10 Reasons to Migrate to Windows 2000 and 10 Reasons to Wait

Moving to a new OS requires planning—strategic and tactical. Before you can complete a strategic plan to migrate your existing Windows NT network to Windows 2000 (Win2K), you must understand Win2K's strengths and weaknesses. Win2K's many delays (by the time this article publishes, the OS will have had the largest number of product delays in Microsoft's history) aren't reason enough to postpone migration. After all, the tweaks Microsoft made to the product during these delays presumably improved the OS.

For tactical information about migrating to Win2K, see "Related Articles in Previous Issues," page 86. For strategic information, including 10 reasons why you should migrate to Win2K, 10 reasons why you should wait to migrate, and how long to wait, read on.


1. No other choice
Like it or not, Win2K is coming. Because Microsoft's revenues depend on upgrades to its customers' installed base, the company will eventually stop supporting NT 4.0. Your alternatives to installing Win2K are to continue using NT 4.0 without any more bug or security fixes, or tear out your existing NT network and install UNIX or Linux.

2. Kerberos security
Kerberos is a network authentication protocol that the Massachusetts Institute of Technology (MIT) developed to transmit data across nonsecure networks. Kerberos and Active Directory (AD) are the two enabling technologies that make Win2K so different from NT 4.0. Kerberos has several advantages over NT LAN Manager (NTLM), NT 4.0's authentication protocol. One prominent advantage is Kerberos' ability to form transitive, rather than NT 4.0's nontransitive, trusts. An easy way of explaining a transitive trust is to say that if you trust your parents, and your parents trust the Joneses next door, then you trust the Joneses. This Kerberos feature is what lets Win2K create domain trees and forests. Another advantage of Kerberos is mutual authentication, which causes the server and client to verify their partner's authenticity. This feature eliminates NT Workstation 4.0's susceptibility to man-in-the-middle attacks from systems posing as servers.

3. Public key infrastructure
Win2K incorporates public key infrastructure (PKI) security features. PKI is a system of digital certificates and Certificate Authorities (CAs) that, like Kerberos, let both parties in a transaction check each other's authenticity and encrypt the transaction. PKI is the security system best suited for the Internet and therefore is useful for secure e-commerce between businesses. The U.S. Postal Service is using PKI to give customers 24-hour Internet access to postage. Although PKI isn't yet mature, its inclusion in Win2K foretells groundbreaking integration of security levels and encryption into daily business tasks.

4. SOHO features
Although Microsoft has concentrated publicity on Win2K's enterprise performance and scaled the OS to 32 processors, Win2K also provides several features for the small office/home office (SOHO) environment. The OS has a competent router and supports a demand-dial interface, so traffic that routes to a modem interface causes the modem to automatically dial an ISP. Features such as Internet Connection Sharing in Windows 2000 Server (Win2K Server) and Windows 2000 Professional (Win2K Pro) let multiple users on the network use the system's Internet connection. Internet Connection Sharing uses Network Address Translation (NAT), in which the router (i.e., the server) takes traffic between the local network and the Internet and translates the traffic from multiple local nodes to one network IP address, as the ISP expects. This process lets the ISP see multiple users on the local network as one (busy) user. (For more about NAT, see Zubair Ahmad, "Windows 2000's Network Address Translation," page 141.)

5. Enterprise focus
Microsoft is squarely focused on the enterprise-scale, mission-critical server market. Win2K has SMP enhancements that let the OS scale to more than four processors in a more linear fashion than NT 4.0 did. In addition, Windows 2000 Datacenter Server (Datacenter) competes with UNIX boxes that support as many as 32 processors and 64GB of physical memory.

6. Thin built in
Win2K Server offers Terminal Services as a service right out of the box. This feature is useful for accessing remote servers as though you're logged on to the system console. After I used the Terminal Services client to remotely access my Win2K systems for a few weeks, I missed the service's presence on my NT 4.0 systems. To obtain equivalent Terminal Services features on an NT 4.0 network, you need to rebuild and relicense every server with NT Server 4.0, Terminal Server Edition (WTS). In most cases, this task isn't practical.

7. Hooks for big storage
Microsoft recognizes the growth of data storage and NT's weakness in this area. Win2K addresses this weakness with quota management, hierarchical storage management (called Remote Storage Service—RSS), dynamic volume management, and improvements in NTFS. Many of these features use technology Microsoft licensed from third-party vendors. In most cases, Win2K employs a basic implementation of a technology—enough to pique your interest and perhaps make you try the technology for a small job. But to use a feature's most powerful implementation, you must go to the third-party vendor whose product integrates into Win2K's new storage-management APIs. For example, Win2K's Logical Disk Manager is a simple version of VERITAS Software's VERITAS Volume Manager, and the OS's disk defragmenter is a manual version of Executive Software's Diskeeper.

8. Windows 2000 on the road
Win2K Pro is the most useful notebook OS I've used. The OS's functionality and flexibility beats Windows 98's, hands down. Win2K Pro's offline files feature lets you mark network files and folders for offline use. The OS then creates a local cache and keeps the files and folders synchronized with the originals in the background. This feature is like a Briefcase with brains—if you keep your working documents on a server share for the virus-scanning and regular-backup benefits, just mark the directory for offline use and take it with you. Win2K Pro also has a hibernate function that writes all the contents of physical memory to a hibernate file before shutting the power off, thereby saving the system's state. The hibernating system uses virtually no power and takes about 15 seconds to hibernate and 45 seconds to restore on a 366MHz Pentium II processor. However, the system won't hibernate if a network file is open, even if you've marked the file for offline storage.

To make hopping on and off a corporate network even easier, you can configure the OS to show the local area connection (i.e., your network card) as an icon in the system tray. When you connect to a network and establish a link, a callout balloon appears to show that you're connected and at what speed. Switching locations is as simple as disconnecting the network cord, putting the notebook in standby or hibernate mode, and plugging the notebook in to a different network cable. All these features give you peace of mind when you travel and need files within easy reach.

9. Distributed administration
You can finally start the process of pushing account and resource administration closer to users. In Win2K, domains are no longer units of administration; they're units of replication and security. Organizational units (OUs) are the new units of administration. You can create a hierarchy of OUs that delegates a subset of administration down to the workgroup level. However, just because you can create an OU hierarchy doesn't mean you should. Keep the initial design simple until everyone's expertise with the product grows, all the bugs shake out, and your support organizations can adapt to the product's new abilities.

10. Client management
Win2K has several client and server features that lower the OS's total cost of ownership (TCO). IntelliMirror and Group Policy help simplify client software installation, from simple applications to the OS itself, and Dfs lets you construct a logical hierarchy of network resources. Dfs lets users across the enterprise access the same resource name (e.g., \\mycompany.com\software), and Win2K redirects the users to the closest share point replica on the network.


1. No problems that need solving
Deploying a product just because it has some nifty features is a bad idea. You need to make a business case for Win2K in your company, including what problems the OS will solve; whether, how, and when the OS will save the company money; and what new capabilities (i.e., capabilities that will save the company money or make money for the company) the OS will enable. Financial officers and stockholders think in these terms. Your business case will help you determine how quickly to deploy Win2K in your company.

2. Thirty million lines of code
Win2K is the largest programming artifact in existence. Despite the unprecedented number of users that Microsoft encouraged to test the beta code and report bugs, the OS's size creates numerous places for code to fail. Unless you have a compelling reason to migrate immediately, wait until Service Pack 1 (SP1) for a large migration (see "When Should You Jump?").

3. First through the minefield
Users' early rollout experiences with an OS generate the bug reports that power service packs. So, you need to keep up with users' Win2K experiences through conferences, user groups, and the trade press. Find out how companies are implementing the OS, what successes they've had, what problems they've encountered, and how they worked around the problems.

4. DNS
A major topic for many companies is how Win2K, which relies on DNS and its latest extensions, integrates with a company's existing DNS infrastructure. This problem is larger than you might think, not because of the technical aspects but because most companies' production DNS runs on UNIX. Because NT and UNIX are notorious rivals, this situation generates OS loyalty concerns.

5. Application requirements
One of Win2K's main purposes is to support applications. Win2K enforces application requirements more stringently than NT 4.0 does, and almost all applications that work with hardware will require new Win2K drivers. Therefore, you need to get all your applications ready before you can roll out.

6. Support infrastructure
Your support infrastructure must change to take advantage of Win2K. You probably designed much of your support around NT (or rather NT's limitations), with a centralized or semicentralized Help desk and every major administrative entity in a separate domain. If you migrate to Win2K and push administrative rights further down into the organization, your support process will need to change. In fact, your support infrastructure will likely need to change for any Win2K installation that isn't just an upgrade in place. You need to work out these details before you migrate.

7. Need to plan
Because Win2K is a complex OS, you must do an unusual amount of planning before you deploy it. If you don't know much about the OS, you have a lot to learn. Then you must gather customer requirements, do design work, test, and pilot. 2000 will be a busy year.

8. Training
Managing a Win2K network is vastly different from managing an NT network. The challenge is training your support organizations early in Win2K concepts, operations, and administration tools. You need to train a core of personnel, preferably the sharpest people on each team, as early as possible. An experienced core of support team leaders can hold the organization together while everyone gains practical experience and can help bring other personnel up to speed.

9. Mixed environment
A scenario that needs emphasis in a Win2K migration discussion is the Win2K and NT 4.0 mixed environment. Unlike mixed mode, which is a Win2K domain with Win2K and NT 4.0 domain controllers, a mixed environment covers a broader range of configurations. A mixed environment is any combination of Win2K and NT 4.0 servers and clients on an NT network. Thus, you'll be operating in a mixed environment from the time you begin upgrading your domain controllers until your last client upgrades from NT Workstation 4.0 or Win98. A mixed environment is difficult to support because a troubleshooting scenario can involve several distinct interactions, such as Win2K domain controllers and NT 4.0 domain controllers (mixed mode); Win2K domain controllers and downlevel clients (i.e., NT 4.0, NT 3.51, or Win9x) or downlevel member servers (i.e., NT 4.0 or NT 3.51); Win2K member servers and downlevel clients; Win2K domain controllers and NT Workstation 4.0 or Win9x clients with the Directory Service Client (dsclient.exe) installed; or Win2K Pro clients and NT 4.0 domain controllers. Fourteen combinations of these five areas are possible instead of the usual two or three. You need experience with all these types of networking to troubleshoot problems.

10. Big bucks
Migrating to Win2K is a big, expensive project. Your migration strategy needs to encompass your entire company and will therefore involve many important areas (e.g., server hardware, training, funding for the project personnel from architects to operators, travel, customer communications). To have a fully functional Win2K network, you must upgrade your client hardware from its NT Workstation 4.0 hardware requirements. (Although by the time your company deploys Win2K Pro, the regular PC hardware upgrade process might have addressed Win2K's hardware requirements.) All these changes require money. And, don't forget that you must pay for new software licenses.

When Should You Jump?
Customers who migrate OSs fall into four categories: bleeding edge, early, mainstream, and conservative. (The time frames I give in each category assume that a customer begins Win2K product research and planning at least 6 to 8 months before deploying a new OS.) When you should deploy Win2K depends on what type of customer you consider yourself.

Bleeding-edge adopters typically migrate within 2 months after an OS's general availability date or when SP1 becomes available. Regarding Win2K, these customers might belong to the Win2K Joint Development Program or they might be small to midsized companies that require the technology for a competitive advantage. Deploying Win2K on a small network is less risky than deploying the OS on a large network. However, don't assume anything about the product's capabilities in your production environment other than the capabilities you've tested.

Early adopters migrate within 2 to 6 months after an OS's general availability date or when SP1 or SP2 releases. Although early Win2K adopters want Win2K's competitive advantages, they're unwilling to install the product straight out of the starting gate. These customers might need some of Win2K's new features to correct existing NT 4.0 infrastructure problems.

Mainstream adopters typically migrate within 6 to 18 months after an OS's general availability date or when SP2, SP3, or SP4 releases. These customers evaluate an OS before deployment, watching the released product's reliability from the sidelines. They know exactly what they want the OS to accomplish on their network. Their current infrastructure works well enough to let these customers wait until many of the bugs shake out. Because NT 4.0's first stable maintenance level was SP3, waiting until at least the first service pack releases before you deploy a new OS is wise.

Conservative adopters wait to migrate until an OS has been generally available for 2 or more years or until SP4 or later releases. These customers currently have reliable infrastructures and reasonably high availability that they can't afford to jeopardize. Their migration motivation includes the development of migration knowledge from companies that have already deployed the product, Win2K's eventual stability, the OS's features, and Microsoft's imminent cessation of NT 4.0 support.

Migrating to Win2K is a big project, so regardless of when you want to deploy the OS, you need to start planning now. Almost everything you currently know about Win2K is wrong, because Microsoft has completely changed or significantly upgraded everything in the OS since NT 4.0. Win2K's administrative model might be different from anything you've seen before. For a smooth deployment that doesn't affect your users, you must do a lot of up-front work on your organization and processes. You can't go very deep into domain design before you hit DNS, and Win2K will have a major effect on your enterprise's DNS architecture. Your DNS team must learn about the OS to understand all its ramifications. Win2K will also impose large hardware requirements that you must forecast for on your servers and clients. In addition, you'll need to decide on and design a host of new features. Finally, Win2K migration gives you the chance to end some of the political battles in your organization. You can use delegated administration to satisfy everyone—think of the process as streamlining the eighth OSI layer (i.e., politics) while you streamline layers five through seven.

Stephen Covey, a well-known management consultant, says the most productive type of work you can accomplish is work that is important but not urgent. Win2K work falls into this category. However, because migrating to Win2K involves so much work, the tasks become more urgent by the day.

  "Windows 2000 Professional Deployment,"
  Winter 1999/2000
  "Windows 2000 Server Recovery Tools,"
  Winter 1999/2000
  Forefront, "Windows 2000 and the Enterprise,"
  Winter 1999/2000
  "10 Steps to Prepare for Windows 2000,"
  Winter 1999/2000
  "Windows 2000 Overview,"
  Winter 1999/2000
  Getting Started with Windows 2000, "Installing
  Windows 2000 Beta 3," Winter 1999/2000
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.