Inside Windows NT Infrastructures D A V I D I S E M I N G E R

WILEY COMPUTER PUBLISHING

m John Wiley & Sons, Inc.

New York • Chichester • Weinheim • Brisbane • Singapore • Toronto

CONTENTS

Part one G E T T I N G Y O U R DUCKS IN A R O W

CHAPTER 1 I N T R O D U C T I O N Why Windows NT? Why a Book about Windows NT? One Man's Tourney Why This Book Is for You How This Book Is Structured Generation NT

CHAPTER 2 PLANNING YOUR INFRASTRUCTURE Networking Choices

Ethernet versus Token Ring Getting to the Backbone FDDI/CDDI Characteristics ATM (Asynchronous Transfer Mode) Characteristics

Topologies and Wiring

Cable Definitions

1

3

3 5 6 7

9 10 11 15 16 17 18 19

Topologies Cabling Your Buildings Wisely

Where Do I Put the Wiring Wiring Closet Cabling Desktop/Wall Cabling

Segmentation Grouping Your Users

Legacy Systems Choosing Hardware

Hubs

Closet?

23

26 26 28 29

32 34

35 35

36

[v]

[vi]

Bridges Repeaters Routers

Performance Conclusions

CHAPTER 3 D O M A I N MODELS Explanation of the Domains

Domain Controllers Primary Domain Controllers Backup Domain Controllers Synchronization between Domain Controllers Grouping Users Workgroups versus Domains Overview of Local and Global Groups Local Groups Global Groups Domain Interaction Non-NT Operating Systems and Domains

Why This Model and Not the Other? Domain Models

Which One Is for You? Guidelines by the Numbers Conclusions

CHAPTER 4 NETWORKING Networking 101

Introduction to Protocols The Beginning of the Known, Standardized Universe NT's Approach to Protocols

The Protocol Lowdown DLC NetBEUI NWLink (Microsoft's IPX/SPX) TCP/IP

Segmentation

C O N

37 38 38 38 39

43 44 45 45 46 47 47 48 48 48 49 49 49 50 50 59 59 60

65 66 66 66 68 71 72 73 74 78 93

Г E N T S

C O N T E N T S [vl l ]

Taking It All into Consideration You Again?

DHCP, WINS, and DNS

DHCP Details WINS Details

DNS Details Protocols: How to Use Them Wisely How Did They Do That? How Do I Do That?

Conclusions

CHAPTER 5 ROUTING Router Basics and Receptionist's Day Routable Protocols

Construction of a Frame The Routable

Routing Protocols Basic Routing Terminology Static Routing versus Dynamic Routing Interior Gateway Protocols (IGPs) Exterior Gateway Protocols (EGPs)

A Price/Performance Comparison: RRAS (Steelhead) versus Cisco Entry-Level Routers: Steelhead versus Cisco 2500 Midlevel Routers: Steelhead versus Cisco 4500

Enterprise Routers: Steelhead versus Cisco 7500 No-Frills Routing Frills-Enabled Routing

Static Routing

Dynamic Routing PPS and Other Important Numbers

Packets Per Second Latency Conclusions

CHAPTER 6 B A C K B O N E S What's the Function of a Backbone?

95 95 95 96

100 104

108 109

118 119

123 124 129 130 132 135 138 141 142 159 159 161 163 164 165 169 169 172 176 176 178 178

183 183

[vi i i ] C O N T E N T S

Your Network without a Backbone Your Network with a Backbone

Structuring the Backbone

Planning for Subnets' Backbone Access Redundancy

Improvising with Your Backbone Planning NICs, Switches, and Routers: Where to Spend Your Money

NICs

Switches and Hubs Routers

Backbone Examples: Our Four Favorite Companies Give Me Internet Access—Safely

Direct Internet Access Proxy Servers

Conclusions

Part two G E T T I N G Y O U R FEATHERS W E T

CHAPTER 7 SERVER S IZ ING AND DEPLOYMENT Ronald-of-All-Trades: Your Average NT Box

The Well-Greased Chicken

Windows NT and Its Components

Rightsizing, a Moving Target Server Deployment and Performance: The I/O Subsystems

The USB (Universal Serial Bus) Initiative Putting NT Servers into Service Using Application Servers Purchasing Windows NT: Getting the Most for Your Money

Select License Program Open License Program Leveraging Your Existing Servers

Conclusions

185 193 194 196 203 204 206 206 207 208 209 211 211 212 213

217

219 219 220 222 227 229 233 234 235 240 240 241 242 242

CHAPTER 8 REDUNDANCY AND RELIABILITY Fault Tolerance Considerations

Fault Tolerance Strategies: Throughout the Network Fault Tolerance Strategies: Outside the Server

2 4 5 246 247 248

C O N T E N T S [ix]

Avoiding Single Points of Failure 252 Mirroring I gnirorriM and Other RAID Solutions 253

RAID Explained 253

Hardware versus Software RAID 257 Windows NT Disk Fault Tolerance 258

Windows NT Clustering 260 Why Clustering? 261

When It Matures 262

Backing Up Your Data 262 Creating a Backup Policy 263 Conclusions 265

CHAPTER 9 LEGACY SYSTEMS AND INTEROPERABILITY 267

Mainframe Connectivity 268 Physical Connections 268 Software Connections 269 The SNA Factor 269 The Bottom Line, Please 270

Other Operating Systems 270 Novell 271 Unix 271 Macintosh 272

Dial In with Anything You Want 274 Conclusions 275

CHAPTER 10 SECURITY 277 The Windows NT Security Access Token Model 278

A Walk Down Memory Lane 279

SIDs and Security Access Tokens 280

NTFS: Why It's the Only Choice for Security 282 File/Directory Permissions 282

Physical Security in Your NT Infrastructure 289 Protection on the Wire 290

Advanced IP Features and C2 Security 292 Advanced IP Features 292

[ x ] C O N T E N T S

C2 Security Using Domains to Their Full Potential

Conclusions

CHAPTER 11 REMOTE ACCESS Remote Access Technology

Remote Access versus Remote Control Windows NT Server RAS versus Windows NT Workstation RAS

Remote Access Hardware-Based Solutions Hardware versus Software Remote Access Solutions

Windows NT RAS Implementation Details Means of Access Serial Solutions: Smart versus Dumb Serial Cards Getting onto the LAN

Modems

The Good, the Bad, and the Ugly The Modem Pool The Rack Mount

Other Modems Windows NT RAS (Features, Compression, Setting It Up)

Features Integration Issues

Non-NT RAS Solutions in a Windows NT Infrastructure Choosing the Right Equipment

The Ever-Elusive Bandwidth

Deployment Sizing Guidelines Privatizing the Internet Using PPTP

How PPTP Works Installation Procedure

Case Studies: RAS Implementations New Modem Technologies: The Digital Revolution

ADSL Modems Cable Modems

56K Analog Modems

Conclusions

station RAS

)

295 297 300

303 304 305 305 306 308 309 310 312 314 318 318 319 319 320 322 322 333 336 337 337 338

341

341

343 346 350 351 352 353 355

C O N T E N T S [xi]

CHAPTER 12 PERFORMANCE 357 Managing Windows NT Performance 358

Performance Monitor: The Overview 358 Performance Analysis with Performance Monitor 366

Capacity Planning and Rightsizing 369 How Much Is Enough? 370

Choosing Hardware 371

The Hard Line 377

Tuning Software 377 System Software 377 NIC Software 378

I/O Software Tuning 378 FAT versus NTFS 383 Video Cards 384

Remote Access Service (RAS) 385 Applications 386

The Soft Line 388 Updates, Patches, and Everything Nice 388

Conclusions 389

CHAPTER 1 3 CLIENTS 391 Choices, Choices 391

The Real Cost of the Desktop 393 Deployment Costs 397 Decision Criteria 398

Conclusions 399

CHAPTER 14 LEVERAGING THE INTERNET 401 Using the Web 401

Getting a Corporate Presence on the Web 402

Getting Corporate Access to the Web 402 Intranets: More Uses than You Can Shake a Stick At 402

PPTP and Internet Access Revisited 406 Putting It into Perspective 409

The Future Is Now 411

[xll] C O N T E N T S

415 The Lifeblood of Your Windows NT Infrastructure 415

Administration Tools 416 Proactive (Good), Fire Drills (Bad) 417 Performance Monitor 417 Non-NT Specific Administration Tools 428

Planning for Proactive Administration 429

ZAK, ZAW, and Other Movements to Make NT Administration Painless 429

Conclusions 430

CHAPTER 16 WHY NT IS THE BEST INVESTMENT YOU CAN MAKE 433

The Future of Windows NT 433 Leverage Bill, Steve, Paul, and Jim's Money. Leverage Thousands of Millionaires' (and a Few Billionaires') Money 434 What Open Standards Mean to You 435

INDEX 439