MICROSOFT NT ENTERPRISE DESIGN
Microsoft NT Management and Administration
Management Managing an NT Enterprise network
involves monitoring and maintaining both the operation system and
server hardware in NT domain controllers, WINS servers, DHCP
servers, and other infrastructure devices. Many system hardware
manufacturers supply an SNMP-based (Simple Network Management
Protocol) hardware manager, such as Compaq Insight Manager and HP
NetServer Assistant, to assist in notification and trouble-shooting
of hardware specific problems. Other third party management systems
can provide for viewing the NT Server event log and for remotely
controlling a troublesome system. The Microsoft NT Server comes with
User Manager for Domains, Server Manager for Domains, Performance
Monitor, and Event Viewer to assist in setting up and monitoring NT
servers and domains. WINS, DHCP, and RAS (Remote Access Server) m
anagers also ship with the NT operating system to help setup and
maintain a TCP/IP based infrastructure. The Microsoft NT
Resource Kit supplies several utilities that can assist in managing
an NT Enterprise. Domain Monitor can be used to watch the heath of
each domain in the enterprise and the connectivity between the
primary and backup domain controllers. Browser Monitor can be used
to locate the master browser in a domain on a local area network
segment. There are several other graphical utilities for viewing a
server's IP configuration, processes in use, and network statistics.
In addition there are over a hundred operating system command tools
for managing scheduled batch jobs, computer and network diagnostics,
desktop files and registry, internet and TCP/IP, and user and group
accounts. Although some of these tools may be quite helpful, the
applications are not supported. It is also important to remember
that some of these monitoring systems, such as Domain Monitor, to
work properly, must maintain a hidden system administration
connection to every domain controller in the domain being monitor.
To find out which machine is the browser on a segment Browser
Monitor has to be running on an NT system on that segment. This can
be difficult to implement in a centrally administered enterprise
network. The next level of management to watch for and implement
could be:
Reliable automatic monitoring and notification
of failures and errors for:
- Broken NT domain trust relationships - Symptoms include users
in one domain unable to access resources in the "trusting" domain.
- Corrupted SAM (Security Account Management) databases - Some
user logins fail, may not be able to administer user Ids, may
experience slow response times during authentication.
- Corrupted WINS databases - Cannot resolve resource addresses,
may not even be able to locate domain controllers for login
authentication.
- Failed directory replication of login s cripts to all domain
controllers - Changes to user login scripts may not run during
user login.
Valuable SNMP MIBs (Management
Information Base) information with pertinent thresholds
- Monitor memory percentage utilization - SAM and WINS databases
perform better when the entire database is loaded in RAM and
system can avoid disk swapping.
- Monitor disk free space status - Need to maintain enough disk
space for SAM, WINS, and other important databases.
- Monitor network interface usage - Watch for networking
bottlenecks.
Administration LAN Administration Tool
Kit Just as it is important to make NT server a manageable
component of your enterprise, it is equally critical to deliver a
comprehensive toolkit for those who will administer the server.
While mature NT tools are not available in all areas, it is still
worthwhile to list administrative areas and actively seek
best-of-breed tools. In an enterprise network, an NT server can be
considered easily administered if you have tools in the following
areas -
|
Area
|
Function
|
Some Products
|
Anti-Virus Tools
|
Software that scans incoming and outgoing files on the server
can prevent virus attacks that cause loss of data and downtime
|
F-Prot Professional from Command Systems
http://datafellows.cityhall.com/(one of many resellers)
|
Command type languages
|
Many administrative functions can be automated by using powerful
script languages. Reporting on Domains, and accessing specific
Domain information are some of the benefits
|
FINAL! From Fastlane Technologies http://www.fastlane.on.ca
|
Desktop Inventory &Software Distribution
|
Products ease making changes and distributing software to the
desktops
|
Microsoftís SMS http://www.micro soft.com and Symantecís Norton
Administrator for Networks http://www.symantec.com
|
Disk Space Usage Tools
|
Disk space management is a frustrating but nevertheless
important function of a LAN Administrator. NT does not have built-in
tools for limiting disk space for users, directories or shares. Note
though that neither of the products listed can apply space
restrictions by userid until sometime this summer.
|
NTPís Quota Manager http://www.ntp.com, and Argent Software's
Quota Server (203) 489-5553
|
Distributed User Administration
|
The bane of many a enterprise administrator is the inability to
perform granular userid administration with master domains.
Autonomous units within a company shy away from participating in an
enterprise domain design because all administrators in that domain
must have access to all Ids - there is no distribution of authority.
For example, the administrator of the Finance unit not only has the
ability to create an Id within an accounts domain, but is also able
to make the user member of any group in that domain including Domain
Administrators, and is able to reset passwords of any user.
Recognizing this shortcoming, two vendors have products that allows
a company to give password-change only authority, assign members to
certain groups only etc
|
Enterprise Administrator from Mission Critical Software
http://mcsbunker1.missioncritical.com, and Trusted Enterprise
Manager from Master Design &Development
http://www.evinet.com/mdd.
|
Documentation
|
An internal website containing a repository of site specific
information, problem resolutions, and discussion forums is essential
in an enterprise support environment.
|
Any Web server software, Browsers, Discussion forum software
such as Allaire Forums and Web page authoring tools.
|
Network Printing
|
Select the right protocol for your printing needs. Use TCP/IP if
possible as it gives the most cross-platform accessibility.
|
&#nbsp; |
Protocol Analysis
|
Understanding the packet sequences of WINS, DHCP, Browser, and
inter-domain communications is essential in domain problem
resolution. A protocol analysis tool is invaluable in this area.
|
Domain Monitor, Browser Monitor, and Network Monitor included in
the Microsoft NT Resource Kit and Microsoft SMS
http://www.microsoft.com
|
Security Analysis
|
Products allow comprehensive reporting of your Domain security
|
Kane Security Analyst from Intrusion Detection
http://www.intrusion.com
|
Server Backup
|
An appropriate method of providing backup accessibility is to
create a global backup group and include it as a member of the
Backup operators group on each server that needs to be backed up.
|
Cheyenneís Arcserve http://www.cheyenne.com, and Seagateís
Arcada http://www.arcada.com
|
Server Console Control
|
A big shortcoming in NT server is the inability to remotely
control the console of a server to install software, make system
changes etc Microsoftís SMS 1.2 does include server console control,
but with terribly slow speed. Instead, choose one of the listed
tools - all of which install as automatic services under NT.
|
FIMís Remote Desktop
http://www.fim.uni-linz.ac.at/win32/win32.htm, Avalanís Remotely
Possible http://www.avalan.com or Symantecís pcAnywhere
http://www.symantec.com.
|
Server Fault Tolerance
|
Standby server capability
|
Octopus from Octopus Technologies http://www.octopustech.com
|
Server Fine-Tuning
|
While NT itself is self-tuning, there will soon be products
which will enable one to profile the dynamics of a particular server
and recommend custom changes
|
As far as we kno w, no third-party tools exist currently for NT.
Performance Monitor, which is included with NT, can be used to
collect data.
|
Server Recovery Tools
|
The ability to recover from crashes, corrupt volume sets etc. is
an area where tools are invaluable.
|
As far as we know, no such tools exist currently for NT,
although backup products such as Cheyenneís Arcserve now have a
disaster recovery module to aid in recovering crashed servers.
|
Server Stress Testing Tools
|
The ability to simulate a user load on a development server
before rolling out changes is an essential luxury for some LAN
administrators. The stress simulation could also be done on weekends
on production servers to ensure there are no problems come Monday
morning
|
Tools such as BapCo SYSMark, Ziff-Davisís NetBench, and
ServerBench are good tools in this area
|
Software Metering
|
Products in this category are still maturing
|
Tally Systems http://www.tallysys.com, On Technology etc. are
all either in beta cycles, or already have a released product
|
System Upgrades
|
NOS patches, ROM upgrades, System configuration file upgrades,
and Network driver upgrades are an essential part of resolving
problems.
|
Microsoft NT service packs, Firmware upgrades from hardware
manufacturers like Compaq and H-P, and driver upgrades from network
hardware vendors such as 3Com.
|
Technical Knowledgebase
|
A database with frequently encountered problems and solutions,
and technical specifications is an important tool for every LAN
Administrator.
|
Microsoftís TechNet CD-ROM http://www.microsoft.com
|
UPS Software
|
Donít underestimate the destructive nature of power
irregularities While NT has a built-in UPS utility, forego it and
buy a better one
|
American Power C onversionís PowerChute http://www.apcc.com
|
Next
Updated August 15, 1996 |