|
The success of an infrastructure-migration project depends on
careful planning combined with meticulous execution. You need to start
by defining the scope of the project so that you know where you want to
end up. Then you need to lay out a project plan that involves pilot
testing to familiarize yourself with the new platform and to identify
any potential issues that might arise during the migration process. A
thorough assessment of your existing environment is also necessary to
ensure there are no surprises coming. A methodology needs to be
developed to migrate existing servers and roles. Finally, once the
migration is underway, continued testing needs to be performed to ensure
everything is happening as planned.
Migration projects involving servers can be categorized in a
number of ways, depending on whether you are deploying a new
infrastructure, upgrading or consolidating an existing infrastructure,
or implementing a new infrastructure model such as cloud computing. In
addition, migrations can differ depending on whether or not you are
migrating your entire infrastructure or only portion of it; whether
you plan on re-using existing hardware or moving to new hardware;
whether your environment is managed or unmanaged; whether your
existing infrastructure is large or small, centralized or distributed,
heterogeneous or homogeneous; and many other factors.
With so many different ways of envisioning and scoping
infrastructure-migration projects, it’s obvious that there is no
single approach to how such projects should be planned and executed.
However, there are some steps and considerations that are common to
all migration projects, and being aware of such best
practices and implementing them can help ensure the
project’s success.
I’ll begin by describing the following six possible migration
scenarios for organizations that want to take advantage of the new
features and capabilities found in Windows Server 2012:
-
Greenfield -
Forest upgrade -
Mixed environment -
Server consolidation -
Private cloud -
Public cloud
Note that other migration scenarios are also possible—for
example, by combining two or more of the following scenarios to create
hybrid scenarios.
In terms of infrastructure, a greenfield
deployment is one where no infrastructure currently exists. For
example, let’s say that Contoso, Ltd. is a new company starting up
that needs an on-premises infrastructure deployed for its rapidly
growing workforce. A greenfield deployment of an infrastructure
based on Windows Server 2012 might include steps like these:
-
Designing, acquiring and implementing the underlying
network infrastructure of switches, routers, access points, and
other networking hardware. -
Designing the Active Directory environment using the
guidelines and best practices found in the AD DS Design Guide at
http://technet.microsoft.com/en-us/library/cc754678(v=WS.10).aspx. -
Purchasing system hardware that has been certified for
Windows Server 2012. -
Performing a pilot deployment to determine whether the
planned infrastructure will meet your business needs and to
anticipate any possible problems that might arise during the
rollout. -
Rolling out your production infrastructure using whatever
deployment tools you’ve decided to use.
The main advantage of a greenfield migration is that it gives
you the opportunity to get it right from the start. On the other
hand, businesses are always evolving and are rarely static, so even
if you carefully plan for future growth you might still be faced
with challenges in evolving your infrastructure to address events
such as mergers, acquisitions, and spinoffs of business units. And
as a reality check, most readers of this Training Guide who are
looking to upgrade their job skills are likely to be working at
companies that have one or more existing Active Directory forests in
place and are contemplating migrating them to Windows Server 2012,
which is what the next migration scenario is about.
Note
REAL WORLD Migration from
scratch
In one sense, it might seem strange to call a greenfield
deployment a “migration.” After all, how can you migrate from
something that didn’t previously exist? However, the underlying IT
infrastructure of most new businesses generally isn’t one that
starts from scratch but instead evolves, rapidly or slowly, until
a decision is made to settle on a specific infrastructure model
and implement it using a formally agreed-upon process.
For example, the founders of Contoso, Ltd. might have
started up their business in the garage of one of their homes and
used free Google Apps running on Apple MacBook laptops via a
neighborhood WiFi connection to do all their initial planning,
accounting, and communications. Once they leased offices and hired
several dozen employees, however, they might decide that it makes
business sense for them to deploy an infrastructure that
centralizes the management and ensures the security of their IT
resources. Depending on how they foresee their business evolving,
they might decide to either deploy a new Active Directory forest
on-premises, implement a private cloud solution, or use a public
cloud service provider.
Administrators of Active Directory environments have
traditionally been cautious, or even paranoid, about performing
schema upgrades using the Adprep.exe command-line utility. With the
release of each new version of Windows Server comes a new schema
version as well, and in the past, the task of introducing domain
controllers running the new version of Windows Server into your
existing Active Directory environment has required that you first
prepare your forest by upgrading the schema. The reluctance that
administrators have toward performing such upgrades is based largely
on three concerns:
-
The process of upgrading a forest schema using Adprep was
often a cumbersome one on previous versions of Windows Server
and involved using a variety of different credentials to log on
to specific domain controllers, copy Adprep files, and run
Adprep from the command line with various parameters. The more
complex the process, the greater the chance is of an error
occurring. -
There was the possibility that something might go wrong
during the schema upgrade process, resulting in a corrupt forest
that requires you to perform a forest recovery, which can be a
difficult and time-consuming process. -
There was the possibility that the schema upgrade might go
off well but result in side effects, such as enterprise
applications that break and no longer function properly.
The recommended approach to avoiding such problems is to
create a test environment that mirrors your production environment
in terms of its Active Directory schema, network services, and
business applications. By upgrading the schema of your test forest
using Adprep, you can then better anticipate any problems that might
arise when you upgrade the schema of your production forest.
Clearly, these are not trivial concerns when your job as
administrator is potentially at stake. So before you perform a
forest upgrade, you need to be well prepared—for example:
With Windows Server 2012, however, Microsoft has endeavored to
alleviate many of the concerns administrators often have about
performing forest upgrades. For example:
-
Adprep functionality is now integrated into the Active
Directory Domain Services (AD DS) installation process. In most
cases, this now eliminates the need to separately run Adprep
prior to introducing domain controllers running the new version
of Windows Server. -
The new AD DS installation process includes prerequisite
validation to identify potential errors before installation
begins. For example, if the installation process determines that
adprep /domainprep needs to be
run to prepare the domain, verification is done first to ensure
that the user who initiated the process has sufficient rights to
perform the operation. -
The Windows Server 2012 forest functional level does not
add any new features to a forest and ensures only that any new
domain added to the forest will automatically operate at the
Windows Server 2012 domain functional level. -
The Windows Server 2012 domain functional level adds only
one new feature to a domain. This new feature relates to Dynamic
Access Control (DAC) and therefore is unlikely to affect any
existing applications and services in your environment.
Despite these improvements to performing schema upgrades and
raising forest and domain functional levels, careful planning and
due care should be performed when completing these tasks.
Important
Forest upgrades and functional levels
After upgrading your schema, you might want to raise your
forest and domain functional levels. As a best practice, follow
these practices:
-
Before changing your forest functional level, take at
least one domain controller offline from each domain in your
forest. -
Before changing the domain functional level of any
domain, take at least one domain controller offline from the
domain.
In both cases, you should make sure that the domain
controllers you take offline do not hold any flexible single
master operations (FSMO) roles in the forest or domains.
Keep the domain controllers offline for 48 to 72 hours after
changing functional levels; if no issues are found, you can return
the offline domain controllers to service. If issues are
discovered, however, you can use your offline domain controllers
as the source for rebuilding servers if a rollback to a previous
functional level is required.
As you saw in the previous migration scenario, existing
businesses that want to take advantage of the new capabilities of
Windows Server 2012 can do so without ripping out their
infrastructure and replacing it with a new one. All they need to do
is introduce servers running Windows Server 2012 into their
environment and promote them as domain controllers. Doing this
automatically upgrades the schema, and administrators can raise the
forest and domain functional levels to Windows Server 2012 with
minimal fear of it having a negative impact on their existing
applications and services. Of course, regardless of this, you should
still be sure to first test your schema upgrade and functional level
changes in a test environment that mirrors your production
environment just to make sure there will be no issues that might
impact your business.
But some new features of Windows Server 2012 can also be
implemented into existing Active Directory environments without
making significant changes to the existing forest, such as upgrading
the schema or raising the forest or domain functional levels. An
example where this might be done is when deploying new DHCP servers
to take advantage of the new DHCP failover feature of Windows Server
2012 that ensures continuous availability of DHCP services to
clients.
The introduction of member servers running Windows Server 2012
into an Active Directory forest based on an earlier version of
Windows Server results in a mixed environment of servers running
different versions of Windows. By not introducing new domain
controllers in Windows Server 2012, administrators can continue to
manage their environment using existing tools and processes.
Although this seems like a simpler and less risky approach than
upgrading your forest as described previously, there are several
disadvantages to following this migration approach:
-
Some new features and capabilities of Windows Server 2012
can be implemented only when your Active Directory environment
includes domain controllers running Windows Server 2012. These
features might not work at all, or have only limited
functionality, when your Active Directory schema hasn’t been
upgraded to Windows Server 2012. In general, information about
such limitations might be buried in the TechNet Library
documentation for Windows Server 2012, which means you need to
do some research before you try deploying Windows Server 2012
member servers with roles and features installed in your
existing Active Directory environment. -
Some of the server administration tools built into Windows
Server 2012 and included in the Remote Server Administration
Tools (RSAT) for Windows 8 have limited or no functionality when
managing servers running previous versions of Windows Server. Or
you might have to install additional updates on servers running
previous versions of Windows Server in order to manage them
using the Windows Server 2012 server administration tools or
RSAT for Windows 8.
So while rolling out a few Windows Server 2012 member servers
with a few roles and features installed might seem like a good idea,
and less risky than performing a forest upgrade, the gains you
experience from following this approach might not balance against
the effort involved.
Server consolidation involves using
virtualization to consolidate multiple server workloads onto a
single virtualization host. Although server consolidation can help
an organization improve server utilization and reduce costs, it
isn’t generally considered a migration scenario.
With the greatly increased scalability of the Hyper-V role in
Windows Server 2012, however, some businesses might be able to
migrate much or even all of their existing Active Directory
infrastructure based on a previous version of Windows Server and run
it on a cluster of Hyper-V hosts running Windows Server 2012. In
other words, they can migrate their existing physical servers into a
virtual environment.
Cloud computing provides organizations with new options to
increase efficiencies while reducing costs. The traditional
data-center approach, where the organization deploys and manages its
own Active Directory infrastructure on-premises, has known stability
and security, but the infrastructure servers involved often run at
less than 15 percent utilization. Virtualizing the data center by
using server consolidation can increase utilization, reduce cost,
and simplify management, but this approach lacks the elasticity to
rapidly meet changing demands as your business grows or experiences
market changes.
Cloud computing can simplify management and reduce cost even
further while providing elasticity and the perception of infinite
capacity for the IT services your business uses. Cloud resources are
pooled so that they can be allocated on demand as the needs of the
business grows or shrinks. If additional resources are needed, they
can be provisioned without the need for extensive planning and
testing beforehand.
Cloud computing can be provisioned according to three possible
service models:
-
Software as a Service
(SaaS) The cloud is used to deliver an application to
multiple users, regardless of their location or the type of
device they are using. Compare this model with the more
traditional approach of deploying separate instances of
applications to each user’s PC. This approach is typically is
used to deliver cloud-based applications that have minimal need
for customization. Examples include email, Customer Relationship
Management (CRM), and productivity software. The advantages of
this approach are that application activities can be managed
from a single central location to reduce cost and management
overhead. An example of a SaaS offering from Microsoft is Office
365, which provides users with secure access from anywhere to
their email, shared calendars, instant messaging (IM), video
conferencing, and tools for document collaboration. -
Platform as a Service
(PaaS) The cloud is used to deliver application
execution services, such as application run time, storage, and
integration for applications designed for a prespecified,
cloud-based architectural framework. This allows you to develop
custom cloud-based applications for your users with secure
access from business, which you can then host in the cloud so
that your users can access them from anywhere over the Internet.
PaaS also lets you create multitenant applications that multiple
users can access simultaneously. With support for
application-level customization, PaaS allows integration with
your older applications and interoperability with your current
on-premises systems, although some applications might need to be
recoded to work in the new environment. An example of a PaaS
offering from Microsoft is SQL Azure, which allows businesses to
provision and deploy SQL databases to the cloud without having
to implement and maintain an in-house Microsoft SQL Server
infrastructure. -
Infrastructure as a Service
(IaaS) The cloud is used to create pools of computer,
storage, and network connectivity resources, which can then be
delivered as cloud-based services billed on a per-usage basis.
IaaS forms the foundation for the other two cloud service models
by providing a standardized, flexible, virtualized environment
that presents itself as virtualized server workloads. In this
approach, the organization can self-provision these virtualized
workloads and customize them fully with the processing, storage,
and network resources needed and with the operating system and
applications needed. The organization is relieved of the need to
purchase and install hardware and can simply spin up new
workloads to meet changing demand quickly.
In the context of Windows Server 2012 migration scenarios, the
cloud service model under consideration here is the IaaS model,
which can be implemented by using the Hyper-V role of Windows Server
2012 together with Microsoft System Center 2012 SP1. When IaaS is
implemented in such a way that the customer controls the cloud, the
solution is called a private cloud. There are
several ways a private-cloud solution can be implemented by an
organization:
-
By having the customer build and host the private cloud in
its own datacenter using Windows Server and the System Center
family of products -
By having the customer purchase a dedicated private cloud
appliance with Windows Server and System Center preinstalled and
configured -
By having a partner company host the customer’s private
cloud
Migrating an organization’s existing Active Directory
infrastructure into a private-cloud sourcing model can be
straightforward or complex, depending on a number of different
factors. Because of this, it’s useful to enlist a Microsoft partner
to help you design and implement a solution that meets the needs of
your organization. If you want to explore the private-cloud option
further, there are several places you can start:
-
You can download private-cloud evaluation software from
Microsoft and deploy it in a test environment. At the time of
this writing, this offering uses Windows Server 2008 R2 SP1 and
System Center 2012, but by the time you read this, Microsoft
might have upgraded the offering to Windows Server 2012 and
System Center 2012 SP1. -
You can purchase an IaaS private cloud with a prevalidated
configuration from server partners in the Microsoft Private
Cloud Fast Track program. These offerings combine Microsoft
software, consolidated guidance, validated configurations from
original equipment manufacturer (OEM) partners, and other
value-added software components. -
You can use the Microsoft Pinpoint site to find a partner
in the Microsoft Private Cloud Service Provider Program who can
host a dedicated private cloud for your organization.
The private cloud is one of several cloud-sourcing models that
organizations can consider. Another approach is using a public
cloud, which is where a hosting provider maintains a shared cloud
that provides a pool of services that can be used by multiple
customers. It’s important in such a model that each customer’s
environment be fully isolated from that of other customers to ensure
security, and Windows Server 2012 includes new virtualization
technology that enables secure multitenancy for hosting scenarios
like this.
Public-cloud hosting providers generally
focus on delivering SaaS solutions that allow them to deliver
applications to customers so that the customer can focus on solving
business problems instead of managing infrastructure.
|
