gateway, and other equipment the client should use. The DHCP server can also be configured to update the DNS information when a lease is given out or expires. For clients that include the "host name" option when making the DNS request, this is the name that will be attempted to be added/removed from the DNS server. The DNS zone in which the workstation should appear is configured in each DHCP scope. The DHCP server can also be configured to update DNS only for clients that request it, or to always update DNS. We ran into only one problem while testing the DHCP server: It took us time to realize that the DHCP server had to be authorized by a domain administrator before it would give out addresses. This measure helps prevent unauthorized DHCP servers from showing up on the network. Once we logged in as a domain administrator and authorized the DHCP server, it worked like a charm--the DHCP server updated the DNS server exactly as expected. Windows 2000: Worth the Pain (Almost) March 6, 2000 Executive Summary Windows 2000 Microsoft Windows 2000 is best viewed as an amalgam of three product classes: a desktop operating system, a server operating system and a directory service. The new desktop--Windows 2000 Professional--is the big winner of the three. Modern desktop and notebook features include support for USB, Plug and Play and an ACPI (Advanced Configuration and Power Interface). This is the best notebook OS we've ever used. In conjunction with Windows 2000's fledgling directory service, Active Directory, Professional is more manageable than any previous iteration of Windows. In its first incarnation, Active Directory has a narrow focus that will make it a tough sell in many heterogeneous enterprises. Active Directory is really about Windows 2000, providing only rudimentary support for Windows 9x and NT clients. For NT Domain shops, Active Directory is a giant leap forward. However, DNS integration into Active Directory may lead to turf wars in your organization.
    • Apart from Active Directory, Windows 2000 Server and Advanced Server don't raise the bar much over NT 4 Server and NT 4 Enterprise Edition. During our performance tests, we stressed our servers with severe loads and they didn't skip a beat. Our experience bodes well for Microsoft's claims of enhanced reliability. We can't say the same for Microsoft's claims of enhanced performance. Our tests revealed similar or slightly worse performance for Windows 2000 Advanced Server when compared with NT 4 Server. When deployed in conjunction with Active Directory, enhanced functionality and manageability make the server products tantalizing. Windows 2000: Worth the Pain (Almost) March 6, 2000 COMmoditizing the Application Server With Windows 2000, Microsoft has made the move from COM (Component Object Model), implemented in earlier versions of Windows, to the next step, COM+ Services 1.0. On the surface, COM+ may appear to be primarily marketing hype, giving a new name to a bundle of existing technologies. But look a little deeper: Beyond the incremental changes, what's going on is significant. Microsoft is moving toward commoditizing the application server market by pulling major portions of typical middle-tier functionality into the base OS, just as it did with browsers. Such a move should allow Microsoft--in theory--to tightly tune and integrate the middle- tier features now included for free in the OS. Microsoft's COM technology, which has evolved from earlier technologies such as DDE (Dynamic Data Exchange) and OLE (Object Linking and Embedding), is widely implemented throughout the company's products. (For a more complete discussion of COM/ DCOM and the competing component models, CORBA and Enterprise JavaBeans, see "Sneaking Up on CORBA: The Race for the Ideal Distributed Object Model," www.networkcomputing.com/1009/1009f2. html). Microsoft is working toward simplifying the development and deployment of COM objects--"zero plumbing," in Microsoft jargon. So to create an object, you check a property box. To make an object transactional, you check another box. The upside is that you can quickly create components. But that's the downside too. That is, it's easy to create inefficient or poorly designed objects. However, for many organizations with limited staff and expertise, check boxes let you do what APIs can't--they let the OS deal with issues such as concurrency and threading, error-handling and transaction rollback and commit. The seven basic areas of COM+ Services 1.0 are servers, transactions, security, administration, load-balancing, queued components and events. In the past, Microsoft Transaction Server (MTS) handled the first four of these for components under Windows NT 4.0; now Windows 2000 has absorbed MTS, and the COM and MTS development teams have been merged. The resulting changes range from trivial to substantial. For
    • example, it's now possible to quickly set components as auto-complete or auto-abort, but this just simplifies a task you could do before programmatically. On the other hand, it's also now possible to set role- based security at both the method and component level for COM components, centralizing security management for COM-based systems-- an important addition. Another useful change is a specifically defined way to let components inherit the security and other attributes (context) of their parent components. To address administration concerns, the COM+ Administrator is a Microsoft Management Console (MMC) snap-in. Administration for COM+ features should be familiar to Windows system administrators, but as with other MMC components, the administration features are also accessible via APIs. Microsoft Message Queue (MSMQ) is being more tightly coupled to the base OS, and Microsoft is pushing MSMQ as a way to "throttle" high system load through transaction queues, even in systems that predominantly use synchronous transactions. We haven't had a chance to deploy any high-load systems under Windows 2000, so it remains to be seen whether this method (which Microsoft terms "queued components") is an effective way to handle large volumes of transactions. Other additions are COM+ event services, a basic publish-and-subscribe model for event handling between COM objects, and some basic load- balancing features for COM objects, using what Microsoft calls a "response time tracker" to send the request for an object to the least loaded server. The load-balancing seems fairly rudimentary at present, with little administrator control possible over the mechanism, though Microsoft has stated its intent to publish the interfaces to let end users write their own load-balancing algorithms. Another acknowledged and much needed enhancement would be a managed object-persistence architecture, such as that defined in Enterprise JavaBeans 1.1. With these additions, Microsoft has stated that it intends Windows 2000 to be "the best application server in the world." If the company is even marginally successful, independent application-server vendors are in for a tough fight. --Richard Hoffman
    • A Calculated Decision There's a new cost equation for Windows 2000, but it doesn't work for everyone By Aaron Ricadela Get out the cost/benefit calculators. When Microsoft unveils Windows 2000 in San Francisco this week, the pitch will go something like this: More functionality plus easier administration, for the same price as Windows NT, equals lower cost of ownership and greater business value. It's a formula that adds up for some Microsoft customers-but not all. At $400 or more per desktop for software, services, and training, an upgrade to Windows 2000 would cost a business with 1,000 PCs a minimum of $400,000-and, by some estimates, closer to $1 million. That doesn't even include the cost of server migration. So just what-and when-is the payback on that sizable investment? There's no consensus. According to an InformationWeek Research survey of 200 IT managers at companies that plan to test or deploy Windows 2000, an optimistic one-third expect an immediate decrease in total cost of ownership on deployment, and nearly half anticipate lower costs within two years. But 27% are bracing for a near-term increase-and 18% think costs will be higher even over the long haul. The survey was completed last week; for more results, see here. "Cost of ownership is the big question, and we won't know the answer until we change over the initial PCs and servers," says Bob Zoellner, a systems manager with integrator EDS who's on assignment at Kellwood Co., a St. Louis apparel maker. During the next two years, EDS will convert 500 PCs and 70 servers to Windows 2000, but Zoellner isn't expecting an immediate payback. "It will take a good two years before we can hope to see costs level out to something similar to what we're experiencing now with Windows 95 and NT," he says. The uncertainty seems to be little deterrent. According to the InformationWeek Research survey, nearly three-quarters of respondents plan to deploy Windows 2000 widely on PCs and servers within 12 months, a rapid ramp-up. "It's the first release of Windows where the things that end users get excited about, and performance and reliability, are balanced by the things that IT people want organizationally-security, software deployment, management of the PCs," Microsoft chairman Bill Gates said in an interview in November. Online retailer Nordstrom.com isn't waiting around. It has been running Windows 2000 in production on about 60 Web servers for a little more than a week. "We're moving so fast that it's almost like one day we decide we need Windows 2000, and the next day we start," chief technology officer Paul Onnen says. "With Internet companies, things move so fast that you don't have time to measure things or do a formal analysis beforehand-you just do it." The E-retailer is already experiencing fewer system crashes and may be able to reassign at least one IT staffer from server maintenance to site productivity, a meaningful gain, Onnen says. More important, fewer system failures mean better online service. "We're measured on customer satisfaction, the number of people coming to our site, features to help them buy, and how easy it is to make returns," Onnen says.
    • This week, Microsoft will present case studies of Micronpc.com and military contractor United Defense that are intended to demonstrate Windows 2000's potential to lower PC ownership costs. Bottom-line results: IT budget reductions of 15% and downtime costs cut in half. Microsoft hired Gartner Group to audit the results. In a second set of customer examples, Microsoft will make a bolder assertion-that Win2000's greater value comes from measurable business advantages. It will pitch a methodology it calls "rapid economic justification" that assigns dollar values to benefits related to the use of Windows 2000, such as increased worker productivity or faster time to market. "Some of the thinking among customers, analysts, and ourselves was that in addition to focusing on the cost portion of IT, you also have to look at the top-line revenue increase you get as a result of IT," says Deborah Willingham, Microsoft VP of marketing. The studies of Panasonic Consumer Electronics, retailer Marks and Spencer, and others show upgrade costs of $900 per PC, but forecast return on investment of 400% during the next three years. Giga Information Group audited the results. Microsoft will release a toolkit to let customers crunch the numbers themselves. (Our survey puts the upgrade cost at $400 per PC, excluding hardware.) Metrics that justify IT investment based on revenue contribution aren't new-consulting firms have been applying them for years. "We've tried to take some of that same kind of thinking and put it in a model that's straightforward for customers," Willingham says. But even Microsoft's own customers are wary of using a Microsoft-supplied tool to measure Windows 2000 payback. "You have to be careful, because they're always interested in the positive aspects of that analysis," says Gregor Bailar, executive VP and CIO at the National Association of Securities Dealers. The company has seen performance increases on the 40 Web servers it has migrated to Windows 2000, and Bailar is bullish on prospects for lower costs. "We won't need to buy new machines as quickly, because we saw a 25% to 30% capacity increase" just by installing Windows 2000, he says. Microsoft has long argued that its computing model, based on widely available, low-cost Intel systems, yields a lower cost of ownership than proprietary Unix environments. Windows 2000 advances that argument. For example, the new Active Directory enables management features such as SysPrep for cloning PC configurations across a network, and IntelliMirror, which lets users access their data on workstations around a network. Lockheed Martin Corp., the $25.4 billion aerospace and defense contractor, plans to migrate 120,000 desktops and 700 servers to Windows 2000 during the next three to five years. "The full benefit of Windows 2000 is really when the servers and desktops are deployed together," says Massimo Villinger, chief technology officer at Lockheed Martin Enterprise Information Systems, the company's IT services arm. Lockheed Martin's rollout plan will capitalize on the benefits of Windows 2000 Server first. Villinger estimates, for example, that one of the company's four business units can drive 10% out of its costs by consolidating 200 servers down to half that. More important, moving to Windows 2000 can accelerate the company's E-business capabilities by enabling an infrastructure for sharing purchasing information and design drawings with partners and reallocating IT staff from maintenance to product development. "We want to participate in the advantages of business-to-business E-commerce as quickly and aggressively as possible," Villinger says. "The advantage we see in Windows 2000 is that instead of spending time in day-to-day operations, we'll be able to devote more resources to rolling products out faster."
    • For all of Windows 2000's cost-saving features-electronic software distribution among them- bottom-line benefits may be hard to come by without adequate planning. "Windows 2000 isn't a magic bullet," says Michael Gartenberg, VP and research director at Gartner Group. "Your real bang for the buck is using Windows 2000 as the catalyst for a well-managed environment." Gartenberg estimates companies that enforce PC policies, train IT staff on remote software installation, and implement other controls can save up to 26% with Windows 2000. But the up-front cost and complexity will cause some businesses to proceed judiciously. On Friday, Microsoft's stock dropped more than 5% on news of a Gartner Group report warning that some Windows 2000 rollouts will encounter compatibility problems with existing IT environments. "It's kind of scary when they throw all these things at you, like Active Directory," says Tim Lassance, VP of IS at Heartland Financial USA Inc., a Dubuque, Iowa, financial-services company with more than $1 billion in assets. "Our total budget for IT is $250,000, with $80,000 to $100,000 for networks. We could spend all of that on Windows 2000." Still, Lassance expects his cost of ownership to fall this year as Heartland replaces Windows 95 and 98 on about 500 desktops. "We're very dispersed geographically, so we want to be able to install software quickly and send out updates without sending people out," he says. The company wants a "cookie-cutter approach" when setting up computers at new branches. "You take a quantum leap with Windows 2000-that's going to be hard for some network staff," Lassance says. "But there will be a plan we have to stick to. Windows 2000 forces you to plan things out to get all the benefits." Other uncertainties cloud the cost-containment picture. IntelliMirror, for instance, promises to cut down on "sneakernet" administration and was even called "zero-administration Windows" for a while. Yet 65% of IT managers surveyed by InformationWeek Research say Windows 2000 won't reduce their number of system administrators or related costs a year from now. David Shomette, senior manager of IT administration and support for the Public Broadcasting Service, the non-profit TV network in Alexandria, Va., is among those expecting near-term costs to increase with Windows 2000. PBS plans to deploy Windows 2000 Professional across more than 600 workstations during the next few months. "I've never found cost of ownership to be less with newer versions of Microsoft operating systems because there's always a learning curve," he says. "When you implement a new package, you continue to pay for training and support-those are the real costs." The need to train and certify IT staff for Windows 2000 ranked among the top challenges companies face as they migrate to the system (see story, p. 123). In all, 70% of respondents cited training as a challenge in the InformationWeek Research survey, topped only by application upgrades. "Skills is certainly an area of concern," says Lockheed Martin's Villinger. There are other variables. If customers want 32-way processing, they'll have to wait for Windows 2000 DataCenter Edition, expected this summer. Analysts estimate the vendor will charge a high premium over the $4,000 price tag on Win2000 Advanced Server. But as businesses try to keep up with the pace of the Internet economy, some are simply throwing caution to the wind when it comes to the cost analysis on Windows 2000. Forget cost; think opportunity. Says Nordstrom.com's Onnen, "I don't think total cost of ownership holds nearly as much weight as it did in the past." --with additional reporting by Larry Greenemeier and Jennifer Mateyaschuk