Coexistence of Windows Server 2003 and Windows NT 4.0

Microsoft Corporation

Published: November 2002


Abstract

Microsoft® Windows® Server 2003 offers many benefits when used in a Windows NT® 4.0 domain, whether as a file and print server, a Web application server, a remote access server, or for core services consolidation. Because Windows Server 2003 reaches new levels of performance, reliability, and security, it offers an ideal opportunity for hardware consolidation and associated cost savings in infrastructure. This paper describes coexistence of Windows Server 2003 with Windows NT 4.0 in Windows NT 4.0 domains. It addresses upgrading file and print servers, Web application servers, core services such as DNS and DHCP, as well as remote access servers.

This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 2002. Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Contents

Contents 3

Introduction 1

File and Print Services 2

Web Application Server 5

Secure Mobile Access 8

Core Services Consolidation 11

Summary 14

Related Links 15

Introduction

Windows® Server 2003 is the newest and most powerful operating system from Microsoft, offering new levels of dependability, performance, and connectivity. Building on the feedback of customers, third-party partners, and independent testing, Microsoft has made Windows Server 2003 into a highly productive infrastructure platform for powering connected applications, networks, and Web services. Windows Server 2003 improves on and streamlines the solid foundation of Windows 2000 Server, adding new features and technologies to meet the needs of today’s customers. Key new technologies include Internet Information Services 6.0 (IIS 6), redesigned and featuring a new process model with new benefits for organizations of every size.

File system management has become easier and more reliable through such improvements as the Distributed File System (DFS) and Volume Shadow Copy service, which work together to keep file servers available and easy to navigate. Security and reliability of Web application servers benefit from the improvements in IIS 6, which has been re-architected to help prevent faulty code or external attacks from taking down other applications or the server itself. Remote Access Server, using such powerful features as Internet Protocol version 6 (IPv6) and Point-to-Point over Ethernet (PPoE) helps to ensure secure networking whether by dial-up, virtual private network (VPN), wireless, or wired connections. In addition, Windows Server includes new and enhanced command-line interface tools, wide support for industry standards like XML, and new features like the Automated System Recovery (ASR).

Windows Server 2003 maintains a high level of backward compatibility with Windows 2000 and Windows NT® 4.0 computing environments, making a gradual upgrade plan feasible and practical. Features such as IIS 5.0 Isolation Mode ensure compatibility with legacy and third-party products. Adding a new server running Windows Server 2003 to an existing Windows NT domain does not require replacing existing software and infrastructure. The improved performance and management of Windows Server make it an ideal platform to consolidate existing services. New and enhanced features for reliability ensure that Windows Server 2003, and any consolidated services, will stay up and available. Businesses can enhance the security and reliability of their existing IT infrastructure while lowering overall computing costs.

This paper discusses various scenarios in which a Windows NT 4.0 network can benefit from the addition of Windows Server 2003. The topics cover file and print servers, Web application servers, core services such as DNS and DHCP, and remote access servers. Because Windows Server 2003 is capable of coexisting with Windows NT 4.0, bringing a computer with Windows Server 2003 into a Windows NT 4.0 domain can provide your business with many advantages in these areas.

File and Print Services

Microsoft has responded to customer feedback by building significant improvements into the file and print server capabilities of Windows Server 2003. Upgrading file and print servers to Windows Server 2003 can bring benefits in the areas of reliability, availability, ease-of-use, and management. Windows Server 2003 has several new and improved features like DFS and Volume Shadow Copy services that make it easier to set up, access, and manage a file infrastructure on Windows Server 2003. Windows Server 2003 also makes servers easier to manage with a new task-based user interface that is designed to make everyday activities easier to carry out. The Configure Your Server Wizard helps automate the setup of a file or print server, and there are wizards for most tasks. The improved Windows Management Instrumentation (WMI) exposes scriptable interfaces for most administrative commands.

Distributed File System

One of the biggest improvements for file servers is DFS, which takes your existing file infrastructure and creates a single logical view of files stored on multiple servers. This system is entirely transparent to users who have the DFS client on their local machine. The DFS client is built into Windows NT 4.0 and all later Microsoft operating systems. DFS makes files much easier to find, because users do not need to know which server a file is on. DFS also improves scalability, making it easy to add file servers or balance the workload among servers without disrupting users’ ability to find and access files. Windows Server 2003 enhances the reliability of DFS by allowing a single server to host multiple DFS roots, which means DFS can now be clustered for high availability and load balancing. You can also store multiple copies of file shares for redundancy. File Replication Service (FRS) works with DFS to maintain synchronized copies of data on file shares, so that in the event of a failure, DFS can transparently redirect requests for data to a different server. For better management on the corporate level, administrators can be delegated control of a specific portion of the DFS namespace, rather than the entirety. This streamlines IT processes and makes the entire infrastructure easier to maintain. DFS is fully integrated with Windows NT 4.0 security. One or more servers running Windows Server 2003 with DFS can help you replace or aggregate your existing file structure into a single hierarchy that is easy to use and maintain.

Security and Data Recovery

Windows Server 2003 also brings improvements in the area of performance and security. Encrypting File Service (EFS), improved in Windows Server 2003, allows users to encrypt their data to prevent accidental or malicious access by unauthorized persons. EFS allows you to provide high security to selected portions of your organization by giving them access to a Windows Server 2003 file server running EFS. EFS has been enhanced in Windows Server 2003 with the addition of new, more powerful security algorithms and better performance.

In the event of a more serious hardware failure, the new ASR feature offers an easy solution for data recovery. ASR allows an administrator to rapidly reboot and restore a failed Windows Server 2003 server. This process uses an ASR backup floppy prepared ahead of time. Restoring the hardware is a simple matter of booting from a Windows Server 2003 CD and choosing Automated System Recovery. The server will then restore itself from the existing backup media.

Volume Shadow Copy Service

Volume Shadow Copy service is a new feature in Windows Server 2003 that enhances data management in two primary ways. First, it allows for the creation of point-in-time copies of data on a volume. Backups can be done online, without stopping server activity, and without the problems of inconsistent data or open files being left out. They can also be scheduled to correspond with periods of low network usage. Volume Shadow Copy service maintains a set of previous versions of files, called shadow copies, which can be used for data recovery when a file is damaged through human error, reducing the frequency of restoring files from backup tapes. Shadow copies are incremental backups, only recoding files which have changed since the last backup. This means that backups take up less storage space. Volume Shadow Copy service is also supported with a public Application Programming Interface (API), so developers can write applications that utilize the features of this technology.

The majority of accidental file loss is the result of user error. When a user accidentally overwrites or deletes a file, the result is usually lost time as the user recreates work or contacts a network administrator to restore a file from backup. Users on Windows Server 2003 or the Windows XP Professional operating system can access shadow copies of their files from within the Windows Explorer. This leads to improved productivity and a reduction in the number of support calls for file restoration. Volume Shadow Copy services for users requires the Volume Shadow Copy service client for Windows XP Professional, found on the Windows Server 2003 installation CDROM.

Additional File Server Enhancements

File server management improvements are rounded out by the addition of a Web-based management user interface, enabling server management from any browser, and new command-line tools for managing local storage. In addition, the volume management tools have been improved to make it easier to manage and administer a large number of volumes. These improvements, along with the Volume Shadow Copy service and ASR, add up to fewer support calls and less time spent on administrative tasks. The result is lower total cost of ownership for your file server infrastructure.

The effectiveness of your file and print infrastructure is not simply a matter of new tools and features. Windows Server 2003 has a number of performance enhancements. NTFS has been designed to minimize the circumstances in which CHKDSK needs to be run. Nevertheless, in those rare cases where it is required, CHKDSK performance has been radically improved, reducing the amount of downtime caused by CHKDSK. The defragmentation tool has also been optimized for better performance.

Reliability has also been enhanced in Windows Server 2003 to enable a greater proportion of uptime. If high availability is required in your organization, you can utilize high availability clustering with Windows Server 2003 on your storage servers. High availability clustering can also be combined with Network Load Balancing to enhance the performance of a storage cluster. The NTFS file system also has higher performance and supports larger volumes in Windows Server 2003 than ever before.

When to Use Windows Server 2003

In evaluating a possible upgrade of all or part of your file server infrastructure to Windows Server 2003, the time and cost associated with the upgrade should be measured against the long-term savings of an infrastructure that is easier to use and manage. If you have a large number of file shares, DFS can greatly simplify your environment. This not only enhances user productivity and reduces support calls, but makes your entire infrastructure easier to manage. DFS and the Volume Shadow Copy service both help improve the availability of file servers by simplifying backup and restore procedures. If your network utilizes Windows XP Professional as a client operating system, support calls due to accidental file loss can be reduced even more by implementing the Volume Shadow Copy Services client for users. The higher performance of Windows Server 2003 and the NTFS file system on Windows Server 2003 may allow you to eliminate redundant hardware, leading to further savings. In addition, you should consider the amount of time your IT staff devotes to managing file servers and responding to support calls. Improved management methodologies in Windows Server 2003 can save significant time and money in the IT department, freeing up staff for more useful tasks.

Print Server Improvements

On the print server side, Windows Server 2003 offers improvements in manageability, reliability, and performance. Print driver management and reliability has been improved with kernel-mode driver blocking, giving administrators control over driver installation on the server. At the same time, the latest enhancements to Plug and Play, and built-in support for over 3,800 printer drivers, greatly facilitate hardware installation, configuration, and upgrading. Printers can be installed and configured remotely and via scripts using WMI in Windows Server 2003, and if you are using a print cluster, you can now install drivers on all nodes in the cluster simultaneously. Administrators have printer scheduling and access controls, enabling them to optimize printer availability and usage. Most printer management functions can now be handled through a command-line interface as well as scripted for automated management. File spooling has been optimized for higher print volume management, getting documents to users faster. Upgrading your print servers to Windows Server 2003 or aggregating your organization’s printers on a Windows Server 2003 print server can greatly reduce the headaches and administrative load of maintaining your print infrastructure.

Storage Area Network Support

One final area where Windows Server 2003 has seen major improvements is in supporting Storage Area Network (SAN) configurations. In response to customer demand for more SAN friendly tools, Microsoft has included a number of new innovations in Windows Server 2003, including the Virtual Disk Server (VDS) and Winsock Direct. Virtual Disk Service, a new technology in Windows Server 2003, provides standardized interfaces for handling device virtualization in a SAN environment. VDS enables third-party vendors to write VDS providers, standardizing communications with heterogeneous environments under a unified management interface. Winsock Direct is another new technology in Windows Server 2003 that streamlines communications between SANs and Ethernet-based networks and technologies.

Web Application Server

One of the fastest growing server roles in today’s computing environment is that of the Web application server. More and more organizations are finding ways to serve content, disseminate information, and collaborate with employees, partners,and customers over the Web. Many of these organizations are looking at their Web application servers as more than just a way to publish information; they expect them to play a key role in developing new business opportunities IIS 6 incorporates powerful enhancements in the areas of performance, reliability, manageability, and security that make it the platform of choice for hosting today’s Web applications. In addition, IIS 6 supports new and emerging technologies like XML, SOAP, and Microsoft .NET.

Reliability Improvements

Downtime due to faulty applications leaking memory and impacting the entire Web server has been a major problem for many organizations. IIS 6 features a new request processing architecture designed to prevent application issues from taking down the rest of the Web server. The new kernel-mode HTTP listener, HTTP.SYS, is immune to the usual Web service disruptions caused by user-mode code failures because no application code runs within it. It will continue to accept and queue requests in case of such a failure. Customers have reported significant availability gains including as much as 50 percent reduced downtime on Windows Server 2003 and IIS 6 compared with previous Web servers.

Different Web applications and Web sites can now be isolated into separate groups called application pools. Requests for services from each application pool are handled in worker process isolation mode. This means that all application code runs in isolation. As a result, the failure of a problematic Web application cannot affect or disrupt the other applications on the Web server.

IIS 6 offers improved reliability through many features, including the combination of application pools and automatic health monitoring. In addition, IIS 6 can auto-restart failed applications or periodically restart worker processes in order to manage faulty applications. Individual worker processes can be stopped temporarily without affecting the rest of the Web site. The Web server does not need to be restarted when carrying out most maintenance and administrative tasks.

Worker process isolation mode allows a new technique called Web gardens. By default each application pool is served by one worker process, but multiple processes can be assigned to an application pool so that if one process hangs, others are available to accept and process requests. This capability lies at the heart of Web gardens. A Web garden is roughly analogous to a Web farm except that it resides on a single server. Web gardens help improve availability and scalability because application requests can still go through even if one process hangs.

Legacy Web Applications

Many organizations already use a previous version of IIS to serve Web content or applications. Although legacy applications may have some limitations inherent to the platform they were built for, most applications will benefit considerably by being moved to IIS 6. Most applications will run just fine under IIS 6, as the programming model and interfaces are fundamentally unchanged. However, some applications written for previous versions of IIS may have compatibility issues, such as expecting to have exclusive access to the resources they require. To handle these legacy applications, IIS 6 can be set to a process model called IIS 5.0 isolation mode.

IIS 5.0 isolation mode allows applications written for an earlier version of IIS to run as designed without interrupting other applications on the server. The IIS architecture still prevents an application crash from causing the whole Web server to crash. In addition, applications in IIS 5.0 isolation mode will still retain the full benefit of kernel-mode request queuing and kernel-mode caching offered by the new HTTP.SYS.

It is expected that most applications will not require IIS 5.0 isolation mode. When moving legacy applications to Windows Server 2003, evaluate each application and determine whether it can run natively on IIS 6 or whether it should be run in IIS 5.0 isolation mode. For the few applications that currently require IIS 5.0 isolation mode, a modest development effort may enable the application to take full advantage of IIS 6. Even applications that do require isolation mode will likely experience some performance and reliability improvement on IIS 6.

Security Enhancements

IIS security has also been enhanced in IIS 6 to meet the higher demands of today’s connected environment. By default, IIS is not installed on Windows Server 2003, and when it is installed, it is installed in a lockdown mode that serves only static content. An administrator must explicitly choose to install IIS and enable greater functionality as needed by the applications. In addition, administrators can exercise a high level of control over what functionality is enabled on an IIS 6 server.

All worker processes in IIS 6 by default run under NetworkService, a new low-privilege user account, to minimize the effect of potential attacks. With only 5 privileges, compared to more than 20 in IIS 5.0, IIS 6 includes more layers of defense. Worker process isolation mode prevents any Web application from being used to disrupt another. Secure Sockets Layer (SSL) has been improved in IIS 6 to provide better performance and security. All these improvements and other enhancements work together to make IIS 6 more secure right out of the box.

Additional IIS 6 Enhancements

IIS 6 also features improvements in the area of management and administration. Setting up a Web server is easier than ever. Using the Configure Your Server Wizard that ships with Windows Server 2003, an administrator can specify a Web Application Server role for a server and most setup tasks are completed automatically. IIS 6 also includes new management tools and capabilities. An administrator can backup, restore, or edit the new XML-based metabase dynamically without interrupting service even while the Web server is running. With the XML metabase and command-line options, administrators have new choices and options for Web server management. IIS 6 includes a number of metabase tools that make it easier to discover and diagnose server or application problems. The IIS administration MMC snap-in has also been redesigned to be easier to use.

Web-Based Application Development

IIS 6 will be of particular interest to organizations that develop Web-based applications. With its full integration of Microsoft .NET, IIS 6 is the ideal platform to distribute Web-based applications and XML Web services. XML Web services are building block applications that can be assembled to provide business solutions. IIS 6 running on Windows Server 2003 is complemented in this role by Visual Studio® .NET, the latest release of Microsoft’s development tools. Visual Studio .NET includes all the tools needed to create XML Web services in any of a number of computing languages, including reusable code libraries and debugging tools.

IIS 6 is also fully integrated with Microsoft Passport. This enables developers to take advantage of the huge customer base of Microsoft Passport without having to manage user account management issues themselves. IIS 6, Visual Studio .NET with the Microsoft .NET Framework and Windows Server 2003 together comprise the next generation platform for creating Web-based applications.

UDDI Services

In Windows Server 2003, Microsoft introduces UDDI Services, a dynamic and flexible infrastructure for XML Web services. This standards-based solution enables companies to run their own Universal Description, Discovery and Integration (UDDI) directory for intranet or extranet use, making it easy to discover and re-use Web services and other programmatic resources on the network. With UDDI Services, developers can quickly and easily find Web services available within their organization. IT administrators can efficiently catalog and manage programmable resources in their network. Enterprise UDDI Services also helps companies build and deploy smarter, more reliable applications.

When to Use Windows Server 2003

Web servers hosting mission-critical applications or applications that require very high performance will probably be your best choices for an upgrade to Windows Server 2003. Mission-critical applications can take advantage of the robustness of IIS 6 to reduce downtime and improve reliability. You may also want to consider aggregating Web servers onto IIS 6 to save hardware and simplify administration. Since IIS 6 does a better job of isolating applications, a number of aggregated applications will not interfere with one another. This allows you to eliminate redundant hardware and centralize management and security of your Web application servers.

Secure Mobile Access

More and more companies are making use of remote access and wireless LAN not only to connect people and resources, but also to enhance productivity and create new business opportunities. In response to the explosive growth and diversity of networking technologies, Microsoft has expanded and improved its support for various kinds of remote access, including dial-up connections, VPN, and wireless connections. Remote access creates new ways for companies to communicate with users, partners, and customers, while increasing the efficiency of the workforce by providing them with access anywhere. Windows Server 2003 has the features required to implement and maintain secure mobile access in today’s environment. Depending on your current implementation, you may benefit from upgrading existing servers to Windows Server 2003 or using Windows Server 2003 to implement new technologies.

More and more companies are making use of mobile access to increase the productivity of users by giving them flexible access to networked resources. Routing and Remote Access and the WLAN support offered by Windows Server 2003 can be used to give users secure wired and wireless access to the network from home, in the office, or while on the road without compromising security. Windows Server 2003 has a number of flexible offerings, which can be configured to meet varying needs. Understanding your remote access and wireless needs is the first step towards a successful implementation of Windows Server 2003 secure mobile access.

Security Improvements

As the foundation to a secure mobile access infrastructure, Windows Server 2003 introduces numerous improvements in the area of networking. Networking with Windows Server 2003 improves the performance, efficiency, and ease-of-use of your networked systems. Point-to-Point tunneling protocol (PPTP) and Layer 2 Tunneling Protocol over IPSec (L2TP/IPSec) provide organizations with the means to create a secure remote access, standards-based solution for connecting remote users and branch offices. A client for L2TP/IPSec is available for Windows NT 4.0, but it does not offer the two factor, certificate-based authentication available through Windows Server 2003.

Windows Server 2003 includes the standards-based Public Key Infrastructure (PKI) in the form of Certificate Authority (CA). Third-party PKI may be used, but for optimum integration and lowest cost of ownership, CA is the better solution. Windows Server 2003 also supports third-party authentication methods, such as smart cards and biometrics. Windows Server 2003 includes built-in support of the 802.1X standard for wireless LAN, which is the most robust security standard in the industry. If you are concerned about security and need to give remote or wireless LAN access to users, you should consider implementing Windows Server 2003 Remote Access Servers.

Remote Access Enhancements

Windows Server 2003 also makes remote access easier for administrators to deploy and users to use. VPN and RAS include an enhanced connection manager for Windows Server 2003 and Windows XP clients, which makes it easier to set up and use remote access. The Microsoft Connection Manager Administration Kit (CMAK) includes a set of tools and technologies to customize profiles for remote access users. This and a variety of other user interface and experience improvements help users be more productive, reducing support calls from remote users. Another enhancement to Routing and Remote Access in Windows Server and Windows XP is the quarantine feature for the client. Before providing full network access to a client, the client has to undergo a status check in quarantine state. Based on the policies of the organization, if the client is up-to-date full access is provided otherwise access is denied until the client is updated.

Small Business Solutions

Windows Server 2003 includes a number of features targeted at home and small business users that make networking easier and more secure in those environments. Internet Connection Sharing (ICS) is a feature that can be used to allow multiple computers on a home or business network to share a single dial-up or broadband Internet connection. Internet Connection Firewall (ICF) is a basic firewall built into the operating system that allows you to secure communications to an unsecured network through Windows Server 2003. These features are designed for smaller businesses and should be evaluated in terms of the size of your organization.

Wireless Networking

Wireless networking is a technology that is now emerging into maturity. In the past, creating a secure wireless networking environment that is easy to implement, use, and maintain has been extremely difficult. With Windows Server 2003, wireless networking has been made significantly easier and more secure. Windows Server 2003 supports the IEEE 802.1X standard, which uses a certificate-based network authentication and authorization model. New to Windows Server 2003 is support for the Protected Extensible Authentication Protocol (PEAP). Presently an IETF draft, PEAP creates an encrypted tunnel for wireless connections before authentication so that passwords are not compromised. PEAP also allows you to use secure wireless access without requiring an extensive PKI implementation.

Windows Server 2003 also has a number of enhanced features to help support roaming wireless users that adjust the configuration of the wireless connection when the user moves between wireless zones.

Windows Server 2003 also includes support for the Extensible Authentication Protocol - Transport Level Security (EAP-TLS). This protocol allows safe and secure access to wireless networks for both employees and guests while extending the authentication functionality to a dedicated server. Using EAP-TLS, the authentication requests are routed to a server running Internet Authentication Services (IAS) for network access. EAP-TLS can also be used to redirect unidentified wireless connections, corporate visitors, or other guests to a restricted LAN. It can also be used to redirect connections that do not have a certificate to a particular virtual LAN for configuration. If your installation needs to support unauthenticated wireless users, you should consider implementing Windows Server 2003 with EAP-TLS.

Most wireless networks use some kind of certification structure to identify clients. This can be provided by an existing certification infrastructure, or by a certificate authority created by a Windows Server 2003-based server running Certification Services.

Windows XP Professional is the recommended operating system for wireless clients and supports the widest range of wireless devices. There are also a variety of wireless hand-held devices that run the Windows CE operating system that can be used in a Windows Server 2003 wireless environment.

Internet Authentication Service

As the number of remote users and their methods of access increase, a centralized management methodology becomes more and more important. IAS in Windows Server 2003 fills this role. IAS fully supports the Remote Access Dial-in User Server (RADIUS) protocol and can act as a RADIUS server for various kinds of access (including dial-up, VPN, and wireless) or as a RADIUS proxy. A RADIUS server manages authentication and authorization of remote and wireless users. IAS collects information about remote or wireless users as they log on, and provides configuration information that determines how they may connect to the network. This not only makes it easier to manage users, but gives you flexible options for handling users as well as greater control over the security of your network.

The IAS proxy includes the ability to forward requests between RADIUS servers, load balancing capabilities, ability to force clients to use a secure tunnel, and selective forwarding. An IAS-based RADIUS proxy can authenticate users form another domain, even if that domain does not have a trust with the domain in which the IAS RADIUS proxy is located. These features make a number of scenarios possible. A corporation can partner with an ISP to forward remote access requests from its employees to the corporate RADIUS server. This enables the corporation to outsource their dial-up server. ISPs can form a confederation to provide these kinds of services nationally or internationally.

IAS also includes powerful logging and user management features. These include the ability to log information to a SQL Server™ database. This provides rich information that can be used to analyze remote access usage and diagnose any problems that arise. IAS gives administrators a high level of control over user access. For example, IAS can be used to enforce smart card logon or check for valid certificates. This lowers the total cost of managing and maintaining remote access while giving administrators a higher level of granular control. Larger organizations in particular will want to use Windows Server 2003 to improve the management of their remote access implementation.

IAS also includes scriptable APIs. Development tools and a software development kit (SDK) available from Microsoft enable you to build custom solutions on IAS that are suited to your organization’s needs.

Core Services Consolidation

Many companies are achieving significant savings by consolidating their core services on Windows Server 2003. Windows Server 2003 is fully integrated with Windows NT security, networking and logon, making coexistence relatively painless. Although the most pronounced benefits can be achieved by doing a full upgrade of your domain infrastructure to Windows Server 2003 with the Active Directory® service, there may be reasons that you do not want to do this immediately in your organization. You should consider consolidating core services, such as user logon, Dynamic Host Configuration Protocol (DHCP), Domain Name Service (DNS), and so on if you want to take advantage of the features and performance of Windows Server 2003 while preserving your existing Windows NT 4.0 domain structure. Reasons for doing this may include the need to support legacy systems that cannot be upgraded or a desire to upgrade systems incrementally.

Consolidation Benefits

The benefits of a core service consolidation include increased performance, higher availability, reliability and access to new features and technologies. Windows Server 2003 can provide faster and more efficient logon and networking and name resolution for a Windows NT 4.0 domain. This also provides an opportunity for hardware consolidation as redundant servers are eliminated. In addition, a consolidated environment is easier to manage, not only because it is more centralized, but also due to the powerful management features of Windows Server 2003. The overall benefits of this scenario are lower costs and greater productivity. Microsoft and Microsoft partners also provide numerous resources to assist in a consolidation scenario, including roadmaps, technical expertise, and quick start guides to help you carry out your consolidation as quickly and easily as possible.

Core services can be migrated to Windows Server 2003 without compromising your existing Windows NT-based domain structure. Windows Server 2003 uses the Windows family logon and authentication, so it is fully interoperable with existing systems. Windows Server 2003 can interact seamlessly as a member server in a Windows NT domain.

Windows Server 2003 is the most reliable operating system that Microsoft has ever released. Moving core services to Windows Server 2003 is an excellent way to take advantage of this reliability in your organization. Windows Server 2003 can be clustered to provide high availability and load balancing. If reliability is a key concern, you should consider migrating your mission critical services and applications to Windows Server 2003.

DNS and DHCP

A Windows Server 2003 domain member server in a Windows NT 4.0 domain can be used to host DNS for the domain. This enables you to take advantage of the higher reliability and performance of Windows Server 2003 DNS, as well as improvements over Windows NT 4.0 DNS. Windows Server 2003 DNS has security improvements including secure dynamic update and support for IETF RFC 2535 DNS security extensions. DHCP improves mobility and makes it easier for users to connect to the network wherever they are while also making IP address management considerably simpler for administrators. Windows Server 2003 includes enhanced management tools for DHCP, including automated backup and restore and migration of the DHCP database. This eliminates many time consuming tasks that formerly had to be done by hand. Generally speaking, when using Windows Server 2003 for DNS and DHCP, the main consideration for determining how many servers you will require will not be server performance, but rather geographical locations and network performance between them. In many organizations, this can mean eliminating the bulk of their existing servers resulting in hardware savings.

Management

Microsoft has created tools and wizards that make preparing a server for the DNS, DHCP, and other server roles as simple as possible, including debugging and reporting tools to help you identify and resolve problems as they arise. The new Configure Your Server Wizard allows an administrator to configure key server roles, such as DNS and DHCP, quickly and easily. Windows Server 2003 includes powerful management tools like the Microsoft Management Console (MMC) and a new task-based interface that reflects the way that network administrators actually work.

Public Key Infrastructure

Windows Server 2003 comes with Certificate Services and has certificate and trust management capabilities that can be used to enable secure communication across insecure networks such as the Internet, corporate network, or extranet. Certificate Services allows an administrator to set up and manage certification authorities and grant and revoke X.509 v3 certificates. Although Active Directory may be required to realize the full potential of Windows Server Certificate Services and PKI, a Windows Server 2003-based server can act as a standalone certificate authority. The advantage of this is that you can use Windows Server 2003 to provide certificates for internet authenticated users, wireless servers, remote access users, and so on. Windows Server 2003 can also be used to provide support for smart card logon.

Other Consolidation Opportunities

In addition to core services, Windows Server 2003 is an ideal platform to consolidate other applications, such as line-of-business applications, databases, messaging, and Web-based applications. Microsoft SQL Server 2000 and Microsoft Exchange 2000 provide high-performance platforms for database and messaging consolidation respectively. Windows Server 2003 also supports new tools and technologies such as XML, SOAP, and the .NET Framework. These technologies in conjunction with Internet Information Services 6.0 make Windows Server 2003 an ideal platform for Web-based applications. In addition, you can take advantage of technologies like Windows Server 2003 Terminal Services by using Windows Server 2003 in your existing Windows NT 4.0 domains.

Total Cost of Ownership

The primary consideration in evaluating any consolidation scenario is total cost of ownership. Windows Server 2003 can allow you to reduce the overall cost of your network by eliminating redundant hardware, centralizing and simplifying management tasks, and improving user productivity. Consolidation also provides additional benefits in the form of increased performance, support for new features and technologies, and higher reliability.

Getting Ready for Windows Server with Active Directory

Finally, core services consolidation has the advantage of being an important incremental step on the way to an upgrade to Windows Server 2003 domains and forests running with Active Directory. Ultimately, many organizations will want to take advantage of the opportunities provided by implementing Active Directory. An incremental upgrade offers an alternative to the complexity of upgrading your entire infrastructure at once. Core services hosted on Windows Server 2003 will be easier to integrate into Active Directory in an eventual domain upgrade. This is particularly true in the case of DNS, because upgrading your DNS servers is a necessary step towards a domain upgrade. Active Directory provides single-logon capability and a central repository for information for your entire infrastructure, vastly simplifying user management and providing superior access to networked resources.

Summary

Windows Server 2003 offers many benefits when used in a Windows NT 4.0 domain, whether as a file and print server, a Web application server, a remote access server, or for core services consolidation. Because Windows Server 2003 reaches new heights in performance, reliability, and security, it offers an ideal opportunity for hardware consolidation and associated cost savings in infrastructure. It interoperates well with earlier Windows-based server computers and domains, providing many critical improvements in productivity and manageability to the entire network. It includes key new technologies, such as Internet Information Services, redesigned and optimized for existing and future Web server needs. It also has the flexibility and robustness to scale upwards not just for immediate consolidation but also for future growth.

In addition, implementing Windows Server 2003 as a member server in your Windows NT 4.0 domain is a first step towards a more general upgrade of systems. Upgrading your domains and forests to Windows Server 2003 domains and forests with Active Directory is the optimal way of getting the maximum functionality out of Windows Server 2003. This enables you to take advantage of the advanced management features of Active Directory. For organizations that need to support legacy systems or that do not want to upgrade in a single step, a variety of partial and incremental upgrade scenarios are available. The new Active Directory Application Mode lets you run Active Directory as an application in your Windows Server 2003 domains. This lets you provide a portion of the functionality of Active Directory to applications and services without requiring you to upgrade your domain controllers. For more information on Active Directory in Application mode, see Introduction to Active Directory in Application Mode at http://www.microsoft.com/windowsserver2003/techinfo/overview/adam.mspx.

Related Links

See the following resources for further information:

  1. Why Upgrade From Windows NT 4.0 to Windows Server 2003 at http://www.microsoft.com/windowsserver2003/evaluation/whyupgrade/nt4/nt4townet.mspx.
  2. Top 10 Features of Windows Server 2003 for Organizations Upgrading from Windows NT Server 4.0 at http://www.microsoft.com/windowsserver2003/evaluation/whyupgrade/top10nt.mspx.
  3. Moving Windows NT Server 4.0 and Windows 2000 Applications to Windows Server 2003 at http://www.microsoft.com/windowsserver2003/techinfo/serverroles/appserver/movingnt4.mspx.
  4. Introduction to Active Directory in Application Mode at http://www.microsoft.com/windowsserver2003/techinfo/overview/adam.mspx.
  5. Microsoft Windows NT Web site at http://www.microsoft.com/ntserver/default.asp.

For the latest information about Windows Server, see the Windows Server 2003 Web site at http://www.microsoft.com/windowsserver2003.