7119477 deploying wins smith.n studio

8/10/2019 7119477 Deploying Wins Smith.N Studio

1/36

C H A P T E R 4

Windows Internet Name Service (WINS) in the MicrosoftWindowsServer !""# o$eratin% s&stem a''ows

'ar%e or%aniations to accom$'ish NetI*S name reso'+tion with hi%h avai'a,i'it&- sec+rit&- and $erformance.

The fo''owin% sections descri,e the WINS de$'o&ment $rocess- inc'+din% how to desi%n and c+stomie a sec+re

re$'ication strate%&. WINS mi%ration information and e/am$'es are a'so $rovided.

In This ChapterOverview of WINS Deployment ...........................................................................180

Building Your WINS Server Strategy ............................................ ........................184

Deigning Your WINS !epli"ation Strategy .................................. ........................1#$

Se"uring Your WINS Solution ............................................................ ...................$0%

Integrating WINS wit& Ot&er Servi"e ......................................... ........................$0'

Implementing Your WINS Solution ..................................................... ..................$0#

(dditional !eour"e .............................................................................. .............$1)

Related Information

0or more information a,o+t Windows Internet Name Service (WINS)- see theNetworkingGuide of theMicrosoftWindowsServer 2003 Resource Kit (or see theNetworking Guideon

the We, at htt$122www.microsoft.com2res3it).

0or more information a,o+t $'annin% and desi%nin% &o+r omain Name S&stem (NS)

networ3- see 5e$'o&in% NS6 in this ,oo3.

Deploying WINS

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St

ttps://www.facebook.com/SmithNguyenStudio


2/36

180 Chapter 4 Deploying WINS

Overview of WINS DeploymentWINS $rovides a d&namic so'+tion for networ3 ,asic in$+t2o+t$+t s&stem (NetI*S) name reso'+tion in

enter$rise networ3s. A'tho+%h most 'ar%e networ3s c+rrent'& have a WINS infrastr+ct+re- some sti'' re'& on

other methods of NetI*S name reso'+tion- s+ch as the 7mhosts fi'e. If &o+r or%aniation does not c+rrent'&+se WINS- and intends to contin+e o$eratin% with MicrosoftWindows89- Windows 8:-

Windows Mi''enni+m Edition- or MicrosoftWindows NTversion 4."- consider im$'ementin% WINS when

&o+ de$'o& Windows Server !""# in order to a+tomate NetI*S name reso'+tion. Certain a$$'ications- s+ch as

MicrosoftE/chan%e Server- a'so re'& on NetI*S name reso'+tion. Therefore- even if a'' of &o+r com$+ters

are r+nnin% MicrosoftWindows!"""- Windows ;P- or Windows Server !""#- &o+ mi%ht sti'' re


3/36

Additional Resources 181

WINS Deployment Processe$'o&in% WINS invo'ves ,+i'din% a server strate%&- desi%nin% a re$'ication strate%&- sec+rin% &o+r WINS

so'+tion- inte%ratin% WINS with other services- and im$'ementin% &o+r WINS so'+tion. 0i%+re 4.= shows the

%enera' WINS de$'o&ment $rocess.

Figure 4.1 Deploying WINS

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



4/36


Technology BackgroundSma''er- non>ro+ted networ3s can ,e confi%+red as ,roadcast nodes- a'so 3nown as >nodes- accom$'ishin%

NetI*S name re%istration and reso'+tion ,& +sin% ,roadcast $ac3ets. A non>WINS so'+tion is via,'e where the

,roadcast domain is sma'' and the res+'tin% ,roadcast traffic is 'ow. However- the traffic %enerated ,& ,roadcasts

can over'oad a 'ar%e networ3. In addition- some ro+ters do not a''ow ,roadcast messa%es to $ass thro+%h- so thismethod of name reso'+tion is not an o$tion for most enter$rise networ3s. A'tho+%h &o+ can a'so +se the static

7mhosts fi'e for NetI*S name reso'+tion- man+a''& editin% the fi'e with each name or IP address chan%e can

,e time>cons+min% and $rone to administrative error. A'so- it is not a via,'e so'+tion in a &namic Host

Confi%+ration Protoco' (HCP) environment. These more com$'e/ environments re,roadcast>,ased

so'+tion- which WINS $rovides ,& +sin% +nicast NetI*S name re%istration and reso'+tion.

WINS c'ient s+$$ort a''ows &o+ to s$ecif& +$ to =! WINS servers for red+ndanc&. ifferent confi%+rations- or

node t&$es- are avai'a,'e thro+%h WINS. The node t&$e determines the method or methods that are +sed for

NetI*S name reso'+tion. WINS s+$$orts the fo''owin% node t&$es- as shown in Ta,'e 4.=.

Table 4.1 NetI!S Node Types

Node Type Resolution "ethod

#node I$ broad%ast messages register and resol&e NetI!S namesto I$ addresses. Windo's ()))*based and "i%rosoft+Windo's+,$*based %omputers use modified #node nameresolution. If the broad%ast fails to resol&e the name- anlmhosts file is used.

$#node $oint#to#point %ommuni%ation 'ith a NetI!S name ser&er-su%h as WINS- to register and resol&e %omputer names to I$addresses.

"#node mi/ of #node and $#node %ommuni%ation to register andresol&e NetI!S names. "#node first uses broad%astresolution- and then attempts a ser&er 0uery if ne%essary.

#node hybrid of #node and $#node. n #node %omputer attempts

to 0uery a ser&er first and uses broad%asts only if dire%t0ueries fail. Windo's ())) and Windo's ,$*based%omputers are %onfigured to use #node by default.

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



5/36


Ne' Features for Windo's Ser&er ())2

The fo''owin% im$rovements to the Windows Internet Name Service (WINS) have ,een made in the Windows

Server !""# fami'&1

Filtering re%ordsIm$roved fi'terin% and new search f+nctions he'$ &o+ 'ocate records ,& showin% on'& those records that fit the

criteria &o+ s$ecif&. These f+nctions are $artic+'ar'& +sef+' in ana'&in% ver& 'ar%e WINS data,ases. ?o+ can

+se m+'ti$'e criteria to $erform advanced searches for WINS data,ase records. This im$roved fi'terin%

ca$a,i'it& a''ows &o+ to com,ine fi'ters for c+stomied and $recise


6/36


Building our WINS ServerStrategyWhen ,+i'din% &o+r WINS server strate%&- acco+nt for an& e/istin% hardware that &o+ mi%ht need to +$%rade-

how man& WINS servers are needed for &o+r desi%n- and how &o+r server strate%& increases WINS avai'a,i'it&

and o$timies WINS $erformance. 0i%+re 4.! shows the $rocess for ,+i'din% &o+r WINS server strate%&.

Figure 4.( uilding 3our WINS Ser&er Strategy

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



7/36


!eviewing WINS "ardwareetermine whether &o+r c+rrent WINS server hardware is s+fficient to +$%rade to Windows Server !""#. ?o+

mi%ht need to +$%rade &o+r server hardware for o$tima' WINS $erformance. A d+a'>$rocessor WINS server

increases $erformance a,o+t !9 $ercent- and a dedicated dis3 drive meas+ra,'& im$roves WINS server name

re$'ication res$onse time.

When se'ectin% &o+r hardware- consider the fo''owin% $erformance %+ide'ines1

@se hi%h>$erformance dis3 hardware. WINS ca+ses fre,ased so'+tion- which im$roves

dis3 access time.

When eva'+atin% the $erformance of a server- inc'+de WINS to ens+re the server can hand'e its

demandin% +se of centra' $rocessin% +nit (CP@)- memor&- and dis3 in$+t2o+t$+t (I2*). Monitor

server +sa%e to determine whether WINS server hardware needs to ,e +$%raded.

0or a c+rrent 'ist of com$ati,'e hardware- see the Hardware Com$ati,i'it& 7ist (HC7) 'in3 on the We,

Reso+rces $a%e at htt$122www.microsoft.com2windows2res3its2we,reso+rces.0or more information a,o+t determinin% hardware com$ati,i'it&- see 5P'annin% for e$'o&ment6 inPlanning,

Testing, and Piloting e!lo"#ent Pro$ectsof this 3it.

Determining "ow #any WINS Servers toDeployThe n+m,er of WINS servers needed and the 'ocations of each server de$end on the n+m,er of WINS c'ients

$er server and the networ3 to$o'o%&.

The n+m,er of +sers each server can s+$$ort de$ends on +sa%e $atterns- data stora%e- and the $rocessin%

ca$a,i'ities of the server. A WINS server can t&$ica''& re%ister =-9"" names $er min+te or answer 4-9"" ,&>+sa%e wide area networ3

(WAN) 'in3s. Set conservative c'ient co+nts for a WINS server to minimie c'ient 'oad conditions- s+ch as 'ar%e>sca'e $ower o+ta%es that force man& com$+ters to

restart sim+'taneo+s'&- there,& ,om,ardin% the WINS servers with re%istration re


8/36

18! Chapter 4 Deploying WINS

Designing WINS for "igh $vaila%ilityAn& desi%n that re


9/36

Additional Resources 18"

&sing #ultiple ServersTo $rovide additiona' fa+'t to'erance- confi%+re a secondar& (or ,ac3+$) WINS server. A'tho+%h WINS

re$'ication architect+re ,enefits from em$'o&in% a minim+m n+m,er of WINS servers- em$'o&in% a secondar&

WINS server im$roves the avai'a,i'it& of &o+r desi%n. This so'+tion ,a'ances $erformance and avai'a,i'it&

a%ainst cost and mana%ea,i'it&.When +sin% two WINS servers to $rovide red+ndanc& and 'oad ,a'ancin%- confi%+re the re$'ication re'ationshi$

,etween these servers as a $+'' or $+sh $artnershi$. When &o+ +se re$'ication- ,oth servers contain the same

WINS data,ase information.

When a WINS server is confi%+red as a $+'' $artner- it $eriodica''& s$eed WAN connections.

When the networ3 traffic created ,& fre


10/36


Restore fai'ed servers sooner- ,eca+se data,ase res&nchroniation is not re


11/36

Additional Resources 18#

0i%+re 4.4 shows the new sim$'ified re$'ication matri/ +sin% a server c'+ster.

Figure 4.4 WINS Topology $ost#Clustering

Windows C'+sterin% on'& so'ves 'oca' avai'a,i'it& iss+es. Windows Server !""#B,ased servers that ,e'on% to the

same c'+ster res$eed connections ,etween a'' servers in the c'+ster.

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



12/36

1#0 Chapter 4 Deploying WINS

0or more information a,o+t server c'+sters- see 5esi%nin% Server C'+sters6 inPlanning Server e!lo"#ents of

this 3it.

Optimi-ing WINS PerformanceA'tho+%h WINS is desi%ned to he'$ red+ce ,roadcast traffic ,etween 'oca' s+,nets- it creates some traffic,etween servers and c'ients. This is $artic+'ar'& im$ortant if &o+ +se WINS on ro+ted TCP2IP networ3s.

To o$timie $erformance- ,e%in ,& estimatin% the amo+nt of networ3 traffic ,etween WINS c'ients and WINS

servers +nder norma' conditions. Estimate and monitor the fo''owin%1

NetI*S names common'& re%istered ,& WINS c'ients.

WINS re%istration and renewa' ca+sed ,& dai'& start+$ of c'ients.

Mo,i'e +sers and their effect when movin% within a ro+ted networ3.

The effects of s'ower 'in3s- s+ch as WAN 'in3s and their effect on re$'ication $erformance and

conver%ence.

Redu%ing Response Time

Red+cin% the res$onse time of WINS im$roves $erformance- with the %reatest visi,i'it& to +sers and

mana%ement. As a res+'t- a desi%n that red+ces the res$onse time of WINS is hi%h'& s+ccessf+'.

The $erformance of &o+r WINS desi%n 'ar%e'& de$ends on other networ3 traffic. 0or e/am$'e- a s+,net that

re'ies on a WINS server e'sewhere on the WAN mi%ht e/$erience $oor $erformance d+rin% $ea3 ho+rs when

networ3 +sa%e is hi%h. Increase the NetI*S name re%istration renewa' $eriod- which defa+'ts at si/ da&s- to

red+ce c'ient>to>server renewa' traffic. This settin% m+st ,e chan%ed on the WINS server.

*,tain re'ia,'e fi%+res on the n+m,er of 'ocations and hosts that &o+r WINS desi%n m+st s+$$ort. When

$'annin% for WINS c'ient traffic on 'ar%e- ro+ted networ3s- estimate and monitor the effect of name


13/36

Additional Resources 1#1

Consolidating "ultiple Subnets

When &o+ have m+'ti$'e s+,nets in a sma'' remote office- consider conso'idatin% the office to one s+,net

address.

?o+ can do this +sin% as&nchrono+s transfer mode (ATM) switchin% or a virt+a' $rivate networ3 (PN)

confi%+ration. & conso'idatin% to one s+,net address- &o+ can confi%+re c'ients to +se 'oca' ,roadcasts to

reso've names ,efore attem$tin% to contact a WINS server across the WAN. Chan%in% the c'ient to M>node

a''ows it to ,roadcast 'oca''& for reso+rces ,efore contactin% a WINS server for NetI*S name reso'+tion. This

can he'$ to red+ce the overa'' amo+nt of WINS>associated traffic- es$ecia''& WAN traffic.

@se HCP sco$e o$tion "4D- WINS2NT Node T&$e- to confi%+re &o+r WINS c'ients as M>node c'ients. 0or

more information a,o+t confi%+rin% HCP o$tions at the HCP server- see 5Assi%n a sco$e>,ased o$tion6 in

He'$ and S+$$ort Center for Windows Server !""#.

Configuring urst andling

+rst hand'in% s+$$orts a hi%h vo'+me of WINS c'ient name re%istration. When a 'ar%e n+m,er of WINS c'ients

sim+'taneo+s'& tr& to re%ister their NetI*S names- the WINS server can ,ecome sat+rated. In ,+rst hand'in%

mode- the WINS server res$onds $ositive'& to c'ients that s+,mit a re%istration rec'ic3 the a$$ro$riate WINS server.

$. Se'ect the Advancedta, from theserver na#e$ro$erties dia'o% ,o/.

). In Enable Burst Handling- se'ect Low (300)- Medium (500)- High (1000)- or ustom(50!5000)as the ,+rst


14/36


7oad alan%ing 'ith Redundant WINS Databases

A WINS im$'ementation desi%n $rovides hi%her $erformance ,& s$ecif&in% that m+'ti$'e WINS servers contain

re$'icas of WINS data,ases. These red+ndant servers im$rove $erformance ,& $rovidin% 'oad ,a'ancin%.

@se 'oad ,a'ancin% with red+ndant WINS data,ases when1

The 'en%th of time to $erform WINS f+nctions is +nacce$ta,'& 'on%.

The connections ,etween the WINS servers s+$$ort the additiona' WINS re$'ication traffic.

The traffic %enerated ,& WINS c'ients accessin% a WINS server in another 'ocation sat+rates a

WAN 'in3.

The cost of addin% a server is not $rohi,itive.

Designing our WINS !eplicationStrategyA %ood re$'ication desi%n is essentia' to &o+r WINS avai'a,i'it& and $erformance. esi%ns encom$assin%

m+'ti$'e WINS servers distri,+te NetI*S name reso'+tion across 7AN and WAN environments- confinin%

WINS c'ient traffic to 'oca'ied areas. To ens+re consistent- networ3>wide name reso'+tion- WINS servers m+st

re$'icate their 'oca' entries to other servers. 0or more information a,o+t a WINS re$'ication strate%&- see the

e/am$'es 'ater in this section.

0i%+re 4.9 shows the $rocess for desi%nin% &o+r WINS re$'ication strate%&.

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



15/36

Additional Resources 1#3

Figure 4.8 Designing 3our WINS Repli%ation Strategy

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



16/36


efore confi%+rin% re$'ication- caref+''& desi%n and review &o+r WINS re$'ication to$o'o%&. 0or WANs- this

$'annin% can ,e critica' to the s+ccess of &o+r de$'o&ment and +se of WINS.

WINS $rovides the fo''owin% choices when &o+ are confi%+rin% re$'ication1

?o+ can man+a''& confi%+re WINS re$'ication for a WAN environment.

0or 'ar%er networ3s- &o+ can confi%+re WINS to re$'icate within a 7AN environment.

In sma''er or ,o+nded 7AN insta''ations- consider ena,'in% and +sin% WINS a+tomatic $artner

confi%+ration for sim$'ified set+$ of WINS re$'ication.

In 'ar%er or %'o,a' insta''ations- &o+ mi%ht have to confi%+re WINS across +ntr+sted

Windows NT domains.

If &o+r networ3 +ses on'& two WINS servers- confi%+re them as $+sh2$+'' re$'ication $artners to each other.

When confi%+rin% re$'ication $artners- avoid $+sh>on'& or $+''>on'& servers e/ce$t where necessar& to

accommodate s'ow 'in3s. In %enera'- $+sh2$+'' re$'ication is the most sim$'e and effective wa& to ens+re f+''

WINS re$'ication ,etween $artners. This a'so ens+res that the $rimar& and secondar& WINS servers for an&

$artic+'ar WINS c'ient are $+sh2$+'' $artners of each other- a reand>s$o3e mode' $rovides a sim$'e and effective desi%n for or%aniations that re


17/36


When +sin% a+tomatic $artner confi%+ration- each WINS server anno+nces its $resence on the networ3 ,& +sin%

$eriodic m+'ticasts. These anno+ncements are sent as Internet Fro+$ Mana%ement Protoco' (IFMP) messa%es

for the m+'ticast %ro+$ address of !!4.".=.!4- which is reserved for WINS server +se.

A+tomatic $artner confi%+ration is t&$ica''& +sef+' in sma'' networ3s- s+ch as sin%'e s+,net 7AN environments.

However- &o+ can +se a+tomatic $artner confi%+ration in ro+ted networ3s. 0or WINS m+'ticast s+$$ort in

ro+ted networ3s- the forwardin% of m+'ticast traffic is made $ossi,'e ,& confi%+rin% ro+ters for each s+,net to

forward traffic to the WINS m+'ticast %ro+$ address of. !!4.".=.!4.

eca+se $eriodic m+'ticast anno+ncements ,etween WINS servers can add traffic to &o+r networ3- a+tomatic

$artner confi%+ration is recommended on'& if &o+ have a sma'' n+m,er of insta''ed WINS servers (t&$ica''&-

three or fewer).

A+tomatic $artner confi%+ration monitors m+'ticast anno+ncements from other WINS servers- and $erforms the

fo''owin% confi%+ration ste$s1

Adds the IP addresses for the discovered servers to its 'ist of re$'ication $artner servers.

Confi%+res the discovered servers as $+sh2$+'' $artners.

Confi%+res $+'' re$'ication at two>ho+r interva's with the discovered servers.

If a remote server is discovered and added as a $artner ,& means of m+'ticastin%- it is removed as a re$'ication

$artner when WINS sh+ts down $ro$er'&. To have a+tomatic $artner information $ersist when WINS restarts-&o+ m+st man+a''& confi%+re the $artners.

To man+a''& confi%+re re$'ication with other WINS servers- +se the WINS Microsoft Mana%ement Conso'e

(MMC) sna$>in or the Netsh command>'ine too' to s$ecif& ro'es for each $artner and an& re'ated information.

0or more information a,o+t the Netsh command>'ine too'- see 5Netsh6 and 5Netsh commands for WINS6 in

He'$ and S+$$ort Center for Windows Server !""#.

Determining !eplication PartnersChoosin% whether to confi%+re a WINS server as a $+sh $artner- $+'' $artner- or $+sh2$+'' $artner de$ends on

severa' considerations- inc'+din% the s$ecific confi%+ration of servers at &o+r site- whether the $artner is across

a WAN- and how im$ortant it is to distri,+te chan%es immediate'& thro+%ho+t the networ3.

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



18/36


19/36

Additional Resources 1#"

Determining 'onvergence TimeThe time needed to re$'icate a new entr& in a WINS data,ase- from the WINS server that owns the entr& to a''

other WINS servers on the networ3 is defined as convergence ti#e. When $'annin% for WINS servers- &o+ m+st

decide what is acce$ta,'e as the conver%ence time for &o+r networ3 the 'on%er the re$'ication $ath- the 'on%er

the conver%ence time.

Name and>s$o3e strate%&- indicate on &o+r networ3 to$o'o%&

ma$ which sites have the 5h+,6 server- and which have the 5s$o3e6 servers. A'so indicate whether the

re$'ication is $+sh2$+''- $+sh>on'&- or $+''>on'&.

oc+ment the confi%+rations of each WINS server- inc'+din% the hardware confi%+ration- IP address- re$'ication

confi%+ration- and re$'ication $artners.

0or more information a,o+t WIN confi%+ration across WANs- see 5Confi%+rin% WINS re$'ication6 in He'$ and

S+$$ort Center for Windows Server !""#.

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



20/36


'onfiguring !eplication $cross 2$NsWhen confi%+rin% WINS re$'ication across 7ANs- the iss+es are simi'ar to those that occ+r in WAN

environments- a'tho+%h 'ess critica'.

eca+se the data thro+%h$+t of the +nder'&in% networ3 'in3s for 7ANs is m+ch %reater than for WANs- it mi%ht,e acce$ta,'e to increase the fre,ased

$artners on s'ower 'in3s.

0or e/am$'e- ,etween 7AN>,ased re$'ication $artners it often wor3s to ena,'e WINS to +se a $ersistent

connection ,etween the servers. Witho+t a $ersistent connection- the norma' +$date co+nt thresho'd defa+'ts to a

minim+m of !". ?o+ can s$ecif& a sma''er +$date co+nt with a $ersistent connection.

Ne/t- &o+ can s$ecif& a m+ch sma''er n+m,er- s+ch as a va'+e of one to three in the #umber o$ changes in

version %& be$ore re'lication settin% ,efore WINS sends a $+sh re$'ication tri%%er to the other $artner. 0or $+''

$artners- &o+ mi%ht a'so consider settin% the e'lication intervalsettin% to a va'+e in min+tes- instead of ho+rs.

As in WAN re$'ication $'annin%- the WINS server data,ase m+st re$'icate fre


21/36

Additional Resources 1##

'onfiguring !eplication Between&ntrusted DomainsIt is $ossi,'e to set +$ WINS re$'ication ,etween one or more WINS servers in domains that do not have a tr+st

re'ationshi$. ?o+ can do this witho+t a va'id +ser acco+nt in the +ntr+stin% domain. To confi%+re re$'ication- an

administrator for each WINS server m+st +se the WINS sna$>in or Netsh commands to man+a''& confi%+re each

server to $ermit this re$'ication.

0or more information a,o+t WINS confi%+ration across domains that do not have tr+st re'ationshi$s- see

5Confi%+rin% WINS re$'ication6 in He'$ and S+$$ort Center for Windows Server !""#. 0or more information

a,o+t domain tr+sts- see theistri%uted Services Guideof the Windows Server 2003 Resource Kit (or see the

istri%uted Services Guideon the We, at htt$122www.microsoft.com2res3it).

#apping the !eplication $rchitecture to thePhysical NetworkAfter determinin% the re$'ication strate%& that wor3s ,est for &o+r or%aniation- ma$ the strate%& to &o+r

$h&sica' networ3. 0or e/am$'e- if &o+ have chosen a h+,>and>s$o3e strate%&- indicate on &o+r networ3 to$o'o%&

ma$ which sites wi'' have the 5h+,6 server- and which wi'' have the 5s$o3e6 servers. A'so indicate whether the

re$'ication is $+sh2$+''- $+sh>on'&- or $+''>on'&.

oc+ment the confi%+rations of each WINS server- inc'+din% the hardware confi%+ration- IP address- re$'ication

confi%+ration- and re$'ication $artners.

The conver%ence time for the s&stem is the s+m of the two 'on%est conver%ence times to the h+,. 0or e/am$'e-

in an or%aniation that has five WINS servers (WINS>A thro+%h WINS>E)- if WINS> and WINS> re$'icate

with WINS>A (the h+,) ever& #" min+tes- and WINS>C and WINS>E re$'icate with the h+, ever& 4 ho+rs- the

conver%ence time is : ho+rs.

The fo''owin% e/am$'es show three different t&$es of re$'ication.

Important

If you re)uire replication across a firewall( keep in mind that WINS

replication occurs over T'P port 3/, Therefore( this port must not %e

%locked on any network device %etween two WINS replication partners,

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



22/36


/ample 15 Deploying WINS !&er a 7arge Number of ran%h !ffi%es

In this e/am$'e- a medi+m>sied com$an& has two main sites1 a New ?or3 and a 7os An%e'es office with 9""

com$+ters in each office- connected thro+%h hi%h>s$eed 'in3s. The com$an& a'so has more than =D" sma''

,ranch offices- inc'+din% 'oca' sa'es offices. To save on the costs of the 'in3s- some ,ranches act as

concentrators for a re%ion. 0i%+re 4.: shows a WINS server $'acement strate%& for an or%aniation with man&

sma'' ,ranch offices.

Figure 4.< Deploying WINS !&er a 7arge Number of ran%h !ffi%es

In most cases- the ,ranches do not have 'oca' WINS servers there is sim$'& no need for a se$arate server for

each ,ranch. Instead- the com$an& adds re%iona' WINS servers when the costs of re%istration and


23/36


The re%iona' WINS servers are not re


24/36


The c'ients are confi%+red with a 'oca' $rimar& and secondar& WINS server. Ha'f of the c'ients have one 'oca'

WINS server as $rimar& and the other as secondar&. The other ha'f has e/act'& the o$$osite confi%+ration. This

,a'ances the re%istration and


25/36


26/36


The $rimar& WINS servers re$'icate with the h+,s ever& =9 min+tes- and the h+,>to>h+, re$'ication interva' is

#" min+tes. The conver%ence time of the WINS s&stem is the time it ta3es for a c'ient re%istration to ,e

re$'icated to a'' WINS servers.

In this case the 'on%est conver%ence time wo+'d ,e =.9 ho+rs from a Seatt'e $rimar& server to a Chica%o $rimar&

server. The tota' conver%ence time can ,e ca'c+'ated ,& addin% +$ the ma/im+m time ,etween1

Seatt'e $rimar& to Seatt'e secondar&- =9 min+tes

Seatt'e secondar& to San 0rancisco secondar&- #" min+tes

San 0rancisco secondar& to Chica%o secondar&- #" min+tes

Chica%o secondar& to Chica%o $rimar&- =9 min+tes

However- the conver%ence time mi%ht ,e 'on%er for WINS servers connected across s'ow 'in3s. It is $ro,a,'&

not necessar& for the servers in Paris or er'in to re$'icate ever& =9 min+tes. ?o+ mi%ht confi%+re them to

re$'icate ever& two ho+rs or even ever& !4 ho+rs- de$endin% on the vo'ati'it& of names in the WINS s&stem.

This networ3 contains 'ow red+ndanc&. If the 'in3 ,etween Seatt'e and 7os An%e'es is down- re$'ication sti''

occ+rs thro+%h San 0rancisco. If- for e/am$'e- the Seatt'e h+, fai's- the Seatt'e area can no 'on%er re$'icate with

the rest of the WINS s&stem. Networ3 connectivit&- however- is sti'' f+nctiona' a'' WINS servers contain the

entire WINS data,ase- and name reso'+tion f+nctions norma''&. A'' that is 'ost are chan%es to the WINS s&stem

that occ+rred since the Seatt'e h+, fai'ed. A Seatt'e +ser cannot reso've the name of a fi'e server in Chica%o thatcomes on'ine after the Seatt'e h+, fai's. When the h+, ret+rns to service- a'' chan%es to the WINS data,ase are

re$'icated norma''&.

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



27/36


Securing our WINS SolutionIn man& WINS im$'ementations- WINS re$'ication occ+rs across $+,'ic networ3s- s+ch as the Internet.

Re$'icatin% the NetI*S names and IP addresses of a'' hosts within the or%aniation over these $+,'ic networ3s

creates a sec+rit& ris3- which &o+ can miti%ate ,& +sin% PN t+nne's or $'acin% servers within a $erimeternetwor3. 0i%+re 4.== shows where &o+ $erform this ste$ in the $rocess of de$'o&in% &o+r WINS so'+tion.

Figure 4.11 Se%uring WINS During the Deployment $ro%ess

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



28/36

20! Chapter 4 Deploying WINS

Securing WINS Traffic with TunnelsA'' WINS re$'ication traffic sent over $+,'ic networ3s sho+'d ,e encr&$ted. Encr&$t the re$'ication traffic ,&

+sin% Internet Protoco' sec+rit& (IPSec) or PN t+nne's. When choosin% to encr&$t re$'ication traffic ,& +sin%

IPSec or PN t+nne's- do the fo''owin% to f+rther increase sec+rit&1

@se the stron%est 'eve' of encr&$tion.

@se the Ro+tin% and Remote Access service to $rovide the IPSec or PN t+nne'.

@se Ker,eros 9 or other certificate>,ased a+thentication for sec+re comm+nication channe's.

0or more information a,o+t de$'o&in% IPSec- see 5e$'o&in% IPSec6 in this ,oo3. 0or more information a,o+t

virt+a' $rivate networ3s and the Ro+tin% and Remote Access service- see 5e$'o&in% ia'>@$ and PN Remote

Access Servers6 in this ,oo3. 0or more information a,o+t ena,'in% Ker,eros 9 a+thentication- see 5Ena,'in%

Ker,eros 9 a+thentication6 in He'$ and S+$$ort Center for Windows Server !""#.

!unning WINS on a Perimeter NetworkP'ace WINS servers in a $erimeter networ3 when &o+ m+st send WINS traffic over a $+,'ic networ3 to avoide/$osin% intranet NetI*S names and WINS data. This $'acement $rotects cor$orate reso+rces whi'e $rovidin%

NetI*S name reso'+tion to e/terna' c'ients that need access to these reso+rces.

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



29/36

Additional Resources 20"

Integrating WINS with OtherServicesMost networ3 administrators de$'o&in% WINS a'so $'an a strate%& for NS and HCP servers- ,eca+se WINS

is so c'ose'& 'in3ed to NS and HCP. 0i%+re 4.=! shows when &o+ $erform this ste$ in the $rocess of

de$'o&in% &o+r WINS so'+tion.

Figure 4.1( Integrating WINS During the Deployment $ro%ess

Caution

If you re)uire replication from the WINS server in the perimeter network

to a WINS server within the intranet( in the WINS snap*in( select

Repli%ate !nly 'ith $artnersin the Repli%ation $artners $roperties

dialog %o4 on %oth the WINS servers, $lso consider using only pull

replication from the intranet servers, To maintain security( encrypt all

replication traffic across the inner firewall using IPSec or 5PN tunnels,

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



30/36


Integrating WINS with DNSIf most of &o+r c'ients +se NetI*S and &o+r servers are r+nnin% Windows !""" or Windows Server !""#

NS- ena,'e WINS 'oo3+$ on &o+r NS servers. When WINS 'oo3+$ is ena,'ed on NS servers- WINS

reso'ves an& names that NS reso'+tion does not find. NS does not s+$$ort the WINS forward 'oo3+$ and

WINS>R reverse 'oo3+$ records in versions of Windows ear'ier than Windows !""". 0or information a,o+tena,'in% WINS 'oo3+$- see 5e$'o&in% NS6 in this ,oo3.

If a'' of &o+r networ3 com$+ters are r+nnin% Windows !"""- Windows ;P- or Windows Server !""# and &o+

are not s+$$ortin% an& a$$'ications that re


31/36


Integrating WINS with D"'PWhen +sin% HCP and WINS to%ether on &o+r networ3- +se additiona' HCP sco$e o$tions to assi%n WINS

node t&$es and to identif& WINS $rimar& and secondar& servers for HCP c'ients.

Com$+ters with static IP addresses can ,e $ro,'ematic and their initia' re%istration record in WINS ,ecomestom,stoned if the& are not $eriodica''& sto$$ed and restarted. ?o+ can have a more re'ia,'e and mana%ea,'e

networ3 ,& creatin% HCP reservations for these com$+ters. These reservations ens+re that the com$+ter %ets

the same IP address from the HCP server for each reassi%ned IP address. S$ecifica''&- the c'ient cannot send a WINS renewa'

re


32/36


Figure 4.12 Implementing 3our WINS Solution

#igrating WINS to Windows Server /001efore mi%ratin% from 'e%ac& WINS servers- ma3e s+re &o+r e/istin% WINS infrastr+ct+re is a$$ro$riate for

&o+r c+rrent needs. 0or e/am$'e- if &o+ have recent'& +$%raded most des3to$ com$+ters in &o+r or%aniation to

Windows !""" or Windows ;P- or if &o+ have recent'& sto$$ed +sin% an a$$'ication that re'ies heavi'& on

WINS- &o+r c+rrent WINS str+ct+re mi%ht ,e too ro,+st for &o+r c+rrent needs- and mi%ht not ,e str+ct+red in

the most efficient wa& $ossi,'e. In a case s+ch as this- start the de$'o&ment from the desi%n $hase- rather than

mi%ratin% the e/istin% data,ase to new servers.

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



33/36


0o''ow these ste$s when mi%ratin% &o+r WINS data,ase from Windows NT 4." or Windows !""" to Windows

Server !""#1

1. Insta'' the WINS service.

This can ,e insta''ed either d+rin% or after insta''in% Windows Server !""#.

$. Confi%+re the WINS service.

erif& that the server is $ointin% to itse'f for WINS. ?o+ can do this ,& viewin% the TCP2IP

$ro$erties of &o+r networ3 ada$ter.

). Convert the WINS data,ase for +se on the Windows Server !""#B,ased server.

This conversion mi%ht occ+r a+tomatica''& from e/istin% Windows NT 4."B,ased or

Windows !"""B,ased servers. If not- fo''ow these ste$s1

a. At the command $rom$t- t&$e net sto' winson ,oth the e/istin% and new servers.

*. Co$& the contents of the LS&stemRootLS&stem#!Wins fo'der from the e/istin% serverto the new Windows Server !""#B,ased server.

". At the command $rom$t- t&$e net start winson ,oth servers.

+rin% the conversion $rocess- &o+ mi%ht ,e $rom$ted for additiona' fi'es from the Windows

Server !""# o$eratin% s&stem C.

To a%%ess WINS %on&ersion files

1. Co$& the Ed,9"".d' fi'e from the I#:D fo'der on the C>R*M to theLS&stemRootLS&stem#! fo'der on the server.

$. At the command $rom$t- t&$e e*'and edb500+dl, edb500+dllto e/$and the Ed,9"".d'fi'e on the server.

). At the command $rom$t- t&$e net start winsto finish the conversion $rocess.

4. erif& that the WINS data,ase is shown in the WINS sna$>in on the server.

Note

This process can take 10 minutes or more to complete depending on

the si-e of the data%ase, Do not stop the process until it is finished, It is

normal for 9etconv,e4e to re)uire heavy 'P& usage during the

conversion,

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



34/36


Testing our WINS DesignAfter com$'etin% &o+r WINS desi%n- test it in a 'a, to find $otentia' $ro,'ems ,efore im$'ementin% &o+r desi%n

on &o+r $rod+ction networ3. As &o+ ro'' o+t &o+r desi%n- test &o+r networ3 to ens+re it is wor3in% as e/$ected.

The ,est time to discover $otentia' $ro,'ems with &o+r desi%n is in a test 'a, $rior to &o+r f+'' im$'ementation.When $re$arin% &o+r test 'a,- ,e s+re to1

@se a server com$+ter from the same vendor and with the same confi%+ration as the servers that

wi'' ,e +sed for the act+a' WINS servers. Set +$ a re$resentative sam$'e of the com$+ters in

&o+r or%aniation to ,e tested as WINS c'ients.

If &o+ are $'annin% to de$'o& WINS over a WAN- desi%n &o+r 'a, with ro+ters and +se a 'in3

sim+'ator to sim+'ate networ3 'atenc&.

e$'o& a t&$ica' set of a$$'ications to%ether on the WINS test server. This ste$ is vita' in

determinin% an& com$ati,i'it& iss+es that mi%ht arise when +sers r+n different a$$'ications

sim+'taneo+s'&.

0or more information a,o+t $'annin% a test environment- see 5esi%nin% a Test Environment6 inPlanning,

Testing, and Piloting e!lo"#ent Pro$ectsof this 3it.

:valuating the DeploymentAfter im$'ementin% &o+r WINS desi%n- eva'+ate &o+r de$'o&ment to ens+re that it com$'ies with &o+r desi%n

and meets &o+r or%aniationJs ,+siness %oa's.

Sta%e a sim+'ated fai'+re to ens+re that f+nctiona'it&-

sec+rit&- and $erformance are maintained.

isa,'e or disconnect each WINS server that is a $art of a

red+ndant WINS desi%n. Provide $roced+res detai'in% how to restore s&nchroniation of WINS data,ases after a

fai'ed server is reactivated or re$aired.

Initiate WINS re$'ication- and e/amine the data transmissions ,etween the'ocations to ens+re that the WINS re$'ication traffic is encr&$ted.

To assess the a&ailability of your design

To e&aluate WINS ser&i%e a&ailability

To e&aluate WINS se%urity

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



35/36


$dditional !esources0or more information a,o+t WINS- refer to the fo''owin% so+rces1

Related Information

TheNetworking Guide of theWindows Server 2003 Resource Kit (or see theNetworking Guide

on the We, at htt$122www.microsoft.com2res3it) for more information a,o+t Windows Internet

Name Service (WINS)- Windows Server !""# NS- or the 7mhosts fi'e.

5e$'o&in% NS6 in this ,oo3 for information a,o+t ena,'in% WINS 'oo3+$ or a,o+t $'annin%

and desi%nin% &o+r NS networ3.

5esi%nin% Server C'+sters6 in thePlanning Server e!lo"#ents,oo3 of this 3it.

5e$'o&in% HCP6 in this ,oo3.

5e$'o&in% ia'>@$ and PN Remote Access Servers6 in this ,oo3 for more information a,o+t

virt+a' $rivate networ3s and the Ro+tin% and Remote Access service.

5e$'o&in% IPSec6 in this ,oo3.

5esi%nin% a Test Environment6 inPlanning, Testing, and Piloting e!lo"#ent Pro$ectsof this

3it.

Theistri%uted Services Guideof the Windows Server 2003 Resource Kit (or see the

istri%uted Services Guideon the We, at htt$122www.microsoft.com2res3it) for more

information a,o+t domain and forest tr+sts.

R0C =""=1Protocol Standard for a Net&'(S Service on a T)P*+P Trans!ort )once!ts and

Met-ods

Related Tools

0or more information a,o+t the Networ3 Monitor too'- see 5Networ3 Monitor6 in He'$ and

S+$$ort Center for Windows Server !""#.

0or more information a,o+t the Netsh command>'ine too'- see 5Netsh6 in He'$ and S+$$ortCenter for Windows Server !""#.

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St



36/36


Related elp Topi%s

0or ,est res+'ts in identif&in% He'$ to$ics ,& tit'e- in He'$ and S+$$ort Center- +nder the -earch,o/- c'ic3 -et

search o'tions. @nder Hel' "o'ics- se'ect the-earch in title onl.chec3,o/.

5WINS6 in He'$ and S+$$ort Center for Windows Server !""#.

5Netsh Commands for WINS6 in He'$ and S+$$ort Center for Windows Server !""#.

5Confi%+rin% WINS re$'ication6 in He'$ and S+$$ort Center for Windows Server !""# for

more information a,o+t WINS confi%+ration across WANs- 7ANs- or +ntr+sted domains.

5Ena,'in% Ker,eros 9 a+thentication6 in He'$ and S+$$ort Center for Windows Server !""#.

Sm

i

t

h

Ng

u

y

e

nS

t

u

d

i

o

Smith Nguyen St

7119477 deploying wins smith.n studio

Documents