Progress Report

1
Alberto Di Meglio, Ivan Deloose, Per Hagen,
Frédéric Hemmer, Alberto Pace Information
Technology Division - CERN
2
Outline

• Pilot experience
• Plans for production services
• Home directories
• Migration out of Novell Netware
• Migration out of NT4
• Tools
• Application distribution
• Next Steps

3
Windows 2000 Pilot Experience

• 150 systems
• 30 Windows 2000 Servers
• 130 Windows 2000 Professional
• 2.5 of expected scope
• Variety of users ?
• but mainly volunteers ?
• Variety of platforms
• Laptops (15)
• 90-800Mhz, 48-gt512 MB

4
General problems encountered

• DFS FRS on large volumes sometime fails
• Maybe due to staging space limitations
• Decided to switch FRS off for Home dirs.
• SMS software metering sometimes fail
• Will see if future versions solve this
• DNS integration with Unix bind was not easy
• Server backup SW long to arrive
• Some problems with portable and PNP/Modem/APM
  have been observed
• Cleared by a reboot
• Support for some devices is still flaky
• E.g. GSM, HP consumer printers

Overall impression positive
5
Windows 2000 on Portables

• Benefits
• All your documents can be made available for
  offline use
• Hibernate/Standby support
• DHCP
• PnP
• Resilient to network/server failures
• Problems
• Some PnP problems appearing occasionally

6
Windows 2000 Desktop Stability
7
Outline

• Pilot experience
• Plans for production services
• Home directories
• Migration out of Novell Netware
• Migration out of NT4
• Tools
• Application distribution
• Next Steps

8
Home Directories
WINIT01
adimeg
WINDFS02
WINDFS01
Users\a\adimeg
WINEP01
Users\a\azu
azu
Users\z

• Initial pilot proposal based on a divisional
  structure

But
9
Problems with this approach

• MS recommends maximum 1000 DFS mount points
• There are more than 8000 users
• We ran into the limit where no more links could
  be created (September 2000)
• Automatic creation of users gets complicated
• A lookup on every div is necessary
• Users change from div to div

10
Physical structure (II)
WINDIV01
adimeg
. . .
WINDFS02
azu
WINDFS01
Users\a
WINDIV26
zhyon
Users\z
So alphabetic ordering was implemented
11
Architecture limitation ?

• With this approach, all accounts with the same
  initial letter must be on the same physical
  server
• All home directories must be hosted in 26 servers
  maximum
• However
• Better that divisional approach where all home
  dir had to be hosted in max 11 servers
• In all cases, project space can be used to
  offload home directory servers if necessary
• With present technology, all home directories
  could be hosted in 4 servers there is lot of
  space for growth (especially because server
  technology evolves very fast)

12
Logical Structure
cern.ch Dfs Tree
adimeg
Users
a


azu
z
Projects
LHCB
harvey
scratch
Applications
Systems
13
Macintosh support

• Should we offer Appleshare services from DFS ?
• File services for the Mac are one generation
  behind services for Win
• Can compromise the stability of the DFS service
  (as it did with Novell in the past)
• Only for a minority of users
• Still unclear if the Mac will be a supported
  platform at CERN

14
Outline

• Pilot experience
• Plans for production services
• Home directories
• Migration out of Novell Netware
• Migration out of NT4
• Tools
• Application distribution
• Next Steps

15
NetWare Migration to W2000

• A nightmare, largely underestimated
• Multiple name spaces
• Support for Macintosh
• Historical situation grown from 1990
• Large number of accounts (gt8000)
• Large number of groups (gt800)
• Large number of (old) files (10 M)
• Complex file protection scheme
• Not directly mappable to W2K

16
Scenario

• Migrate NW file systems to NTFS5
• CERN NT domain (not W2K pilot)
• Keep UNC paths unchanged (user transparent)
• No NT4 servers
• Successful reliability and performance results
  win2000
• Better ACL mappings (inheritance, special rights)
• Name spaces
• DOS-OS2 (long names), MAC, NFS
• Different server types
• Workgroup servers, MAC only servers, NICE
  application servers, divisional servers, home
  directory servers

17
Technical Problems

• MAC name space
• NW provides APIs to extract AFP resources (icons,
  MAC name), but no Win32 API to write these back
  to a NTFS server -gt Use a Mac to transfer files
• The Mac does not copy ACL and all security
  related information
• NFS name space
• No solution for automated file ownership/rights
  migration

18
Migration sequence
Netware server
W2K server
19
Migration sequence
NTMigrate (Win2000)
1 - Get a PC (NT4 32bit NW client)
5 Convert users, groups and file rights
4 Generate Trustee NW Group member files
5 Create groups and add members
2 - Create Directory structure file DOS,
AFP name space (NDSDump)
6 Set ACLs on directories
7 - Get a Macintosh
8 Copy files using DirStruct file (speed) 9
Rename directories DOS -gt Mac name
Netware server
W2K server
3 - Create Directories on target server
20
NetWare Servers migration
21
Problems Encountered ?

• Client for MS sometimes not correctly configured
• Manual fix
• Netware/NT Password not synchronized
• Manual / automated fix
• ftp access syntax changed
• New syntax to learn, scripts to modify
• Manual drive mappings
• Needs to be recreated
• No root mapping
• Kludge exist on NT nothing on W95
• Trustee manager not available
• Trustee manager written
• Disconnected portable take time to logon
• Eject PCMCIA Ethernet adapter
• Home Directories are browsable
• Feature, similar to AFS

22
Outline

• Pilot experience
• Plans for production services
• Home directories
• Server Migration out of Novell Netware
• Server Migration out of NT4
• Tools
• Application distribution
• Next Steps

23
NT 4 Server Migration to W2000

• WINS Servers done
• Domain Controllers done
• Including remote DCs in experiments
• CERN Domain promoted to Win2000 native mode
• In-place upgrade
• Mostly transparent to users

24
Outline

• Pilot experience
• Plans for production services
• Home directories
• Migration out of Novell Netware
• Migration out of NT4
• Tools
• Application distribution
• Next Steps

25
Tools that had to be developed

• Printer Wizard
• Trustee Manager
• Group Manager
• User Registration Services
• Computer Registration Services
• To be done
• Password recovery, Administrators Local Group
  management, Local Administrator Password
  recovery, Computer Account Reset, User Profile
  recovery and reset, quota enforcement, quota
  management

DEMO
26
Outline

• Pilot experience
• Plans for production services
• Home directories
• Migration out of Novell Netware
• Migration out of NT4
• Tools
• Application distribution
• Next Steps

27
Application Concurrent Usage
28
Managed Applications

• Part of OS
• Internet Explorer
• Assigned to Computer (using MSI)
• MS Office 2000
• Access, Excel, FrontPage, Outlook, PowerPoint,
  Word
• Acrobat Reader, Printing Package, Phone Book,
  Winzip, anti virus, and other tools
• Published to User (using MSI or ZAP)
• MS Project, MS Publisher
• Remedy
• Exceed

All most used functionalities are provided
29
Application Deployment

• Still unclear to what extent SMS will be used
• We are trying to deploy using mainly MSI and ZAP
  files
• In order to use ZAP files, the Administrators
  local group has to be managed

30
Comparing SMS 2.0 and Win 2000
Windows 2000 SMS 2.0
Application deployment ? ?
New OS deployment ?
OS update deployment ?
User settings management ?
User data management ?
Hardware / software inventory ?
Remote tools ?
Software metering ?
Network analysis / diagnostics ?
Health monitoring ?
Only overlap is in software deployment!
31
Systems Management Server
Roles Benefit Impact on Privacy
Discovery Asset Management None. Similar to network pages.
Distribute Software Manage Service Packs/Software Limited. Just installs packages and keep track of its success.
Hardware Inventory Asset Management /Problem Determination Can see what Hardware is and when it has been changed.
Software Inventory Asset Management Can see what software has been installed.
Remote Tools Helpdesk/Problem determination Can see what user does. Can launch a command. Monitored. But to be used by contractors.
License Metering Software usage/License estimation/License enforcement Can see what software has been used. Similar to NICE.
32
SMS Questions

• Are there any privacy issues?
• Do we have to restrict access to these tools? To
  whom?
• Do we have to include special clauses in
  outsourcing contracts ?
• Do we have to have our own staff to sign
  something ? (cf. HR data).
• How do we publicize this ?

33
Few words on an hot topic

• Netscape is currently the most used app at CERN
• But we see a dark future
• Netscape 4.7 has not been made available (as a
  managed app.) in the pilot
• No SMS/MSI install available
• No CERN customization available
• Repackaging risk to be difficult
• IE 5.x integrated in the OS
• Outlook now part of Office (with MSI)

34
Current Proposal
(under discussion)

• Recommend Internet Explorer and Outlook 2000 as
  the browser and mail client for Windows 2000
• Apparently stable
• No CERN specials anymore
• Bookmarks and Address Books can be imported
• IMAP mails structure unchanged
• Deployment of collaborative tools possible
  (calendaring, groupware, video conferencing, )

35
W2KMTF

• The current question is now
• How to proceed with the next steps, I.e. how do
  we go from the current NICE 95/NT to NICE 2000
  and what timescale ?
• Applications many of them, overlapping
  functionality, support not always clear, work
  needed to repackage ?
• At what speed are the divisions/experiments ready
  to migrate ?
• What are the show stoppers ?
• A working group has been setup
• Windows 2000 Migration Task Force
• First meeting scheduled the 7th of November
• More than 30 participants

36
Outline

• Pilot experience
• Plans for production services
• Home directories
• Migration out of Novell Netware
• Migration out of NT4
• Tools
• Application distribution
• Next Steps

37
Next Steps

• Define automated installation procedures
• Unattended W2K setup assigned applications
• sysprep / disk image for new PCs portables
• Develop missing tools
• Repackage missing applications
• Once the application set has been decided
• Customize mail client for CERN environment
• And finally, start migrating client computers
• 4000 PCs, 2 hrs/PC ? 5 manyears

38
Schedule
Applications availability with MSI Migration
scenarios
Proof of concepts
Prototype
Windows 2000 Pilot
Checkpoint
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Jan
Feb
39
(No Transcript)