Weighing W2K:No Pain, No Gain - Microsoft Windows 2000 OS - Product Announcement

ENT, August 18, 1999

Alot of planning will be necessary to migrate to Microsoft Corp.'s Active Directory, the technological heart of the Windows 2000 operating system. But if you're not moving to Active Directory immediately, can you put off Windows 2000 planning issues until after this next-generation of Windows NT ships? Only if you are willing to risk potentially massive problems when you eventually do migrate to Windows 2000.

Microsoft is unleashing an entirely different beast this time around. The traditional approach for Microsoft products of creeping upward from a few machines in a branch office or a department beneath the notice of central IT will lead to kludgy and complicated networks that could block your organization from ever deriving the full benefits of Active Directory. With Windows 2000, more than with other Microsoft products, IT must keep an eye on how the system works its way into the enterprise.

Aside from architectural issues, smaller concerns exist, too. Will it be worthwhile to incrementally upgrade production file and print servers or Web servers before a domain migration? When should those incremental moves begin?

Careful consideration of several factors will help an organization weather the Microsoft/ISV marketing storm and step up to Windows 2000 if and when the time is right.

Politics

Politics isn't a world IT people like, but Microsoft's Active Directory requires dabbling in politics more than previous Microsoft operating systems.

Microsoft, however, doesn't emphasize what a scary process it will be to embrace Active Directory. "I'm sure it's corporate nature to downplay the difficulty in making that kind of transition," says Dwight Davis, an analyst at Summit Strategies (www.summitstrat.com).

The bulk of Microsoft's Active Directory message is aimed at selling the technology - how Active Directory will lower total cost of ownership (TCO), simplify Windows management, strengthen Windows security and extend Windows interoperability.

But Microsoft has unveiled case studies showing that elaborate internal coordination with support from the highest executive levels is required to move to Active Directory. Siemens Corp. was one case study presented last May at TechEd '99 in Dallas. One of Europe's largest manufacturers, Siemens is undertaking a migration of its global organization to Windows 2000 with the Active Directory from OS/2, Windows for Workgroups and Windows 3.x desktops.

From planning to deployment, the process is expected to take about two years, assuming the operating system ships this year. Granted, Siemens is a global corporation with 400,000 employees and the company has been working with the changing beta code. Nonetheless, analysts predict large organizations will need a year to implement Active Directory.

Before the migration, Siemens conducted a vote of its operating companies to go to Windows 2000. In a process as complex as a corporate reorganization, the company devoted employees to transition teams and subteams that focused on everything from what to include in the Active Directory, to security, to software distribution. The CIO at Siemens sent this message, which was displayed at TechEd: "I am strongly recommending that the groups, regions and SOCs [Siemens Operating Companies] do not begin independent deployment of Windows 2000 Active Directory ... Otherwise we will have to spend an inordinate amount of money to do the necessary migration to the binding deployment standard."

While underscoring the level of political support needed for an effective migration, the memo also brings up another issue. A well organized Active Directory takes advantage of the DNS naming of domains across the enterprise. Ideally, a unit of a company would be identified as "unit.department.company.com" in the Active Directory.

Allowing departments to begin implementing Active Directory outside central IT control could lead to different naming conventions, resulting in nightmare scenarios for integrating the mini-Active Directories later. If you think your company will move to Active Directory some day, but you want to allow departments to deploy the Active Directory early, at least map out how your Active Directory will look so you can assign coherent namespaces to the smaller units. As Microsoft recommended in another TechEd presentation: "Plan for the enterprise. Deploy incrementally."

One other political issue to consider: Expect a Unix vs. NT religious war over DNS. Active Directory requires Dynamic DNS, which ships with Windows 2000 Server. Microsoft built its Dynamic DNS to adhere to industry standards, but they are new standards. Most large organizations rely on Unix servers for DNS, and most don't currently support Dynamic DNS. Organizations will be faced with migrating DNS services to Windows 2000, which is guaranteed to be unpopular with Unix backers; upgrading the Unix DNS to a version that supports the necessary recent standards, which won't support the multimaster DNS replication that Microsoft promotes; or carve out a DNS namespace beneath the Unix DNS, which is a somewhat cumbersome solution.