Windows Server 2003 on HP ProLiant Servers : Migration Case Studies (part 3) - Hewlett-Packard Company

Hewlett-Packard Company (HP)

To describe this migration, we have to go back prior to HP's merger with Compaq. Compaq had nearly completed its migration from Windows NT to Windows 2000 when the merger took place. HP, on the other hand, was still in a Windows NT environment in the midst of finalizing its own plans to migrate to Windows 2000. Further, Compaq wanted to draw a tighter connection between the domain infrastructure and the mail and messaging structure, and its migration included migration to Exchange 5.5.

Compaq's Windows NT environment, due to its acquisition of Digital Equipment Corp, Tandem, and others, consisted of 13 master user domains, and about 1,700 resource domains. The company spent considerable time designing the Windows migration and the infrastructure to support a Windows 2000 environment. The new domain structure was a single forest, with a single domain tree, including a single parent—cpqcorp.net—and three child domains—Americas.cpqcorp.net, asiapac.cpqcorp.net, and EMEA.cpqcorp.net. Figure 7 shows the dramatic change from the Compaq Windows NT structure to the new Windows 2000 structure.

Figure 7. Compaq collapsed its 13 Windows NT master user domains and more than 1,500 Windows NT resource domains into a single placeholder domain and 3 child domains with a 3-level OU structure.

The DNS structure is an interesting study. Starting as many companies do, with a UNIX BIND DNS, Compaq decided on a couple of points for the new namespace:

• The Windows 2000 namespace was to be cpqcorp.net.

• The company would not permit dynamic registrations on the BIND server because it didn't want to maintain dynamic records on the root server.

• The BIND server would not dynamically register host records from the Win2K forest.

To accomplish these three goals, Compaq created a Windows 2000 DNS and had the BIND server delegate the _msdcs, _sites, _tcp, and _udp zones to a Windows 2000 DNS. The BIND server then delegated the Americas.cpqcorp.net, EMEA.cpqcorp.net, and AsiaPac.cpqcorp.net zones to DNSs for each of those domains, as shown in Figure 8.

Compaq employed a restructure migration method. The company built the 4-domain structure, set up the OU structure, defined policies, and so on prior to any live data (users, and so on) being introduced into the domain. Using a third-party migration tool, Compaq then migrated the user accounts from the 13 Windows NT MUDs to the appropriate geographical domain.

Resource Domain Migration

The 1,700 or so resource domains were migrated with two primary goals in mind:

• All resource domains would eventually be collapsed into various OUs in the Windows 2000 forest, unless there was a critical technical or business need that dictated otherwise.

• Member servers of resource domains would be upgraded to Windows 2000 whenever possible.

The mechanisms used for migration of nearly 1,700 resource domains varied. For instance, a large number of Windows NT resource domains existed purely for improving browsing performance and providing a home domain for desktop systems. In these cases, the servers were joined to the appropriate domain in the forest and their DCs were retired. Domains that supported file and print services consisted of all DCs. In those cases, Compaq either upgraded the hardware and used the servers in the new Windows 2000 domain, or if the hardware was not worth upgrading, Compaq transferred the data and retired the server. Because all servers were DCs, to move them to the Windows 2000 domains, Compaq used the Upromote utility (a third-party utility that allowed demotion of Windows NT 4.0 DCs) to demote the DCs. They were then upgraded to Windows 2000 and joined to the appropriate Windows 2000 domain. This continued in each resource domain until no more DCs were left, destroying the domains.

Domains that hosted infrastructure servers, such as DNS and DHCP, had their servers retired as their function was taken over by other Windows 2000 servers, eventually collapsing those domains. Finally, domains that hosted application services were handled on a case-by-case basis, upgrading or retiring the servers based on the life expectancy and cost of upgrade versus cost of the new hardware, or as a natural consequence of server consolidation, application retirement, and other factors.

In this process, hundreds of servers were retired. They were distributed to other organizations that used them for departmental file and print servers, lab machines, and so on. Even if servers are at the end of useful life for your production infrastructure, they still have many years left for other organizations in the company that could use them for

• Departmental file and/or print servers

• Departmental Web servers

• Lab machines

• Test machines for developers

• Training Labs

• Help Desk labs for problem reproduction

• Work-from-home employees. Servers that have a gigabyte of memory, combined with a virtual server product, such as VMWare Workstation or Microsoft's Virtual PC, can use these machines to host multiple virtual servers on one piece of hardware, saving on space, power bills, hardware maintenance, and so on and allowing the user to build an infrastructure on one server.

User Migration

Compaq divided the nearly 90,000 users up into stages and developed a Web application for the users to use to do their migration. The users would get an e-mail from IT giving them a certain period of time to go to this Web site, fill out the form, and then take steps to migrate their desktop machines. The user migration took more than two years.

When HP acquired Compaq, the decision was made to migrate the HP user accounts and adopt the Compaq namespace, Cpqcorp.net, because HP was still using a Windows NT domain structure at the time. Of course, the cpqcorp.net name didn't reflect HP, so at the time of this writing HP is considering doing a Domain Rename. To make the user migration as simple as possible and realizing a huge potential for duplicate names, HP decided to append a number to the actual user account names of all the premerger HP accounts, so JBloe became JBloe-1. Resolving friendly names was as before, appending some distinguishing characteristic such as the site code, the organization the user belonged to, and so on so they could be distinguished in the Global Address List (GAL).

Compaq's Exchange 2000 organization and HP's Exchange 5.5 organizations were connected using Simple Mail Transfer Protocol (SMTP) routing, along with the necessary network routing so that the day the merger was finalized, all employees from both companies showed up in the GAL and could send and receive e-mail. After all mailboxes are moved, the premerger HP Exchange 5.5 organization will be decommissioned and all employees will be able to share calendar information, share free/busy information, delegate mailbox access, and access the same set of Public Folders.

Migration to Windows Server 2003

As a member of Microsoft's Joint Development Program (JDP), HP had been testing Windows Server 2003 and found some exciting features that were so compelling, a business justification was never performed. 

Having tested Windows Server 2003 beta and working closely with Microsoft, HP deployed Windows 2003 RC1 on production DCs in October 2002, and then RC2 (the final beta release before RTM). By February 2003, all 154 production DCs/GCs were upgraded to Windows Server 2003, and 57 member servers running VPN, Remote Access Service (RAS), Exchange, and Windows Internet Naming Service (WINS) were upgraded to 2003 for the largest Windows Server 2003 deployment outside of Microsoft. By early March 2003, all domains were raised to functional level Windows Server 2003 (native) and then the forest functional level was raised as well.

The interesting point is that HP was running Windows Server 2003 on production DCs with beta code. Keep that in mind if you wonder if Windows Server 2003 is stable or if you need to wait for the first Service Pack.