MICROSOFT NT ENTERPRISE DESIGN

Microsoft NT Network Protocols

The most common protocols used in Microsoft NT networks are NetBEUI, Novell IPX/SPX, and TCP/IP protocol suites. Deciding which of these protocols to implement in an enterprise environment depends on:

Routability of the protocol - How well the protocol can be routed across a WAN
Performance and scalability - How well will the protocol adapt to network growth
Interoperability - How well will the protocol provide connectivity to different operating systems
Implementation - What requirements are needed in setting up and maintaining the protocol

A global or nationwide enterprise network consists of a WAN (Wide Area Network) made up of routers, bridges, and gateways. Since the NetBEUI protocol supports only local area or bridged networks, it is safe to assume that this suite would not be appropriate in a "routed" NT enterp rise environment. A comparison of Novell's IPX/SPX and TCP/IP protocol suites may assist in determining which will work best in an NT enterprise.

Routability	Novell IPX/SPX Routing of network layer IPX is available on most router hardware. Server connectivity via SAPs (Service Advertisement Protocol) can flood an enterprise network with broadcast packets. SAP filtering of unnecessary advertisements should be enabled on the routers.	Microsoft TCP/IP Routing of IP protocols is most widely supported in enterprise routers. Technology based on many years of implementation on the Internet.
Performance and Scalability	Novell IPX/SPX Due to SAP broadcasting, the more servers that advertise on the enterprise network, the more bandwidth is needed to support growth in the network. However, once a connection in made, IPX/SPX can be very reliable.	Microsoft TCP/IP TCP/IP protocols work efficiently across a WAN using packet windows where many packets can be sent, then a single acknowledgment packet can confirm all the packets in the entire window.
Interoperability	Novell IPX/SPX In addition to NT server connectivity, IPX can also be used to connect to Novell NetWare file and print servers. Other uses include NetWare SAA Server IPX to SNA gateway connection to IBM mainframes.	Microsoft TCP/IP TCP/IP protocols can be used to connect to Microsoft NT, Microsoft LAN Manager, IBM LAN Server, Novell NetWare, UNIX, the Internet World Wide Web, and IBM 3172 gateway for IBM mainframes.
Implementation	Novell IPX/SPX The Novell IPX/SPX protocol is simple to implement. The IPX network address is generated automatically by combining the NetWare NetWare ID number and the Media Access Control (M AC) layer address burned into the network interface card (NIC). This easily provides unique network addresses for every system.	Microsoft TCP/IP Implementing TCP/IP requires the assignment of IP network addresses, which if not handled correctly can result in duplicate IP addresses. Dynamic Host Configuration Protocol (DHCP) can be used to automatically assign and manage IP addressing. Windows Internet Naming Service (WINS) can be used in resolving Microsoft NetBIOS names to IP addresses. This is analogous to UNIX DNS host name address resolution.

Based on the comparison of NetBEUI, Novell IPX/SPX, and Microsoft TCP/IP protocol suites, we recommended implementing the Microsoft TCP/IP suite as the protocol of choice for a Microsoft NT Enterprise network. To understand some of the issues concerning implementing the Microsoft TCP/IP suite in and NT Enterprise network DHCP, WINS, Network Browsing, and RAS requires additional discussion.

Dynamic Host Configuration Protocol (DHCP) is a service that can be provided by an NT server and is similar to UNIX Bootp where the IP addresses and other TCP/IP configuration parameters are automatically assigned. In fact, the Bootp Helper (UDP packets #67 and #68) may still be used to forward IP address requests through a router. It is recommended that this only be used in a campus environment and that each site in a wide area network should use its own DHCP server. Watching for duplicate IP addresses is still critical where some systems may be statically configured. In addition, it is best not to use more than one DHCP server per subnet to avoid the possibility of overlapping shared pools of IP addresses where a duplicate may be assigned.

Windows Internet Naming Service (WINS) is a service which can be provided by an NT server to dynamically register NetBIOS names and resolve the names to IP addresses. WINS is analogous to UNIX DNS (Domain Name Service) but instead of having to e nter the host names and IP addresses manually, WINS will automatically register the NetBIOS name and associated IP address. Push-pulls (or replication of the WINS database) can be setup between multiple WINS servers in an enterprise. These push-pull connections may become daisy-chained or meshed as the number of WINS servers are installed on the network. The solution for utilizing WINS in an enterprise is to build a "Hub and Spokes" network. By using a single hub WINS server and push-pulling the enterprise database across a single link to each spoke WINS server, the chance of data corruption is minimized.

Network Browsing can be used in MS Windows 95 Network Neighborhood and Microsoft NT File Manager and can sometimes be difficult to manage in an NT Enterprise network. Browsing on a network segment is only as good as the elected browser system on the segment. If a Microsoft NT server wins the "behind the scenes" browser election, but is not configured correctly, others who wish to browse on that segment may be sorely disappointed. This may be one of the drawbacks of using a product such as Microsoft NT which is easy for any user to purchase and install! Browsing, however, does not necessarily affect network connectivity. That is, just because and user can not "see" a server in his browser list, such as Network Neighborhood, he may still be able perform a network connection through "Map a Network Drive" or "Net Use" commands in a login script. In an Enterprise network it is important to realize that the browser is limited to a 64kB database, which translates to 2,000 to 3,000 entries. Because of this we recommend turning off Microsoft Windows 95 File and Print Services on user workstations across the enterprise unless absolutely necessary.

Remote Access Server (RAS) is an NT service for providing a dial-up "rem ote node" connectivity to the NT Enterprise network. As opposed to remote control which takes over control of a host system, RAS can act as a TCP/IP router and provide an actual network LAN connection to the remote workstation. RAS can either use DHCP to assign IP addresses to remote user or maintain a separate pool of addresses reserved only for RAS users. RAS uses standard COM ports with analog modems and can be configured to utilize a multi-port expansion board to provide a significant modem pool.

Remember that the enterprise domain controllers, DHCP, and WINS servers will have to support network connectivity throughout a wide area network. It is therefore best to locate these critical servers as close as possible to segments directly off backbone routers. This should provide for better performance during user logon authentication and network server NetBIOS name resolutions.

Traffic Profile

Domain Controllers, WINS servers, and Browsers all communicate amongst their peers. Here is the default communications profile of these systems.

Domain Controllers
Accounts Database: Default synchronization interval is 5 minutes
Login Scripts, Profiles: Default is once changes stabilize(2min)

WINS
Registration/Renewal: Default is 4 days
Push/Pull: During System initialization, at a specific time or at Replication interval

Browsers
Registration/Renewal: Default is every 12 minutes
Browser Broadcasts: Every 15 minutes