InformationWeek
Defining The Business Value Of Technology
March 13, 2000
 Printer ready |
Active Directory Tribulations
With the release of Windows 2000, many companies are looking at deploying Microsoft's new directory service, Active Directory. But the migration and the changes in other TCP/IP services that go with it are a significant challenge.
| Related links: |
|
|
| And from our sister publications: |
|
|
| TechEncyclopedia |
 Send Us Your Feedback |
any companies have been waiting eagerly for Windows 2000 for a number of reasons. The Microsoft operating system provides lots of management and scalability features that network administrators want. Active Directory, the long-awaited replacement for Windows NT's directory scheme, is an integral part of Windows 2000, and many of the new operating system's management enhancements are predicated on deploying Active Directory. However, migrating to a new directory scheme and the attendant changes in other TCP/IP services represent a major undertaking.Understanding the impact of Active Directory on two other network services in particular is crucial to planning such a deployment. Most TCP/IP applications, from Web browsers to E-mail servers, rely on host names (such as www.informationweek.com) to identify resources. Sending packets between any two TCP/IP systems, however, requires the use of IP addresses. The domain name system (DNS) maintains a database that maps domain and host names to IP addresses and vice versa. DNS servers also maintain other information about the name space, such as which servers are responsible for updates to a section of the name space. Consequently, most conversations between TCP/IP systems start with a query to a DNS server.
The other key service that's affected by Active Directory deployment is the Dynamic Host Configuration Protocol. This system lets computers and other devices request a unique IP address when they first connect to the network--and in many cases, they must renew their IP address at particular intervals. Typically, DHCP and DNS servers must interact to some degree in order to keep the relationship of IP addresses and host names in sync.
InformationWeek conducted a survey in November and December of 1999 to discover how many of our readers could be affected by some of the requirements for implementation of Windows 2000. As expected, most large companies (93% of those responding to our survey) use DNS servers, DHCP servers, or both. By definition, deploying Active Directory will affect how these services are managed.
The first issue for many of these companies is that their implementations of Berkeley Internet Name Domain--the software that typically provides DNS services from Unix hosts-- may not work with Active Directory. About one-quarter of the respondents to our survey are running their DNS or DHCP services from Unix or Linux hosts, and another 13% rely on non-Microsoft servers.
Active Directory will work well only with BIND versions 8.1.1 and later, which support a new standard called Dynamic DNS. Many companies are still running the previous version, BIND 4.x. These companies will be faced with the choice of moving DNS and DHCP from their Unix systems to Windows 2000, or upgrading to a new version of BIND.
Neither of these propositions is trivial. There are two issues, one technical, one political. The technical issue is that BIND is a major network component that's crucial to the operation of any TCP/IP, Web, Internet, and intranet software. Moving from an existing version of BIND to a new version or moving the service to Windows 2000 is not something that any administrator would undertake lightheartedly.
It's possible to create a workaround in which companies could retain their older BIND servers by demoting them to a secondary role. In this scenario, the BIND servers get information from a new BIND server running elsewhere or a Windows 2000 server. Either way, you'll have to deploy new DNS servers and face many of the same deployment issues.
The political issue could prove to be even more difficult to overcome in some companies. The DNS server for a company is often run by the Unix administrators, who manage a stable, proven, reliable, and often fairly old version of Unix and BIND running in a corner of the server room.
For these Unix managers, moving DNS to a new version of BIND might prove daunting, but they may regard moving to Windows 2000 with more concern because Windows 2000 is relatively unproven and would require shifting IP management from the Unix administrators to Microsoft administrators, who probably haven't been responsible for most centralized IP services. Thus, before they can even begin to consider installing Windows 2000 Server and Active Directory, managers must deal with the issue of who will control DNS and DHCP--and then face the technical issues of upgrading or retiring BIND.
continued...page 2
Back to Labs
Send Us Your Feedback
Top of the Page
University of San Diego seeking System Administrator 2 in San Diego, CA
Hebrew Senior Life seeking Network Analyst in Boston, MA
Cirrus Design seeking Web Architect in Duluth, MN
Comcast seeking Tier 4 CRAN Network Engineer in Chelmsford, MA
Lowe's seeking Network Engineer II in Mooresville, NC
For more great jobs, career-related news, features and services, please visit our Career Center.
