Windows 2000 -- Microsoft's high-end operating system with a bundled Web server
June 5, 2002
It took years to get here. It will need years to evaluate, deploy, repair, and update. Windows 2000 Server may be the last of the comprehensive (it's tempting to say monolithic) operating systems, but it is a very good representative of its kind. The changes, both fundamental and cosmetic, have made Windows 2000 Server (which also includes Advanced Server, and later this year will include Datacenter) faster, more reliable, heavier-duty, and easier to use.
That Windows 2000 Server is neither perfect nor an easy migration should be considered axiomatic. However, overall it is a major improvement, and the product pushes the envelope of competition with Unix (and now Linux) as the OS for the enterprise.
Look and FeelIt's unusual to talk about a server operating system's look and feel. Although network administrators like a good user interface as much he next person, a good user interface not only makes administration more comfortable but also faster. Windows 2000, while not consistently a shining model of design, has been reorganized and rationalized. As before, administrative services are most often accessed through the desktop version of Windows 2000 (Professional) that runs on the server. NT 4.0 Server users will appreciate the way most of the critical server functions (network, storage, and security) have been centralized. There are still several ways to access the administrative functions: the Control Panel is a holdover, Computer Management is an Explorer-like approach, and there is the new wizard-like Configure Your Server option. The latter is studded with help and support information that will be a boon to novice administrators. Within the management components, many of which are part of MMC (Microsoft Management Console), considerable reorganization makes accessing options less fragmented. Unfortunately, TCP/IP and other Internet features are still scattered.
Key New or Enhanced Features
If there were any questions about the length and breadth of changes in Windows 2000, Microsoft's list of 36 new features would dispel it. There is no marketing puffery like "better performance" on the list, only named components such as TAPI 3.0 and Kerberos Protocol support. Explaining the list could take up the space allotted for this entire review, so we will confine our initial remarks to the features generally considered more significant.
Active Directory: At the top of everybody's list is Active Directory. It is the good news/bad news of Windows 2000. An operating system directory service provides the means to record and organize the resources of a network (people, computers,and peripherals), control their security, and monitor their operation. The good news is that this information becomes much more accessible in Active Directory and is used throughout the operating system. In fact, it is required for features such as Kerberos authentication. The flip side is that directories require much planning and maintenance, and are best suited for organizations that have the appropriate staff.
Windows 2000 Server can run without Active Directory. This makes it suitable for small departmental single-server installations where a limited number of users need only limited services. There is an Active Directory Migration Wizard to move systems from Novell Directory Service (NDS). This may be wishful thinking on Microsoft's part, since Active Directory is still too new to compete with NDS on all fronts.
Internet Information Server (IIS) 5.0: As before, Windows 2000 Server bundles the IIS Web server into the package; however, this time IIS is more tightly integrated. It is faster, more robust, and offers better support for another major feature, creating and maintaining virtual private networks. Also part of the Internet/intranet package is support for multimedia, including Windows Multimedia Services, Windows Quality of Service (to ensure that streaming multimedia receives necessary bandwidth), Resource Reservation Protocol, and asynchronous transfer mode support. Overall, this is an industry-leading collection of Internet features most useful for enterprise-level applications.
IntelliMirror: IntelliMirror is a suite of programs that preserves a user's software configuration and preferences on the server and makes them available to any machine on the network. It is also involved with replacing missing application files. IntelliMirror works, but it is difficult to set up.
IntelliMirror is just one of many services that support the development and management of applications. New or improved transaction services, message queuing, TAPI 3.0, terminal services, and especially component services have given Windows 2000 server many of the attributes of an application server and substantially improved the environment for software developers Java developers excepted.
5qIt's been almost traditional to say that Windows NT is easier to use than other operating systems; however, it does not scale. Windows 2000 Servers does scale, or at least it will when the final member of the family, Windows 2000 Datacenter Server, appears sometime in mid-2000.
Also lurking in the wings is Microsoft AppCenter, a heavy-duty load-managing server (component dynamic load balancing) and services system that will give Windows 2000 the capability to balance up to four application servers. For installations working at the high-volume end of computing, particularly transaction and Web services, Microsoft will have a scalable suite of products to rival anyone, and often costing less.
There are many performance enhancements in Windows 2000 Server, most of which relate to greater scalability of processors. A good deal of code optimizing has also been done so that most testing (including ours) shows an improvement of 10% to 20% over NT. This does not make Windows 2000 a speed demon; however, real performance benefits appear in Advanced Server and Datacenter with multiple processors working in concert with multiple servers.
Reliability and Security
To talk about the reliability of an operating system at its launch is usually premature. Given the long beta testing cycle of Windows 2000 and the large number of installations, however, its reliability (or lack thereof) has been under intensive observation for quite a while. Microsoft has paid considerable attention to reliability features. Our favorite occurred when we deliberately removed the driver file for the installed network card and rebooted. Windows 2000 Server detected the missing driver and re-installed it automatically, leaving only a message about the problem in the event log.
Does Windows 2000 really have 63,000 bugs (as the widely rumored number derived from an internal Microsoft memo said)? No. Is Windows 2000 Server perfectly stable? No. The majority of beta test sites have reported few or no general problems, although difficulty with specific hardware (and some software) is not uncommon. There are weaknesses no surprise especially involving integration with new technologies such as Active Directory. Current experience, however, suggests that Windows 2000 is more reliable than its predecessor.
Windows 2000 can also be made considerably more secure than its NT predecessor, provided Active Directory is used. The main change is the addition of Kerberos security, allowing a single log-on to be used for authentication of a user to multiple servers. For the Internet there is now support of IPSec, SSL, and TSL. The Encrypted File Service (EFS) can be used to designate specific files for encryption and can be set to require a key before a user can access them. Windows 2000 security options are accurately described as dense, and it will take a while for an administrator to learn how to use them (wisely).
So much of the Windows 2000 Server installation is automated that if everything goes smoothly (repeat, if) a simple setup requires about 30 minutes and little expertise other than that of a general familiarity with Windows. However, troubleshooting in the vast array of interlocking features especially those involving the Active Directory is another story. So is an installation that is not basic (i.e. anything with Active Directory or involving multiple servers). The basic server version loves disk space, at least 850 MB of it, and works best with 128MB of RAM.
It has been said (repeatedly) that most companies will adopt Windows 2000 slowly. The scope, complexity, and cost of Windows 2000 Server makes this statement obvious. For enterprise use, a considerable amount of testing and comparison are in order; for departmental and midsize businesses, the complexities of Active Directory may be a barrier.
It's going to be hard to swallow for some people, but Windows 2000 Server is not only a big improvement over Windows NT 4.0; it is also a system of products that will give the competition a run for the money in scalability and overall cost of management. Will Windows 2000 overtake Unix and Linux in the reliability and heavy-lifting contest? It's possible; the next year or so should establish that. For current installations, Windows 2000 Server is worth the upgrade. Migration is a major headache, in part because the reach of the product is so great. Also, the under-one-roof approach has always had its proponents, especially for the enterprise.
Pros: Active Directory and the services it enables Improved performance, reliability, and security Better (and more) administrative facilities along with a somewhat improved user interface
Cons: Cost of planning and implementation, especially for midsize organizations that must use Active Directory Bigger is not always better