Agencies Slow to Open Windows 2000

By Heather HayesFor more than a year, federal agencies have anticipated getting their hands on Windows 2000, Microsoft Corp.'s latest operating system. But despite a much-ballyhooed launch of the product in early February, few government organizations have rushed to adopt the new platform. In fact, most are taking an admittedly cautious approach, according to federal officials and industry observers, despite the addition of more stability, scalability and security than found in its predecessor, Windows NT 4.0.Although the federal government often lags behind commercial entities in putting new products to work, such dallying, in this case, turns out to be less about budgets and bureaucracy and more about prudence and practicality.Windows 2000 includes four different versions: a client system known as Windows 2000 Professional for desktops and notebooks; and three server systems, each with incrementally increasing levels of processing power and memory. It is feature-rich but incredibly sophisticated and complex to implement."Lots of people are under the misconception that because it's a Microsoft product, you simply take it out of the box and implement it," said Rick Distasio, vice president for network and system integration systems with Compaq Computer Corp., a Microsoft partner with federal offices in Reston, Va. "But with this system, if you haven't done your design work and your planning work to understand the requirements and how to set them up, you end up having a problem that costs you money to fix."Even by Microsoft's count, most federal agencies are taking an unhurried approach to Windows 2000, and company officials encourage agencies not to jump too quickly."Planning is critical with Windows 2000," says Sean Murphy, technology specialist manager for Microsoft Federal in Washington. "There are a lot of interdependencies, and layer 1 has to be planned and implemented before you can go to layer 2 or layer 3, and so forth. There's a wealth of complexity that customers will need to look at."George Molaski, chief information officer of the Transportation Department, said the product's new features are intriguing, and that he is testing the client version of Windows 2000 himself. Still, the agency is in a wait-and-see mode. "I've actually found the system to be quite stable, but, quite frankly, there's no overarching reason that has been called to my attention to become an early adopter," he said.Such wariness likely will result in a windfall of opportunities for consultants and systems integrators familiar with the product, according to Dan Kusnetzky, program director for operating environments and serverware at International Data Corp., a market research firm in Framingham, Mass."This is not something that people will initially want to go at alone," he said. "Although Windows 2000 is an outgrowth of Windows NT 4.0, people should not be thinking 'because I know NT, I know this.' Windows 2000 is very, very different, and people will create difficulties for themselves by not being very careful."XXXSPLITXXX-By Heather Hayes"Not surprisingly, nobody really wants Version 1," said Bob Donovan, general manager for the federal division of Data General, a systems integrator in McLean, Va. "But most of our customers are extremely excited about what Windows 2000 has to offer. We expect most civilian agencies to move within six months, and military agencies in about a year."In fact, a few government organizations are on their way to becoming early adopters, including the National Credit Union Administration, NASA, the Standard Systems Group at Gunner Air Force Base in Montgomery, Ala., and Fort Huachuca Army base in Sierra Vista, Ariz.There are plenty of good reasons for the federal government to like this product. Observers say the desktop system is considerably more reliable, more robust and more stable than Windows NT 4.0. Also, it provides better support for mobile users in the way of power management, plug-and-play, hardware support for more than 7,000 devices, and automatic file synchronization with the enterprise network."We expect there will be significant cost reductions in the way of maintenance and customer handholding with Windows 2000," said Molaski, who said that the relative instability of Windows 98 caused an inordinate amount of help-desk calls.The server systems, meanwhile, are much more scalable than Windows NT. Windows 2000 Server, the baseline product, scales to the same level as NT 4.0, with four processors and four gigabytes of RAM. The Advanced Server, however, goes a step beyond, with twice as much processing and memory support and two-node clustering capability for fail-over and network load balancing. And Windows 2000 DataCenter, a product that will be available this summer, scales to 16 processors."One of the things that federal customers told us very clearly is that they wanted a version of Windows NT that would scale from the smallest device all the way up to the largest system," Murphy said. The DataCenter product is being positioned to compete with hard-line enterprise servers, such as Unix, Solaris and Linux, "and that's exactly what we've delivered," he said.What has grabbed the attention of federal agencies, however, are new security features, such as public key infrastructure (PKI); Kerberos, an authentication protocol; enough encryption to make the platform compliant with the Federal Information Processing Standard 140-1; and the Active Directory, which gives organizations the ability to apply standardized business rules to distributed applications and network resources without requiring administrators to maintain a variety of specialized directories.Richard Weddle, acting manager for systems integration development support at the IRS Testing and Evaluation Center in Martinsburg, W.Va., said the Active Directory offers the greatest boon to his agency, which likely will begin migrating the product within six months."The biggest problem with NT 4.0 was the size of the accounts database, which could only handle about 40,000 users," he said. "The thing that drew us to Windows 2000 was its reported scalability for an enterprise. We're hoping a single domain will scale to handle 100,000 to 112,000 users. If it will do that, it would give us a single user contact, a single security contact and a single environment manager that allows us to delegate administrative responsibilities down the organization."Distasio agreed that the Active Directory offers a great advantage for its federal customers. "It enables distributed systems to now link into legacy systems, automatically solving some integration problems, and allows you to do interactive collaboration," he said. "For example, it gives users the ability to see something that they're talking about over the Internet and to collaborate real time. That level of collaboration is quite exciting."However, the Active Directory is cause for concern for many agencies that now use other Domain Name Services (DNS) products, including the Army. According to Tom Leahy, deputy product manager for the small computer program at Fort Monmouth, N.J., the Army has delayed implementation because of concerns about whether its protected DNS system will work with the Active Directory. "The biggest headache about this thing is determining what we should be setting up and how it's going to work," Leahy said. "There are a lot of interdependencies that have to be planned for."XXXSPLITXXX-By Heather HayesThe Active Directory, in fact, presents perhaps the largest headache when it comes to migrating to the new operating system. Many of the problems stem from the fact that Microsoft has turned on many of the new features by default, Kusnetzky said."Some of these defaults demonstrate that Microsoft is trying to push its new technology and didn't think about compatibility with networks that currently exist," Kusnetzky said. The Active Directory has more than 387 different options to choose from, "and if a person doesn't know what's been turned on by default, you can find yourself in a situation where Windows 2000 comes in and immediately tries to take over the network," he said.The Active Directory also has some compatibility issues with other DNS systems that must be worked out beforehand. The Microsoft service can work with a dynamic DNS, for example, but there are older, Unix-based DNS systems many federal agencies use that probably will not work with it. Murphy said Windows 2000 does allow older Unix-based DNS to act as a kind of subdomain to Active Directory, but again, configuration planning must be done upfront to ensure that it works properly."You've really got to have a solid understanding of what you're trying to do with Active Directory, and then plan your DNS appropriately to support it," Murphy said. "That's a concentrated effort that has to be taken together."The security features also present interdependencies that need to be thought through before implementation begins. For example, the PKI must be designed first so that the platform's Internet protocol security feature can sit on top of it.XXXSPLITXXX-By Heather HayesFortunately, migration to Windows 2000 can take place incrementally. Many federal customers likely will move their client systems first before tackling the back end and the complexities of the Active Directory and security features, according to Phil Neray, vice president of marketing for On Technology, a Waltham, Mass., network solutions provider that has a Windows 2000 migration management product.Ultimately, the key to success will not be when or in what stages the migration takes place, but how much upfront planning is put into it. "We're definitely planning on working with an integration partner," said Weddle. "This thing is just so much different than Windows NT. You really have to throw out your existing infrastructure, because that is no guide for implementing Windows 2000. So you need somebody with a lot of experience and knowledge ? as well as an objective opinion, so they won't be skewed by what you already have in place."XXXSPLITXXX-By Heather HayesInternational Data Corp. predicts that the federal government will adopt Windows 2000 in greater numbers but at a slower pace than the rest of the business population. The following represents the results of a February 1999 survey of 708 respondents: Source: International Data Corp.XXXSPLITXXX-By Heather Hayes"The Jazz Age" author F. Scott Fitzgerald once defined the human personality as an unbroken series of successful gestures. But in today's information age, that definition does not really work for a person's computer personality ? those application settings and data distinctive to an individual user.When a user migrates to new operating systems, those unique traits almost always are misplaced or lost, bringing higher stress levels, a bevy of panicked calls to the help desk and, ultimately, widespread productivity losses.At least one company hopes to take the personal hassle out of future migrations. Tranxition, a start-up in Beaverton, Ore., will release Personality Tranxport Professional (PT Pro) this month. The product, which supports Windows 95, 98, NT and 2000, enables organizations to automatically capture and move up to 7,000 personality settings, including desktop configurations, Internet bookmarks, e-mail folders and address books, custom dictionaries, PowerPoint templates and browser settings.Reconstructing a PC configuration and personality normally takes an average of six hours and costs $200 to $300 per user, according to Tranxition customer trials and studies done by the GartnerGroup, a market analysis company in Stamford, Conn. PT Pro's own test results find that customers can get the job done in less than 10 minutes and at a cost of just $30 to $40 per user.So how does the product work? Very simply, according to Ken Mackin, president and CEO of Tranxition. From a server or a desktop, a technician hits an "extract" button on the screen. This saves all of the relevant settings and data to a local drive or a network server and loads the applications on top of the new operating system. The technician then hits an "inject" button to immediately bring up the old "personality traits" in all the right places."There's no real down time," said Mackin. "People don't have to go fishing through directories after a migration, looking for an important e-mail or Word file that they need to do their job. It's there when they turn on their computer. "And that's a real value, not just to the user but to the IT staff and the organization as a whole," Mackin said.