In order to understand the Microsoft® Windows® 2000 operating system platform, it's necessary to understand that it's made up of four distinct operating systems:
Windows 2000 Professional
Windows 2000 Server
Windows 2000 Advanced Server
Windows 2000 Datacenter Server
The following sections describe briefly the differences in functionality of the distinct operating systems and how they work together to form a platform. Then we move into the enhancements in the availability and scalability of Windows 2000.
The four operating systems in the Windows platform scale from portable devices all the way up to clustered servers, and everything in between. In short this platform addresses the needs of all your users, whatever it is they're using.
The components of the platform play these complementary roles:
Windows 2000 Professional replaces the Microsoft Windows NT® Workstation 4.0 operating system.
Windows 2000 Server replaces Windows NT Server 4.0.
Windows 2000 Advanced Server can be considered the equivalent of the Windows NT Server, Enterprise Edition.
At the top end is Windows 2000 Datacenter Server, which is the most powerful of the operating systems, in terms of how many processors it supports, how much RAM can be put in it, its clustering capabilities, and so on.
For business users, particularly mobile users, Windows 2000 Professional features a lot of improvements over Windows NT Workstation:
Improved ease of use
Much broader hardware support
Better file management and security
Enhanced Internet communications with Microsoft Internet Explorer 5 and Outlook® Express
Windows 2000 Professional ease-of-use improvements include:
User Interface Enhancements:
The Start menu can be customized.
Logon and log-off scripts can be implemented in addition to startup and shutdown scripts.
Better task scheduling give users more flexibility in handling routine maintenance tasks.
A number of connection wizards have been added.
Better support for virtual private networking (VPN) makes it easier for users away from the office to keep in touch.
Offline folders make it easier for users to work with files saved on servers and synchronize the portable versions with the server versions.
Internet Printing Protocol enables a printer to be "published" on a Web page; users can then print over the Internet through a Web interface, even downloading drivers, if necessary.
Better tools simplify printer setup—for example, for mass rollouts.
Windows 2000 Professional is not only easier to use, it also helps to simplify the management of desktops. Familiar features such as the System Preparation Tool and setup wizards remain in Windows 2000 Professional. New features help simplify the task of upgrading from Windows 95/98 to Windows 2000. For instance, you can test hardware and software for compatibility before actually upgrading the system.
And the hardware support in Windows 2000 Professional has been expanded in other ways:
The EFS (Efficient File System) has been built in.
Plug and Play technology has been built in.
The Windows driver model is changing, so that vendors can write one driver that would work on both Windows 98 and Windows 2000. If that doesn't work, Microsoft plans to require vendors to provide both drivers in the product. This means that you will spend a lot less time searching on the Internet for the driver you need to get your system to run.
Additional power options enable users to put their machines on standby or hibernate. Standby takes about 10 seconds to shut down another 10 seconds to come back up, whereas hibernate actually puts the contents of RAM onto the hard disk. At that point, you can even pull the hard disk from that machine, then put it back, and be right back where you started.
File management is one of the more significant improvements in Windows 2000 Professional. It handles the FAT32 and NTFS file systems much better. In addition, disk defragmentation capabilities are built in and the backup utility is much more powerful. For instance, users can now back up to Zip drives, other hard disks, CD rewritable drives, etc.
Windows 2000 Professional offers a number of approaches to keeping secure things secure. There's support for Kerberos v5, as well as the Encrypting File System (EFS), which means that even if someone were to gain access to your PC, that person couldn't read the data. Even if they were to boot to another operating system, they couldn't get back in and read the files that were protected with EFS. And support for using smart cards for authentication has been added.
What's more, the secondary logon service enables you to sit down at a user's PC and run a utility as the administrator, without actually having to log on as the administrator.
Windows 2000 Professional includes advanced tools for Internet access and communications—Internet Explorer 5 and Outlook Express.
At some point, you will have to decide which of the server operating systems you need to install, based on what you need the server to do. The following pages compare the roles and functionality of the three Windows 2000 server operating systems.
First is Windows 2000 Server.
The Active DirectoryTM service, probably the most significant new feature in Windows 2000 Server, enables you to manage not just files, but actual objects. Windows 2000 Server also offers better file management, improved networking, better printing support, and simplified management. For example, more than 2,500 printers are supported. Also, the Group Policy feature allows administrators to define what users see on the desktop, which enables them to configure elements such as which applications are available to users when they log on.
As the previous page explained, Active Directory enables you to manage not just files, but actual objects. For example, you can publish printers to Active Directory and use it to manage users. Eventually, you will be able to administer e-mail through Active Directory. The potential uses of this service—and its potential to improve your total cost of ownership—are just beginning to unfold.
Administration has become simplified and more flexible in other ways, as well. There is now the ability to delegate administration, so that you can take a container and hand it off to a sub-administrator—you don't have to be a domain administrator anymore to manage objects. And Windows 2000 Server is a great deal more scalable. In fact, domains containing 2 million objects each have been tested successfully.
Microsoft Management Console, which had been part of Microsoft Internet Information Server 4.0, is now a built-in service in Windows 2000 Server and has been greatly enhanced. Other management enhancements include the Group Policy feature, Windows Script Host (which is now built in), better computer management, better rollout with the Remote Installation Service (RIS), and the DNS dynamic update protocol.
As for application services, the Indexing Service and Terminal Services are now built-in components of Windows 2000 Server.
The Dfs (Distributed file system) gives you the ability to separate physical data from what the user sees. When a user clicks on a share, the data behind it could really reside anywhere, and the system seamless sends the user to another server. Dfs is much more robust in Windows 2000, because you can not only direct users to alternate servers to get information, but also induce fault tolerance. For example, you can make the Dfs Active Directory–enabled, and then put the same data in two or more places. If one machine is unavailable, the user gets sent to another machine to get that information.
Another new feature is the ability to assign disk quotas. On a per-user, per-volume basis you can allocate no more than 10 MB, 50 MB, and so on to a user. Once the user reaches the limit, he or she won't be able to save anything to that drive anymore.
If you take advantage of Active Directory, you have to be able to secure all those objects. With Dfs you can make sure that users only see the things that you want them to see. You can expose only the properties of the objects that they need to see to do their job, but the rest will be hidden to them.
Other file management and security enhancements include better security through templates, configuration utilities, and support for new protocols.
Like its predecessor, Windows 2000 Server includes the Routing Information Protocol (RIP). In addition, OSPF (Open Shortest Path First) has been introduced into this version, as well as ATM (asynchronous transfer mode) support.
The remote access capabilities are more robust in that they give you more control over the policies and profiles that are assigned to users when they come in over a RAS connection. In addition, RADIUS (Remote Authentication Dial-In User Service) support and Connection Manager are built in. Likewise, Microsoft Internet Information Service (IIS), the Web server built into Windows 2000 Server, is now an integral part of the operating system.
In Windows 2000 Server, when you create printers, by default they are published in Active Directory. To illustrate, imagine you have to go to a branch office to give a presentation. You realize you need a printer that can handle two-sided color printing, and you need it fast because the presentation is in 30 minutes.
All you have to do is search the network for the location of a suitable printer, and the results will come back with the three machines in the office that you can use. This ability to quickly locate printing resources and the support for several thousand printers are the kinds of printing support enhancements in Windows 2000 Server.
Note: In addition to printers, a lot of things can be published in Active Directory—folders, for example. But printers will be published there by default, unless you choose not to.
All the material covered so far pertaining to Windows 2000 Server also applies to Windows 2000 Advanced Server and Windows 2000 Datacenter Server. Moving up the "server chain," the next server in the Windows 2000 platform is Windows 2000 Advanced Server.
The most notable distinction of Windows 2000 Advanced Server is that on Alpha-based systems it supports up to 32 GB of RAM and on Intel-based systems, 8 GB of RAM. (The server supports 4 GB of RAM out of the box.) SMP can scale up to eight processors.
In addition, clustering is built into the operating system. With Windows 2000 Advanced Server, you can build two server clusters, and increase system availability and reduce network load balancing.
Windows 2000 Datacenter Server supports up to 32 processors in one box, and up to 64 GB of RAM on Intel-based systems (32 GB on Alpha-based systems).
With the enhanced stability of Windows 2000, it can practically troubleshoot itself.
Kernel-mode write protection prevents files in the kernel from being overwritten; Windows file protection serves a similar purpose.
If the system does crash because of a bad driver or the like, it's much easier to find the source of the problem. In addition, the operating system now avoids a lot of the things that would have caused the blue screen. An example is the Driver Signing feature: If a user tries to install a driver that is not signed, you can specify whether to ignore, issue a warning, or just not install it.
If there is a problem, you might be presented with a screen like this, which indicates that an important file has been overwritten but that the system can fix itself once you supply the CD.
Unlike the Windows NT 4.0 architecture, the Windows 2000 Active Directory service runs in the user mode, under the security umbrella. In addition, there are changes in Object Manager, Plug and Play support, and power management. Device drivers and the micro-kernel haven't really changed much.
This high-level view illustrates how application data access was handled under Windows NT 4.0.
Application data access, in Windows 2000, on the other hand, looks like this. Support for large memory, SMP enhancements, load balancing, better I/O, COM+, and IIS 5.0 are all new or improved in Windows 2000 server operating systems.
At installation time, you can decide to implement PAE, the physical addressed extension. The Intel processor has a bit of a problem getting above the 4-GB limit, however, so Intel is working on building better processors. In the meantime, Microsoft has a way to get around that 4-GB limit.
If you are familiar with the Windows NT 4.0 kernel, you know that generally it's split into 2 GB for the applications and 2 GB for the kernel, the protected mode. (With Windows 2000 Advanced Server that can be a 1-GB/3-GB split.) But even if you have a machine with 8 GB of RAM, the most you can ever use in Windows NT is 4 GB. So, if you've got a database that's very large, only part of that RAM can be accessed at any given time, which means that if the system has to use drive resources, performance is affected.
The goal, therefore, is not just to get a box with more RAM, it's also to make sure that available space can be put to use. And the PAE can make that happen.
This scenario shows applications not using the AWE, or Address Windowing Extensions. More applications could be added, but the 4-GB maximum for applications mean that the system tends to run relatively more slowly. With PAE, it is possible to do windowing, and if one large application needs all this space, it would have the ability to access all of the available RAM (up to 64 GB on Windows 2000 Datacenter Server and 8 GB on Windows 2000 Advanced Server. The concept here is to put multiple large applications on a very large, 8- to 32-GB system. Applications simply fill up physical space, managed by the operating system, but see only 4 GB of virtual addressing (VA) space.
AWE offers a number of significant advantages.
Memory management is important, but it's also crucial to reduce downtime. The Windows 2000 server operating systems have a number of improvements to help in this pursuit.
Service packs. In Windows NT, if you installed a service pack and later wanted to add a service to that box, you pretty much had to reinstall the service pack, because the service pack only installed the pieces that were currently being used.
In Windows 2000, you only have to install a service pack once. Later, if you want to add a service, the ability to use that service, or improved pieces of that service, the capability will already be inherent.
Fewer maintenance reboots. Many of the tasks that required rebooting in Windows NT Server no longer require rebooting. Things like running or installing Active Directory, taking a workstation out of one domain and putting it into another, or going from a workstation to a domain will require a reboot. But adding a new protocol, changing the default gateway, adding the DHCP service, and many other activities, don't.
Improved diagnostics. Recovery mechanisms are much cleaner and much more powerful than those of Windows NT, so troubleshooting is much easier. For example, parts of Active Directory can be recovered by going into the safe mode.
Faster restart. Described in more detail below.
Storage management. Described in more detail below.
Clustering. Improved clustering helps to reduce the downtime associated with maintenance tasks.
Improved diagnostic tools in Windows 2000 help reduce downtime.
For example, say you're building crash dumps because you think you're having a problem in the kernel. Now you can do kernel-only crash dumps. Rather than involve the entire 4 GB of RAM, you can focus just on the area where you think the problem occurred.
The familiar Check Disk utility has been improved.
MSINFO is a little more robust and easier to use.
As mentioned above, improvements in recovery and restart contribute to the reduced downtime of Windows 2000–based systems. Such improvements include a much better safe mode boot and the ability to kill processes individually.
If you suspect a process is hanging a box, the recoverable file system enables you to retrieve deleted files and Active Directory objects.
The built-in automatic restarts are better, and IIS restart capabilities are more reliable.
Windows 2000 greatly expands your storage management options: Support for removable storage media is more robust, and now it is possible to take advantage of offline storage and disk quotas.
Dynamic volume management is another feature that helps reduce the number of required reboots. In Windows NT 4.0, tasks like adding a volume or creating a stripe set or mirror set required you to reboot the system. With the NTFS 5–formatted volumes, these actions do not require rebooting.
Network Load Balancing (NLB) is available with Windows 2000 Advanced Server and Datacenter Server. The idea behind Network Load Balancing is that one IP address is exposed to the Internet/intranet, but actually a number of hosts are servicing requests behind that IP address.
NLB is a wonderful feature for service providers, because you can have as many Web servers as you choose, with the same content, serving the same IP address. When a user types in that IP address (or the name that resolves to that IP address), the request can go to any of the Web servers. This is all transparent to the users because all the boxes are identified in the same way. Not only does this allow for load balancing, but also your Web site can handle more hits at any given time without the risk that a single Web server failure will bring down the whole site.
What's more, with NLB some of the servers can drop offline, either planned or unplanned, while the data remains available.
Note: Windows 2000 Advanced Server and Windows 2000 Datacenter Server support up to 32 servers in a load-balanced array (not to be confused with a cluster—see the following page.)
In a true server cluster, a group of independent computer systems—known as nodes—work together as a single system to ensure that mission-critical applications and resources remain available to clients. In this way, if one of the servers were to drop off, another would pick up the load and service the users. Basically, clustering is just another way to eliminate downtime and ensure that data is always available.
The nodes in a cluster must be running Windows 2000 Advanced Server or Windows 2000 Datacenter Server. Every node is attached to one or more cluster storage devices. Clustering allows users and administrators to access and manage the nodes as a single system rather than as separate computers.
The clustering capability in Windows 2000 features these improvements, which help reduce the downtime related to routine maintenance:
Rolling upgrades: if one of the machines in the cluster is upgraded, it rolls that upgrade to the other machines in the cluster
Four-node clustering with Windows 2000 Datacenter Server; two-node clustering with the master server
Given its improved clustering services, reliability, availability, and scalability, Windows 2000 gives you two options: You can go up, or you can go out.
That is, you can add more processors, add more RAM—basically, build a bigger box—which means that more people can use it and you can host more Web sites on it. This is scaling up.
With clustering and network load balancing, more people can hit a site because it has more servers to handle them. Also, you can drop servers offline, yet the data remains accessible. This is scaling out.