Windows Server Platforms: Three Windows Server Migration Options
Introduction
For DLCs and offices with existing Windows NT Server deployments, there are three distinct supported paths for migrating to Windows server platforms based on the Windows 2000 Server and/or Windows Server 2003 product families from Microsoft. These paths apply to both stand-alone Windows NT Servers (with stand-alone clients) and Windows NT domains with member client and server machines.
These options are also valid for DLCs and offices without Windows servers who would like to deploy a new Windows Server environment from scratch.
Please see the summary grid for a brief overview of necessary resources.
The three migration options are:
- Joining win.mit.edu , MIT's centrally managed Windows Domain that is available campus-wide.
- Deploying and/or migrating to an Independent Windows Domain that the DLC maintains and supports locally.
- Deploying and/or migrating to an Independent Windows Workgroup that is locally maintained and supported.
Summary Grid
A quick table of resource costs to expect by option:
|
Option
|
Base Mgmt
|
Dept Control
|
Migration $
|
Dept. Support $
|
|---|---|---|---|---|
|
Joining win.mit.edu |
Low |
High |
Low |
Low |
|
Independent Domain |
High |
High |
High |
High |
|
Independent Workgroup |
Med+ |
Low |
Low |
Med+ |
Joining win.mit.edu, MIT's Centrally Managed Windows Domain
win.mit.edu, or WIN, is MIT's centrally maintained Windows Domain intended for general use by any and all users across offices - departments, labs, and centers (DLCs). Its structure and features are intended to foster collaboration across the Institute by providing a common set of features, data and tools. Many aspects within this Windows domain are customizable by participating DLCs and in certain cases, individual users. Although WIN is not intended to meet every specific need on campus as a platform, it is a product and set of associated services intended to meet the needs of most users.
Briefly, WIN provides single sign-on to systems and applications within the domain using already existing Kerberos/MIT/email usernames and passwords of any user. It also extends this single sign-on to other Kerberos-enabled systems in use at MIT, including the MIT email system, the SAP financial system, DFS distributed file services, FTP access to MIT servers, secure shell access to other hosts, and more. Helping to foster easier collaboration among users and groups, data is fed from other MIT systems to the WIN Active Directory database. These feeds include information from the MIT Data Warehouse, the Moira system, including existing MIT user account information. All of this allows users to have access to common, consistent data, names, and lists across a variety of computer systems at MIT that are similarly integrated.
IS&T provides full support for the deployment and migration of supported Windows client and server operating systems to the WIN, as well as assistance in configuration, maintenance, and troubleshooting for systems within the domain.
IS&T strongly urges DLCs and offices planning a migration from Windows NT Server/domain platforms to give serious consideration to joining win.mit.edu. The central domain is tightly integrated with MIT's enterprise IT infrastructure; and the use of existing MIT user accounts and groups, MIT's Kerberos authentication services for single sign-on, access to the DFS distributed file system help remove the burden of overall domain management and upkeep tasks from the shoulders of local IT resources and helps them focus on the more immediate tasks such as local system and resources (shares, access control, etc.) management that is at the core of their business.
For more information, please see the descriptions of the WIN option.
Deploying and/or Migrating to an Independent Windows Domain
While the WIN Domain is based on Windows Server, it does employ MIT-specific add-ons the integrate existing MIT enterprise IT systems that give it much of its benefits and enables most of its features. As a result and at the same time, requirements of certain line-of-business applications may dictate that DLCs or offices choose to deploy or stay with an independent Windows server/domain environment at this time.
Windows Domains built on Windows 2000 Server and Windows Server 2003, tie in closely with DNS infrastructure by virtue of their design. To facilitate the migrations/deployments of DLCs or office who need to choose an independent Windows Domain, IS&T provides DNS infrastructure accommodations to enable them on MITnet. However, these accommodations also require local IT organizations/providers to deploy and provide local DNS services for the independent Active Directory domain they deploy.
With the said accommodations and local DNS servers, DLCs and offices can deploy independent Windows Domains under the .ms.mit.edu DNS hierarchy (subdomain) on MITnet. For instance, an independent Windows Domain and its associated DNS name could be exampledept.ms.mit.edu for an example department.
IS&T provides full support for the request, processing, upkeep, and troubleshooting for changes to the central DNS configuration that enables independent Windows Active Directory domains. For those DLCs and office who choose this option, but do not have in-house resources to plan and carry out the full migration or deployment, services from IS&T and other resources for assistance are available upon request.
For more information, please see the descriptions of the independent domain option.
Deploying and/or Migrating to an Independent Windows Workgroup
Windows workgroups do not take advantage of centralized resource management features found in Windows Domains (or Windows NT domains, for that matter), such as central management of users, groups, and authenticating them. Generally, a Windows workgroup can be considered as a collection of stand-alone client or stand-alone client and stand-alone server machines, each individually managed and maintained, but who are configured to loosely associate with one another. This loose association is achieved by each machine choosing to advertise itself under the same collective Windows networking group name.
For a limited number of DLCs or offices with a small or very small number of computers for whom joining the WIN Domain is not possible for some reason, and for whom deploying an independent Windows Active Directory domain is a major technical and/or financial burden, a Windows workgroup may be a manageable option.
Since Windows workgroups do not pose strict limitations on the operating systems that can participate, legacy Windows operating systems, including Windows NT systems, can participate in them. However, DLCs are strongly urged to move their systems to supported Windows operating systems
IS&T support for computers running Windows configured to participate in workgroups are identical those for standalone computers running Windows and are provided primarily through the IS&T Service Desk.
For more information, please see the description of the independent workgroup option.
Back To Top