 |
|
| Towards 2000
Part 2:�
There are a number of challenges for any organisation trying to create a corporate-wide network these days. The Network Operating system (NOS) has to provide far more than simple file and print services, since it is often the computing heart of the company.� NT Server 4.0 has increased the share of the NOS market for Microsoft, gaining ground particularly in new business sales. Windows 2000 Server (what was going to be called NT 5) has to try and continue that trend in the face of renewed resistance from the Novell camp with the launch of NetWare 5 and the continued push for Novell Directory Services (NDS). For Windows 2000 to succeed in the high-end corporate market place, it needs to continue to improve and address a number of key challenges in terms of network and communications services. Companies need networking solutions for a range of situations from small branch offices to corporate backbones, from travelling users on notebook PCs to office workers on high-end workstations. This includes support for tried and true networking technologies - such as Ethernet, ISDN and frame relay -� as well as support for emerging technologies such as Gigabit Ethernet and xDSL. Key, as far as support for the tried and true is concerned, is TCP/IP. Windows NT 4.0 already offered a robust TCP/IP stack, as well as DHCP, DNS and WINS services in an attempt to simplify address assignment and name resolution. As you would expect with Windows 2000, this moves forward to be brought under the umbrella of Active Directory. Customers can choose to use Active Directory to replicate and synchronise DNS naming throughout the corporate network, thus eliminating the need to maintain a separate replication service for DNS. Integrate DHCP and Dynamic DNS services then use this directory-registered information to provide address assignment and naming services. As DHCP allocates addresses, DNS and Active Directory are automatically updated. This removes one of the biggest problems of the technology available with NT 4.0 – that of maintaining consistency between DNS databases and dynamically-allocated IP addresses. The move to Dynamic DNS under Windows 2000 brings all address allocation and naming under the watchful eye of the directory service, whilst maintaining complete compatibility with existing standard DHCP and DNS systems. At the physical level, ATM and Gigabit support is provided for connection to corporate backbones. Digital Subscriber Line (DSL) connections can also be used to connect remote users once such services become more widely available (if they ever do this side of the Atlantic!) This has required some changes to TCP/IP within Windows 2000 to provide performance improvements in such high-bandwidth environments. Large window support allows the window size (i.e. the maximum number of packets that can be sent before an acknowledgement of the first packet is required) to be dynamically recalculated and increased where appropriate during longer sessions where a large number of packets are being exchanged. Normally, this window size is negotiated at the beginning of a session and then fixed throughout, resulting in performance hits when there are a large number of packets transmitted between two hosts over a long period of time. Where packets are corrupted or lost, performance suffers again at present, since all packets sent subsequent to the dodgy one must be retransmitted. Windows 2000 adds support for selective acknowledgements, meaning that only the missing or corrupt packet needs to be resent. This improves network utilisation and increases performance in transmissions subject to interference or congestion. Finally, the ability to better estimate Round Trip Time (RTT) interval between hosts on the network means that the timeout values set at each host are far more accurate, meaning fewer timeouts and fewer resulting packet retransmissions. Of course, it is not just local connections that have been improved within Windows 2000 – support for remote users has been enhanced too. A need for mobility in the workforce means that end users require tools that extends their networks and offices into the hotel room, car park or even the moving train, making them more productive while they travel. To date, setting up remote connections has been more difficult than it needed to be. Windows 2000 attempts to address this issue, providing consistent access regardless of connection type via a new utility called the Connection Manager. A single interface manages the connection and provides consistency for the user without distinguishing between direct, remote, RAS dial-in or VPN connections.� Per-connection settings mean that it is no longer necessary to manually reconfigure TCP/IP parameters when changing between a direct LAN connection at the office or a dial-up Internet connection to a local ISP when on the road. Multiple parameters can be assigned to a single communications device, allowing several different ISPs to be used when travelling, but with each one being accessed via a single interface, and with no reconfiguration required between connections. A phone book tool automatically distributes direct-dial and ISP telephone numbers to all users whenever they connect (whether they connect directly or via a VPN). All the user needs to do is select the closest city from the phone number list to make the most cost-effective connection to the corporate network. The Connection Manager can also be configured to launch other applications at different stages in the connection (i.e. launch e-mail after then connection completes and terminate it when disconnecting), thus automating the whole remote access process as much as possible for the remote user. At connection time, the workstation dynamically adapts to corporate security and authentication policies established in the Active Directory. Through the directory, administrators can establish group policies for full-featured control of remote access protocols, time of use, type of use, encryption and authentication. These policies can then be applied to individual users, to groups, to organisational units or to entire directory trees if required. For example, it is possible to create policies such as “use only PPTP with 128-bit RC4 encryption and MS-CHAP authentication, and only allow access between the hours of 9am and 5pm” and apply this to the marketing department. Executives, however, could be allowed to dial in 24 hours a day.� Remote connectivity covers more than mobile workers, of course. Enterprises are beginning to utilise smaller branch offices to address commute issues or to achieve the geographic coverage required to compete in broader markets. These branch offices also need to be connected to the central corporate network, but they may only need to connect for an hour or two in total every day, making fixed leased line connections far too costly. Instead, branch offices can make use of the Internet for their head office connectivity, but ensure that all their data is kept private by employing Virtual Private Networks (VPNs). There is a choice of three key VPN protocols under Windows 2000 – IPSec, L2TP and PPTP. IPSec is an IETF proposed standard that, despite its single protocol focus, is quickly gaining popularity for public key encryption and VPN access. If legacy protocols such as IPX must be used over a VPN, L2TP can be used with optional IPSec encryption. If public key systems frighten users with the complexities of key management, then PPTP can be used with shared secret keys. Another neat piece of technology introduced with Windows 2000 is the ability to finally share connections - an ideal means of providing WAN or Internet connectivity for a small number of users without having to dedicate an expensive routed link. Once a connection has been defined on a PC, it can be shared in the same manner as other network resources such as disk drives. Other users on the same network can access the shared connection and the PC with the modem attached will initiate the link automatically.� Where routed connections are provided between offices, Windows 2000 includes a complete set of routing and gateway services. Standard protocols like OSPF, RIP and RIP for IPX let Windows 2000 route IP and IPX packets whilst interoperating with general purpose routers. Branch office can also participate in corporate multicast network applications through integrated IGMP services. Not only will Windows 2000 register itself as a client of a multicast session, its routing services will forward multicast traffic to remote office clients. For example, branch office workstations can participate in NetShow sessions while sharing a single connection to the corporate network through a Windows 2000 server. The data stream is sent one time to the server, from where it is forwarded as a multicast to branch offices. Combined with dynamic bandwidth allocation (where additional ISDN channels are brought in and out as required), branch offices can more effectively participate in corporate multimedia meetings whilst minimising connection costs. To better support multimedia data streams across the network, Windows 2000 also includes some clever technology to help keep audio and video transmissions as clean and smooth as possible. Quality of Service (QoS) APIs allow applications to invoke Admission Control Services, RSVP signalling protocol, and traffic control from Windows 2000 servers and the networks to which they are attached. RSVP provides a mechanism for conveying application QoS requirements and user identities end to end through the network. QoS functionality is further extended through support of traffic shaping, IP precedence, 802.1p, and varied Layer 2 media support. This allows network managers the ability to deploy QoS applications while protecting network bandwidth, and allows ISVs to use these APIs to obtain the quality they need for QoS-enabled applications. Although connectivity and networking is what Network Operating Systems are supposed to be all about, previous generations of NOS have not made things as straightforward as they could be. Windows 2000 includes a lot of useful new features that should make the life of the network administrator that much easier when supporting a range of head office, branch office and remote user connections throughout an organisation.�
|
|
Send mail to webmaster
with questions or�
|
