Getting The Most Out of Windows Server 2003

Like every other version of Microsoft’s Windows operating system, Windows Server 2003 comes loaded with new tools. These range from firewalls to directory services, to encryption and desktop management to multimedia. While these tools do help a company get up and running without having to buy a lot of additional third-party software, they can’t do it all.

It would be impossible to put all top-of-the-line tools into the operating system without driving up the cost and making the volume of source code unmanageably huge. While the tools do provide a good starting point, they are often stripped down versions of the full-featured products offered by the vendor. They are like some of the pre-loaded software on a PC. Yes, it does come with Quicken, but if you want to transfer your existing financial data to the new computer, rather than manually re-entering it, you have to upgrade the software. Yes, it comes with some computer games, but if you want to get beyond level 10 on any of them, you need to buy the program.

It’s the same with many of Microsoft’s features. Although all of the tools have value, some are quite limited. They will serve when you have nothing else available, especially when you’re managing a single server. But not in a larger environment.

“The tools that are natively available in Windows Server 2003 are a significant improvement over NT 4.0 or XP, especially when you are managing a single server,” says William P. Hurley, senior analyst for the Enterprise Application Group. “But in a larger environment with tens or hundreds of servers, you will want something that can schedule and manage across the servers.”

Here are a few of the areas where you may find yourself wanting to look at third party software:

Directory Migration – Migrating to active directory (AD) is not easy. Once it is in place it does make administration easier since you can do such things as apply group policies to establish user profiles. But you still have to go through the entire migration process to get there. And, until you have migrated all the domain controllers, you won’t get the full benefits from using AD. You therefore want to complete the migration as swiftly and painlessly as possible.

With W2K3, Microsoft has not only improved the active directory’s features, but it has also upgraded the active directory management tool that comes with it. Nevertheless, for complex migrations it is still advisable to obtain a full-featured third party tool such as Aelita Software’s Controlled Migration Suite, NetIQ’s Migration Suite, Quest Software’s FastLane Migrator or BindView’s bv-Admin.

Snapshots – It’s not enough any more just to do nightly backups onto tape, especially when you are running systems around the clock. While tapes are still part of the process, many organizations now require a more dynamic process that continually creates copies of files and allows users to access these earlier versions. As part of W2K3, Microsoft includes its volume shadow copy service (VSS). This enables multi-platform interoperation and cooperation between storage hardware, storage software and business applications. It lets vendors plug in snapshot, clone, and data replication solutions as well as allowing integration with other applications. VSS also allows the user to find shadow copies of files and restore them rapidly without having to place a call to the help desk.

Of course, any such tool also hits against the server’s resources. In this case, it impacts both the processor and the disk drive. Since VSS takes a snapshot of all the changes made to a volume, it consumes a good chunk of that volume and also causes heavy fragmentation. By default, VSS uses 10% of the space the source volume occupies as a default. Administrators can lower those setting to a minimum of 100MB, but this only allows for a single shadow copy. In addition, when VSS is making its copies it produces a noticeable performance hit, so its advisable to set the default run-times at 7 AM and noon in order to minimize its impact.

“If you decide that you need copies to be taken more often,” advises Microsoft’s TechNet, “verify that you have allotted enough storage space and that you do not take copies so often that server performance degrades.”

The other option is to disable this feature entirely, which may be necessary if the performance degradation is greater than the value provided by having a shadow copy.

Defragmenter – One of the main reasons for upgrading to Windows Server 2003 is it offers much greater stability than its predecessors. But some of this improvements can be offset by instabilities caused by file fragmentation, whether or not you are running VSS.

“Most Windows managers, as well as a growing number of users, know that fragmented files on disks cause an overall degradation in system performance,” says IDC Senior Research Analyst Frederick Broussard. “What is only now becoming well known, however, is that fragmentation can occur not only in the files and data on a drive, but also in the file system; creating common reliability/stability issues that demand IT time and attention.”

W2K3 does come with a built in defragmenter, however, this tool is not up to efficiently handle the large volumes now in use. It is too slow and consumes too many resources. In addition, administrators simply don’t have the time to manually defragment all the servers and workstations using the built in tool. IDC recommends companies use a networkable and schedulable tool such as Executive Software’s Diskeeper.

Security – Finally there is the matter of security. Microsoft Chairman Bill Gates has repeatedly stated security is now the company’s top priority and W2K3 includes a large number of new security features. Its common language runtime software engine, for example, checks for security holes in new software before it runs on the server. It includes a new software firewall, support for the 802.1x wireless authentication protocol and better SSL authentication procedures. In addition, unlike Windows 2000, the security features are turned on by default. But while you should use these new features, don’t necessarily rely on them as your only protection.

“Microsoft tends to follow the market, not lead it, in terms of security,” says Hurley. “This becomes even more complex as users invoke XML-based processes and web services techniques.”

So, go ahead and explore all the new features that come with Windows Server 2003. It is a much richer set than ever and you will probably find that these tools adequate to address many of your needs. But also keep in mind it is an operating system which represents a lot of compromises to generally meet the needs of a broad variety of customers. It won’t do everything you want so you will need to supplement those tools with ones that better meet your specific needs.