A little backup can keep you out of the unemployment line
You can implement availability measures in many ways. A basic means to
ensure that your system can stay up despite a temporary failure is to set up
domains so that you have a Primary Domain Controller (PDC) and a Backup Domain
Controller (BDC) that can take over the PDC's tasks if necessary. To understand
this capability, you need to know about the Security Accounts Manager (SAM) and
the accounts in its database. Then you need to know what PDCs and BDCs are and
how to set them up for availability.
Domains
Domains are logical groupings of Windows NT-based computers that you manage
and administer as a unit. The domain contains a SAM database that tracks user,
machine, and group accounts and each account's rights.
A user account is a record in the SAM database with information about a
particular user in the domain. Each record is approximately 1KB and contains a
unique Security Identifier (SID). The user account consists of five elements.
You assign a unique username to each user. The same username can be in
accounts in different domains, but you can't repeat it in the same domain. The
password, a string up to 14 characters, verifies a user's identity at
login. Then the user can access the network and its resources. A password is not
mandatory, but strongly recommended. The member of groups information
tells which groups the user belongs to. Initialization information,
which is not mandatory, includes the logon script and the home directory
pointer. Account restrictions determine the exact days and hours a user
can access the domain.
Adding a workstation, BDC, or server to a domain creates a machine account
in the SAM. Each machine account takes about .5KB in the database and contains
information such as the machine's name and type (BDC, PDC, server, workstation).
You view machine account information in Server Manager and user account
information in User Manager.
Each new or existing group has a group account that you can categorize as
local or global. Each group account takes about 4KB in the database. This
record's structure is like the user account record.
In a domain, you assign responsibilities to your network servers according
to the type of activity you expect from each server. A server can play one of
three roles in a domain: PDC, BDC, or resource server.
Roles of Servers
The PDC server is the honcho in your network. You can have only one PDC per
domain. If possible, dedicate a PDC to one type of task. PDCs perform best if
they don't share file and printer resources. The User Manager for Domains on the
PDC performs all changes to user security and administration, and the PDC writes
these changes into the SAM user accounts database. Because of this central
administration, you need to add only one account for each user, and each user
needs only one account to log on to the domain.
The BDC server is the network's second in command. If the PDC fails, the
BDC can serve as the PDC. BDCs can authenticate users. You can assign more than
one server as a BDC in a domain, or you can choose to have no BDC. Table 1 shows
Microsoft's recommendations for the ratio of BDCs to user accounts on a network.
A resource server performs special-purpose network services. For example,
you can dedicate a resource server as a database processor, file and print
server, Web server, or application server. A resource server can be a BDC. You
assign a resource server its role when you install NT.
You can promote a BDC to a PDC after you install NT: Double-click the
Administrative Tools icon, and double-click the Server Manager icon; highlight
the BDC you want to promote, and select Promote To Primary Domain Controller
from the Computer pulldown menu.
Availability
Because the SAM contains critical security information, it must be
constantly available. If the PDC fails and you have no BDCs for the network,
users can't access the system until the PDC is back.
This single point of failure is the fast path to unemployment. To avoid
this problem, you need to assign at least one server as a BDC that can
authenticate users and replicate changes across the network. (If you have a
large network and want to exclude the possibility of two points of failure, you
can designate more than one server as a BDC.)
Because replicating a database across a network can increase traffic, NT
3.5x copies only SAM changes to the BDCs. The entire process takes about
2KB to initialize the transmission and up to 1KB per user.
The PDC can replicate changes to up to 10 BDCs at a time. The
ReplicationGovernor setting in the Registry lets you determine the amount of
replication traffic and the frequency of replications. These and other
replication settings are on the BDC under the key \hkey_local_
machine\system\currentcontrolset\
services\netlogon\parameters.
By default, the PDC sends a pulse to the BDCs every five minutes. The pulse
contains information that lets the BDCs determine whether the SAM has changed.
If so, the BDCs ask the PDC to send these changes. How much information the PDC
sends at one time depends on the Registry settings (the PDC default is to send
changes in 128KB segments to the BDCs).
In a large network, sending changes every five minutes can take substantial
bandwidth. How often you replicate SAM changes depends on how many changes occur
in your network's account database, how urgently the BDCs need to implement the
changes, and how large your network is.
For the fastest authentication, place the BDCs near the users. They can
have trouble accessing the domain if you have an unreliable, slow-speed link to
a central office. Users can also experience delays logging in to the network as
the information passes along a slow link. A better way to provide access to your
domain is to put a BDC at the remote office and authenticate users locally.
Your organization's size determines the best way to handle domains.
Organizations with 50 or more servers and varying security needs typically have
several domains, several PDCs, and many BDCs and resource servers. Replication
timing can be tricky if a large organization has locations around the world (and
differences in time zones).
Midsized organizations have between five and 50 servers. As in large
organizations, you need to strategically place BDCs to minimize the impact of
authentication on network traffic, and you need from one to five BDCs.
Small organizations have between one and five servers. At least one needs
to be a PDC, and at least one needs to be a BDC. Often a BDC is also a resource
server.
For more information about domains, see the sidebar, "Microsoft
Resources," and Alex Pournelle, "NT Security Setup with Windows for
Workgroups," on page 105. Also, see Mark Minasi, "Domains and
Workgroups" (Windows NT Magazine, April 1996).
Microsoft Resources
Microsoft provides an excellent white paper, "Microsoft
Windows NT Server 3.5/3.51: Domain Planning for Your Enterprise." You can
download it at http://www.microsoft.com/NTServer/enter.htm or find it on the
November 1994 or later TechNet CD.
If you don't have Microsoft's TechNet CD but want to see a sample, visit
Microsoft's TechNet Web page at http://www.microsoft.com/technet. To buy the
full CD version, call 800-344-2121 in the US. It's well worth the cost.
The Windows NT Resource Kit 3.51 contains a domain planning utility for
designing the ideal domain. To see Microsoft's vision for domains or directory
services, you can download information at
http://www.microsoft.com/backoffice/reading/ds_strat.htm.