Windows 2000 Network Services

It is assumed that most readers have a solid understanding of Windows NT networking; therefore, most of this chapter focuses on the improvements Windows 2000 delivers. In other words, the focus is on the new features that Windows introduces, and how they can be used to meet your business objectives.

The Foundation: TCP/IP

TCP/IP is an industry standard protocol originally developed for the Department of Defense (DoD) in the 1960's. Since that time, businesses, manufactures, and standard bodies, such as the Internet Engineering Task Force (IETF) , have embraced TCP/IP as the standard for implementing Internet technologies. Windows 2000 implements TCP/IP as the default protocol during the setup process and relies on TCP/IP for most of the functionality of components and services associated with the operating system. These components and services include Active Directory, DHCP, DNS, Internet Information Server (IIS), and WINS. Without TCP/IP, these Windows 2000 services will not operate.

With the widespread use of TCP/IP and the requirement to maintain a unique IP address for each network and each host on the network, IS organizations were presented with a significant management challenge. Network Managers had to maintain unique IP addresses for each device in their network and ensure that these addresses did not conflict with other addresses throughout their enterprise. In large organizations, this was a difficult task, and mistakes would often result in taking down a critical system or application, which affected business operations and productivity. To alleviate such problems, much time was spent maintaining IP standards and a database of IP addresses that associated computers and devices connected to the network with a unique IP address. To lessen the burden of maintaining this data, an industry standard was developed to provide automatic configuration of IP address information. This standard is called DHCP.

In addition to DHCP, Windows 2000 also includes automatic IP address configuration functionality called Automatic Private IP Addressing (APIPA) . In the absence of a static IP address configuration or a DHCP server, APIPA will self-configure the Windows 2000 computer with an IP address from the range of allowable private IP addresses. APIPA will randomly select a unique IP address from the range, 169.254.0.1 through 169.254.255.254, and it will set the subnet mask to 255.255.0.0. This self- configuration greatly simplifies setting up a small home or business network. It is important to note, however, that the IP addresses in this range are not routable on the public Internet. Consequently, machines with IP addresses in this range cannot access the Internet without utilizing a proxy server or a firewall that does network address translation (NAT) .

Windows 2000 DHCP Services

Microsoft adopted the DHCP standard and deployed it with Windows NT Server. This service has been expanded and improved with Windows 2000. The DHCP Server is an installable service that runs on top of Windows 2000 and is based on industry standards as defined by the IETF's "Request for Comment (RFC) 2131" and "Request for Comment (RFC) 2132." Since its introduction in Windows NT Advance Server 3.1, Microsoft has made many improvements and enhancements to the DHCP server.

Windows 2000 Server implements the DHCP server with several key enhancements. One of the more notable enhancements includes integrating DHCP with DNS so that DHCP servers and clients can register themselves with DNS by using the DHCP protocol. With this integration, the DHCP server can act as a proxy on behalf of the client to register both an address resource record (A record) and a pointer record (PTR record) for forward and reverse lookups through DNS. For more information on DNS, please refer to Chapter 8, "Designing the DNS Namespace."

Another important enhancement of the Windows 2000 DHCP server is the addition of advanced monitoring and reporting capabilities. Using the DHCP Manager (an MMC snap-in), Network Administrators can now graphically view statistical data of DHCP through the Simple Network Management Protocol (SNMP) and the Management Information Bases (MIBs) . In this way, a Network Administrator can monitor the status of a DHCP server and determine how many addresses of the available DHCP address pool are available versus depleted or view performance information for the DHCP server in terms of number of leases processed, number of requests, and number of negative status acknowledgement messages (NACK) processed. When certain defined thresholds are reached, the DHCP server sends an administrative alert notifying Network Administrators of yellow or red conditions. For example, a yellow event is when the address pool has loaned 75 percent of addresses in the available range. A red event is when the address pool is completely depleted.

The Windows 2000 DHCP Server also incorporates support for vendor specific option classes and user option classes. For vendors, this means that they can leverage Windows 2000 DHCP servers to implement specific IP configuration options unique to that vendor, such as an option to dynamically flash a network card's BIOS. For users, DHCP scopes can be defined to detect certain types of network clients and then issue different IP configuration options for each client. For example, Windows 95 laptop users without an Active Directory client might need to be configured with shorter lease durations and the IP address of a WINS server. Windows 2000 Professional Desktop users, on the other hand, might require longer lease durations and might not need to use WINS for IP to NetBIOS address translation because Windows 2000 Professional clients can use Active Directory and DNS for this function. The DHCP service in Windows 2000 is able to detect the type of operating system on the requesting workstation and sends configuration information that is appropriate for the client. An important issue to note when designing a DHCP implementation: Some options will not be supported if there are multiple DHCP severs running on multiple operating systems in the environment. There are DHCP servers that run on UNIX and other operating systems that do not support all the option classes in the Windows 2000 DHCP server.

Other Windows 2000 DHCP enhancements include the capability to configure DHCP multicast scopes so that DHCP can be leveraged to configure a group of DHCP clients for videoconferencing, for example. Windows 2000 requires that all DHCP servers on the network be authorized as well. This prevents unauthorized DHCP servers from initializing and issuing incorrect addresses to requesting DHCP clients. With this feature, Network Administrators can eliminate situations where a developer accidentally installs a test DHCP server with a 10.0.0.0 scope that might conflict with other production DHCP servers in the enterprise. Finally, Windows 2000 Advance Server can implement Windows Clustering (based on the Microsoft Cluster Server), which will enable a Network Administrator to configure a virtual DHCP server for higher system availability. If a cluster node fails, users are transparently redirected to the other node in the cluster for IP address configuration—without adverse impact to operations or productivity.

In Figure 14.1, a Windows 98 laptop user, who travels from location to location, establishes a Virtual Private Network (VPN) connection over a shared IP network (ISP) and obtains IP configuration information (Default Gateway, DNS server, or WINS server) from a Windows 2000 DHCP server using a short (three day) lease. Similarly, a static Windows 2000 Active Directory desktop user establishes a LAN connection and receives IP configuration from a Windows 2000 DHCP server using a longer lease duration.

The desktop users are located on a separate subnet within a building, and they need access to network resources and the Internet using TCP/IP. The laptop users need access to corporate information and applications from a remote location. To facilitate proper IP configuration for both user types, the diagram depicts how a Network Architect could design their network to automatically configure and manage their computers using Windows 2000 DHCP services.

There are a number of DHCP deployment considerations when designing your network. These considerations will be explored in the next section. For example, if remote users are located on a small LAN in a remote office that has a 56Kbps frame relay connection to the corporate network, locating a DHCP server close to these users is advised because of potential latency on the WAN network connection and the inability of the workstations to connect to the network if they are unable to obtain an IP address form a DHCP server.

Deploying Windows 2000 DHCP Services

Deploying DHCP in a Windows 2000 environment requires careful planning and consideration. You must account for the quantity and type of computers in your environment; the classification, work habits, and needs of the users who use these computers; and the relative location and access methods of users who access the information and network resources within your enterprise.

DHCP is so important to large IP networks that Network Architects spend as much time considering configuration alternatives as they do designing a backup and recovery strategy. DHCP and its adjacent service, DNS, constitute much of the foundation of a Windows 2000 network. Without a well-designed foundation, the stability and scalability of a network is compromised.

Consider the following situations:

• If a user cannot access the network to retrieve critical information or to run a business application required to place an order because of TCP/IP configuration problems, the entire business process is affected.

• If an administrator or Helpdesk support staff is bogged down with troubleshooting and supporting TCP/IP configuration problems and issues, they are wasting valuable time spent otherwise helping users work through issues running a new business application or preparing next year's budget for a new branch office network upgrade. A properly designed DHCP implementation helps to mitigate this type of situation.

• A server running DHCP in your network fails and client computers attempt to re-register themselves but can't, or they do so from a DHCP server across a slow wide-area link. Planning your network for fault-tolerance (including DHCP and other core Windows 2000 services), prevents your users from being negatively affected by these outages.

In any of these situations, spending effort, time, and money resolving TCP/IP configuration or management issues impacts a business' bottom line. If a Network Architect properly designs a Windows 2000 DHCP environment, deploying and supporting TCP/IP (with all its diverse configuration options and settings) becomes easy and manageable, saving valuable resources for more important business tasks.

Table 14.1 can be used to design your network for deploying Windows 2000 DHCP services. The table identifies key factors that impact a client workstation and then lists design considerations that need to be accounted for when deploying DHCP. When you account for these factors, you will be able to define the number and location of DHCP servers in your network and the configuration options each DHCP scope needs to contain.

Table 14.1. Key Factors to Consider When Designing a DHCP Deploying Network

Factor	Design Considerations
Network Size	Number of computers that need to be configured by DHCP (and those that can't or should not use DHCP).
Network Topology	Type and speed of network connections between users and DHCP servers.
Location	Within a building/floor, across a WAN link in a branch office, or across a dial-up or VPN link from home, a home office, or hotel.
Client Types	Windows 95/98, Windows NT, UNIX, Macintosh, and Novell.
Common DHCP Configuration Options (sample)	Default Gateway (router) WINS Servers (legacy clients) DNS Servers, domain name
Monitoring, Reporting, and Security	Who will be able to add DHCP servers to the network? Who will administer DHCP? Thresholds, alters, and statistics.
DHCP Superscopes	Determine when to use these to avoid DHCP conflicts between a client and multiple DHCP servers.
Reservations	DNS servers, WINS servers, TCP/IP print servers, and UNIX clients that are configured using another method.
Lease Durations	Longer leases for stable networks that have a large address pool (for example, 10.0.0.0). Shorter leases for dynamic networks, or mobile laptop users who move frequently.
Routers	Which routers to configure? BOOTP/DHCP Relay agents and IP Helper addresses this.
Redundancy	Configure scopes to be split among servers (70/30 split).

Using Windows 2000 DHCP services, Network Managers can reduce the time and costs associated with configuring and managing IP hosts. With Windows 2000 and Active Directory, they are able to eliminate situations in which improper IP configurations can cause severe network outages and adversely impact business operations. Windows 2000 DHCP services are an integral part of Windows 2000; all organizations that use or plan to use Windows 2000 should design their networks with DHCP in mind.