General discussion

Locked

network consequences

By Plzhelp ·
I manage the LAN of 6 schools of 31 sites in our system. System has approx. 130 NT4 servers systemwide & 5000+ workstations 95-XPpro. Each school has a PDC,1 or 2 BDC & member servers. We run 10/100 network to Cisco switch/router, T1's to Bellsouth Cloud and T3 to Central office. DNS & Wins on central office server. A 2 way trust relationship between Central PDC & each school's domain. UserNames are just entered in one long Sam database; there are no groups, policies, etc.Security if null. The NE thinks hidden shares are secure and the firewall protects everything else. Our network engineer is being forced to upgrade to 2003 server, but won't consider an Active Directory STructure. I had pushed for an Enterprise server @ Central Office w/Active Directory, Containers for each school/site location and a domain controller @each school. But was told we didn't have enough bandwidth (which I feel is erroneous) Last week the engineer took a 2003 server into a school to replace a PDC. He pretty much set it up like the NT4 (each school its own domain, Local DHCP (specific ip addresses are assigned @ each location) But pulls DNS& Wins across WAN). when he took out the NT4 PDC, I am not sure what he did with the BDC. I know he is having trouble seeing the server from the CO, but other than that I haven't heard any complaints. He plans to do this same install at all locations. I am not in a position to argue w/the engineer but feel this is a disaster waiting to happen. I had hoped when we moved to 2003 things would get better, but now I am worried. What consequences can I expect as more 2003 servers are introduced like this. My schools are already complaining their XP machines are sluggish. This behavior coincides with the install of the 2003 on our WAN. Is that coincidence or a consequence? How would you address a situation like this. ANY AND ALL YOUR INPUT IS GREATLY APPRECIATED.

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to network consequences

feel better now?
it is hard not to take on another's responsibility some times. it does sound like a consequence to me. if i read you correctly you have lost some bdc's now ...
did ne really have choice? did the school have big budget this year for IT? i didn't think so...
i wouldn't go around saying the sky is falling, that won't help. so now you have clunky new server os, no bdc, no a/d benefits...yep you are right. that and a buck you can get cup of coffee.
just let go of it and be ready to help. spend angst energy getting certified (in 2003??)...
start cruising mskb daily looking for 2003 articles and your symptoms. see if you can make repeatable tests. see if you can figure out fix. look at bright side: you have 2003 to put hands on! and you are further along toward the future than you were with unsupported antique os. NE could hardly object to innocent event viewing, no?
find those cool network monitoring tools on the 2003 cd and start playing with them...no guessing, speculating, nay-saying allowed. just the facts, ma-am....hey, you ARE defending NE to others, yes? what, you are knocking him? you are second guessing him w/o all the facts? wow, it would kinda tick me off if somebody did that to me. how about you? fwiw: don't open mouth to NE except to say, hi, can i give you a hand with anything. and then keep trap shut and eyes open... being right no excuse for being unpleasant. you wanna get places, here is your training ground, dealing with people 90 percent of it...
ps you can keep your points. you may need them. (rdl)
plus i enjoyed my soapbox, as always...

Collapse -

by Oldefar In reply to network consequences

You have a couple of issues even before the technology comes into play.

I suspect your network engineer is unable to deal with technology change because it impacts his personal security, knowledge, and prestige. If you want his support in moving forward, you have figure out how to make the changes feed his security and prestige, and grow his knowledge. Ohterwise, you need to work at removing his as a roadblock. Keep in mind that his support base within the school administration stands to lose their own prestige if he is moved out.

The next issue is one of objectives. You have a lot of technology in place already, but do you have a well defined set of objectives and requirements that the technology is in place to support? Ideally, you should have an architecture that links the "business" objective to "business" requirements to technical objectives to technical requirements to ICT infrastructure. As a change in the business ojective occurs, the business requirements supporting it change, and so on down the line. Each element of your ICT infrastructure needs to have a current link all the way through to a current objective or it no longer is relevent and should be removed. Add new elements in the same fashion.

As for current performance issues, all suggestions are merely speculation until you get some facts on what is occurring. How much traffic of what type going from where to where? How much time spent on client versus server versus communication. What is the CPU, memory, and disk performance?

Collapse -

by Oldefar In reply to

I suspect you can get WAN statistics from Bellsouth, and can also get them to place a packet analyser on one or more of the T1. You don't need the actual data decoded, only the source/destination/protocol/application, the packet size data, and timestamp. This will tell you what is local versus what is WAN related, and for the WAN traffic the timestamp will give a rough idea of client and server time as well.

If the workstations were upgraded rather than doing a wipe and install, it is probably time to look at what is on them and remove old files and applications. A registry clean up and disk defrag is a good idea - should be a part of a routine maintenance program.

As for the comments by Sgt_Shults posted as I was making my first reply - we both see the political issue as a key factor. However, I have to disagree with his advice to just follow orders and keep quiet. This will not improve the return the kids receive from the school district's investment in technology. Instead, be aware that everyone deals in the currencies of time, money, knowledge, security, and prestige and that to be successful in any collaboration you must work to give the other a positive aggregate of these currencies. Of these, prestige and security are the ones most challanged when changes are brought by those beneath the powers that be.

Collapse -

by CG IT In reply to network consequences

I agree with both answers in that the engineer probably doesn't have any experience with Active Directory and doesn't want to appear unknowledgable, hense expendable.

As far as the network infrastucture with NT and W2003 with a disaster waiting to happen, I cant see that happening unless someone goofs and goes with Active Directory and really makes a bonehead decision to make the domain Native Mode. Then everything will come to a screaching halt. NT domain controllers can't operate in the same domain when Native mode is envoked.

I think more than anything else, security issues with your existing network should take top priority. A hardware firewall and folder permissions just won't cut it in todays environment. The second issue is old client operating systems like W9X. Those have got to be replaced.

I doubt bandwidth is a problem. As far as slow computers on the network, like the other answers, gonna have to do some network monitoring to find out exactly where the bottlenecks are and what's causing it.

IMO based on your description of your infrastructure, a top down, overhaul of the existing network, including a huge change in security, with the plan to change the infrastructure to a Active Directory environment while maintaining the existing compatibility with NT until they are retired, say over a year, along with upgrading clients O/Ss to W2K or XP is the best approach.

Collapse -

by CG IT In reply to

ya gotta have a plan, and it's got to be documented. Ya gotta have a graphical depiction of the entire infrastructure and what gets upgraded with what, and when. Ya gotta know the users and who does what and has to be able to access what. And that has to be documented.

Collapse -

by CG IT In reply to

as was said in a scene in the movie The Hunt for Red October "What's his plan"?.... "Plan?" ... "Son, the average Rusky doesn't take a dump without a plan".

Gotta have a plan to do something like this on the scale your talking about and it's gotta be documented or no ones gonna know how the thing works.

Collapse -

by ChrisDent In reply to network consequences

I'd have to say stop the installation process as it is. I could be wrong, but by the sounds of it little or no planning has been done for the deployment. I feel that without the forward planning you will lose alot of the capabilities of the new system.

There's no particular reason you can't retain something like the current network structure. Its certainly worth looking into the advantages of child domains.

Underpinning all of this is DNS, without a good understanding of DNS in this environment it can all become hopelessly complicated.

All in all, I'm with D.R.

Collapse -

by pgm554 In reply to network consequences

I have set up quite a few school districts as a consultant for a very large IU in PA.

The first mistake that was made was going to M$ NT4 in the first place, but hey it's easy to set up and manage, right?

If you are going to rip and replace (and make no mistake about it, going to 2003 IS ripping and replacing) go see Novell about academic licensing.

Novell is cheaper to manage, install and will work seamlessly with the NT network.

Depending on what you are attempting to do, here is a scenario, if all you do is file and print, set up the central office with Novell and the NT appservers (if that is what you use NT for).
At the satellite schools install Novell Nterprise Branch Office (basically a file and print appliance) servers. Novell is licensed at user count, not per file server, so you do not pay for file server licensing.(IE 5000 user license can have as many file servers as needed PLUS you get clustering right out of the box ,it?s not extra)
Dump the T1?s and go to DSL (save lots of money that way).
The branch appliances need no back up devices as everything is cached locally, but files would be stored remotely at the central site using a syncing mechanism called RSYNC.
This cuts down on bandwidth usage enormously.

No PDC, BDC or DC needed.

One branch office server per school to service from 500 to 1000 users.

Install Zenworks to mange patches for the desktops (you are still running 95 and 98 and AD policies do not work on those machines) only W2K and XP.


If you really want to save money, just use Linux with Novell services.

I can only lead a horse to water, but I can?t make them drink.

Back to Networks Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums