The Road to Win2K

FRAMINGHAM (02/14/2000) - This week, Windows 2000 finally hits the streets, accompanied by massive hype and, if Computerworld readers are any indication, a cautious wait-and-see attitude from corporate information technology shops.

Wholesale migration is almost certainly not the answer for the vast majority of U.S. corporate networks, and not even Microsoft Corp. is claiming it should be for now, says John Enck, research director at Stamford, Conn.-based Gartner Group Inc.'s Hardware and Operating Systems division. But there are benefits to a Win 2k migration that justify strategic upgrades to servers, mobile clients and sometimes corporate desktops.

Companies that will migrate to Win 2k from Windows NT will do so to gain enhanced management of local and remote resources, better stability, increased security and improved scalability. Enck and other analysts say that if your company isn't hurting in at least one of those areas, chances are it'll be difficult to justify the expenses of upgrading to Windows 2000.

Performance-tuned features like a greatly improved TCP/IP stack will be a godsend for IT managers such as Peter Meister at American Farm Trust in Washington. "We've seen a 40 percent to 70 percent gain in relative Internet speeds under Windows 2000," he says. "That alone is worth the price of admission for us."

Meister's organization is unusual because it plans to migrate its globally scattered enterprise to Win 2k almost immediately. Meister says the transition will be a relatively easy one because within the past year, American Farm Trust converted entirely to a thin-client architecture using Fort Lauderdale, Fla.-based Citrix Systems Inc.'s MetaFrame. Most of the infrastructure is less than six months old, he says, and the centralized management capabilities inherent in thin-client systems greatly speed deployment.

That won't be the case for most large organizations, Meister concedes. "If you're implementing Windows 2000 on legacy infrastructure, you just can't do a wholesale migration," and that makes Win 2k much less compelling, he says.

"You'll see some improvement in performance and administration, but it will be minimal. You'll have to wait until you can bring most of your network on board before you get the real benefits."

This story draws on two years' worth of Computerworld interviews, user case studies, surveys and in-house testing to help determine when and why to move to Windows 2000.


"Trusted relationships in domains hardly ever worked, and when they did work, we had security problems, user management problems, all sorts of trouble," says Steven Sommer, CIO at law firm Hughes, Hubbard and Reed LLP in New York.

"Windows 2000 will be a real relief."

"One of the nicest things about Windows 2000 is that it gets rid of all the extra protocol overhead a network administrator has to deal with," says Meister. "With Windows NT, I have to worry about [Microsoft's] NetBEUI [protocol] , AppleTalk, IPX/SPX - everything. On my LAN, that means there are high collision rates, which slows everything way down. Windows 2000 purifies the network to solely TCP/IP, which has reduced my collision rates considerably."

"We also do video telephony over our LAN, so we have to maintain certain levels of bandwidth," Meister says. "Windows 2000 gives us more control over quality of service. I think [quality of service] will be an incredible resource for any large IT shop. In the same vein, Windows 2000 finally gets disk quota services, which let you set limits on user storage amounts. That's really great for us."


"Windows 2000 is more stable, which is important to a Citrix [thin-client] network," Meister says. "We can't afford to lose a server, because it kills the thin clients. With NT 4, we had your usual NT problems and wound up applying a lot of patches to fix them."

Windows 2000 marks Microsoft's first use of signed drivers - the software that interfaces the operating system with hardware and applications. American Farm Trust is adding digital signatures to drivers that have been certified as fully Win 2k-compatible by Microsoft.

When the operating system encounters an unsigned driver, it will at best warn the user and wait to proceed. At worst, it will refuse to install the driver.

That could be a problem for companies with legacy equipment, but it also guarantees that what does install properly is likely to work, says Enck.


"We started with one security manager under Windows NT, but pretty soon we needed two, then three," says Sommer. "With Active Directory, we'll only need one."

Windows NT has come under fire numerous times for its security holes; Windows 2000 is a vast improvement, say most experts. It's the first Windows operating system to provide native support for security standards such as Kerberos and X.509 public-key infrastructure certificates, and to offer an encrypted file system.

"We deal with very confidential donor database information, so that level of security was very important," Meister says. "If my boss wants to be the only one who can access a document, he can secure it under Windows 2000 with no problem. Under NT, that was very hard to do and very easy to overcome."

But right now, Windows 2000 security is an open question, simply because its security features haven't been put into widespread use yet.

Questions remain as to how well Microsoft Kerberos will work with other Kerberos implementations. And a single sign-on feature giving users the ability to be authenticated once to the network and receive access to every authorized service, Windows or not, without additional log-ins, didn't make it into the first release of Windows 2000, Microsoft says.


Windows 2000 adds support for up to 64GB of memory and as many as 32 processors, along with better cluster and load balancing. However, you'll need Windows 2000 Data Center edition, which won't be available until late spring, to take maximum advantage of scalability features.

"Clustering and load balancing are especially important when you're running applications from the server, as we do with Citrix," says Meister. "Our users are widely distributed in a [wide-area network] environment, so we see some real advantages in moving all our servers to a clustering architecture."

Scaling data storage has been a particularly hard nut for Windows NT to crack.

Windows 2000 could potentially address most of those shortcomings. Microsoft has included a very promising distributing file system with support for replication and load balancing across logical storage volumes. But, Enck says, you'll need to convert your current file system to the new NT File System (NTFS) 5 to take advantage of disk quotas - the ability to set maximum storage capacity for individual users - and other new features. And NTFS 5 may have problems working with NT storage management utilities.

Now for the Hurdles

Chief among Windows 2000 difficulties: high restructuring costs. It'll be a rare network that doesn't require at least some rearchitecting and upgrading, and Gartner's Enck says managers can expect 10 percent to 15 percent of their applications to have compatibility problems under Windows 2000. That figure is consistent with the experience of Computerworld's technology staff.

"Older infrastructure is going to be the biggest concern for any large shop that wants to move to Windows 2000," Meister says. And incompatibility, especially on the hardware side, gets worse when you move to the top-level data center version.

Active Directory will prove the pivot point in many installations; without it, some of Windows 2000's best features are missing or limited, at best. But for Active Directory to work properly, it must be installed networkwide, "probably one of the most massive undertakings you'll encounter in a Windows 2000 installation," says Enck. Microsoft's directory interoperability tools focus on eventually migrating the entire system to Active Directory, not working with other directories.

Support staffs face a huge learning curve. "The hardest thing to learn about Windows 2000 is the [organizational unit] schema," Meister says. "NT experts are typically not good at anything Unix, and that includes DNS [the Domain Naming System]. Windows 2000 relies on Dynamic DNS, which is going to be even stranger for people used to working with NT."

"There's a whole new world and really a lot to learn," Sommer says. "Windows 2000 is actually quite simple to deploy, but the work needed before you deploy can be intimidating."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Citrix Systems Asia PacificGartnerGartnerINSLogicalMicrosoft

Show Comments