1 SLAC Windows Migration Bob Cowles Presented for the SLAC Windows Migration Project HEPNT, Fermilab October 24, 2002
1
SLAC Windows Migration
Bob Cowles
Presented for the SLAC Windows Migration Project
HEPNT, Fermilab
October 24, 2002
2
Overview
Project Objectives Present NT Environment AD Environment Upgrade Path Related Projects Migrating Users
3
Project Objectives Provide a more stable and secure Windows environment
for our user community
More efficient administration– Simplified domain structure– Delegation of privileges– Enhanced distribution of software and policy (GPOs) – Integrated directory services (including Exchange
2000)
4
Project Objectives
Provide new functionality for users– Better support for portables– Better networking support (VPN, wireless)– Better multimedia support– Better communications (OWA)
Easier to support– Better support tools (Remote Assistance for
Help Desk and local admins)
5
High-level view
One domain with OUs representing mission, administrative and funding boundaries
Desktops to have Windows XP and Office XP Exchange 2000 for all messaging Project to be completed Dec 2003 Other related projects
– New storage project– SMS and GPO’s for software distribution– Monitoring project
6
Current NT EnvironmentDescription Sept. 2002
Windows NT/2K domain machines on site ~1400
% PC’s purchased as standard Dell HW
(80% of current SLAC PC’s are now standard Dell HW)
91%
Windows NT user accounts 3600
Exchange 5.5 user accounts 1500
Windows NT/2K central servers 119
Windows NT/2K central file servers data 2000GB
WinNT workstations supported by central computing 1000 (roughly 70%)
Compliance for system fixes, anti-virus, etc. 90%
Other desktops
Linux RedHat Desktops 450
WinNT Workgroup,Win9x (not supported) ~60
Windows 3.1/DOS (not supported) 0
Macintosh (not supported) <100
7
Current NT Environment Master domain with 10 resource domains Laptops are W2K; better support for hardware and remote
access Desktops are NT4; limiting W2K on the desktop due to the
need for admin privilege for running many applications. Fileservers 2 TB data
60% user home directory, 40% groups directoryRate of growth: doubling every 12 months.
Storage of user data on central servers is encouraged (there is no backup of workstations provided by SCS). Department servers are discouraged.
8
Current NT Domain Environment
SLAC
SSRL CONTROLS
SLD-NT
Ragamuffin
MFD-HUB MDCAD
KLYSTRON
ESH
BSDHUB1BABAR
9
Current NT Environment
Print services reside on local domains Central account domain in SLAC Machine accounts in local domains Centralized WINS Servers DNS hosted on UNIX Bind systems Remote access via PPTP/VPN and ICA/Citrix
10
Current NT Environment
Monitoring via network “ping” Anti-virus on all machines with InoculateIT.
Updates downloaded from central server E-mail anti-virus scans via Sybari Antigen Veritas BackupExec used with DLT and LTO
libraries to back up
11
Active Directory Environment
SLAC
SSRL CONTROLS
BSDHUB1
Single forest and domain with multiple domain controllers (DC). FSMO roles
reside in SLAC’s DC’s.
12
Windows Active Directory Environment
Print services reside on central print servers Exchange 5.5 going to Exchange 2000 Central account domain in SLAC Machine accounts in department OU’s Centralized WINS Servers Delegated DNS zone win.slac.stanford.edu
running as “Integrated Zone” on DC’s Remote access via PPTP/VPN and ICA/Citrix
13
Four Options As Upgrade Path
1) Migration tools and SID historypros: clean install of server infrastructure
by going to ‘Native mode’, reversible. cons: migration tools were buggy.
2) Double ACL all resourcespros: clean install of server infrastructure
by going to ‘Native mode’, reversible.
cons: need to re-ACL all resources, confusing.
14
Four Options As Upgrade Path
3) Re-ACL to new domain and cutoverpros: clean install of server infrastructure
by going to ‘Native mode’, short time.
cons: not reversible, re-ACL resource domains, disruptive for users
15
Four Options As Upgrade Path
4) In-place Upgradepros: Easier for administrators and users
– No re-ACL– No new domain– No migration tools– No SID History– Less likely to break– Less overhead
Upgrade went smoothly, recommended by Microsoft.
16
Related Projects - SMS
Utilize for security updates, hotfixes and service packs
Currently rolled out to half of lab (~700 workstations)
New SMS rollout coincide with W2K/XP rollout Delegate abilities to OU Admin’s
17
Related Projects - GPO’s
Use GPO’s for main policies– security policies– disabling services (Internet Connection Sharing, …)– authentication standards
Ultimately use GPO’s to co-exist with SMS and boot floppy to rollout registry changes, software, hotfixes and service packs
18
Related Projects
Implement new monitoring solution.
Implement new backup solution.
Upgrade Citrix Metaframe 1.8 on NT TSE to Citrix XPe on Windows 2000 over the coming year
19
Migrating Users
Migration to Windows XPOffice XPExchange 2000
Clean install of 1600 client computers
20
Migrating Users-timeline
Alpha migration, August 2002Windows administrators
Beta migration, September 2002All central computing users, and power users from each department
Pilot migration, November 20025% representative sample across all departments
General migration, December 2002-December 2003
21
Challenges
Tight budget limits hardware upgrades– 4 yr. replacement cycle not always followed– XP needs 3 GB hard disk & 256 MB of memory– Older hardware works, but may run slower
Limited resources and budget– Freeze Windows NT except for security
Interoperability with SLAC UNIX environment– Samba gateway, AFS– Mitigated somewhat by WTS, WinSCP
Varied missions, administration and funding