Read an Excerpt
Chapter 1: The Windows 2000 EnvironmentThroughout this book, you'll find a lot of discussion of the core components of the Windows 2000 products, so let's start by defining those components and the terminology you'll see.
The Windows 2000 Family Of Prodcuts
The Windows 2000 product line is made up of four versions. Unlike previous versions of Windows NT, which typically only differed between server and workstation versions, the Windows 2000 family has significant inclusions and exclusions of features among the various versions of the product.
Windows 2000 Professional The Windows 2000 Professional edition is the desktop or workstation version of the product line. It includes all the security functions, mobile user features, system reliability components, and network integration components necessary for a workstation or laptop to integrate into a Windows 2000 environment.
- Windows 2000 Server The Windows 2000 Server edition provides four-way symmetrical multiprocessing for small and medium enterprise workgroup, application server, or branch office environments. It includes all the internetworking components needed to provide the server-level and network management connectivity of a Windows 2000 environment.
- Windows 2000 Advanced Server The Windows 2000 Advanced Server edition provides up to eight-way symmetrical multiprocessing for more powerful enterprise, departmental, and application server purposes. With enhanced memory access capabilities, integrated two-way clustering, and load-balancing support, the Advanced Server edition provides better support for scalable network server needs.
- Windows 2000 Datacenter Server The Windows 2000Datacenter Server edition supports up to 32-way symmetrical multiprocessing and up to 64 gigabytes (GB) of physical memory. It provides both four-way clustering and load-balancing capabilities for the most robust scalable and mission-critical enterprise needs.
The Core Componets Of Windows 2000
The Windows 2000 family of products is made up of servers, domain controllers, and client desktop systems. This may seem the same as in previous versions of the operating system, but the definitions of these components have changed-thus, the way you'll implement these elements is slightly different. (See Chapter 5 for more details on the hardware requirements and suggested configurations of the servers, domain controllers, and desktop systems.)
Servers (Application and File Servers)
The first component in any network is a file server. The term "file server" is a historical term that refers to the main system in a network that manages files. However, in today's networking environment, the file server is more commonly just called a server because of the varying uses of server systems. A server today can be either a centralized storage system for files in the traditional sense, or it can be an application server.
It's common to use application servers for business productivity or line-of-business applications. Some examples are SQL databases, electronic messaging applications, human resource systems, web server information, and company intranet systems. These apphcation servers manage program information and application data instead of merely providing individual files for users. Users have access to all of the structured, stored information.
You'll need to set up domain controllers to authenticate users and to grant secured access to the networking environment. The domain controller is usually a separate dedicated system acting as an application server, and its sole function is as a domain controller. Of course, domain controller services could be added to the functions of any other file or application server, creating a dual-function machine.
Windows 2000, unlike previous versions of Windows NT, lets you make the decision about using a computer as a domain controller at any time. You don't have to make this determination when you install the operating system, because any member server can be promoted to a domain controller. (Chapter 9 has detailed discussions on the placement of the domain controllers.)
The final component of a network is the client. Clients have traditionally been personal computers with lots of memory and high desktop-processing speeds. Windows 2000 offers a wide range of options for client connectivity.
Windows 2000 systems can use standard PCs (for instance, an Intel x86/Pentium computer), Apple Macintosh computers, or the new thin-client technology workstations (terminals with very modest processing capabilities). The Windows Terminal Services technology is embedded in the operating system, allowing a server to share its processing capabilities with the client. (See Chapter 14 for a discussion of desktop client options, including thin-client technologies.)
Windows 2000 introduces a new series of terms based on the directory management system called the Active Directory. The Active Directory is a new method of managing users, groups, and network resources in a hierarchical structure. This section covers some of the important terms you need to know about the organizational structure of this environment. (See Chapter 6 for a full discussion of the Active Directory and the design and implementation processes.)
The Active Directory is a new hierarchical administration and management system that's been integrated into the Windows 2000 family of products. One of the side benefits you'll notice immediately is an improvement in your ability to distribute management roles for the organization's security system. Instead of granting either full administrative rights or limited user security rights, the Active Directory provides a virtually unlimited number of levels of security. You can delegate administration and management of any portion of the enterprise hierarchy. The substructures are called organizational units, and you can arrange them in any way you wish-for example, by business unit or site.
An organizational unit can be any segment of your organization. You could use department grouping (such as Finance, Manufacturing, and Marketing), or geographical grouping (such as San Francisco, New York, and Tokyo). In fact, you can deepen the segmentation, perhaps by breaking down a site organizational unit into its departmental groupings. Each layer of the organization that is designated an organizational unit can be separately administered and managed. You can allocate resources to an organizational unit, as well as create a security policy that limits users to those resources.
Furthermore, you can permit administrators to delegate administrative tasks for suborganizations (creating a group of subadministrators). This is an organized and logical way to control which individuals have access to which resources within the organizational structure. In other words, you can build levels of delegation rights that administrators can use to assign administrative tasks to other users within the organizational unit.
Windows 2000 also has a formal designation known as a site. The organizational units designate levels of security and user administration boundaries, and the site designates the boundaries for the replication of security information within the organization. If your organization is physically distributed across multiple locations, you can create sites to manage user authentication and directory replication. The computers (both workstations and servers) in a single site should be connected by high-speed lines.
It may be that your organization refers to a city as a site (for example, your offices in Tokyo are a site). However, if you have multiple office buildings spread across that city and they're connected by low-speed frame relay connections (56K lease lines or ISDN connections), you should consider each location as an individual site. Your Windows 2000 sites may be Tokyo-North, Tokyo-South, and Tokyo-West...