to think of scalability from organizational, environmental, and managerial viewpoints--in terms of the whole network.
Windows NT Server and Warp Server are coming on strong in the 100-plus-node network arena, displacing such products as Banyan's Vines, NetWare. But how does it fare when it's confronted with a 500-server network? The newest version, NT Server 4.0, offers expanded networking services (see "4.0's Not for Everyone").
However, concerns about the underlying architecture still raise questions about NT Server's scalability in the minds of some network managers. Can you manage large networks easily? Can users log in and use resources transparently? How does it handle clients that are running Windows, Mac OS, Unix, or OS/2 Warp?
The NT Server architecture scales better than its predecessor LAN Manager did, but it comes up short when compared with NetWare. NT is a good application server, but it
s shortfalls--primarily in the areas of directory services, dynamic IP assignments, network management, and network administration--make it less scalable than its competition.
Directory services and domains are two different ways to deal with the problem of finding a needle in a large haystack. NetWare 4's NetWare Directory Service (NDS) does it by handing you the needle when you ask for it. NT Server uses domains, which basically tell you to look in a smaller haystack. Clearly, NT has much growing to do in this area (for more details, see the sidebar "StreetTalk Access for Windows NT").
In Microsoft LAN Manager, a domain was an independent, nonhierarchical database of account information; it didn't have a mechanism to tie multiple, independent domain databases together. In an attempt to overcome this design limitation, Windows NT introduced trust relationships between domains. In a trust relationship, a domain grants access to users if they have rights in a trusted domain. Trust relationships p
rovide users a single log-in to their home domain and potential access to resources in other domains that trust the user's home domain.
Management of relationships can be difficult. A trust relationship doesn't grant users access to resources in trusting domains. Instead, it lets an administrator in the trusted domain grant access rights to resources in the trusting domain. Only after administrators establish a trust relationship between domains can users access resources in the trusting domain.
Worse, the number of two-way trust relationships grows geometrically. It's N times (N-1), where N is the number of domains. Six domains require 30 trust relationships (see the figure
"Tangled Domain Trusts"
), 50 domains require 2450 trust relationships, and 100 domains require 9900. That's a lot of relationships to set up and administer.
In contrast, a directory service gives users, administrators, and their computers transparent access to all network resources. The CCITT has
defined a standard for directory services--X.500. It says a directory service should provide network name functions that map all network resources and that give them unique identities for easy reference.
The name functions should supply location-independent access to network resources, offer extensible attribute information (i.e., detail about a resource that its name alone can't convey), and allow searching for network resources by attribute, such as a printer's type or location. NT doesn't offer X.500-compliant directory services.
NT replicates domain information across multiple servers to provide some degree of fault tolerance. Every Windows NT server that has a copy of the domain is known as a Domain Controller. The two types are Primary Domain Controller (PDC) and Backup Domain Controller (BDC). Each domain must have at least one PDC and can have multiple BDCs. Each Windows NT server may participate as a Domain Controller in a single domain.
The PDC synchronizes across the domain, p
eriodically communicating with the BDCs to distribute account information and ensure the integrity of the Domain Database. The PDC contacts the BDCs at definable intervals and sends mirrors of recent updates. While users can employ either the PDC or a BDC for log-in authentication, all changes to the domain occur on the PDC (see the figure
"NT Server Administration"
). If the PDC is down or unreachable, administrators cannot update domain information until they manually intervene to promote a BDC to become the PDC. This makes the PDC a single point of failure.
The replicated directory services database provided by NDS does not have this limitation. Administrators can partition and replicate the NDS database among many NetWare file servers, and can update NDS on any server that contains a read/write copy of the database. As long as a server that contains a replica of the partition is available, all administrative functions are possible, including adding or deleting users, groups, pr
ofiles, file servers, printers, print servers, message servers, and organizational units.
Because NDS replication does not depend on a single, primary database, it has no single point of failure (see the figure
"NDS Server Administration"
). Any server that contains either the master or a read/write replica of the NDS database communicates with all other servers with similar replicas. Any server can exchange NDS information with any other server that shares a common replica. If a server is unavailable for synchronization, updates will continue among the remaining servers, permitting full NDS administration of the NDS tree, regardless of the state of any single server.
Here's another limitation to NT's domains: Moving an NT server from one domain to another requires you to reinstall the OS. To move a NetWare server to a different branch of the directory tree, you merely indicate your change in Novell's NWAdmin software--a point-and-click operation.
Similarly, you move
resources (e.g., users and printers) in NT by deleting the entry in one domain and adding the entry in the other domain. NWAdmin makes such chores a drag-and-drop operation. Since NDS groups can include user objects from any portion of the NDS tree, a transferred user retains all the prior group memberships and immediately inherits all rights granted to his or her new home on the NDS tree.
Using IP
Everyone wants to get on the Internet. For an administrator, that can mean assigning each desktop system its own IP address and then tracking them. Intelligent NOSes take care of the assignment and tracking for you. In this respect, NT is better than NetWare but not as intelligent as OS/2 Warp Server.
The technology for automatic IP address assignment and tracking is Dynamic IP, which is composed of DHCP and Dynamic Domain Naming System (DDNS). DHCP and DDNS are complementary open networking standards developed by the Internet Engineering Task Force (IETF). Each protocol impl
ements half of the TCP/IP "plug-and-go" network solution. DHCP centralizes and automates the configuration of IP hosts, including IP addresses, while the DDNS protocols automatically record the association between IP hosts and their DHCP-assigned addresses.
Using DHCP and DDNS, a host automatically configures itself for network access wherever it connects to the IP network. Users can locate and access that host using its permanent, unique DNS host name. Mobile hosts, for example, can therefore freely move about a network without knowledge of the local IP network addresses or services and without end-user or administrator intervention.
Microsoft ships partial support for dynamic IP in NT Server. Dynamic assignment of IP addresses in Windows NT, which Microsoft calls Windows Internet Naming Service (WINS), works only with NetBIOS-based systems. WINS works with NetBIOS-over-TCP/IP to automatically insert names in the NetBIOS name table of another machine. WINS doesn't yet manage names and Internet
IDs for pure TCP/IP networks. Managing NetBIOS name tables is relatively easy, even from a remote machine.
Enzo Schiano, who is the NT product manager at Microsoft, says that the Internet standard for dynamic IP is not yet a final one and Microsoft didn't want to attempt support for a moving target. You'll have to wait for the company to support anything other than NetBIOS-over-TCP/IP. The WINS feature works only if your protocol stack has NetBIOS running on top of TCP/IP. Pure TCP/IP networks can't take advantage of WINS.
IBM decided to implement the not-yet-final draft standard in OS/2 Warp Server, which shipped in March. Warp Server includes an IETF-compliant integrated DHCP/DDNS package that lets any computer configure itself for IP network access whenever it plugs into the IP network. All DDNS addresses are updated, not just the subset of NetBIOS addresses. The OS/2 Warp Server package includes a Dynamic IP client, a DHCP server, and a DDNS server. The Dynamic IP client consists of both DHC
P and DDNS client components.
The DHCP client can be configured to operate as a simple DHCP client or as a Dynamic IP client, integrating DDNS client services with the DHCP client. The Warp DHCP clients and servers support DHCP user classing, a new DHCP extension for administering groups of network hosts with common configuration requirements (e.g., an accounting department), independent of where the hosts in the network are. IBM's Dynamic IP is a general IP networking solution that has broad application; works with Unix, Windows, Mac OS, and OS/2 clients; and scales easily to an entire intranet.
Administration
NT's graphical administration interface makes it easy to perform many common tasks, such as adding users to a single domain. However, NT encounters some difficulties when administering a large network. Microsoft's System Management Server (SMS) attempts to address some of these problems, but it still has some shortcomings.
SMS supports desktop management a
nd provides a set of management services that includes hardware and software inventory, software distribution and installation, remote desktop management, and LAN troubleshooting. SMS runs on NT Server and relies on NT Server's built-in management agents to collect network traffic and server performance data.
However, SMS is a desktop management platform, and it lacks the functionality of an enterprise management system such as those sold by Novell, IBM, and Hewlett-Packard. SMS focuses on management of the desktop hardware and software on the network but ignores the remainder of the network, such as network infrastructure components (i.e., hubs and routers), servers, network services, and non-Windows clients. Many network problems (e.g., not being able to print) involve more than just Windows-based desktop clients, and SMS often cannot help solve the problems that crop up on typical networks.
NT Server doesn't offer per-user disk space limits (a feature that NetWare and Warp Server provide), an
d it lacks the ability to send alerts to network management products such as OpenView and NetFinity. NT Server also does not yet support DMI, a network management standard designed and agreed on by virtually every LAN vendor. The DMI specification, along with sample driver source code, has been available since 1994.
Through hierarchical storage management (HSM), NetWare allows the seamless migration of unused files to a near-line (as opposed to off-line) storage facility, such as a read/write CD-ROM jukebox, after a configurable period of inactivity. NT Server does not support HSM.
On the other hand, says Schiano of Microsoft, the next version of NT Server will take advantage of a new dial-up protocol for connecting to a server through the Internet. Called Point-to-Point Tunneling Protocol (PPTP), it won't alleviate data-routing delays on the Internet but will allow remote-LAN access via an Internet service provider (ISP). Microsoft and 3Com jointly developed the PPTP specification, which they h
ope ISPs and other network software vendors will embrace.
NT Server certainly has the potential to become a scalable NOS for large organizations. When Microsoft adds directory services, better network management, client support for OS/2-based PCs, and a complete dynamic IP feature, NT Server could find its way onto some very large networks. For now, NT Server works well on networks with Windows-only clients running NetBIOS over TCP/IP and that have simple relationships between domains, users, and resources.
Product Information
StreetTalk Access...................$1495 per server plus $40 per user
Banyan Systems, Inc.
Westborough, MA
Phone: (508) 898-1000
Fax: (508) 898-1755
Internet:
http://www.banyan.com
Circle 1095 on Inquiry Card.
NT Server's Growing Pains
