Talk

356 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
356
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Implement new monitoring solution. Looking at NetIQ Appmanager and NetIQ Administration Suite Implement new backup solution. Looking at Veritas NetBackup
  • Implement new monitoring solution. Looking at NetIQ Appmanager and NetIQ Administration Suite Implement new backup solution. Looking at Veritas NetBackup
  • Implement new monitoring solution. Looking at NetIQ Appmanager and NetIQ Administration Suite Implement new backup solution. Looking at Veritas NetBackup
  • Talk

    1. 1. SLAC Windows Migration Bob Cowles Presented for the SLAC Windows Migration Project HEPNT, Fermilab October 24, 2002
    2. 2. Overview <ul><li>Project Objectives </li></ul><ul><li>Present NT Environment </li></ul><ul><li>AD Environment </li></ul><ul><li>Upgrade Path </li></ul><ul><li>Related Projects </li></ul><ul><li>Migrating Users </li></ul>
    3. 3. Project Objectives <ul><li>Provide a more stable and secure Windows environment for our user community </li></ul><ul><li>More efficient administration </li></ul><ul><ul><li>Simplified domain structure </li></ul></ul><ul><ul><li>Delegation of privileges </li></ul></ul><ul><ul><li>Enhanced distribution of software and policy (GPOs) </li></ul></ul><ul><ul><li>Integrated directory services (including Exchange 2000) </li></ul></ul>
    4. 4. Project Objectives <ul><li>Provide new functionality for users </li></ul><ul><ul><li>Better support for portables </li></ul></ul><ul><ul><li>Better networking support (VPN, wireless) </li></ul></ul><ul><ul><li>Better multimedia support </li></ul></ul><ul><ul><li>Better communications (OWA) </li></ul></ul><ul><li>Easier to support </li></ul><ul><ul><li>Better support tools (Remote Assistance for Help Desk and local admins) </li></ul></ul>
    5. 5. High-level view <ul><li>One domain with OUs representing mission, administrative and funding boundaries </li></ul><ul><li>Desktops to have Windows XP and Office XP </li></ul><ul><li>Exchange 2000 for all messaging </li></ul><ul><li>Project to be completed Dec 2003 </li></ul><ul><li>Other related projects </li></ul><ul><ul><li>New storage project </li></ul></ul><ul><ul><li>SMS and GPO’s for software distribution </li></ul></ul><ul><ul><li>Monitoring project </li></ul></ul>
    6. 6. Current NT Environment 1500 Exchange 5.5 user accounts Other desktops <100 Macintosh (not supported) 0 Windows 3.1/DOS (not supported) 1000 (roughly 70%) WinNT workstations supported by central computing 90% Compliance for system fixes, anti-virus, etc. 450 Linux RedHat Desktops ~60 WinNT Workgroup,Win9x (not supported) 2000GB Windows NT/2K central file servers data 119 Windows NT/2K central servers 3600 Windows NT user accounts 91% % PC’s purchased as standard Dell HW (80% of current SLAC PC’s are now standard Dell HW) ~1400 Windows NT/2K domain machines on site Sept. 2002 Description
    7. 7. Current NT Environment <ul><li>Master domain with 10 resource domains </li></ul><ul><li>Laptops are W2K; better support for hardware and remote access </li></ul><ul><li>Desktops are NT4; limiting W2K on the desktop due to the need for admin privilege for running many applications. </li></ul><ul><li>Fileservers 2 TB data 60% user home directory, 40% groups directory Rate of growth: doubling every 12 months. </li></ul><ul><li>Storage of user data on central servers is encouraged (there is no backup of workstations provided by SCS). Department servers are discouraged. </li></ul>
    8. 8. Current NT Domain Environment
    9. 9. Current NT Environment <ul><li>Print services reside on local domains </li></ul><ul><li>Central account domain in SLAC </li></ul><ul><li>Machine accounts in local domains </li></ul><ul><li>Centralized WINS Servers </li></ul><ul><li>DNS hosted on UNIX Bind systems </li></ul><ul><li>Remote access via PPTP/VPN and ICA/Citrix </li></ul>
    10. 10. Current NT Environment <ul><li>Monitoring via network “ping” </li></ul><ul><li>Anti-virus on all machines with InoculateIT. Updates downloaded from central server </li></ul><ul><li>E-mail anti-virus scans via Sybari Antigen </li></ul><ul><li>Veritas BackupExec used with DLT and LTO libraries to back up </li></ul>
    11. 11. Active Directory Environment Single forest and domain with multiple domain controllers (DC). FSMO roles reside in SLAC’s DC’s.
    12. 12. Windows Active Directory Environment <ul><li>Print services reside on central print servers </li></ul><ul><li>Exchange 5.5 going to Exchange 2000 </li></ul><ul><li>Central account domain in SLAC </li></ul><ul><li>Machine accounts in department OU’s </li></ul><ul><li>Centralized WINS Servers </li></ul><ul><li>Delegated DNS zone win.slac.stanford.edu running as “Integrated Zone” on DC’s </li></ul><ul><li>Remote access via PPTP/VPN and ICA/Citrix </li></ul>
    13. 13. Four Options As Upgrade Path <ul><li>1) Migration tools and SID history pros: clean install of server infrastructure by going to ‘Native mode’, reversible. cons: migration tools were buggy. </li></ul><ul><li>2) Double ACL all resources pros: clean install of server infrastructure by going to ‘Native mode’, reversible. cons: need to re-ACL all resources, confusing. </li></ul>
    14. 14. Four Options As Upgrade Path <ul><li>3) Re-ACL to new domain and cutover pros: clean install of server infrastructure by going to ‘Native mode’, short time. cons: not reversible, re-ACL resource domains, disruptive for users </li></ul>
    15. 15. Four Options As Upgrade Path <ul><li>4) In-place Upgrade pros: Easier for administrators and users </li></ul><ul><ul><li>No re-ACL </li></ul></ul><ul><ul><li>No new domain </li></ul></ul><ul><ul><li>No migration tools </li></ul></ul><ul><ul><li>No SID History </li></ul></ul><ul><ul><li>Less likely to break </li></ul></ul><ul><ul><li>Less overhead </li></ul></ul><ul><ul><li>Upgrade went smoothly, recommended by Microsoft. </li></ul></ul>
    16. 16. Related Projects - SMS <ul><li>Utilize for security updates, hotfixes and service packs </li></ul><ul><li>Currently rolled out to half of lab (~700 workstations) </li></ul><ul><li>New SMS rollout coincide with W2K/XP rollout </li></ul><ul><li>Delegate abilities to OU Admin’s </li></ul>
    17. 17. Related Projects - GPO’s <ul><li>Use GPO’s for main policies </li></ul><ul><ul><li>security policies </li></ul></ul><ul><ul><li>disabling services (Internet Connection Sharing, …) </li></ul></ul><ul><ul><li>authentication standards </li></ul></ul><ul><li>Ultimately use GPO’s to co-exist with SMS and boot floppy to rollout registry changes, software, hotfixes and service packs </li></ul>
    18. 18. Related Projects <ul><li>Implement new monitoring solution. </li></ul><ul><li>Implement new backup solution. </li></ul><ul><li>Upgrade Citrix Metaframe 1.8 on NT TSE to Citrix XPe on Windows 2000 over the coming year </li></ul>
    19. 19. Migrating Users <ul><li>Migration to Windows XP Office XP Exchange 2000 </li></ul><ul><li>Clean install of 1600 client computers </li></ul>
    20. 20. Migrating Users-timeline <ul><li>Alpha migration, August 2002 Windows administrators </li></ul><ul><li>Beta migration, September 2002 All central computing users, and power users from each department </li></ul><ul><li>Pilot migration, November 2002 5% representative sample across all departments </li></ul><ul><li>General migration, December 2002-December 2003 </li></ul>
    21. 21. Challenges <ul><li>Tight budget limits hardware upgrades </li></ul><ul><ul><li>4 yr. replacement cycle not always followed </li></ul></ul><ul><ul><li>XP needs 3 GB hard disk & 256 MB of memory </li></ul></ul><ul><ul><li>Older hardware works, but may run slower </li></ul></ul><ul><li>Limited resources and budget </li></ul><ul><ul><li>Freeze Windows NT except for security </li></ul></ul><ul><li>Interoperability with SLAC UNIX environment </li></ul><ul><ul><li>Samba gateway, AFS </li></ul></ul><ul><ul><li>Mitigated somewhat by WTS, WinSCP </li></ul></ul><ul><li>Varied missions, administration and funding </li></ul>

    ×