Introduction to NT 5.0

Download Report

Transcript Introduction to NT 5.0 

Windows 2000
Klara Jelinkova
Tom Jordan
Steve Tanner
Major Goals For
Windows 2000


Distributed computing
Address the TCO issue:


Zero Administration for Windows (ZAW)
 MMC
 IntelliMirror™
 Client side caching
Support the right standards:





TCP/IP
DNS
“Kerberos”
HTML
LDAP
Presentation Goals



Windows 2000 Overview
Where to go from here
How can DoIT help you


HelpDesk and I&R
Active Directory forum
Hardware Support




Plug-and-play
Power management
WDM driver model (with signed drivers)
Broad device support
(e.g., DVD, scanners)
Storage Management

File System



Disk quotas
Real-time property and content indexing
Media management

Dynamic Disks
 Spanned volume (not fault tolerant)
 Mirrored volumes (fault tolerant)
 Striped volume (not fault tolerant)
 RAID 5
World Ready




Multilingual user interface
Same code runs anywhere
Simultaneous support
of multiple languages
Single worldwide API
Application Installer

Current problems




New Setup




Shared DLL version conflicts
Per user, per machine state is confused
Uninstall frequently fails
New install service as part of base OS
Shared components only in service packs
Much stricter Windows logo program
Developer prepares application as
an “MSI package”
Application problems






PeopleSoft not supported
ODBC Problems with machines
upgraded from Windows 9.x
WiscWorld 3.5b supported
NAI NetShielf not supported
SpeedDisk Unsupported
Minor glitches in MeetingMaker,
PC Anywhere and other apps.
Addressing TCO

Common management interface (MMC)




“Snap in” custom tools
IntelliMirror
Policy management
Systems Management Server
Microsoft
Management Console


Standardized interface to
all admin tools
MMC services are termed “snap ins”
IntelliMirror


Roaming user support
A suite of technologies to reduce
TCO. IntelliMirror provides for
redundant copies of data to be
stored on both the clint and
server
Network Server
Desktop
Data,
Apps,
Policy
Cache
Client side cache
ZAW And Microsoft
Systems Management Server
Feature
Windows 2000
Desktop locking
Roaming user
Disk quotas
Client caching
Remote boot
Basic S/W distribution
Advanced S/W distribution
16-bit client support
HW and SW inventory
Centralized diagnostics/troubleshooting
Software metering
Network tracing/monitoring
SMS
Preparing For
Windows 2000

Planning is key





Take a long term view
Expect it to take longer than you’d like
 Politics
 A chance to correct things
Remember the ability to delegate
administrative authority
 Windows NT resource domains should go away
Familiarize yourself with TCP/IP terminology
Upgrade matrix is more complete

Most Windows versions can be upgraded
What’s A Directory?

Database that stores attribute/value pairs for
every object you might want to know about





You can query it in a variety of ways




Users (name, phone #, … )
Devices (printer capabilities, … )
Programs (published interfaces)
Etc.
Standard UI methods
Custom code
Etc.
Database schema can be extended
What’s In The
Active Directory
And how does the system utilize it?

People’s phone numbers, certificates


Account information


Class store
Profile and configuration information


Single login, secure Web access
Component’s identifying information


(Secure) e-mail
ZAW
Service and device information

Network use of the directory
Active Directory
Beyond the traditional directory service
DNS
Browser
Exchange
Recipient
Lookup
Referrals
HTTP / LDAP
Mail Client
Address Book
SQL Server
Register Service
Directory
Replicate
Storage
Replication
Security
Credential
Management
Find
Printer
Query
Active Directory

LDAP REPL
MAPI Other...
Directory system agent


DB layer
Extensible storage engine


Store
Open to multiple
access protocols
It’s a real database
Every object is
protected (ACL)
Schema is stored
in the directory
Schema is extensible

You can define:
 New object types
 Additional attributes
Windows 2000 Domains

In Windows NT 5.0 a server is either a domain
controller or a member server




Primary and backup DCs (Windows NT 4.0) go away
Domain controllers have a replica of the directory
database, member servers don’t
Can have multiple DCs within a domain
 Automatic replication for efficiency,
security, availability
Domain controllers can host the
Global Catalog


Enterprise wide directory containing
common attributes
Knows how to get to other DCs
To Be Clear About NetBIOS


TCP/IP is the default Windows 2000
protocol
NetBIOS/WINS fully supported in
Windows 2000



In fact there are several enhancements
Provides support for down-level systems
Once the enterprise upgrade to
Windows 2000 is complete, DNS
takes over and the WINS servers
can be retired
The Domain Name System
DNS Root
com
microsoft.com
edu
acme.com
usa.acme.com
purdue.edu
uk
mit.edu
southamerica.acme.com
acme.co.uk
Windows NT 5.0 Domains


Map closely to DNS domains
An Organizational Unit (OU) allows
grouping within a domain



May contain other OUs, machines,
users, …
Administration privilege can be
delegated on a per OU basis
Some terminology and concepts
derived from X.500
Active Directory Namespace

Domains






Forests



DNS used as the name location service
Organized in a true hierarchy
Domain controllers are local to a domain
Directory automatically fully replicated
DCs know how to get to other DCs in the tree
A collection of domain trees
Relationships explicitly established
Global Catalog

Can span the forest
Dynamic DNS


Allows machines joining the network
to register their name and IP
address automatically
Currently an IETF proposed standard


RFC 2136 and 2137
Windows 2000 will support this

Interoperable with other implementations
Distributed File System

DFS provides location independence



A standard feature of Windows 2000


You need only know how to name the file
Server names, shares are irrelevant
Also supported in Windows NT 4.0,
Windows 95/98
Similarities to existing UNIX solutions

Terminology is different (naturally!)
Distributed File System


DFS Root

Volume
Single drive mapping
User unaware of
physical location
Administrative flexibility
Junction (reparse point)
Access to a file:
\\volume\folder1\...\folder3\afile.txt
Windows 2000 Security





Single enterprise logon
Integrated with Active Directory
Delegated administration
and scalability for large domains
Strong network
authentication protocols
Standard protocols

“Kerberos” is the default
Integrated Security
Scenarios
Single
sign-on
Private
comms
Secure
ops
Secure
desktop
Safety



Authentication



Protocol



Base


Authenticode
Driver signing
Private Key/Kerberos
Public Key/X.509
Windows NT 4.0
SSL
IPSEC
RPC/DCOM
Crypto API
Encrypted Filesystem
More auditing
Multiple Authentication
Services
Remote
file
Internet Explorer,
Internet Information
Server
DCOM
application
CIFS/SMB
Secure RPC
HTTP
Directoryenabled apps
using ADSI
LDAP
Mail,
Chat,
News
POP3, NNTP
SSPI
NTLM
Kerberos
MSV1_0/
SAM
KDC/DS
SChannel
SSL/TLS
DPA
Membership
services
Kerberos Advantages

Faster




Mutual authentication of both client, server
Delegation of authentication


Impersonation in three-tier
client/server architectures
Transitive trust between domains


Server scalability for high-volume connections
Reuse session tickets from cache
Simplify interdomain trust management
Mature IETF standard for interoperability


Multi vendor support
Compliant with MIT Kerberos v5 release