Here’s another outstanding IT Pro. Samuel Chow. is the System Engineer at NYK Systems Research Institute (NSRI), the internal IT ARM of NYK Line, a global Fortune 500 shipping company. He manages the local office IT infrastructure, which consist groups of subsidiary companies. He manages the local office IT infrastructure, which consist of 70 clients and a few servers. For the past year, since Windows 2008 has been launched by Microsoft, he has been evaluating Windows 2008. Knowing that there are a lot of new features in Windows 2008. So much so that he doesn’t know what to start with.
However, he looked back at the very fundamentals. Most networks cannot be successful without a good, robust and solid network infrastructure. He looks back at the core workloads a typical office network. Yes, the Network Infrastructure piece of things. Network infrastructure that people take for granted.
Improving Identity Management
Migrating from Windows 2000 Active Directory to Windows 2008 Active Directory Domain Services (AD DS), provides a much more granular and fine tuned approach to identity management. He can now build Fine-Grained Password Policies, which isn’t possible with Windows 2000 Active Directory. He can now define multiple password policies within a domain, instead of 1 policy per domain.
Prior to this, if there are multiple password policy required, he’ll have to create 2 domains. He can now do so with 1 domain. An example may be, a receptionist may not require the strict password policy that may be needed of a research scientist who generate intellectual property for a company.
With Windows 2008, he also has the ability to deploy Read-Only Domain controller, which improves security at a branch office. He now can deploy a Domain Controller to a branch and not worry about someone stealing it and compromising the entire domain. He can identify the potential accounts that could be compromised by a stolen domain controller from a branch and force a reset on those accounts and revoke that stolen domain controller. This provides a much more secure infrastructure for identify management.
He can also now recover a Domain Controller without the tedious hassles of rebooting into a Directory Services Restore Mode. You can now simply make use of a Restartable Active Directory Domain Services. Enter “restore mode” by stopping the AD DS service. This saves a huge a mount of time making it more robust for a system admin to recover a domain controller which may be faced with a NTDS.DIT problem. He can also use the Database Mounting Tool to examine a Domain Controller’s Database to inspect it, perhaps to look for changes, example, accidentally deleted objects.
There are several other enhancements available in AD DS. Check out this list. http://technet.microsoft.com/en-us/library/cc755093.aspx
Other parts of Network Infrastructure Deployed: DHCP and DNS
File Server Deployment
Samuel has also upgraded his File Server functions to Windows 2008. Using the Microsoft File Server Migration Toolkit, Samuel was able to step through the wizard which helped him effortlessly migrate older file servers onto Windows 2008. While doing the migration, he also deployed Distributed File System. It offers a simplified and highly-available file access solution. There can be load sharing implemented and provides for WAN-friendly replication.
It also takes advantage of the new networking features. For a full list of new networking features, check out this page. Specifically SMB2.0, it provides for a much faster and more efficient transfers for file services.
Jumping onto the Hyper-V bandwagon
Samuel has also implement a single Hyper-V VM for Network Policy Server functions. While it may just be a simple Virtual Machine now, he will discover the many benefits of Virtualization. Since he has just begun virtualization, i will talk about his adventure in the upcoming months. He has 2 projects on mind, possible full blown virtualization and Network Access Protection for this office. Kudos to Samuel for taking the lead in implementing Windows 2008 in his environment and sharing his adventures with me. We decided to share this with everyone in the community.
/Dennis
