The Smoke and Mirrors of Server Upgrades
- Get link
- X
- Other Apps
This past semester I had to write a paper for my Technical Reporting class that dealt with communicating technical topics to non-technical persons. This was my attempt.
Read this doc on Scribd: Final Guide
The Smoke and Mirrors of Server Upgrades Prepared by John Croson Contents Introduction ...........................................................................2 Environment Evaluation .......................................................2 Hardware ...................................................................2 Software ....................................................................3 Server Services ..........................................................3 Operating System and Hardware Selection ..........................4 Server Editions ..........................................................4 Server Licensing .......................................................4 Hardware Considerations ..........................................5 Server Selection Tips ................................................6 Server Upgrade and Migration ..............................................7 In-Place Upgrade ......................................................8 Clean Installation ......................................................8 Surrogate Migration ..................................................8 6 – Active Directory Preparation .........................9 7 – Active Directory Installation ..........................10 8 – Data Migration................................................13 10 – Active Directory Migration...........................13 12 – Internet Information Services.......................14 13 – SQL Server....................................................15 Post Installation .........................................................18 Application Migration ...........................................................19 Conclusion ............................................................................19 References .............................................................................20 Glossary of Terms..................................................................21 Page 1 of 27 .: Introduction As time and technology progresses, system administrators find themselves patching software, fixing hardware, installing upgrades, all to avoid the inevitable: THE UPGRADE. This will make management cringe at the expense, users moan that their work day might be disrupted, and system administrators wipe the sweat from their brows realizing their existence for the next 3 to 6 months will be secure. This guide will provide information and tips on Windows 2003 Server upgrades and migrations to include: Active Directory IIS SQL Applications While this is not a definitive guide on the subject of Windows Server 2003 upgrades and migrations, it will provide consolidated information for systems administrators seeking upgrade guidance. .: Environment Evaluation The first phase of any type of migration is to evaluate your environment. In many cases, patch levels, running applications, and services provided are documented, but my not be complete. Depending on your role in the environment, you could be facing a dire situation. Jack Taugher [9, excerpts from interview], a colleague who is an IT consultant was asked to quote a server upgrade. He was provided some information by the potential client, and drew up a quote. However, when he arrived to deliver the quote, he found the server with the front grill open revealing two IDE drives sitting unmounted, stacked in the case. They were the systems sole drives in a mirrored configuration. Upon closer inspection, one had failed without warning, putting this client at great risk of data loss. Jack informed the customer of the situation, and was immediately hired to rectify the situation. This discovery changed the scope of the migration project, and the quotation. Stabilization of the existing server is vital, and an initial evaluation would have revealed this. .: Hardware Whether you find existing documentation or not, a complete evaluation is imperative, especially if you are planning to upgrade the system software on your existing hardware. There are a variety of tools available to inventory the server hardware. Belarc Advisor [7, resource] has an excellent utility for quickly evaluating the hardware, operating system patch status, and even performing a Center for Internet Security benchmark. Additional utilities for hardware evaluation are also provided by OEM support sites. For example, Dell has a utility that automatically probes for the machines service tag number, and provides a detailed list of the original hardware configuration, accompanied by the current hardware configuration. Microsoft provides the Microsoft Baseline Security Analyzer (MBSA) that is useful for testing the patch status of both the server to be retired, and the new replacement. There are also many vendors of enterprise level hardware evaluation utilities. If you plan to upgrade the system software on your existing server, use the hardware inventory to cross reference the Microsoft Hardware Compatibility List (HCL) [6, resource]. Most major manufacturers of server components will certify those components for use with Microsoft Operating Systems. You should use the Evaluation Worksheet addendum for your inventory, or if you are fortunate enough to have an OEM system that is HCL certified, you need not pour through that extensive list Belarc and other utilities produces. Simply record the server make and model, verify it at the Microsoft HCL website, and ensure that any added components since putting the server into service are also HCL compliant. Print the results from your hardware Page 2 of 27 inventory program and attach it to the Evaluation worksheet. It is possible that some components will not be HCL certified. When this becomes the case, check with the manufacturer for driver availability. They are usually available and reliable. If not, many times Microsoft will provide generic driver support for those devices. Check Microsoft's website and failing that, Google it! .: Software The next step in evaluation is the software. Microsoft's MBSA and Windows Update do a fine job of identifying needed updates, but application software is another matter. Some manufacturers will provide a method of checking for updates. Sun Java, Symantec's Live Update, and some Intel components are examples of software that have automatic update features. Others require that you either run a utility from inside the application, or visit the manufacturer's website for downloadable patches. Use page three of the Evaluation Worksheet for recording all third party applications, their version numbers and patch status. Evaluating the workstations and software used that connect to the server is also important. Patches to the server may impact workstations in many ways. Some server applications automatically update the clients; some require that the clients apply the same patch, but the client portion only. Other client/server applications require no patching on the client side. It's important to understand the applications that run on the workstations, and how they interact with the server. Check the workstations in different departments for installed applications. You are more likely to find the greatest differences between departments and their managers, than simply choosing a couple of workstations in the same area being used by people performing similar tasks. Record your findings on page four of the Evaluation Worksheet. Once this is complete, contact the application manufacturer's and inquire about any compatibility issues with their software and your missing Microsoft patches, and the proposed server environment. Lastly, ensure media or a download location is available for these applications. If the resource is a website, download these files for later use. The last thing you need during a server upgrade is missing software. .: Server Services Observe server load during normal operating hours. This will give you an accurate perspective into processor and memory utilization. If you observe abnormally high usage, identify those processes using the Windows Task Manager, Performance Monitoring, SysInternals Process Viewer [5, Marcin Policht points out these, and suggests www.sysinternals.com for free utilities], or other process analyzing utility. Record your results, and use these findings to ensure your hardware selections are appropriately sized, if you plan to replace your existing server. Inventory the running services on your server as many Windows 2000 Servers have unnecessary services running, consuming resources. Disable any unused services, and note those services needed, since the default Windows Server 2003 installation has very few services enabled, unlike Windows 2000 Server. Use Xnetstat, or similar utilities to determine listening ports and the program associated with created the listening socket. They will provide clues to services that may not be listed in the Windows Services Microsoft Management Console (MMC). Some services are run using scripts or other methods upon server startup. Once those programs are located, check the file properties, and research the program. Again, Google is an invaluable resource for locating this information. The Microsoft Management Console can export its contents to a text file; doing so with the service list will render a nicely formatted file, which can be opened in Excel. Simply right-click the Services object in Computer Management, and choose Export List. This can be either a tab delimited or comma separated value export. Attach this list to the Evaluation Table, noting any services not in this export on page five of the Evaluation Worksheet. Page 3 of 27 .: Operating System and Hardware Selection Now that the environment has been documented, your operating system can be chosen. You may also be choosing a new server, if your upgrade plans include one, so hardware needs will also be considered. .: Server Edition Microsoft's Server 2003 comes in a number of editions, based on your needs. Listed below are the editions, along with a brief description of the differences. Windows Server 2003 Web Edition – Primarily used in single server, unclustered web server environments. Will not provide many services necessary in a client/server environment. Hardware limited to 2 processors, and 2 Gigabytes of RAM. Windows Server 2003 Standard R2 – Designed for small to medium sized businesses. Supports up to 4 processors, and 4 Gigabytes of RAM. Provides file, print, and application deployment. Windows Server 2003 Enterprise R2 – Designed for medium to large sized businesses. In addition to providing the same services as Standard, support is expanded to 8 processors, 32 Gigabytes of RAM and 8 node clustering. The 64bit version of this edition increases support up to 1 Terabyte of RAM. The enterprise edition also provides the ability to hot-add supported hardware. This is important in an environment where server downtime is not an option, and allows one to add, install, and configure hardware without shutting the server down. .: Server Licensing Licensing your new operating system can be a bit complicated. First, your existing Windows 2000 Server licenses are not transferable, so you will be required to purchase new ones. To begin, you must first understand the basics of the Microsoft Licensing model: Every installation of Microsoft Server 2003 requires a server license. A Windows Server 2003 Client Access License (Windows CAL) is required to access or use any resource on the server. A Windows CAL is not required for unauthenticated access to the server. An example would be accessing a web site on the server where no identifying credentials are exchanged. A Terminal Server Client Access License is required to use Terminal Services in application mode, i.e. hosting a GUI for remote user access, except for a console session. Some changes that occurred in the release of Windows 2003 Server Edition: The introduction of the Device Client Access License (Device CAL), and the existing User CAL. You can choose to purchase a User CAL for every named user accessing your server, or a Device CAL for each device. TIP: For the best value, use this example when choosing a licensing method. A factory with 20 computers that are utilized by 3 shifts of 200 users should purchase 20 Device CAL's. A company with 20 users utilizing multiple devices like computers, laptops, and mobile devices should choose User CAL's, since the number of devices outnumber the users. The name for Per Seat licensing mode has been changed to Per Device or Per User mode. Per Server mode is the same, and the mode you choose during the operating system installation will be Page 4 of 27 important. Per Device or Per User mode allows each licensed user to connect to multiple servers. Per server allows as many users as you have licenses for to connect to that server. The rule of thumb is if you have one server, choose Per Server mode, if you have more than one server, choose Per Device or Per User mode. There are also different license types: Volume Licensing, Open Licensing, and Software Assurance. Fortunately, Microsoft's online licensing evaluation tool [8, from the MS licensing website, click How To Buy, and at the bottom of the resulting page, click “Find the right licensing program for you” link] works well at asking you what product you'd like to purchase, the number of users or devices connecting. It then determines what licensing you qualify for, and gives an estimate of the cost. I used the tool, and received an estimate of $1200 for Windows Server 2003 Standard R2 with a 25 User CAL pack. .: Hardware Considerations Whatever your decision might be in the way of OS or Licensing selection, you must still plan for the future. If the user load is 25 employees now, but growth is expected in the future, plan your server install accordingly. Hardware selection is also extremely important in terms of expandability. If the business grows in the next 5 years, the server will be required to handle that load immediately, or have upgrade abilities to meet growing needs. If you decide not to upgrade your server, consider these important questions: 1. How important is your server to your day to day operations? 2. Can you operate for one day without it? What about a week? 3. Is your existing server still under warranty, and if so, for how long? 4. Is there an extended warranty available for purchase? The consideration to using existing hardware for a server upgrade can be argued pro and con. My personal opinion is, if you answered “Very” to question number one, “No” to number two, less than one year for number three, and more than 20% of the servers original cost for number four, then it's time to replace your existing server. A study by the accounting firm McGladrey and Pullen [1, from Darryl Peddles’ article] last year estimated that one of 500 data centers will suffer a catastrophic data loss this year. Of those, 50% are expected to go out of business. Considering that fact, the price to pay for a new server is a drop in the proverbial bucket. Another argument from the “Don't be Cheap” camp is this story from Jack Taugher [9, excerpt from interview]. A client owned a Compaq server that was relied on quite heavily, and the warranty was set to expire soon. The customer decided not to renew, since the server was slated to be replaced in six months. Shortly after the expiration of the warranty, a fan failed on the server, causing it to go down, and not be available for use. Normally when a server is under warranty, the process of replacing parts is quite simple; call the manufacturer, and a part is in your hand in four hours. In this case, they waited three days for the fan to arrive, only to find it was incorrect. Another fan was shipped FedEx, installed, and the server was back up and running. The entire process took one week, approximately 7 days longer than they desired to be without the server. Hardware selection should be made carefully. In most cases, if your existing server wasn't overloaded, and is of a typical replacement age ( 3 to 5 years old ), you will likely find yourself purchasing one that is much more powerful, simply because of the advances in technology. Page 5 of 27 .: Server Selection Tips 1. Processor Speed and Type 1.1.This will primarily be determined on the performance of the old server. If utilization on the old server approaches 30% or more, carefully determine the reason. If it is because services and applications are driving the utilization up, and the server contains adequate RAM, a faster processor is in order. 1.2.Dual processors can improve performance dramatically, as well as choosing a 64 bit environment. BENEFITS: Performance and useful life. 2. RAM Considerations 2.1.Double, and if possible, triple the RAM for your new server. BENEFITS: Performance will increase, and ultimately productivity: If your applications run faster, your employees productivity improves, which directly affects the bottom line. 3. Hard Drive Space and Configuration 3.1.Ensure your allocation for drive space is at least twice the size they are now, preferably larger. BENEFITS: Your data growth will increase, preparing for it now saves time and money in the long run. 3.2.Configure your system and data drives in RAID 5, with a fourth used as a hot fail-over. BENEFITS: It's a cost-effective solution, and serves to provide good protection against data loss. NOTE: Some will argue that the system be installed on a pair of drives configured for RAID 1, and three drives in RAID 5. This equals no fail-over drive, and purchasing an additional, fifth drive. Choose your comfort level, and budget accordingly. 4. Tape Drive 4.1.While RAID 5 offers redundancy, it should not be treated as a failsafe method of data storage. Data backups are still imperative. 4.2.Choose a tape drive that is capable of backing up your entire data drive onto one tape cartridge. If your data size exceeds a single cartridge, consider a tape library. 4.3.Consider a backup solution that provides Intelligent Disaster Recovery. These options will typically allow you to recover all your data in a “bare metal recovery” scenario, i.e. All your disks fail, and you need to restore all data to fresh drives. 4.4.Review your current backup scheme. Daily full backups with a five tape rotation are not good practice. A better solution is Grandfather, Father, and Son. Daily, or Son backups, are rotated daily with one graduating to Father once a week. Weekly, or Father Backups, are rotated weekly with one graduating to Grandfather once a month. Monthly, or Grandfather Backups, are rotated out quarterly for off-site storage for disaster recovery. BENEFITS: When your server crashes, and you perform a full restore while your boss looks over your shoulder, you'll thank me. Enough can't be said about expandability and meeting expected server demands when installing a new server. It's far better to over-purchase, than to have to purchase more components later, to extend the usefulness of your investment. Page 6 of 27 .: Server Upgrade and Migration According to Microsoft, there are two methods to migrate and upgrade a server [3, from “Upgrading from Windows Server 2000 to Windows Server 2003”]. They are In-Place and a Clean Installation. I prefer a clean installation in all cases, since in-place upgrades usually always result in issues of some type. This can pose a problem if you choose to keep your existing hardware, since a Clean Installation would require that you recreate your environment from scratch. This is why I have used a “Surrogate Migration” in cases where the source server is the only one in the environment, and experiencing issues. It provides the users in an unstable environment a solid source of server services during a “rescue” attempt. In an ideal situation, you will have a new server purchased from an OEM distributor that has already preinstalled Windows Server 2003 for you. This will eliminate step 2 in the Surrogate Migration, but not the substeps, i.e. 2.1 a, b, and c. In-Place Upgrade onto existing hardware - Performing an in-place upgrade may at first glance be an attractive possibility. Pros: Any existing permissions, users, groups, rights, and windows settings are preserved. Active Directory component upgrade is automated, and most networking services are upgraded seamlessly as well. Applications and files do not need to be re-installed. Any known or unknown issues that reside in software or hardware remain. Cons: Clean Installation onto existing hardware Pros: If you keep your existing server, reformatting the hard-drive may improve performance, and give you a clean environment. You can also modify the hard-drive partitions to better serve the size and number needed to meet your requirements. Migration of Windows components is more time consuming, since they will be manually re-created. All applications will need to be re-installed and re-configured, requiring documenting application settings. Any known or unknown issues that reside in hardware remain in the environment. Cons: Surrogate Migration, back to originating server – This option is used when the complexity of Windows services or other applications must be maintained and tested before removing the source server, or in server emergency situations where an unstable source server must quickly be relieved of it's duties. Pros: In a single-server environment with many users, computers, customized installation deployments, and security settings can be tested and migrated. Benefits from a clean installation. Page 7 of 27 Cons: All applications need to be re-installed and re-configured. Twice. Any known or unknown issues that reside in hardware remain in the environment. .: In-Place Upgrade Performing an in-place upgrade is similar to the Surrogate Migration steps, with exception to step 6, which is not needed. Insert the Windows Server 2003 disk, and if the Windows Server 2003 menu appears, choose to Upgrade to Windows 2003. If not, navigate to the CD drive location in My Computer, and run the autorun.exe application. The process is similar to a fresh installation, with the exception of selecting the Upgrade option at the beginning of the process. The process is approximately as long as a fresh installation. .: Clean Installation Performing a clean installation is similar to the Surrogate Migration steps, with exception to step 6, which is unneeded. At the beginning of the installation process, take the opportunity to review the partitions, choosing a partition method that meets your needs, and reformat all drives to the NTFS file system. Your system drive (usually C:) should be about 20gb in size. .: Surrogate Migration You will need a surrogate machine, so choose something with reasonable speed and drive space, adequate to store the data and applications currently stored on your existing server. Choose a workstation that can handle some load if your upgrade process becomes problematic, and requires more time than the upgrade window provides. You may actually have to use it as a temporary server. 1. Backup - First and foremost, backup your old server, in it's entirety. 2. Install Windows Server 2003 - On the surrogate machine, install Windows Server 2003. Choose the Per Device or Per User licensing model during the installation. Install the following components from Add/Remove Programs, Windows Components after the installation is complete: 2.1.From Windows Components in Add/Remove Programs choose the following: (See Figure 1). Figure 1 Page 8 of 27 a) DNS b) DHCP - Copy settings from the Windows 2000 Server. If this is a complex setup, refer to Microsoft Knowledge Base article, KB325473 for migration steps. IMPORTANT TIP: Make sure that while the retiring server is in use, that this machines DHCP services DO NOT START. Microsoft DHCP service is not very intelligent, and will shut down if it sees another DHCP server on the network. DO NOT ACTIVATE THIS SERVICE. c) WINS 3. Patch Servers - Assuming you checked with the application vendors for patching servers and applications proceed to patch this server, and the Windows 2000 Server to current levels. 4. Time Settings – Ensure both servers are either synchronized to the same Network Time Protocol (NTP) servers, or manually set the time on both machines to the same time. 5. Disable Anti-Virus – Disable any anti-virus programs running on the server, to avoid possible issues during migration. 6. Active Directory Preparation - Before you can install Active Directory (AD) components on this new “server”, you must first prepare the Windows 2000 server by updating the schema [4, screen shots used by permission of Daniel Petri]: 6.1.Insert Disk 2 of the Windows Server 2003 disk set into the Windows 2000 Server that holds the Infrastructure Master FSMO role. If this is a single server environment, then insert the disk. If not, and you are unsure, refer to Microsoft Knowledge Base article KB234790 for instructions. 6.2.From the CD-DRIVE:\CMPNENTS\R2\ADPREP\ directory run adprep.exe /forestprep, where CD-DRIVE is your cdrom drive. Note the output in Figure 2 and 3. Figure 2 Figure 3 6.3.Now that the /forestprep is complete, run adprep.exe /domainprep. The output is very brief, Figure 4: Page 9 of 27 Figure 4 6.4.After running ADPREP command, open %systemroot%\system32\debug\adprep\logs\ADPrep.log, and see if there are error messages that might need to be resolved. 7. Active Directory Installation [2, referenced from the Windows Server 2003 Active Directory website] - On the surrogate server go to Start, Run, and type dcpromo.exe in the run box and clicking OK. This will start the Active Directory installation wizard. The first window will be introductory. Click Next. 7.1.Domain Controller Type - Domain Controller for a new domain, or creating an additional Domain Controller for an existing domain. See Figure 5. IMPORTANT NOTE: If your Active Directory environment has been determined through your investigation to contain errors, you will want to consider creating a new domain. This choice creates more work, but will eliminate the possibility of migrating bad data. Figure 5 7.2.Network Credentials - Enter the credentials of a user that has rights to add this Domain Controller to the domain, and the domain name. Click Next. See Figure 6. Page 10 of 27 Figure 6 7.3.Domain Name – Enter the domain name, or click browse to locate it. Click Next. See Figure 7. Figure 7 7.4.Database and Log Location - Select the defaults, and click Next. See Figure 8. Figure 8 7.5.SysVol Location – Select the default location, and click Next. See Figure 9. Page 11 of 27 Figure 9 7.6.Directory Services Restore Mode Administrator Password – Type it in, document it, and click Next. See Figure 10. Figure 10 7.7.Summary Page – Review the summary, and click Next. 7.8.Configuring – Wait for this to complete. See Figure 11. Figure 11 7.9.Completed – Click Finish. 7.10.Reboot – A reboot is necessary to complete the installation of Active Directory Page 12 of 27 components. 8. Data Migration – Use Robocopy, a free utility from Microsoft provided in the Windows Server 2003 Resource Kit [10, resource], to transfer all files from file share locations existing on the old server to the surrogate server. Set up the file sharing by referring to the old server. Take this opportunity to clean up your logon scripts. There are many great alternatives to batch scripting technology, and allows for simplified advanced configuration techniques. Kixtart is an excellent example of this, with a tremendous peer support group, and excellent documentation. TIP: A quick method for recording a list of existing file shares is to open Computer Management, expand the Shared Folders object, right-click the Shared and choose Export List option to export a list of Shared Folders in text format. Another option is to open a shell window, and type 'net share > c:\shares.txt'. This creates a similar list in C:\, called shares.txt. TIP: There is a free-ware Graphical User Interface to the shell utility Robocopy, found on SHSOFT's website [11, resource], in the Tools section. This greatly simplifies the copy process. 9. Migrate Printers – If your environment is complex, you can use the Printer Migrator v3.1, a free download from Microsoft. If not, install those printers manually on your surrogate server. 10. Active Directory Migration – If you chose to create a new domain, you will migrate all workstations, users and groups to the new domain using the Active Directory Migration Tool v3.0, found on the Microsoft Server 2003 installation disk, in the i386\ADMT folder. 10.1.Requirements for user running tool: a) Administrator rights to source domain, and all computers that will be migrated. b) All computers you plan to migrate must have the administrative shares C$ and ADMIN$ available. c) You must be a member of the local administrators group. d) The source domain must trust the target domain. Set up this trust in the Active Directory Domains and Trusts MMC snap-in. 10.2.OPTIONAL – These steps are not required, but may ease the migration process. a) Create a local group in the source domain, named %sourcedomain%$$$. This group must be empty. b) Turn on Auditing for the success and failure of account management on both domains in the Default Domain Controllers Group Policy. This will aid in any troubleshooting in the event of failures. c) Configure the source domain to allow Remote Procedure Call (RPC) access to the Security Accounts Manager (SAM) by configuring the following registry key on the Primary Domain Controller (PDC) Emulator in the source domain with a value of ‘1’HKLM\System\CurrentControlSet\Control\LSA\TcpipClientSupport. Reboot the Domain Controller after this change. d) You may also choose to migrate passwords by using the password migration DLL: • On the server where ADMT is installed, in a shell window, run 'admt key SourceDomain path [* | password]', without quotes, where ‘SourceDomain’ is the NetBIOS name of the source domain, and ‘path’ is the local location for the exported key file (.pes). Page 13 of 27 • • • • Move this exported file to the new server that should have ADMT installed. Insert the Windows Server 2003 disk in the new server, and run pwmig.exe from the i386\ADMT folder on the CD to install the Password Migration DLL. You will be asked for the location of the .pes file you moved to this server. After the installation completes, you are required to restart the server. To migrate passwords, modify the following registry key to have a DWORD value of ‘1’. HKLM\System\CurrentControlSet\Control\LSA\AllowPasswordExport 10.3.ADMT Failure - If using ADMT fails to migrate the users, groups, and workstations to the new domain, you must create the users and groups by hand, in the Active Directory Users and Computers MMC snap-in, on the new server. You must also join each workstation to the new domain, and use “brute force” methods to retain user profile settings on the individual workstations. Windows XP user settings are typically stored in the C:\Documents and Settings\’UserName’ folder, where ‘UserName’ (without quotes) is the users logon name. Follow the guidelines below for the process. • • • As a domain administrator, log on to the workstation, and join it to the new domain. Reboot the workstation when prompted. Log on as the user that needs their profile migrated. Reboot the workstation, as this will release any file locks in that profile directory. Log in as a domain administrator. Look in the “C:\Documents and Settings” folder for two profiles that match the users login name. The old profile will be named ‘UserName’, or ‘UserName.OldDomainName’. The new profile will be named ‘UserName.DomainName’. Copy all files from old profile directory to new profile directory. You will likely need to take ownership of these files to be successful. Optionally, you may try these tools provided by Microsoft to automate this. I have not used them, so cannot attest to their usefulness. • • Moveuser.exe from the Microsoft Server 2003 Resource Kit [10, resource] will move local user profiles to domain user profiles. This method is documented to have issues at times. Your mileage may vary. User State Migration Tool (USMT) [12, resource] will migrate user states from old XP workstations to new ones. There are many options to choose from, so read the documentation carefully. • 11. DCPROMO - Run dcpromo.exe on the Windows 2000 Server after Active Directory Replication is successful, to remove Active Directory from this server. Check the event logs for information regarding the process. 12. Internet Information Services – The most reliable method to migrate Internet Information Services (IIS) settings is with the shell utility, IIS 6.0 Migration Tool, provided free from Microsoft. The tool transfers configuration data, Web site content, and application settings to a new IIS 6.0 server. 12.1.Additional configuration will be necessary, after using the utility, since these items will not migrate [13, referenced from Alexander Zubair, “21 Things IIS 6.0 Migration Tool Doesn’t Do”]: a) The FrontPage Server Administrator account is not migrated, and will need to be replicated manually. Additionally, web sites with custom security settings pertaining to FrontPage Server Extensions, they will to be configured on the destination server. b) IIS 5.0 Registry Settings – Only settings in the metabase are migrated, not registry settings. Page 14 of 27 c) If any local security accounts were specified to be used in replacement of the Anonymous User, or WAMUser, these will have to be manually created at the new server. d) MIME Types e) Digital Certificates f) ISAPI filters or extensions that do not reside within the migrated content. Additionally, you will have to enable any filters or extensions, since by default none are enabled in IIS 6.0. g) If the Windows installation directory (WINNT, WINDOWS, etc) is different from source to destination, the metabase references to these locations will need to be changed. h) Virtual Site sub-directory's path cannot be changed, only the site root. Ensure destination drives exist, since the tool will attempt to migrate the data to those locations. In the event the destination drive doesn't exist, manually copy the content, and update the metabase. i) Log files. j) Web application DLL's. k) ASP.NET process model settings. l) Files or content that reside out of the web root. m) Databases, and ODBC connections. 13. SQL Server – There are two methods for migrating SQL databases. First, ensure the new server has SQL installed, and running properly. Secondly, ensure both servers are patched to identical levels, and choose one of the methods below for transferring the data. 13.1.Data Transformation Services - The SQL Server database migration is most easily performed with the Data Transformation Services (DTS) in SQL Enterprise Manager. This facilitates the transfer of the database information from one server to another. Using the DTS wizard, one can set up the transfer of a database to another SQL server in minutes. a) Open Enterprise Manager. Expand the server object, and drill down to the databases. Rightclick the target database, and select properties. Right click again, select All Tasks, Export. The DTS wizard appears. Click Next. b) Choose a Data Source – Your default data source, server, database and authentication method will be automatically selected, check them to be sure. Click Next. See Figure 12. Figure 12 c) Choose a Destination – Select the destination server from the Server drop-down box. If the Page 15 of 27 destination database has already been created, select it, otherwise select. See Figure 13. Figure 13 d) Create Database – Create your destination database by typing in the name, and click OK. See Figure 14. Figure 14 e) Specify Table Copy or Query – Select the last option to copy all database objects and data to the new server. Click Next. See Figure 15. Figure 15 f) Select Objects to Copy – Accept the default options, and click Next. See Figure 16. Page 16 of 27 Figure 16 g) Save, Schedule, and Replicate Package – These options allow you to either immediately start the transfer, schedule it for a later time, or even set up a database replication schedule. Choose the default, and click Next. See Figure 17. Figure 17 h) Summary – This window summarizes your choices. Click Next to start the transfer. See Figure 18. Page 17 of 27 Figure 18 13.2.Data Copy Method - You can “forklift” the database, physically copying the database and transaction logs to a new location. a) Using SQL Enterprise Manager, find your database in the server object list, right-click it, and choose Properties. The Data Files tab and Transaction Log tab indicate file name, and path. Note these for the next step. b) Right-click the database, select All Tasks, Detach Database. Copy the .mdf database and .ldf transaction log you noted in the previous step to a location on the destination server. c) Once the data is copied, use SQL Enterprise Manager to attach to the migrated data by expanding the server object, right-clicking the Database folder, and selecting All Tasks, Attach Database. IMPORTANT: Whatever method you use to migrate the database, it is imperative that you contact any software vendors that created databases to determine if any machine specific information is contained therein. Examples of this could be UNC paths, machine names, or other information that could adversely impact application performance. .: Post Installation Once you are satisfied that your new server is correctly installed, configured, and all Microsoft components are migrated to the new server, refer to the Application Migration section below for potential techniques in this phase. If you chose the Surrogate Migration, perform a fresh installation of Windows Server 2003 on your old Windows 2000 Server machine. Ensure you refer to the Clean Installation section above for tips. Step through the Surrogate Migration steps to migrate application and Windows settings back to the original server. Finally, demote the surrogate server, by running dcpromo.exe, and remove it from service. Page 18 of 27 .: Application Migration Application migrations vary in complexity. It's best to involve the manufacturer of the software if possible, since they will be aware of any nuances special tools available for use, but this is not always possible. Check the manufacturers’ website, and consult peer groups if possible. Migration could be a simple matter of installing the application onto the new server, ticking a few boxes, and pointing it to the new SQL databases. If there is a client component, it will likely involve changing software settings on the workstations. Some applications are custom Access databases, FoxPro, or similar. These applications will always require the help of the developer because of modifications that typically occur over time, which may adversely affect the migration process. If the developer is not available, or documentation is poor, a fair amount of investigatory work will be in order. This usually involves meticulously combing through the Windows registry for pieces of the installation, exporting those hives to the destination server, copying all of the data files over, and running the program through it's paces, waiting for errors. These errors will be significant clues to missing files that are needed for a successful migration. Diligence will pay of in many cases, making you look like a hero when the application is finally migrated. Many software manufacturers make migration utilities to simplify the migration process. Trend Micro and Symantec integrate tools for their enterprise anti-virus (AV) suites that allow for the copying of configuration and moving managed workstations from one AV server to another. Other techniques might involve capturing screen shots of an applications setting for documenting the setup. Once the new server has the software installed, the configuration settings are then set by hand, referencing said screen shots. Lesser encountered situations of migration issues are custom or legacy applications that require elevated privileges to run. Tools such as Filemon and Regmon, that monitor file and registry usage can help pinpoint possible issues, and isolate the privileged environment [5, from Marcin Polichts’ article “Deploying Windows XP, Application Migration”]. As in all migrations and upgrades, test all applications before assuming they’ll work. .: Conclusion This document sheds more light on the process of server upgrades, and consolidates some of the reference material in one handy location for your next upgrade project. My hope is that you learn that there is more than one approach to this type of project, and while you may not agree everything written, some of it will present value. I know I have learned more about this process, and the value in performing complete research into it before hand. Page 19 of 27 .: References [1] Darryl Peddle, “Coping with a serious data loss from your computer hard drive”, HomeNetworkHelp.info, retrieved 6 Nov 2007 . [2] “Windows Server 2003 Active Directory”, Microsoft Corporation, retrieved 21 Oct 2007 . [3] “Upgrading from Windows Server 2000 to Windows Server 2003”, Microsoft Corporation, February 2003. [4] Daniel Petri, “What do I need to do to prepare my Windows 2000 forest for the installation of the first Windows Server 2003 DC?”, petri.co.il, retrieved 6 Nov 2007 [5] Marcin Policht, “Deploying Windows XP, Application Migration” in Server Watch, 3 March 2005, retrieved 21 Oct 2007 . [6] “Windows Server Catalog of Tested Products”, Microsoft Corporation, retrieved 22 Oct 2007 . [7] “Belarc Advisor – Free Personal PC Audit”, Belarc, Inc., retrieved 31 Oct 2007 [8] “Microsoft Volume Licensing Home Page”, Microsoft Corporation, retrieved 9 Nov 2007 [9] Jack Taugher, VP, Air Technology Services, Brookfield, WI, telephone interview, 26 Oct 2007 1. How long have you been in the IT field? 2. Which was the most difficult server upgrade you've performed? 3. Which was the easiest? 4. What tip would you give someone about to perform an Active Directory migration? 5. Do you have a preference in server hardware, and if so, which manufacturer and why? 6. What legacy application migration insight can you provide? 7. What resources to you commonly use for information? [10]“Windows Server 2003 Resource Kit Download”, Microsoft Corporation, retrieved 7 Nov 2007, [11]SH-SOFT Corporation, retrieved 7 Nov 2007, [12]“User State Migration Tool Download”, Microsoft Corporation, retrieved 7 Nov 2007, [13]Zubair Alexander, McCann Enterprises LLC, “21 Things IIS 6.0 Migration Tool Doesn't Do”, TechGalaxy.net, retrieved 7 Nov 2007, Page 20 of 27 .: Glossary of Terms Active Directory – Microsoft's implementation of LDAP directory services. Cluster – A group of loosely coupled computers that work together in a way that they can be considered as if they were a single computer, typically performing load-balancing, or highavailability. DHCP – Dynamic Host Configuration Protocol. This is a protocol used by network devices to obtain IP addresses, and additional information such as DNS server, routing information, and subnet mask from a DHCP server. DLL – Dynamic Link Library. Files that contain shared library information. DNS – Domain Name Service. Think of this as the phone directory of the Internet. Where your name in the phone directory is associated to a phone number, Domain Name Service associates a domain name like www.google.com to an IP address. FSMO – Flexible Single Master Operations, the acronym that describes the five roles in Active Directory: Schema Master Domain Naming Master RID Master PDC Master Infrastructure Master IP - Internet Protocol is a data-oriented protocol used for communicating data across packet switched network. LAN – Local Area Network. Denotes a small, private network. MBSA – Microsoft Baseline Security Analyzer. Freely downloaded from the Microsoft website. Will scan a target machine, and provide a list of missing patches, known security issues, and detailed instructions on resolving those issues. NetBIOS – Network Basic Input/Output System. Allows applications on separate computers communicate in a LAN environment. OEM – Original Equipment Manufacturer. Paging – The Windows method used for virtual memory allocation. Primary Domain Controller – The server that houses user, group, and machine accounts. RAID – Redundant Array of Inexpensive Disks. These are two or more disks combined using special hardware to appear to be a single logical disk. Provides redundancy, but not designed for data protection. RAID Levels ■ RAID 0 – Data spread across many disks, improving data access. Example: 3 disks of 20GB combined appear to be a single 60GB disk. DANGEROUS: If one disk fails, ALL DATA IS LOST. RAID 1 – Disk A is mirrored to disk B. Highest overhead of all RAID levels, but very redundant. RAID 5 – Data spread across three or more disks, with parity. Highest read rate, medium ■ ■ Page 21 of 27 write rate, high efficiency. RAM – Random Access Memory. RAM is used for storing data in a computer. It is random and volatile, loosing whatever it holds when power is lost. Measurements of RAM are in Megabytes, Gigabytes, and Terabytes. RPC – Remote Procedure Call. A technology that allows execution of remote processes across shared networks, usually on another computer. SAM – Security Account Manager. A database present on servers that store user accounts and security descriptors for users on the local computer. SQL – Structured Query Language. The language used by nearly every database server on the market today, used to retrieve and manage data in relational database systems. UNC – Uniform Naming Convention. A common syntax that describes the location of a network resource, such as a printer, directory or file. WAN – Wide Area Network. Denotes a large network, crossing public networks. The largest and most recognized example of this is the Internet. WINS – Windows Internet Name Service. Microsoft's implementation of NetBios name server on Windows. Page 22 of 27 Hardware Component Serial Port Adapter USB Controller Pointing Device Keyboard Smartcard Reader ISDN Modem DSL Modem Wireless Modem Video Card Monitor LAN Card WAN Device Wireless Device ATM Adapter Printer 1 Printer 2 Printer 3 Printer 4 Printer 5 Scanner Sound RAID Storage Storage Adapters and Controllers Hardware Based RAID (Storage Array) Optical Disk Drive Hard Disk Drive Tape Drives Medium Changer Removable Storage iSCSI Boot Component Bridge UPS Page 23 of 27 Manufacturer Model HCL Verified? Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No Yes Yes No No HARDWARE NOTES Page 24 of 27 Software Name Manufacturer Version Patches or Updates Available? Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No No No No No No No No No No No No SOFT WARE NOTES Page 25 of 27 Workstations Department Asset or Workstation # User Name Special Configuration WORKSTATION NOTES Page 26 of 27 Services Service Name Associated Program Manufacturer Start Method SERVICES NOTES Page 27 of 27
The Smoke and Mirrors of Server Upgrades Prepared by John Croson Contents Introduction ...........................................................................2 Environment Evaluation .......................................................2 Hardware ...................................................................2 Software ....................................................................3 Server Services ..........................................................3 Operating System and Hardware Selection ..........................4 Server Editions ..........................................................4 Server Licensing .......................................................4 Hardware Considerations ..........................................5 Server Selection Tips ................................................6 Server Upgrade and Migration ..............................................7 In-Place Upgrade ......................................................8 Clean Installation ......................................................8 Surrogate Migration ..................................................8 6 – Active Directory Preparation .........................9 7 – Active Directory Installation ..........................10 8 – Data Migration................................................13 10 – Active Directory Migration...........................13 12 – Internet Information Services.......................14 13 – SQL Server....................................................15 Post Installation .........................................................18 Application Migration ...........................................................19 Conclusion ............................................................................19 References .............................................................................20 Glossary of Terms..................................................................21 Page 1 of 27 .: Introduction As time and technology progresses, system administrators find themselves patching software, fixing hardware, installing upgrades, all to avoid the inevitable: THE UPGRADE. This will make management cringe at the expense, users moan that their work day might be disrupted, and system administrators wipe the sweat from their brows realizing their existence for the next 3 to 6 months will be secure. This guide will provide information and tips on Windows 2003 Server upgrades and migrations to include: Active Directory IIS SQL Applications While this is not a definitive guide on the subject of Windows Server 2003 upgrades and migrations, it will provide consolidated information for systems administrators seeking upgrade guidance. .: Environment Evaluation The first phase of any type of migration is to evaluate your environment. In many cases, patch levels, running applications, and services provided are documented, but my not be complete. Depending on your role in the environment, you could be facing a dire situation. Jack Taugher [9, excerpts from interview], a colleague who is an IT consultant was asked to quote a server upgrade. He was provided some information by the potential client, and drew up a quote. However, when he arrived to deliver the quote, he found the server with the front grill open revealing two IDE drives sitting unmounted, stacked in the case. They were the systems sole drives in a mirrored configuration. Upon closer inspection, one had failed without warning, putting this client at great risk of data loss. Jack informed the customer of the situation, and was immediately hired to rectify the situation. This discovery changed the scope of the migration project, and the quotation. Stabilization of the existing server is vital, and an initial evaluation would have revealed this. .: Hardware Whether you find existing documentation or not, a complete evaluation is imperative, especially if you are planning to upgrade the system software on your existing hardware. There are a variety of tools available to inventory the server hardware. Belarc Advisor [7, resource] has an excellent utility for quickly evaluating the hardware, operating system patch status, and even performing a Center for Internet Security benchmark. Additional utilities for hardware evaluation are also provided by OEM support sites. For example, Dell has a utility that automatically probes for the machines service tag number, and provides a detailed list of the original hardware configuration, accompanied by the current hardware configuration. Microsoft provides the Microsoft Baseline Security Analyzer (MBSA) that is useful for testing the patch status of both the server to be retired, and the new replacement. There are also many vendors of enterprise level hardware evaluation utilities. If you plan to upgrade the system software on your existing server, use the hardware inventory to cross reference the Microsoft Hardware Compatibility List (HCL) [6, resource]. Most major manufacturers of server components will certify those components for use with Microsoft Operating Systems. You should use the Evaluation Worksheet addendum for your inventory, or if you are fortunate enough to have an OEM system that is HCL certified, you need not pour through that extensive list Belarc and other utilities produces. Simply record the server make and model, verify it at the Microsoft HCL website, and ensure that any added components since putting the server into service are also HCL compliant. Print the results from your hardware Page 2 of 27 inventory program and attach it to the Evaluation worksheet. It is possible that some components will not be HCL certified. When this becomes the case, check with the manufacturer for driver availability. They are usually available and reliable. If not, many times Microsoft will provide generic driver support for those devices. Check Microsoft's website and failing that, Google it! .: Software The next step in evaluation is the software. Microsoft's MBSA and Windows Update do a fine job of identifying needed updates, but application software is another matter. Some manufacturers will provide a method of checking for updates. Sun Java, Symantec's Live Update, and some Intel components are examples of software that have automatic update features. Others require that you either run a utility from inside the application, or visit the manufacturer's website for downloadable patches. Use page three of the Evaluation Worksheet for recording all third party applications, their version numbers and patch status. Evaluating the workstations and software used that connect to the server is also important. Patches to the server may impact workstations in many ways. Some server applications automatically update the clients; some require that the clients apply the same patch, but the client portion only. Other client/server applications require no patching on the client side. It's important to understand the applications that run on the workstations, and how they interact with the server. Check the workstations in different departments for installed applications. You are more likely to find the greatest differences between departments and their managers, than simply choosing a couple of workstations in the same area being used by people performing similar tasks. Record your findings on page four of the Evaluation Worksheet. Once this is complete, contact the application manufacturer's and inquire about any compatibility issues with their software and your missing Microsoft patches, and the proposed server environment. Lastly, ensure media or a download location is available for these applications. If the resource is a website, download these files for later use. The last thing you need during a server upgrade is missing software. .: Server Services Observe server load during normal operating hours. This will give you an accurate perspective into processor and memory utilization. If you observe abnormally high usage, identify those processes using the Windows Task Manager, Performance Monitoring, SysInternals Process Viewer [5, Marcin Policht points out these, and suggests www.sysinternals.com for free utilities], or other process analyzing utility. Record your results, and use these findings to ensure your hardware selections are appropriately sized, if you plan to replace your existing server. Inventory the running services on your server as many Windows 2000 Servers have unnecessary services running, consuming resources. Disable any unused services, and note those services needed, since the default Windows Server 2003 installation has very few services enabled, unlike Windows 2000 Server. Use Xnetstat, or similar utilities to determine listening ports and the program associated with created the listening socket. They will provide clues to services that may not be listed in the Windows Services Microsoft Management Console (MMC). Some services are run using scripts or other methods upon server startup. Once those programs are located, check the file properties, and research the program. Again, Google is an invaluable resource for locating this information. The Microsoft Management Console can export its contents to a text file; doing so with the service list will render a nicely formatted file, which can be opened in Excel. Simply right-click the Services object in Computer Management, and choose Export List. This can be either a tab delimited or comma separated value export. Attach this list to the Evaluation Table, noting any services not in this export on page five of the Evaluation Worksheet. Page 3 of 27 .: Operating System and Hardware Selection Now that the environment has been documented, your operating system can be chosen. You may also be choosing a new server, if your upgrade plans include one, so hardware needs will also be considered. .: Server Edition Microsoft's Server 2003 comes in a number of editions, based on your needs. Listed below are the editions, along with a brief description of the differences. Windows Server 2003 Web Edition – Primarily used in single server, unclustered web server environments. Will not provide many services necessary in a client/server environment. Hardware limited to 2 processors, and 2 Gigabytes of RAM. Windows Server 2003 Standard R2 – Designed for small to medium sized businesses. Supports up to 4 processors, and 4 Gigabytes of RAM. Provides file, print, and application deployment. Windows Server 2003 Enterprise R2 – Designed for medium to large sized businesses. In addition to providing the same services as Standard, support is expanded to 8 processors, 32 Gigabytes of RAM and 8 node clustering. The 64bit version of this edition increases support up to 1 Terabyte of RAM. The enterprise edition also provides the ability to hot-add supported hardware. This is important in an environment where server downtime is not an option, and allows one to add, install, and configure hardware without shutting the server down. .: Server Licensing Licensing your new operating system can be a bit complicated. First, your existing Windows 2000 Server licenses are not transferable, so you will be required to purchase new ones. To begin, you must first understand the basics of the Microsoft Licensing model: Every installation of Microsoft Server 2003 requires a server license. A Windows Server 2003 Client Access License (Windows CAL) is required to access or use any resource on the server. A Windows CAL is not required for unauthenticated access to the server. An example would be accessing a web site on the server where no identifying credentials are exchanged. A Terminal Server Client Access License is required to use Terminal Services in application mode, i.e. hosting a GUI for remote user access, except for a console session. Some changes that occurred in the release of Windows 2003 Server Edition: The introduction of the Device Client Access License (Device CAL), and the existing User CAL. You can choose to purchase a User CAL for every named user accessing your server, or a Device CAL for each device. TIP: For the best value, use this example when choosing a licensing method. A factory with 20 computers that are utilized by 3 shifts of 200 users should purchase 20 Device CAL's. A company with 20 users utilizing multiple devices like computers, laptops, and mobile devices should choose User CAL's, since the number of devices outnumber the users. The name for Per Seat licensing mode has been changed to Per Device or Per User mode. Per Server mode is the same, and the mode you choose during the operating system installation will be Page 4 of 27 important. Per Device or Per User mode allows each licensed user to connect to multiple servers. Per server allows as many users as you have licenses for to connect to that server. The rule of thumb is if you have one server, choose Per Server mode, if you have more than one server, choose Per Device or Per User mode. There are also different license types: Volume Licensing, Open Licensing, and Software Assurance. Fortunately, Microsoft's online licensing evaluation tool [8, from the MS licensing website, click How To Buy, and at the bottom of the resulting page, click “Find the right licensing program for you” link] works well at asking you what product you'd like to purchase, the number of users or devices connecting. It then determines what licensing you qualify for, and gives an estimate of the cost. I used the tool, and received an estimate of $1200 for Windows Server 2003 Standard R2 with a 25 User CAL pack. .: Hardware Considerations Whatever your decision might be in the way of OS or Licensing selection, you must still plan for the future. If the user load is 25 employees now, but growth is expected in the future, plan your server install accordingly. Hardware selection is also extremely important in terms of expandability. If the business grows in the next 5 years, the server will be required to handle that load immediately, or have upgrade abilities to meet growing needs. If you decide not to upgrade your server, consider these important questions: 1. How important is your server to your day to day operations? 2. Can you operate for one day without it? What about a week? 3. Is your existing server still under warranty, and if so, for how long? 4. Is there an extended warranty available for purchase? The consideration to using existing hardware for a server upgrade can be argued pro and con. My personal opinion is, if you answered “Very” to question number one, “No” to number two, less than one year for number three, and more than 20% of the servers original cost for number four, then it's time to replace your existing server. A study by the accounting firm McGladrey and Pullen [1, from Darryl Peddles’ article] last year estimated that one of 500 data centers will suffer a catastrophic data loss this year. Of those, 50% are expected to go out of business. Considering that fact, the price to pay for a new server is a drop in the proverbial bucket. Another argument from the “Don't be Cheap” camp is this story from Jack Taugher [9, excerpt from interview]. A client owned a Compaq server that was relied on quite heavily, and the warranty was set to expire soon. The customer decided not to renew, since the server was slated to be replaced in six months. Shortly after the expiration of the warranty, a fan failed on the server, causing it to go down, and not be available for use. Normally when a server is under warranty, the process of replacing parts is quite simple; call the manufacturer, and a part is in your hand in four hours. In this case, they waited three days for the fan to arrive, only to find it was incorrect. Another fan was shipped FedEx, installed, and the server was back up and running. The entire process took one week, approximately 7 days longer than they desired to be without the server. Hardware selection should be made carefully. In most cases, if your existing server wasn't overloaded, and is of a typical replacement age ( 3 to 5 years old ), you will likely find yourself purchasing one that is much more powerful, simply because of the advances in technology. Page 5 of 27 .: Server Selection Tips 1. Processor Speed and Type 1.1.This will primarily be determined on the performance of the old server. If utilization on the old server approaches 30% or more, carefully determine the reason. If it is because services and applications are driving the utilization up, and the server contains adequate RAM, a faster processor is in order. 1.2.Dual processors can improve performance dramatically, as well as choosing a 64 bit environment. BENEFITS: Performance and useful life. 2. RAM Considerations 2.1.Double, and if possible, triple the RAM for your new server. BENEFITS: Performance will increase, and ultimately productivity: If your applications run faster, your employees productivity improves, which directly affects the bottom line. 3. Hard Drive Space and Configuration 3.1.Ensure your allocation for drive space is at least twice the size they are now, preferably larger. BENEFITS: Your data growth will increase, preparing for it now saves time and money in the long run. 3.2.Configure your system and data drives in RAID 5, with a fourth used as a hot fail-over. BENEFITS: It's a cost-effective solution, and serves to provide good protection against data loss. NOTE: Some will argue that the system be installed on a pair of drives configured for RAID 1, and three drives in RAID 5. This equals no fail-over drive, and purchasing an additional, fifth drive. Choose your comfort level, and budget accordingly. 4. Tape Drive 4.1.While RAID 5 offers redundancy, it should not be treated as a failsafe method of data storage. Data backups are still imperative. 4.2.Choose a tape drive that is capable of backing up your entire data drive onto one tape cartridge. If your data size exceeds a single cartridge, consider a tape library. 4.3.Consider a backup solution that provides Intelligent Disaster Recovery. These options will typically allow you to recover all your data in a “bare metal recovery” scenario, i.e. All your disks fail, and you need to restore all data to fresh drives. 4.4.Review your current backup scheme. Daily full backups with a five tape rotation are not good practice. A better solution is Grandfather, Father, and Son. Daily, or Son backups, are rotated daily with one graduating to Father once a week. Weekly, or Father Backups, are rotated weekly with one graduating to Grandfather once a month. Monthly, or Grandfather Backups, are rotated out quarterly for off-site storage for disaster recovery. BENEFITS: When your server crashes, and you perform a full restore while your boss looks over your shoulder, you'll thank me. Enough can't be said about expandability and meeting expected server demands when installing a new server. It's far better to over-purchase, than to have to purchase more components later, to extend the usefulness of your investment. Page 6 of 27 .: Server Upgrade and Migration According to Microsoft, there are two methods to migrate and upgrade a server [3, from “Upgrading from Windows Server 2000 to Windows Server 2003”]. They are In-Place and a Clean Installation. I prefer a clean installation in all cases, since in-place upgrades usually always result in issues of some type. This can pose a problem if you choose to keep your existing hardware, since a Clean Installation would require that you recreate your environment from scratch. This is why I have used a “Surrogate Migration” in cases where the source server is the only one in the environment, and experiencing issues. It provides the users in an unstable environment a solid source of server services during a “rescue” attempt. In an ideal situation, you will have a new server purchased from an OEM distributor that has already preinstalled Windows Server 2003 for you. This will eliminate step 2 in the Surrogate Migration, but not the substeps, i.e. 2.1 a, b, and c. In-Place Upgrade onto existing hardware - Performing an in-place upgrade may at first glance be an attractive possibility. Pros: Any existing permissions, users, groups, rights, and windows settings are preserved. Active Directory component upgrade is automated, and most networking services are upgraded seamlessly as well. Applications and files do not need to be re-installed. Any known or unknown issues that reside in software or hardware remain. Cons: Clean Installation onto existing hardware Pros: If you keep your existing server, reformatting the hard-drive may improve performance, and give you a clean environment. You can also modify the hard-drive partitions to better serve the size and number needed to meet your requirements. Migration of Windows components is more time consuming, since they will be manually re-created. All applications will need to be re-installed and re-configured, requiring documenting application settings. Any known or unknown issues that reside in hardware remain in the environment. Cons: Surrogate Migration, back to originating server – This option is used when the complexity of Windows services or other applications must be maintained and tested before removing the source server, or in server emergency situations where an unstable source server must quickly be relieved of it's duties. Pros: In a single-server environment with many users, computers, customized installation deployments, and security settings can be tested and migrated. Benefits from a clean installation. Page 7 of 27 Cons: All applications need to be re-installed and re-configured. Twice. Any known or unknown issues that reside in hardware remain in the environment. .: In-Place Upgrade Performing an in-place upgrade is similar to the Surrogate Migration steps, with exception to step 6, which is not needed. Insert the Windows Server 2003 disk, and if the Windows Server 2003 menu appears, choose to Upgrade to Windows 2003. If not, navigate to the CD drive location in My Computer, and run the autorun.exe application. The process is similar to a fresh installation, with the exception of selecting the Upgrade option at the beginning of the process. The process is approximately as long as a fresh installation. .: Clean Installation Performing a clean installation is similar to the Surrogate Migration steps, with exception to step 6, which is unneeded. At the beginning of the installation process, take the opportunity to review the partitions, choosing a partition method that meets your needs, and reformat all drives to the NTFS file system. Your system drive (usually C:) should be about 20gb in size. .: Surrogate Migration You will need a surrogate machine, so choose something with reasonable speed and drive space, adequate to store the data and applications currently stored on your existing server. Choose a workstation that can handle some load if your upgrade process becomes problematic, and requires more time than the upgrade window provides. You may actually have to use it as a temporary server. 1. Backup - First and foremost, backup your old server, in it's entirety. 2. Install Windows Server 2003 - On the surrogate machine, install Windows Server 2003. Choose the Per Device or Per User licensing model during the installation. Install the following components from Add/Remove Programs, Windows Components after the installation is complete: 2.1.From Windows Components in Add/Remove Programs choose the following: (See Figure 1). Figure 1 Page 8 of 27 a) DNS b) DHCP - Copy settings from the Windows 2000 Server. If this is a complex setup, refer to Microsoft Knowledge Base article, KB325473 for migration steps. IMPORTANT TIP: Make sure that while the retiring server is in use, that this machines DHCP services DO NOT START. Microsoft DHCP service is not very intelligent, and will shut down if it sees another DHCP server on the network. DO NOT ACTIVATE THIS SERVICE. c) WINS 3. Patch Servers - Assuming you checked with the application vendors for patching servers and applications proceed to patch this server, and the Windows 2000 Server to current levels. 4. Time Settings – Ensure both servers are either synchronized to the same Network Time Protocol (NTP) servers, or manually set the time on both machines to the same time. 5. Disable Anti-Virus – Disable any anti-virus programs running on the server, to avoid possible issues during migration. 6. Active Directory Preparation - Before you can install Active Directory (AD) components on this new “server”, you must first prepare the Windows 2000 server by updating the schema [4, screen shots used by permission of Daniel Petri]: 6.1.Insert Disk 2 of the Windows Server 2003 disk set into the Windows 2000 Server that holds the Infrastructure Master FSMO role. If this is a single server environment, then insert the disk. If not, and you are unsure, refer to Microsoft Knowledge Base article KB234790 for instructions. 6.2.From the CD-DRIVE:\CMPNENTS\R2\ADPREP\ directory run adprep.exe /forestprep, where CD-DRIVE is your cdrom drive. Note the output in Figure 2 and 3. Figure 2 Figure 3 6.3.Now that the /forestprep is complete, run adprep.exe /domainprep. The output is very brief, Figure 4: Page 9 of 27 Figure 4 6.4.After running ADPREP command, open %systemroot%\system32\debug\adprep\logs\ADPrep.log, and see if there are error messages that might need to be resolved. 7. Active Directory Installation [2, referenced from the Windows Server 2003 Active Directory website] - On the surrogate server go to Start, Run, and type dcpromo.exe in the run box and clicking OK. This will start the Active Directory installation wizard. The first window will be introductory. Click Next. 7.1.Domain Controller Type - Domain Controller for a new domain, or creating an additional Domain Controller for an existing domain. See Figure 5. IMPORTANT NOTE: If your Active Directory environment has been determined through your investigation to contain errors, you will want to consider creating a new domain. This choice creates more work, but will eliminate the possibility of migrating bad data. Figure 5 7.2.Network Credentials - Enter the credentials of a user that has rights to add this Domain Controller to the domain, and the domain name. Click Next. See Figure 6. Page 10 of 27 Figure 6 7.3.Domain Name – Enter the domain name, or click browse to locate it. Click Next. See Figure 7. Figure 7 7.4.Database and Log Location - Select the defaults, and click Next. See Figure 8. Figure 8 7.5.SysVol Location – Select the default location, and click Next. See Figure 9. Page 11 of 27 Figure 9 7.6.Directory Services Restore Mode Administrator Password – Type it in, document it, and click Next. See Figure 10. Figure 10 7.7.Summary Page – Review the summary, and click Next. 7.8.Configuring – Wait for this to complete. See Figure 11. Figure 11 7.9.Completed – Click Finish. 7.10.Reboot – A reboot is necessary to complete the installation of Active Directory Page 12 of 27 components. 8. Data Migration – Use Robocopy, a free utility from Microsoft provided in the Windows Server 2003 Resource Kit [10, resource], to transfer all files from file share locations existing on the old server to the surrogate server. Set up the file sharing by referring to the old server. Take this opportunity to clean up your logon scripts. There are many great alternatives to batch scripting technology, and allows for simplified advanced configuration techniques. Kixtart is an excellent example of this, with a tremendous peer support group, and excellent documentation. TIP: A quick method for recording a list of existing file shares is to open Computer Management, expand the Shared Folders object, right-click the Shared and choose Export List option to export a list of Shared Folders in text format. Another option is to open a shell window, and type 'net share > c:\shares.txt'. This creates a similar list in C:\, called shares.txt. TIP: There is a free-ware Graphical User Interface to the shell utility Robocopy, found on SHSOFT's website [11, resource], in the Tools section. This greatly simplifies the copy process. 9. Migrate Printers – If your environment is complex, you can use the Printer Migrator v3.1, a free download from Microsoft. If not, install those printers manually on your surrogate server. 10. Active Directory Migration – If you chose to create a new domain, you will migrate all workstations, users and groups to the new domain using the Active Directory Migration Tool v3.0, found on the Microsoft Server 2003 installation disk, in the i386\ADMT folder. 10.1.Requirements for user running tool: a) Administrator rights to source domain, and all computers that will be migrated. b) All computers you plan to migrate must have the administrative shares C$ and ADMIN$ available. c) You must be a member of the local administrators group. d) The source domain must trust the target domain. Set up this trust in the Active Directory Domains and Trusts MMC snap-in. 10.2.OPTIONAL – These steps are not required, but may ease the migration process. a) Create a local group in the source domain, named %sourcedomain%$$$. This group must be empty. b) Turn on Auditing for the success and failure of account management on both domains in the Default Domain Controllers Group Policy. This will aid in any troubleshooting in the event of failures. c) Configure the source domain to allow Remote Procedure Call (RPC) access to the Security Accounts Manager (SAM) by configuring the following registry key on the Primary Domain Controller (PDC) Emulator in the source domain with a value of ‘1’HKLM\System\CurrentControlSet\Control\LSA\TcpipClientSupport. Reboot the Domain Controller after this change. d) You may also choose to migrate passwords by using the password migration DLL: • On the server where ADMT is installed, in a shell window, run 'admt key SourceDomain path [* | password]', without quotes, where ‘SourceDomain’ is the NetBIOS name of the source domain, and ‘path’ is the local location for the exported key file (.pes). Page 13 of 27 • • • • Move this exported file to the new server that should have ADMT installed. Insert the Windows Server 2003 disk in the new server, and run pwmig.exe from the i386\ADMT folder on the CD to install the Password Migration DLL. You will be asked for the location of the .pes file you moved to this server. After the installation completes, you are required to restart the server. To migrate passwords, modify the following registry key to have a DWORD value of ‘1’. HKLM\System\CurrentControlSet\Control\LSA\AllowPasswordExport 10.3.ADMT Failure - If using ADMT fails to migrate the users, groups, and workstations to the new domain, you must create the users and groups by hand, in the Active Directory Users and Computers MMC snap-in, on the new server. You must also join each workstation to the new domain, and use “brute force” methods to retain user profile settings on the individual workstations. Windows XP user settings are typically stored in the C:\Documents and Settings\’UserName’ folder, where ‘UserName’ (without quotes) is the users logon name. Follow the guidelines below for the process. • • • As a domain administrator, log on to the workstation, and join it to the new domain. Reboot the workstation when prompted. Log on as the user that needs their profile migrated. Reboot the workstation, as this will release any file locks in that profile directory. Log in as a domain administrator. Look in the “C:\Documents and Settings” folder for two profiles that match the users login name. The old profile will be named ‘UserName’, or ‘UserName.OldDomainName’. The new profile will be named ‘UserName.DomainName’. Copy all files from old profile directory to new profile directory. You will likely need to take ownership of these files to be successful. Optionally, you may try these tools provided by Microsoft to automate this. I have not used them, so cannot attest to their usefulness. • • Moveuser.exe from the Microsoft Server 2003 Resource Kit [10, resource] will move local user profiles to domain user profiles. This method is documented to have issues at times. Your mileage may vary. User State Migration Tool (USMT) [12, resource] will migrate user states from old XP workstations to new ones. There are many options to choose from, so read the documentation carefully. • 11. DCPROMO - Run dcpromo.exe on the Windows 2000 Server after Active Directory Replication is successful, to remove Active Directory from this server. Check the event logs for information regarding the process. 12. Internet Information Services – The most reliable method to migrate Internet Information Services (IIS) settings is with the shell utility, IIS 6.0 Migration Tool, provided free from Microsoft. The tool transfers configuration data, Web site content, and application settings to a new IIS 6.0 server. 12.1.Additional configuration will be necessary, after using the utility, since these items will not migrate [13, referenced from Alexander Zubair, “21 Things IIS 6.0 Migration Tool Doesn’t Do”]: a) The FrontPage Server Administrator account is not migrated, and will need to be replicated manually. Additionally, web sites with custom security settings pertaining to FrontPage Server Extensions, they will to be configured on the destination server. b) IIS 5.0 Registry Settings – Only settings in the metabase are migrated, not registry settings. Page 14 of 27 c) If any local security accounts were specified to be used in replacement of the Anonymous User, or WAMUser, these will have to be manually created at the new server. d) MIME Types e) Digital Certificates f) ISAPI filters or extensions that do not reside within the migrated content. Additionally, you will have to enable any filters or extensions, since by default none are enabled in IIS 6.0. g) If the Windows installation directory (WINNT, WINDOWS, etc) is different from source to destination, the metabase references to these locations will need to be changed. h) Virtual Site sub-directory's path cannot be changed, only the site root. Ensure destination drives exist, since the tool will attempt to migrate the data to those locations. In the event the destination drive doesn't exist, manually copy the content, and update the metabase. i) Log files. j) Web application DLL's. k) ASP.NET process model settings. l) Files or content that reside out of the web root. m) Databases, and ODBC connections. 13. SQL Server – There are two methods for migrating SQL databases. First, ensure the new server has SQL installed, and running properly. Secondly, ensure both servers are patched to identical levels, and choose one of the methods below for transferring the data. 13.1.Data Transformation Services - The SQL Server database migration is most easily performed with the Data Transformation Services (DTS) in SQL Enterprise Manager. This facilitates the transfer of the database information from one server to another. Using the DTS wizard, one can set up the transfer of a database to another SQL server in minutes. a) Open Enterprise Manager. Expand the server object, and drill down to the databases. Rightclick the target database, and select properties. Right click again, select All Tasks, Export. The DTS wizard appears. Click Next. b) Choose a Data Source – Your default data source, server, database and authentication method will be automatically selected, check them to be sure. Click Next. See Figure 12. Figure 12 c) Choose a Destination – Select the destination server from the Server drop-down box. If the Page 15 of 27 destination database has already been created, select it, otherwise select
- Get link
- X
- Other Apps
Comments