General discussion

Locked

General Network upgrade design questions

By sostermann ·
My company is planning some big upgrades to the servers and network soon. I have some questions regarding best practices for the design.

Our current set up is:
3 Servers
1 NT 4.0 Domain Contoller
1 Windows 2000 Server
1 NT 4.0 Server

We are not currently using active directory. I believe the DC is in mixed mode.

We are going to upgrade the DC to a new computer with Windows 2003. It will also be a lightweight file server.

We are going to replace the Windows 2000 server with a new computer with Windows 2003. This server is the main file server and also an FTP/Domino Web server.

We are going to move the windows 2000 to replace the NT 4 server.

What order should I replace the servers in?
The the DC is going to be a lightweight aplication server -- are there any issues with this combination?
Are there any issues with a server being a file server and an FTP/Domino Web server?
Are there any other issues I need to be aware of?

Thank you very much for any input!

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to General Network upgrade d ...

If you have a Windows NT 4.0 server, you have a NT domain and mixed-mode doesn't apply as that only exists in an Active Directory environment.

You didn't state how many users are going to be using these servers.

General advice is:

Domain controllers shouldn't be application or web servers due to security best practices. It is also a security best practice to not place file and print operations on a server exposed to the Internet.

You would need the AD forest in place, which means you would need the new server in first.

Then you should migrate your FTP/Domino server.

Then migrate the file and print.

Then stand down your NT 4.0 domain.

Collapse -

by CG IT In reply to General Network upgrade d ...

First upgrade the DC to Windows 2003 With Active Directory as outline on Microsoft' Help and Support KB upgrading from NT to W2003. This upgrade will take NT 4 domain and convert them to Active Directory. Make sure you understand what goes on during the upgrade process as going from NT to W2003 is different than going from W2K to 2003.

Second, upgrade the NT 4 server to Windows 2003 as a member server and make this the primary domain file server.

Third unjoin the W2K server from the domain. Do not use this server for anything but the FTP and Web server. upgrade to Windows 2003 Web server. Install it on a seperate subnet from the main network either using a DMZ zone behind the perimeter firewall and in front of the network firewall or use a router behind the perimeter firewall and create the subnet that way.

A terminal services server should be it's own server due to resource hogging. Running applications on a DC is not a good idea.

If your file server is where everyone who uses the application server saves their work, make the file server the terminal server and make it beefy. dual processor, couple of GB memory and Ultra Wide 320 SCSI drives.

Collapse -

by CG IT In reply to

though you have 3 servers in reality for network users you only have 2. The web server should never been on the company network [but! if you run ISA server 2004 as your perimeter firewall then you can have it on your network as ISA server 2004 doesn't let anyone actually into the network rather fetches the data for whom ever is requesting it. Still, it's better not to have a public server on the company network].

Since you have domains on the NT as it's a PDC, the upgrade process to W2003 Active Directory will work but you have to realize that during the upgrade process, the security domains you have will be rearrainged and consolidated into an Active Directory environment which is why I said, read up because the whole user account and domain security accounts scheme your used to in NT is changed.

Collapse -

by CG IT In reply to

as far as Domino, depends on what you use Domino as. Web, email, directory services....if it's just a web server ok, you can not use it as a directory services server if you use W2003 Active Directory, you can use it as your email server BUT! there are some issues with Windows Active Directory and Domino email because Windows Active Directory creates email accounts and updates the distribution lists. Sometimes the 2 don't like each other very well.

Collapse -

by CG IT In reply to

as far as Domino, depends on what you use Domino as. Web, email, directory services....if it's just a web server ok, you can not use it as a directory services server if you use W2003 Active Directory, you can use it as your email server BUT! there are some issues with Windows Active Directory and Domino email because Windows Active Directory creates email accounts and updates the distribution lists. Sometimes the 2 don't like each other very well.

Collapse -

by zaferus In reply to General Network upgrade d ...

BFilmMan and CG IT has done a great job answering this question.

The only things I would add are:

MS just released a new migration tool recently for NT migration. I'd recommend checking it out.

There are a lot of whitepapers on migration, fortunately a little research can give you a lot of information on this topic.

I would recommend first creating a detailed project plan with timelines. You'll find while you are creating the step by step plan you'll come across questions or concerns you may not have forseen until the actual process. I've been through a few migrations and even for small networks a plan can be 30-50 pages. Break it into bite sized chunks and it will be worth the effort you put into the plan for the problems you never see.

If you can "sandbox" the migration on servers that are off the network but are copies (ghosted) of the originals a few dry runs can help you to predict issues ahead of time. If the environment is intolerant of downtime this is really important. We have done this in the past and this has really been useful to flush out problems that would have blindsided us otherwise.

Always give the users forward notice about the migration. Tell everyone to "expect problems" as an upgrade isn't simple and is almost never completely smooth. Have additional help desk staff on hand and a clear process for logging and resolving issues once you actually do the migration. If everyone is prepared properly your users can be instrumental for flushing out the little issues from a migration that you may not see from the server side.

Often companies will bring in a consultant to help with this. The logic is that you are experienced in running the systems, they are experienced running upgrades. Bad consultants are a nightmare, but one that knows his stuff is worth every penny.

Good luck, if you're prepared you should do fine. Even with only a few servers don't treat this like a trivial upgrade.

-Z

Collapse -

by zaferus In reply to

As for design, I would take a good look at what AD policies can provide to you, as well as 2003 features such as shadowcopy.

MS has a copy of all the AD policies in an excel spreadsheet with default settings. Spend a few hours going through and first mark the one's you think would be beneficial. Then sort the spreadsheet by this mark (perhaps an "x" in an empty column) and then use this to create recommended policy settings.

Back to Networks Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums