1 / 55

Windows 2000 and NT 4.0 Operations Guide

Windows 2000 and NT 4.0 Operations Guide. version = 06Apr00 status = in progress. Why This Talk. Highly available and scalable services offerings are key to being successful Architectures must be designed from the beginning to assume high volume usage models even if just starting out

marcel
Télécharger la présentation

Windows 2000 and NT 4.0 Operations Guide

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows 2000 and NT 4.0Operations Guide version = 06Apr00 status = in progress

  2. Why This Talk • Highly available and scalable services offerings are key to being successful • Architectures must be designed from the beginning to assume high volume usage models even if just starting out • Architecture must assume that hosts and services run out of remote DataCenter facilities and that hosts and network paths will fail • Review what we have learned in this area • Discuss services offerings could make sense to start developing or piloting or today?

  3. Agenda • Architecture • Security • Access • Setup • LoadTesting • Management • Monitoring [/ Billing]

  4. Architecture - Services • Desire Highly Available and Scalable Services • SLC = Stateless Clusters • Used for services where changes need not be persisted • Requests spread out over set of nodes in cluster • Host failures usually result in rerouting of requests • Implemented using network or platform SLC solution • SFC = Stateful Clusters • Used for services where changes must be persisted • Requests are partitioned across available clusters • Host failures usually handled via fail over or some form of fault tolerant recovery • Implemented using HW or platform SFC solution

  5. Architecture - Services (1) • RFS = Reliable File Service • SSM = Service State Machine • RDMS = Relational Database Service • DS = Directory Service • AS = Autonomous System encapsulating DataCenter Network layer 3 address space

  6. Architecture - SLC • Must use “Scaling Out” for Stateless services • “Scaling Up” may eventually reach a current technology ceiling for you service requirements • “Scaling Up” has implied level of risk associated with a given node • “Scaling Out” Stateless services • Microsoft Network Load Balancing Service (NLBS) • Cisco Local Director, F5 Labs BigIP, RnD Web Service Director, Alteon AceDirector, etc. • NLBS currently supports 32 node clusters • More nodes per cluster can be achieved by linking clusters together with DNS Round Robin

  7. Architecture - SFC • Must use “Scaling Out” for Stateful services • “Scaling Up” may eventually reach a current technology ceiling for you service requirements • “Scaling Up” has implied level of risk associated with a given node “Scaling Out” Stateful services • Microsoft Cluster Service (MSCS) • Marathon Technologies, Stratus Melody, etc. • MSCS currently supports N + 1 clustering • Where N = 1 max today on AdvancedServer, N = 3 on DataCenter, N = more to follow with OEM solutions • Active/Active configuration also supported

  8. Architecture - DataCenter SLC updates from outside sources at scheduled times. Additional SFC RFS, SSM & RDMS . . . . . . use DS to lookup SFC partition . . . . . . . . . SFC RFS, SSM & RDMS SLC DS SLC RFS & RDMS use DS to lookup SFC partition SLC HTTP, SMTP, POP3, IMAP4, LDAP, etc. . . . Application/services requests

  9. Architecture - Multiple DataCenters AS2 AS1 DataCenter2 DataCenter1 ISP/Peer Connection2 ISP/Peer Connection1

  10. Architecture – Multiple DC’s (1) • Provides designed scope of DC failure protection • Provides improved customer topological / geographical presence • AS1, AS2, AS#…advertise as needed some set of identical and unique layer 3 address space • or AS1 DNS primary, AS2 DNS primary, AS# DNS Primary provide AS specific A record results • May decide to use this approach if it simplifies AS access and mgmt issues • May require use of IPV4 “anycast address” support

  11. Architecture – Multiple DC’s (2) • Selectively replicate SFC cluster data that has low change rates to maintain subset of SFC services during AS/Datacenter failures • Selectively partition SFC cluster data that has high change rates to maintain subset of users SFC services during AS/Datacenter failures

  12. Security AS AS is wide open optionally using private address space since ROC public IP’s are virtual IP’s only Ops Access Server(s) DataCenter . . . Ops Access via - L2TP/IPSEC | PPTP - SshD - Rsh/TelnetD/Rcmd + IPSEC - W2ks Terminal Services | VNC - etc. Edge / Security Routers filter settings allow only service dst ip/ports Distribution Network

  13. Security (1) • Per host filtering supported using stack filter settings also supported • Per host ACL’s configurations managed using Group Policy / Security configuration • Extensive Windows Services IP ports list • ftp://ftp.microsoft.com/services/ops/security • More platform and product specific stuff • http://www.microsoft.com/security

  14. Access • Out-of-Band Ops • Operation of hosts when operating system network services are down • Require HW, OS and Services power, configuration and management control • In-Band Ops • Operation of hosts when operating system network services are up • Require HW, OS and Services power, configuration and management control

  15. PSTN Net Access Out-Of-Band Management Group Terminal Concentrator Com1 Video Nic Diag Fw Os & Svcs

  16. PSTN Net Access Out-Of-Band Management Group Keyboard/Video /Mouse Switch Com1 Video Nic Diag Fw Os & Svcs

  17. Net Access In-Band Management Group Com1 Video Nic Diag Fw Os & Svcs

  18. PSTN TrmCon or Kvm Switch Net Access Out-Of-Band & In-Band Management Group Com1 Video Nic Diag Bios Os & Svcs

  19. Access Out-Of-Band Solutions • Redirected Ascii [/vt100] console output • Compaq Integrated Remote Console (IRC) and Remote Insight Lights Out Edition + Gui (RIL) • Phoenix BIOS based hosts (DELL, Intel Motherboards, etc.) • Apex Emerge Remote Server Access + Gui (remote Keyboard Video Monitor switch access) • . . . • Hardware Power Management • Compaq IRC, RIB • APC Masterswitch • Baytech Remote Power Control • . . .

  20. Access Out-Of-Band Solutions (1) • Terminal Concentrators • Lucent Portmaster • Cisco asXxxx and Aux port on routers • Seattle Labs TrmSrv3.0 • . . . • vt100 console Terminal Service • Embedded Windows 2000 and NT 4.0 • Compaq IRC (see Compaq IRC Tips & Tricks slide) • Seattle Labs TrmSrv3.0 • Softway Systems Interix 2.2 igetty • . . .

  21. Compaq RIB/IRC Tips & Tricks • http://www.compaq.com/lights-out • IRC Function keys = Ctrl+A+0-9,-,= • /support/oobSvcs/rbtCfDos.exe, rbtCfWnt.exe • Force reboot into BIOS configuration • /support/oobSvcs/setBoot.exe • Configures boot device w/o entering BIOS • Windows 2000 or Windows NT 4.0 command line interface access using IRC • Ctrl+Alt+Del/Credentials and then Ctrl+Esc/R/Cmd.exe+Enter/Alt+Enter • OR configure AutoAdminLogon and full screen cmd.exe in startup folder

  22. Access Out-Of-Band Demo Compaq Integrated Remote Console Compaq Remote Insight Lights Out Edition Apex Remote Server Access APC MasterSwitch Seattle Labs Terminal Service

  23. Setup • Remote in-rack rebuild support • Fast host additions to scale for unexpected loads • Fast host recoveries from corruption • Works great for protocol server farms (web, smtp, web) • Consistent setups ensure expected behavior • order of product installs changes behaviors • W2k reduces issue with system file protection • Easily re-create “known good” setups • Not resource or user error dependant • Directly impacts High Availability of services

  24. Setup Windows NT 4.0 • Unix Ops users have… • Interface Network boot Rom (Sun, HP, ??? hw) • Jumpstart setups (Solaris, ???) • Image and shell script driven • Windows NT 4.0 Ops users have… • Alternate Network Boot Media • UnAttended OS setup and Post Os shell scripts • Script driven • Complete examples available on NSG ftp URL • 3rd Party solutions such as Ghost, ImageCast, etc. • Image driven w/ option to add Post Os shell scripts

  25. Alternate Network Boot Media • Usually Floppy or Cdrom • Could use a small disk partition • Win98 Command Line Interface boot • Microsoft Network Client 3.0 for MS-DOS • Optional Cdrom or Ntfs media drivers • Config.sys/Autoexec.bat menu options for rebuild • Scripted Partition deletion, recreation and format • Using Fdisk/Format Or AeFdisk • Complete BootMedia image on NSG URL

  26. BIOS Initiating Unattended Setup Set BIOS to use alternate boot media Admin remotely cycles host Operating System for Accounting Department Operating System for Sales Department Operating System for Training Department Connects to Distribution Share Initiates UnAttended OS Setup

  27. Setup Windows 2000 • …going forward • Windows 2000 Ops users have… • Pre Boot Execution (PXE) Network boot Rom • Compaq Netelligent, Intel 82558+, 3com 905+ • Any NIC meeting Pc99 specifications • Remote Installation Service (RIS) • Image and Script driven • Not formally supported unless 3rd party PXE image tool used to enable “Tools” option for setup • 3rd party PXE images via 3com Multi-Boot Agent utilities “Boot Image Editor” available w/ 3c905x

  28. PXE Network Boot ROM • Implemented as an Option ROM • Similar to Video BIOS and SCSI BIOS • Physically on the NIC (in flash or ROM) • Loaded into the same memory as the system BIOS • Or • Optionally loaded using a boot media • Floppy or Cdrom

  29. F12 Initiating RIS Setup When prompted presses the F12 key Admin remotely cycles host Operating System for Accounting Department Operating System for Sales Department Operating System for Training Department Connects to the RIS server After being authenticated, receives a list of available images

  30. Misc Types of RIS Images • 3com [/LanWorks] Multi-Boot Agent utilities “Boot Image Editor” available w/ 3c905x or . . . • Point tool at existing boot image to create PXE boot file image • Useful for plugging in support for non-Windows 2000 Professional platforms • Useful for plugging in hardware configuration, diagnostics and Firmware update boot utilities

  31. Setup – Jumpstart Sample Scripts • ftp://ftp.microsoft.com/services/isn/ops/setup • Windows NT 4.0 Server - $oem$w40s.zip • Setup host templates now exist for - myBasic, myDevA , myDevB, myDevBdocked, myDistSrv, myDomPdc, myDomBdc, myDomMember, myEcom, myEmailRoot, myMgmtRoot, myTrmConA, myTrmConB, myRadius, myRdms, mySlcA, mySlcB, myRtrA, myRtrB, mySfcA, mySfcB, myWebA and myWebB. • Setup host mode/types now exist for - basic, dev, ecom, email, mgmt, ofc, rtr, rdms and web. • Windows 2000 Server - $oem$w2ks.zip • Setup host templates now exist for - myBasic, myDevA , myDevB, myDevBdocked, myDistSrv, myDsRoot, myDsRootReplica, myDsChildRecover, myDsChildReplica, myDsMember, myEcom, myEmailRoot, myMgmtRoot, myTrmConA, myTrmConB, myRadius, myRdms, mySlcA, mySlcB, myRtrA, myRtrB, mySfcA, mySfcB, myWebA and myWebB. • Setup host mode/types now exist for - basic, dev, ecom, email, mgmt, ofc, rtr, rdms and web.

  32. Setup Demo Unattended Setup Remote Installation Service / Preboot Execution Environment

  33. Load Testing • Apply peak load to Service and look for flaws • Internet Monitor (InetMon) 4.0 • Many protocols supported HTTP, POP3, IMAP, SMTP, NNTP, IRC, MS-IRC see BackOffice Resource Kit • Web Application Stress Tool (WAST) 1.1 • Only protocol supported is HTTP • http://webtool.rte.microsoft.com • Web Capacity Analysis Tool (WCAT) 4.32 • Only protocol supported is HTTP • http://msdn.microsoft.com/workshop/server/toolbox/wcat.asp • Mercury Interactive Load Runner 6.0 • http://www.merc-int.com/products/loadrunguide.html • Used by Unisys http://www.unisys.com/sql7/demo.html

  34. Management • Delegation • Of namespace management • Of tasks management • Change • Hotfix’s and service packs • Security and configuration changes • Software add/modify/update • CLI/Jobs/Scripts • Command Line Interface utilities • Job scheduling • Scripts for complicated tasks • Note - all configurable from a central location

  35. Management - Delegation • Security Access Delegation • Use of Partitioned Namespaces • W2ks directory OU’s or child domains • W40s trusted resource domains • Policy managed ACL’s • Task Access Delegation • Sudo temporarily allows user access to limited set of administrator/root user tasks • User need only know their own password • Activities are logged • see http://www.interix.com • RunAs (aka Su) temporarily allows user access to any administrator/root user tasks • User must know Administrator/root password

  36. Management - Change • Unix Ops users have… • Shell Scripts, tar/zip, etc. • Rdist • CfEngine (open source configuration engine) • Systems Mgmt Soln’s (SNMP, WMI, TMN, etc.) • Windows 2000 and NT 4.0 Ops users have… • Shell Scripts, tar/zip, SysDiff, ScriptIt, etc. • Rdist or RoboCopy • Group Policy (similar to CfEngine) • Systems Mgmt Soln’s (SNMP, WMI, TMN, etc.)

  37. Mgmt - Change w/ Rdist • Pushes folder/file updates out to defined locations • When push completes executes action • Action can be “run setup” or “add job” • Optionally use Cron to time pushes • See http://www.interix.com or http://www.pyzzo.com

  38. Mgmt - Change w/ RoboCopy • Pushes folder/file updates out to defined locations • When push completes executes action • Action can be “run setup” or “add job” • Use in a batch script with documented exit codes to provide post copy completion actions • Optionally use Cron/ScheduledTask to time pushes • Feature rich Xcopy • Restart able allowing efficient from net failures • Copy by archive bit, date, folder depth, wild card, create folders only, remove non-replaced fldrs/files, etc. • Robocopy /??? for help OR see robocopy.doc • Available in Resource Kit

  39. 2. Ops advertise software in the Active Directory GPO Server • Ops create group policy object to control logical group of users or hosts 3. Policy update read 4. List of published software returned 6. Sw policy engine gets package location 5. Published sw selected or Assigned sw auto-initiated 7. Windows installer opens package 8. Windows installer installs application Mgmt - Change w/ Group Policy (1) ADS Installed! Package

  40. Mgmt – Change w/ Group Policy (2) • Software defined using Microsoft Installer .MSI files is easily managed and self reparing • http://www.microsoft.com/windows/professional/technical/whitepapers/installer.asp, http://msdn.microsoft.com/winlogo/appspec.doc • Natively Author MSI • http://msdn.microsoft.com/vstudio/downloads/vsi/default.asp, http://www.microsoft.com/msj/0998/windowsinstallertop.htm, http://wwwinstallsheild.com, http://www.wisesolutions.com • Repackaging Software in MSI • equivalent to before / after snap shooting • ZAP’s only work for “published” software deployments • Veritas WinInstall LE included in platform to provide simple repackaging of software to MSI • http://www.microsoft.com/windows/server/Deploy/management/wininstall/default.asp, http://www.veritas.com

  41. Unix Cron Grep Df Dumb trmConc Dumb trmSrv Ifconfig Man Rshd/Rsh Rdist Scripts – sh, perl Windows 2000 and NT 4.0 Scheduled Task or Cron (intx22) FindStr or Grep (intx22 | sfu20) Df.js (nsg) or Df (intx22 | sfu20) Dumb trmConc (intx22 | slabs) Dumb trmSrv(w2k+ | intx22 | slabs) Netsh (w2k) or Ifconfig (nsg) Lynx + uncomp’d .chm files (tbt) Rshd (rk | sfu20) or RcmdSvc (rk) Robocpy (rk) or Rdist (sfu2) Scripts – batch, perl, jscript, vbs Mgmt – CLI/Jobs/Scripts

  42. Unix Shells – bash, sh, ksh, csh Sshd/Ssh Su Sudo Shutdown Telnetd Truss Uptime Vi … Windows 2000 and NT 4.0 Shells – cmd or bash, sh, ksh, csh (intx22 | sfu20) Rsh w/ipsec or Sshd/Ssh (intx22) RunAs or Su (rk/sfu20) Sudo (intx2x) Shutdown (rk) Telnetd (w/ntlm auth, w/ipsec) ApiMon (rk), Truss (intx22), Uptime (msft download) Vi (intx22 | sfu20) or Vi (gnu) … Mgmt - CLI/Jobs/Scripts (1)

  43. Unix Xclient/Xserver CDE, Sun OpenWin, HP AUX, DEC OSF-Motif… Htlm Admin Consoles misc Web, Smtp, Nntp protocol servers Windows 2000 and NT 4.0 Xclient/Xserver (intx22/Hmngbird) Terminal Service/TsClient NetMtg Rds, CarbonCopy, PcAnywhere, Remote Desktop, System Mgmt Server Agent , Virtual Network Computing… Htlm Admin Consoles misc Web, Smtp, Nntp protocol servers Microsoft Management Console [Optional] Mgmt - GUI’s

  44. Monitoring • Often Monitoring Solution == Billing Solution • Events (== reactive) • Push or Pull options • Define, Trigger, Action • Logging (== proactive) • Push or Pull options • Define, Format, Post-Mortem Analysis & Reports • Real Time (== adhoc) • Push or Pull options • Configuration • Distributed, Cascading or Centralized options

  45. Monitoring - Events • Triggered by Tasks, Services, Processes, Counters, Ports • Start/Run/Perfmon.msc – Alerts • Actions defined for counter thresholds • Start/Run/Services.msc – Recovery • Actions defined for service failure events • WMI, SNMP or optional TMN traps • WMI, SNMP or optional TMN agents counter “over” | “under” threshold monitoring • ISV agent updates and consoles available from Hp NNM, Tivoli, CA TNG, NetIQ, NetCool, SiteScope, etc.

  46. Monitoring – Events(1) • All Events == debugging only • Win32_Service == Status changed stopped • NtLogEvent == error || warning • Threshold == interval timer which then checks current performance counters and ??? To decide if threshold criterion met • Absolution or Interval Timers == trigger one timer or periodic events that invoke some time based decision processing • Billing == any event processing where you compare new data point against previous persisted data point i.e. no. emails, no. connections, etc.

  47. Monitoring - Logging • Pulled from Tasks, Services, Processes, Counters, Ports • Start/Run/Perfmon.msc – CounterLog • Write to CSV file on central host for post processing • Start/Run/EventVwr.msc – App/Sec/Sys/Ds/Dns/FRS • Create Cron or Scheduled Task Job that exports to CSV file on central host and then purges • WMI, SNMP or optional TMN, RMON agents • monitor counter data and write to CSV or ??? format log on central host for post processing • ISV agent updates and consoles available from Hp NNM, Tivoli, CA TNG, NetIQ, NetCool, SiteScope, etc. • Do log post-mortem or SLA analysis and reporting using custom or 3rd party applications

  48. Monitoring – Logging(1) • Filter and process only events you are concerned about • Log to oleDb data source == csv, mdb, sql, etc. • Post mortem analysis consists of database reports

  49. Monitoring - Real Time • Start/Run/Perfmon.msc – System Monitor • Can save to HTM for Viewing from browser • Optionally adhoc log to CSV file on central host • WMI, SNMP or optional TMN, RMON agents • ISV agent updates and consoles available from Hp NNM, Tivoli, CA TNG, NetIQ, NetCool, SiteScope, etc.

  50. Monitoring – Real Time • Dialog based • Looping script • Presents current counter, update, etc. data for visual review

More Related