MICROSOFT NT ENTERPRISE DESIGN Microsoft NT Management and Administration Management Managing an NT Enterprise network involves monitoring and maintaining both the operation system and server hardware in NT domain controllers, WINS servers, DHCP servers, and other infrastructure devices. Many system hardware manufacturers supply an SNMP-based (Simple Network Management Protocol) hardware manager, such as Compaq Insight Manager and HP NetServer Assistant, to assist in notification and trouble-shooting of hardware specific problems. Other third party management systems can provide for viewing the NT Server event log and for remotely controlling a troublesome system. The Microsoft NT Server comes with User Manager for Domains, Server Manager for Domains, Performance Monitor, and Event Viewer to assist in setting up and monitoring NT servers and domains. WINS, DHCP, and RAS (Remote Access Server) m anagers also ship with the NT operating system to help setup and maintain a TCP/IP based infrastructure. The Microsoft NT Resource Kit supplies several utilities that can assist in managing an NT Enterprise. Domain Monitor can be used to watch the heath of each domain in the enterprise and the connectivity between the primary and backup domain controllers. Browser Monitor can be used to locate the master browser in a domain on a local area network segment. There are several other graphical utilities for viewing a server's IP configuration, processes in use, and network statistics. In addition there are over a hundred operating system command tools for managing scheduled batch jobs, computer and network diagnostics, desktop files and registry, internet and TCP/IP, and user and group accounts. Although some of these tools may be quite helpful, the applications are not supported. It is also important to remember that some of these monitoring systems, such as Domain Monitor, to work properly, must maintain a hidden system administration connection to every domain controller in the domain being monitor. To find out which machine is the browser on a segment Browser Monitor has to be running on an NT system on that segment. This can be difficult to implement in a centrally administered enterprise network. The next level of management to watch for and implement could be: Reliable automatic monitoring and notification of failures and errors for: Broken NT domain trust relationships - Symptoms include users in one domain unable to access resources in the "trusting" domain. Corrupted SAM (Security Account Management) databases - Some user logins fail, may not be able to administer user Ids, may experience slow response times during authentication. Corrupted WINS databases - Cannot resolve resource addresses, may not even be able to locate domain controllers for login authentication. Failed directory replication of login s cripts to all domain controllers - Changes to user login scripts may not run during user login. Valuable SNMP MIBs (Management Information Base) information with pertinent thresholds Monitor memory percentage utilization - SAM and WINS databases perform better when the entire database is loaded in RAM and system can avoid disk swapping. Monitor disk free space status - Need to maintain enough disk space for SAM, WINS, and other important databases. Monitor network interface usage - Watch for networking bottlenecks. Administration LAN Administration Tool Kit Just as it is important to make NT server a manageable component of your enterprise, it is equally critical to deliver a comprehensive toolkit for those who will administer the server. While mature NT tools are not available in all areas, it is still worthwhile to list administrative areas and actively seek best-of-breed tools. In an enterprise network, an NT server can be considered easily administered if you have tools in the following areas -
Area	Function	Some Products
Anti-Virus Tools	Software that scans incoming and outgoing files on the server can prevent virus attacks that cause loss of data and downtime	F-Prot Professional from Command Systems http://datafellows.cityhall.com/(one of many resellers)
Command type languages	Many administrative functions can be automated by using powerful script languages. Reporting on Domains, and accessing specific Domain information are some of the benefits	FINAL! From Fastlane Technologies http://www.fastlane.on.ca
Desktop Inventory &Software Distribution	Products ease making changes and distributing software to the desktops	Microsoftís SMS http://www.micro soft.com and Symantecís Norton Administrator for Networks http://www.symantec.com
Disk Space Usage Tools	Disk space management is a frustrating but nevertheless important function of a LAN Administrator. NT does not have built-in tools for limiting disk space for users, directories or shares. Note though that neither of the products listed can apply space restrictions by userid until sometime this summer.	NTPís Quota Manager http://www.ntp.com, and Argent Software's Quota Server (203) 489-5553
Distributed User Administration	The bane of many a enterprise administrator is the inability to perform granular userid administration with master domains. Autonomous units within a company shy away from participating in an enterprise domain design because all administrators in that domain must have access to all Ids - there is no distribution of authority. For example, the administrator of the Finance unit not only has the ability to create an Id within an accounts domain, but is also able to make the user member of any group in that domain including Domain Administrators, and is able to reset passwords of any user. Recognizing this shortcoming, two vendors have products that allows a company to give password-change only authority, assign members to certain groups only etc	Enterprise Administrator from Mission Critical Software http://mcsbunker1.missioncritical.com, and Trusted Enterprise Manager from Master Design &Development http://www.evinet.com/mdd.
Documentation	An internal website containing a repository of site specific information, problem resolutions, and discussion forums is essential in an enterprise support environment.	Any Web server software, Browsers, Discussion forum software such as Allaire Forums and Web page authoring tools.
Network Printing	Select the right protocol for your printing needs. Use TCP/IP if possible as it gives the most cross-platform accessibility.
Protocol Analysis	Understanding the packet sequences of WINS, DHCP, Browser, and inter-domain communications is essential in domain problem resolution. A protocol analysis tool is invaluable in this area.	Domain Monitor, Browser Monitor, and Network Monitor included in the Microsoft NT Resource Kit and Microsoft SMS http://www.microsoft.com
Security Analysis	Products allow comprehensive reporting of your Domain security	Kane Security Analyst from Intrusion Detection http://www.intrusion.com
Server Backup	An appropriate method of providing backup accessibility is to create a global backup group and include it as a member of the Backup operators group on each server that needs to be backed up.	Cheyenneís Arcserve http://www.cheyenne.com, and Seagateís Arcada http://www.arcada.com
Server Console Control	A big shortcoming in NT server is the inability to remotely control the console of a server to install software, make system changes etc Microsoftís SMS 1.2 does include server console control, but with terribly slow speed. Instead, choose one of the listed tools - all of which install as automatic services under NT.	FIMís Remote Desktop http://www.fim.uni-linz.ac.at/win32/win32.htm, Avalanís Remotely Possible http://www.avalan.com or Symantecís pcAnywhere http://www.symantec.com.
Server Fault Tolerance	Standby server capability	Octopus from Octopus Technologies http://www.octopustech.com
Server Fine-Tuning	While NT itself is self-tuning, there will soon be products which will enable one to profile the dynamics of a particular server and recommend custom changes	As far as we kno w, no third-party tools exist currently for NT. Performance Monitor, which is included with NT, can be used to collect data.
Server Recovery Tools	The ability to recover from crashes, corrupt volume sets etc. is an area where tools are invaluable.	As far as we know, no such tools exist currently for NT, although backup products such as Cheyenneís Arcserve now have a disaster recovery module to aid in recovering crashed servers.
Server Stress Testing Tools	The ability to simulate a user load on a development server before rolling out changes is an essential luxury for some LAN administrators. The stress simulation could also be done on weekends on production servers to ensure there are no problems come Monday morning	Tools such as BapCo SYSMark, Ziff-Davisís NetBench, and ServerBench are good tools in this area
Software Metering	Products in this category are still maturing	Tally Systems http://www.tallysys.com, On Technology etc. are all either in beta cycles, or already have a released product
System Upgrades	NOS patches, ROM upgrades, System configuration file upgrades, and Network driver upgrades are an essential part of resolving problems.	Microsoft NT service packs, Firmware upgrades from hardware manufacturers like Compaq and H-P, and driver upgrades from network hardware vendors such as 3Com.
Technical Knowledgebase	A database with frequently encountered problems and solutions, and technical specifications is an important tool for every LAN Administrator.	Microsoftís TechNet CD-ROM http://www.microsoft.com
UPS Software	Donít underestimate the destructive nature of power irregularities While NT has a built-in UPS utility, forego it and buy a better one	American Power C onversionís PowerChute http://www.apcc.com
Next Updated August 15, 1996