You are on page 1of 36

C H A P T E R 4

Windows Internet Name Service (WINS) in the Microsoft Windows Server !""# o$eratin% s&stem a''ows
'ar%e or%ani(ations to accom$'ish Net)I*S name reso'+tion with hi%h avai'a,i'it&- sec+rit&- and $erformance.
The fo''owin% sections descri,e the WINS de$'o&ment $rocess- inc'+din% how to desi%n and c+stomi(e a sec+re
re$'ication strate%&. WINS mi%ration information and e/am$'es are a'so $rovided.
In This Chapter
Overview of WINS Deployment .............................................. ............................. 180
Building Your WINS Server Strategy ............................................ ........................ 184
Deigning Your WINS !epli"ation Strategy .................................. ........................ 1#$
Se"uring Your WINS Solution ............................................................ ................... $0%
Integrating WINS wit& Ot&er Servi"e ......................................... ........................ $0'
Implementing Your WINS Solution ..................................................... .................. $0#
(dditional !eour"e .............................................................................. ............. $1)
Related Information
0or more information a,o+t Windows Internet Name Service (WINS)- see the Networking
Guide of the Microsoft Windows Server 2003 Resource Kit (or see the Networking Guide on
the We, at htt$122www.microsoft.com2res3it).
0or more information a,o+t $'annin% and desi%nin% &o+r 4omain Name S&stem (4NS)
networ3- see 54e$'o&in% 4NS6 in this ,oo3.
Deploying WINS
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
180 Chapter 4 Deploying WINS
Overview of WINS Deployment
WINS $rovides a d&namic so'+tion for networ3 ,asic in$+t2o+t$+t s&stem (Net)I*S) name reso'+tion in
enter$rise networ3s. A'tho+%h most 'ar%e networ3s c+rrent'& have a WINS infrastr+ct+re- some sti'' re'& on
other methods of Net)I*S name reso'+tion- s+ch as the 7mhosts fi'e. If &o+r or%ani(ation does not c+rrent'&
+se WINS- and intends to contin+e o$eratin% with Microsoft Windows 89- Windows 8:-
Windows Mi''enni+m Edition- or Microsoft Windows NT version 4."- consider im$'ementin% WINS when
&o+ de$'o& Windows Server !""# in order to a+tomate Net)I*S name reso'+tion. Certain a$$'ications- s+ch as
Microsoft E/chan%e Server- a'so re'& on Net)I*S name reso'+tion. Therefore- even if a'' of &o+r com$+ters
are r+nnin% Microsoft Windows !"""- Windows ;P- or Windows Server !""#- &o+ mi%ht sti'' re<+ire
Net)I*S name reso'+tion ,ased on the a$$'ications r+nnin% in &o+r environment.
If &o+ are +$%radin% &o+r c+rrent WINS servers to Windows Server !""#- determine if &o+r e/istin% hardware
is com$ati,'e with Windows Server !""#- then mi%rate &o+r WINS so'+tion to Windows Server !""#.
)& de$'o&in% WINS- &o+ $rovide Net)I*S name reso'+tion for c'ients on &o+r networ3. WINS im$'ements a
distri,+ted data,ase for Net)I*S names and their corres$ondin% addresses. WINS c'ients re%ister their names at
a 'oca' WINS server- and the WINS servers re$'icate the entries to the other WINS servers. This ens+res the
+ni<+eness of Net)I*S names and ma3es 'oca' name reso'+tion $ossi,'e.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 181
WINS Deployment Process
4e$'o&in% WINS invo'ves ,+i'din% a server strate%&- desi%nin% a re$'ication strate%&- sec+rin% &o+r WINS
so'+tion- inte%ratin% WINS with other services- and im$'ementin% &o+r WINS so'+tion. 0i%+re 4.= shows the
%enera' WINS de$'o&ment $rocess.
Figure 4.1 Deploying WINS
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
182 Chapter 4 Deploying WINS
Technology Background
Sma''er- non>ro+ted networ3s can ,e confi%+red as ,roadcast nodes- a'so 3nown as )>nodes- accom$'ishin%
Net)I*S name re%istration and reso'+tion ,& +sin% ,roadcast $ac3ets. A non>WINS so'+tion is via,'e where the
,roadcast domain is sma'' and the res+'tin% ,roadcast traffic is 'ow. However- the traffic %enerated ,& ,roadcasts
can over'oad a 'ar%e networ3. In addition- some ro+ters do not a''ow ,roadcast messa%es to $ass thro+%h- so this
method of name reso'+tion is not an o$tion for most enter$rise networ3s. A'tho+%h &o+ can a'so +se the static
7mhosts fi'e for Net)I*S name reso'+tion- man+a''& editin% the fi'e with each name or IP address chan%e can
,e time>cons+min% and $rone to administrative error. A'so- it is not a via,'e so'+tion in a 4&namic Host
Confi%+ration Protoco' (4HCP) environment. These more com$'e/ environments re<+ire a non>,roadcast>,ased
so'+tion- which WINS $rovides ,& +sin% +nicast Net)I*S name re%istration and reso'+tion.
WINS c'ient s+$$ort a''ows &o+ to s$ecif& +$ to =! WINS servers for red+ndanc&. 4ifferent confi%+rations- or
node t&$es- are avai'a,'e thro+%h WINS. The node t&$e determines the method or methods that are +sed for
Net)I*S name reso'+tion. WINS s+$$orts the fo''owin% node t&$es- as shown in Ta,'e 4.=.
Table 4.1 NetI!S Node Types
Node Type Resolution "ethod
#node I$ broad%ast messages register and resol&e NetI!S names
to I$ addresses. Windo's ()))*based and "i%rosoft+
Windo's+ ,$*based %omputers use modified #node name
resolution. If the broad%ast fails to resol&e the name- an
lmhosts file is used.
$#node $oint#to#point %ommuni%ation 'ith a NetI!S name ser&er-
su%h as WINS- to register and resol&e %omputer names to I$
addresses.
"#node . mi/ of #node and $#node %ommuni%ation to register and
resol&e NetI!S names. "#node first uses broad%ast
resolution- and then attempts a ser&er 0uery if ne%essary.
1#node . hybrid of #node and $#node. .n 1#node %omputer attempts
to 0uery a ser&er first and uses broad%asts only if dire%t
0ueries fail. Windo's ())) and Windo's ,$*based
%omputers are %onfigured to use 1#node by default.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 183
Ne' Features for Windo's Ser&er ())2
The fo''owin% im$rovements to the Windows Internet Name Service (WINS) have ,een made in the Windows
Server !""# fami'&1
Filtering re%ords
Im$roved fi'terin% and new search f+nctions he'$ &o+ 'ocate records ,& showin% on'& those records that fit the
criteria &o+ s$ecif&. These f+nctions are $artic+'ar'& +sef+' in ana'&(in% ver& 'ar%e WINS data,ases. ?o+ can
+se m+'ti$'e criteria to $erform advanced searches for WINS data,ase records. This im$roved fi'terin%
ca$a,i'it& a''ows &o+ to com,ine fi'ters for c+stomi(ed and $recise <+er& res+'ts. Avai'a,'e fi'ters inc'+de1
record owner- record t&$e- Net)I*S name- and IP address with or witho+t s+,net mas3.
)eca+se &o+ can now store <+er& res+'ts in the cache of the memor& on &o+r 'oca' com$+ter- the $erformance of
s+,se<+ent <+eries is increased- and networ3 traffic is red+ced.
.%%epting repli%ation partners
When determinin% a re$'ication strate%& for &o+r or%ani(ation- &o+ can define a 'ist that contro's the so+rce of
incomin% name records d+rin% $+'' re$'ication ,etween WINS servers. In addition to ,'oc3in% name records
from s$ecific re$'ication $artners- &o+ can a'so choose to acce$t on'& name records owned ,& s$ecific WINS
servers d+rin% re$'ication- e/c'+din% the name records of a'' servers that are not on the 'ist.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
184 Chapter 4 Deploying WINS
Building our WINS Server
Strategy
When ,+i'din% &o+r WINS server strate%&- acco+nt for an& e/istin% hardware that &o+ mi%ht need to +$%rade-
how man& WINS servers are needed for &o+r desi%n- and how &o+r server strate%& increases WINS avai'a,i'it&
and o$timi(es WINS $erformance. 0i%+re 4.! shows the $rocess for ,+i'din% &o+r WINS server strate%&.
Figure 4.( uilding 3our WINS Ser&er Strategy
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 18
!eviewing WINS "ardware
4etermine whether &o+r c+rrent WINS server hardware is s+fficient to +$%rade to Windows Server !""#. ?o+
mi%ht need to +$%rade &o+r server hardware for o$tima' WINS $erformance. A d+a'>$rocessor WINS server
increases $erformance a,o+t !9 $ercent- and a dedicated dis3 drive meas+ra,'& im$roves WINS server name
re$'ication res$onse time.
When se'ectin% &o+r hardware- consider the fo''owin% $erformance %+ide'ines1
@se hi%h>$erformance dis3 hardware. WINS ca+ses fre<+ent and intense activit& on server hard
dis3s.
Consider +sin% a red+ndant arra& of inde$endent dis3s (RAI4)>,ased so'+tion- which im$roves
dis3 access time.
When eva'+atin% the $erformance of a server- inc'+de WINS to ens+re the server can hand'e its
demandin% +se of centra' $rocessin% +nit (CP@)- memor&- and dis3 in$+t2o+t$+t (I2*). Monitor
server +sa%e to determine whether WINS server hardware needs to ,e +$%raded.
0or a c+rrent 'ist of com$ati,'e hardware- see the Hardware Com$ati,i'it& 7ist (HC7) 'in3 on the We,
Reso+rces $a%e at htt$122www.microsoft.com2windows2res3its2we,reso+rces.
0or more information a,o+t determinin% hardware com$ati,i'it&- see 5P'annin% for 4e$'o&ment6 in Planning,
Testing, and Piloting e!lo"#ent Pro$ects of this 3it.
Determining "ow #any WINS Servers to
Deploy
The n+m,er of WINS servers needed and the 'ocations of each server de$end on the n+m,er of WINS c'ients
$er server and the networ3 to$o'o%&.
The n+m,er of +sers each server can s+$$ort de$ends on +sa%e $atterns- data stora%e- and the $rocessin%
ca$a,i'ities of the server. A WINS server can t&$ica''& re%ister =-9"" names $er min+te or answer 4-9"" <+eries
$er min+te. This means that a sin%'e WINS server can ade<+ate'& service +$ to ="-""" c'ients.
?o+ mi%ht insta'' additiona' WINS servers in 'ocations se$arated ,& s'ow- or $a&>,&>+sa%e wide area networ3
(WAN) 'in3s. Set conservative c'ient co+nts for a WINS server to minimi(e c'ient <+er& res$onse times. A''ow
room in &o+r desi%n for $ea3>'oad conditions- s+ch as 'ar%e>sca'e $ower o+ta%es that force man& com$+ters to
restart sim+'taneo+s'&- there,& ,om,ardin% the WINS servers with re%istration re<+ests.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
18! Chapter 4 Deploying WINS
Designing WINS for "igh $vaila%ility
An& desi%n that re<+ires hi%h avai'a,i'it& m+st inc'+de more than one WINS server. Consider a'' $ossi,'e $oints
of fai'+re- inc'+din% servers- WAN 'in3s- and ro+ters. These factors- a'on% with the ,+siness %oa's of the
or%ani(ation- determine the re<+ired 'eve' of WINS red+ndanc& and fa+'t to'erance.
To ens+re that &o+ are $'annin% a fa+'t>to'erant WINS desi%n- as3 the fo''owin% <+estion for each server on &o+r
networ31 What ha$$ens to WINS if this server sh+ts down or if c'ients cannot reach itA
To he'$ answer the <+estion- consider two common sit+ations in which a WINS server mi%ht fai' to $erform its
ro'e on a networ31
A hardware or $ower fai'+re re<+ires downtime for server re$air or maintenance.
A networ3 'in3 or ro+ter fai'+re iso'ates a WINS server from c'ients.
To $re$are for ,oth of these sit+ations1
Consider the 'en%th of time a WINS server mi%ht ,e o+t of service on &o+r networ3- factorin%
in ,oth $'anned and +n$'anned o+ta%es.
Consider what ha$$ens to &o+r WINS c'ients if their $rimar& WINS server sh+ts down. )&
maintainin% and assi%nin% secondar& WINS servers for c'ients- &o+ can red+ce the im$act of a
sin%'e WINS server ,ein% off'ine.
0or each c'ient- s$ecif& the servers for WINS 'oo3+$ and the node t&$e. When desi%nin% &o+r WINS c'ient
s+$$ort strate%& for ma/im+m avai'a,i'it&- do the fo''owin%1
S$ecif& m+'ti$'e WINS servers for c'ients to $rovide server red+ndanc&.
0or fa+'t to'erance in the case of 'in3 fai'+re- $oint c'ients to a 'oca' WINS server as their
$rimar& WINS server- and a remote WINS h+, as their secondar& WINS server. Idea''&- the
secondar& WINS server is 'ocated in a se$arate ,+i'din% and on a se$arate $ower %rid from the
$rimar& WINS server.
Consider +sin% an 7mhosts fi'e to $rovide secondar& name reso'+tion in the event of a WINS
fai'+re.
Whi'e 7mhosts fi'es are not a recommended so'+tion- in rare circ+mstances the& can $rovide an
effective tem$orar& so'+tion. 7mhosts fi'es m+st ,e ti%ht'& mana%ed ,eca+se chan%es in the
Net)I*S environment do not a+tomatica''& +$date in static name fi'es.
0or more information a,o+t the 7mhosts fi'e- see the Networking Guide of the Windows
Server 2003 Resource Kit (or see the Networking Guide on the We, at
htt$122www.microsoft.com2res3it).
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 18"
&sing #ultiple Servers
To $rovide additiona' fa+'t to'erance- confi%+re a secondar& (or ,ac3+$) WINS server. A'tho+%h WINS
re$'ication architect+re ,enefits from em$'o&in% a minim+m n+m,er of WINS servers- em$'o&in% a secondar&
WINS server im$roves the avai'a,i'it& of &o+r desi%n. This so'+tion ,a'ances $erformance and avai'a,i'it&
a%ainst cost and mana%ea,i'it&.
When +sin% two WINS servers to $rovide red+ndanc& and 'oad ,a'ancin%- confi%+re the re$'ication re'ationshi$
,etween these servers as a $+'' or $+sh $artnershi$. When &o+ +se re$'ication- ,oth servers contain the same
WINS data,ase information.
When a WINS server is confi%+red as a $+'' $artner- it $eriodica''& <+eries the $artner server to determine if an&
+$dates are avai'a,'e. @se $+'' $artnershi$s1
*ver 'ower>s$eed WAN or con%ested 'oca' area networ3 (7AN) connections.
To red+ce re$'ication traffic ,& conso'idatin% WINS data,ase +$dates.
To $erform WINS data,ase +$dates at sched+'ed interva's.
When a WINS server is confi%+red as a $+sh $artner- the WINS server notifies the $artner server that +$dates
are avai'a,'e for re$'ication. @se $+sh $artnershi$s1
*ver 7AN or hi%her>s$eed WAN connections.
When the networ3 traffic created ,& fre<+ent WINS re$'ication +$dates is not a consideration.
To ens+re WINS data,ase +$dates are received as soon as $ossi,'e.
The avai'a,i'it& that is $rovided ,& WINS re$'ication is a$$ro$riate for so'vin% avai'a,i'it& iss+es at 'oca' and
remote 'ocations. Addin% a WINS server to a remote 'ocation ens+res WINS avai'a,i'it& in the event that a
WAN 'in3 or ro+ter fai's. 0or more information on re$'ication strate%ies- see 54esi%nin% ?o+r WINS
Re$'ication Strate%&6 'ater in this cha$ter.
&sing Windows 'lustering
Windows C'+sterin% $rovides a hi%her 'eve' of fa+'t to'erance ,+t cons+mes additiona' s&stem reso+rces. If &o+r
,+siness %oa's re<+ire a WINS desi%n that $rovides the hi%hest avai'a,i'it&- +se server c'+sters as $rovided ,&
Windows C'+sterin%. )& confi%+rin% WINS on m+'ti$'e servers ,e'on%in% to the same c'+ster- &o+1
Share a common WINS data,ase.
Provide immediate fai'over in the event of fai'+re.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
188 Chapter 4 Deploying WINS
Restore fai'ed servers sooner- ,eca+se data,ase res&nchroni(ation is not re<+ired ,etween the
c'+ster nodes.
4/ample5 . Company 6ses a Cluster to Simplify their WINS Design
A 'ar%e cor$oration +ses a server c'+ster to $rovide infrastr+ct+re services- inc'+din% WINS. Prior to
im$'ementin% the server c'+ster- the com$an& had a 'ar%e and com$'icated Windows NT 4."B,ased WINS
re$'ication to$o'o%&. To maintain consistenc& and $rovide acc+rate information to c'ients- WINS c'ient records
were re$'icated to a'' WINS servers.
To sim$'if& the re$'ication matri/- $rovide red+ndanc&- and more efficient'& mana%e the WINS traffic 'oad- a
server c'+ster is +sed as the WINS re$'ication h+,. A$$'ications and services r+nnin% on nodes in the c'+ster are
e/$osed to +sers and wor3stations as virt+a' servers. 0i%+re 4.# shows the re$'ication matri/ ,efore the WINS
c'+ster im$'ementation.
Figure 4.2 WINS Topology $re#Clustering
Note
If you choose to cluster your WINS servers( %e sure to e)uip the
servers with a hard disk containing high*speed I+O that is dedicated to
WINS, This can speed up the data%ase response and ensure
clustering efficiency,
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 18#
0i%+re 4.4 shows the new sim$'ified re$'ication matri/ +sin% a server c'+ster.
Figure 4.4 WINS Topology $ost#Clustering
Windows C'+sterin% on'& so'ves 'oca' avai'a,i'it& iss+es. Windows Server !""#B,ased servers that ,e'on% to the
same c'+ster re<+ire $ersistent- hi%h>s$eed connections ,etween a'' servers in the c'+ster.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
1#0 Chapter 4 Deploying WINS
0or more information a,o+t server c'+sters- see 54esi%nin% Server C'+sters6 in Planning Server e!lo"#ents of
this 3it.
Optimi-ing WINS Performance
A'tho+%h WINS is desi%ned to he'$ red+ce ,roadcast traffic ,etween 'oca' s+,nets- it creates some traffic
,etween servers and c'ients. This is $artic+'ar'& im$ortant if &o+ +se WINS on ro+ted TCP2IP networ3s.
To o$timi(e $erformance- ,e%in ,& estimatin% the amo+nt of networ3 traffic ,etween WINS c'ients and WINS
servers +nder norma' conditions. Estimate and monitor the fo''owin%1
Net)I*S names common'& re%istered ,& WINS c'ients.
WINS re%istration and renewa' ca+sed ,& dai'& start+$ of c'ients.
Mo,i'e +sers and their effect when movin% within a ro+ted networ3.
The effects of s'ower 'in3s- s+ch as WAN 'in3s and their effect on re$'ication $erformance and
conver%ence.
Redu%ing Response Time
Red+cin% the res$onse time of WINS im$roves $erformance- with the %reatest visi,i'it& to +sers and
mana%ement. As a res+'t- a desi%n that red+ces the res$onse time of WINS is hi%h'& s+ccessf+'.
The $erformance of &o+r WINS desi%n 'ar%e'& de$ends on other networ3 traffic. 0or e/am$'e- a s+,net that
re'ies on a WINS server e'sewhere on the WAN mi%ht e/$erience $oor $erformance d+rin% $ea3 ho+rs when
networ3 +sa%e is hi%h. Increase the Net)I*S name re%istration renewa' $eriod- which defa+'ts at si/ da&s- to
red+ce c'ient>to>server renewa' traffic. This settin% m+st ,e chan%ed on the WINS server.
*,tain re'ia,'e fi%+res on the n+m,er of 'ocations and hosts that &o+r WINS desi%n m+st s+$$ort. When
$'annin% for WINS c'ient traffic on 'ar%e- ro+ted networ3s- estimate and monitor the effect of name <+er&-
re%istration- and res$onse traffic ro+ted ,etween s+,nets. Name re<+ests and res$onses that occ+r at the dai'&
start+$ of com$+ters m+st $ass thro+%h the traffic <+e+es on the ro+ters and mi%ht ca+se de'a&s at $ea3 times.
Note
Before adding WINS to a set of clustered servers( %e sure to consider
%oth the advantages and disadvantages of doing so, In many cases(
the overall num%er of WINS servers is small( so clustering WINS is not
necessary . replication makes WINS fault tolerant, Instead( configure
your WINS clients with the address of a secondary WINS server to
ensure uninterrupted service,
Caution
WINS does not support rolling upgrades from Windows /000 to
Windows Server /001 in a server cluster, ou can upgrade and failover
to Windows Server /001, "owever( when WINS is %rought online on
Windows Server /001( it cannot fail %ack to the Windows /000 node,
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 1#1
Consolidating "ultiple Subnets
When &o+ have m+'ti$'e s+,nets in a sma'' remote office- consider conso'idatin% the office to one s+,net
address.
?o+ can do this +sin% as&nchrono+s transfer mode (ATM) switchin% or a virt+a' $rivate networ3 (CPN)
confi%+ration. )& conso'idatin% to one s+,net address- &o+ can confi%+re c'ients to +se 'oca' ,roadcasts to
reso've names ,efore attem$tin% to contact a WINS server across the WAN. Chan%in% the c'ient to M>node
a''ows it to ,roadcast 'oca''& for reso+rces ,efore contactin% a WINS server for Net)I*S name reso'+tion. This
can he'$ to red+ce the overa'' amo+nt of WINS>associated traffic- es$ecia''& WAN traffic.
@se 4HCP sco$e o$tion "4D- WINS2N)T Node T&$e- to confi%+re &o+r WINS c'ients as M>node c'ients. 0or
more information a,o+t confi%+rin% 4HCP o$tions at the 4HCP server- see 5Assi%n a sco$e>,ased o$tion6 in
He'$ and S+$$ort Center for Windows Server !""#.
Configuring urst 1andling
)+rst hand'in% s+$$orts a hi%h vo'+me of WINS c'ient name re%istration. When a 'ar%e n+m,er of WINS c'ients
sim+'taneo+s'& tr& to re%ister their Net)I*S names- the WINS server can ,ecome sat+rated. In ,+rst hand'in%
mode- the WINS server res$onds $ositive'& to c'ients that s+,mit a re%istration re<+est ,efore the WINS server
has $rocessed and entered these +$dates in the WINS server data,ase. The WINS server immediate'& sends a
re'ative'& short- random Time to 7ive (TT7) 'ease 'en%th to a'' WINS c'ients. The short TT7 'ease 'en%th forces
WINS c'ients to rere%ister after the e/cessive WINS re%istration traffic s+,sides- therefore decreasin% the 'oad
on the networ3 and var&in% the de'a& interva' to distri,+te the 'oad over time.
@sin% the WINS MMC sna$>in- &o+ can confi%+re the 'eve' of ,+rst hand'in% for the server- which modifies the
si(e of the ,+rst <+e+e.
To %onfigure burst handling
1. In the WINS MMC sna$>in- ri%ht>c'ic3 the a$$ro$riate WINS server.
$. Se'ect the Advanced ta, from the server na#e $ro$erties dia'o% ,o/.
). In Enable Burst Handling- se'ect Low (300)- Medium (500)- High (1000)- or ustom
(50!5000) as the ,+rst <+e+e si(e.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
1#2 Chapter 4 Deploying WINS
7oad alan%ing 'ith Redundant WINS Databases
A WINS im$'ementation desi%n $rovides hi%her $erformance ,& s$ecif&in% that m+'ti$'e WINS servers contain
re$'icas of WINS data,ases. These red+ndant servers im$rove $erformance ,& $rovidin% 'oad ,a'ancin%.
@se 'oad ,a'ancin% with red+ndant WINS data,ases when1
The 'en%th of time to $erform WINS f+nctions is +nacce$ta,'& 'on%.
The connections ,etween the WINS servers s+$$ort the additiona' WINS re$'ication traffic.
The traffic %enerated ,& WINS c'ients accessin% a WINS server in another 'ocation sat+rates a
WAN 'in3.
The cost of addin% a server is not $rohi,itive.
Designing our WINS !eplication
Strategy
A %ood re$'ication desi%n is essentia' to &o+r WINS avai'a,i'it& and $erformance. 4esi%ns encom$assin%
m+'ti$'e WINS servers distri,+te Net)I*S name reso'+tion across 7AN and WAN environments- confinin%
WINS c'ient traffic to 'oca'i(ed areas. To ens+re consistent- networ3>wide name reso'+tion- WINS servers m+st
re$'icate their 'oca' entries to other servers. 0or more information a,o+t a WINS re$'ication strate%&- see the
e/am$'es 'ater in this section.
0i%+re 4.9 shows the $rocess for desi%nin% &o+r WINS re$'ication strate%&.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 1#3
Figure 4.8 Designing 3our WINS Repli%ation Strategy
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
1#4 Chapter 4 Deploying WINS
)efore confi%+rin% re$'ication- caref+''& desi%n and review &o+r WINS re$'ication to$o'o%&. 0or WANs- this
$'annin% can ,e critica' to the s+ccess of &o+r de$'o&ment and +se of WINS.
WINS $rovides the fo''owin% choices when &o+ are confi%+rin% re$'ication1
?o+ can man+a''& confi%+re WINS re$'ication for a WAN environment.
0or 'ar%er networ3s- &o+ can confi%+re WINS to re$'icate within a 7AN environment.
In sma''er or ,o+nded 7AN insta''ations- consider ena,'in% and +sin% WINS a+tomatic $artner
confi%+ration for sim$'ified set+$ of WINS re$'ication.
In 'ar%er or %'o,a' insta''ations- &o+ mi%ht have to confi%+re WINS across +ntr+sted
Windows NT domains.
If &o+r networ3 +ses on'& two WINS servers- confi%+re them as $+sh2$+'' re$'ication $artners to each other.
When confi%+rin% re$'ication $artners- avoid $+sh>on'& or $+''>on'& servers e/ce$t where necessar& to
accommodate s'ow 'in3s. In %enera'- $+sh2$+'' re$'ication is the most sim$'e and effective wa& to ens+re f+''
WINS re$'ication ,etween $artners. This a'so ens+res that the $rimar& and secondar& WINS servers for an&
$artic+'ar WINS c'ient are $+sh2$+'' $artners of each other- a re<+irement for $ro$er WINS f+nctionin% in the
event of a fai'+re of the $rimar& server of the c'ient.
In most cases- the h+,>and>s$o3e mode' $rovides a sim$'e and effective desi%n for or%ani(ations that re<+ire
com$'ete conver%ence with minima' administrative intervention. 0or e/am$'e- this mode' wor3s we'' for
or%ani(ations with centra'i(ed head<+arters or a cor$orate data center (the h+,) and severa' ,ranch offices (the
s$o3es). A'so- a second or red+ndant h+, (that is- a second WINS server in the centra' 'ocation) can increase the
fa+'t to'erance for WINS.
In some 'ar%e enter$rise WINS networ3s- 'imited re$'ication $artnerin% can effective'& s+$$ort re$'ication over
s'ow networ3 'in3s. However- when &o+ $'an 'imited WINS re$'ication- ens+re that each server has at 'east one
re$'ication $artner. 0+rthermore- ,a'ance each s'ow 'in3 that em$'o&s a +nidirectiona' 'in3 ,& a +nidirectiona'
'in3 e'sewhere in the networ3 that carries +$dated entries in the o$$osite direction.
Specifying $utomatic Partner 'onfiguration
?o+ can confi%+re a WINS server to a+tomatica''& confi%+re other WINS server com$+ters as re$'ication
$artners. )& +sin% this a+tomatic $artner confi%+ration- other WINS servers are discovered when the& Eoin the
networ3 and are added as re$'ication $artners.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 1#
When +sin% a+tomatic $artner confi%+ration- each WINS server anno+nces its $resence on the networ3 ,& +sin%
$eriodic m+'ticasts. These anno+ncements are sent as Internet Fro+$ Mana%ement Protoco' (IFMP) messa%es
for the m+'ticast %ro+$ address of !!4.".=.!4- which is reserved for WINS server +se.
A+tomatic $artner confi%+ration is t&$ica''& +sef+' in sma'' networ3s- s+ch as sin%'e s+,net 7AN environments.
However- &o+ can +se a+tomatic $artner confi%+ration in ro+ted networ3s. 0or WINS m+'ticast s+$$ort in
ro+ted networ3s- the forwardin% of m+'ticast traffic is made $ossi,'e ,& confi%+rin% ro+ters for each s+,net to
forward traffic to the WINS m+'ticast %ro+$ address of. !!4.".=.!4.
)eca+se $eriodic m+'ticast anno+ncements ,etween WINS servers can add traffic to &o+r networ3- a+tomatic
$artner confi%+ration is recommended on'& if &o+ have a sma'' n+m,er of insta''ed WINS servers (t&$ica''&-
three or fewer).
A+tomatic $artner confi%+ration monitors m+'ticast anno+ncements from other WINS servers- and $erforms the
fo''owin% confi%+ration ste$s1
Adds the IP addresses for the discovered servers to its 'ist of re$'ication $artner servers.
Confi%+res the discovered servers as $+sh2$+'' $artners.
Confi%+res $+'' re$'ication at two>ho+r interva's with the discovered servers.
If a remote server is discovered and added as a $artner ,& means of m+'ticastin%- it is removed as a re$'ication
$artner when WINS sh+ts down $ro$er'&. To have a+tomatic $artner information $ersist when WINS restarts-
&o+ m+st man+a''& confi%+re the $artners.
To man+a''& confi%+re re$'ication with other WINS servers- +se the WINS Microsoft Mana%ement Conso'e
(MMC) sna$>in or the Netsh command>'ine too' to s$ecif& ro'es for each $artner and an& re'ated information.
0or more information a,o+t the Netsh command>'ine too'- see 5Netsh6 and 5Netsh commands for WINS6 in
He'$ and S+$$ort Center for Windows Server !""#.
Determining !eplication Partners
Choosin% whether to confi%+re a WINS server as a $+sh $artner- $+'' $artner- or $+sh2$+'' $artner de$ends on
severa' considerations- inc'+din% the s$ecific confi%+ration of servers at &o+r site- whether the $artner is across
a WAN- and how im$ortant it is to distri,+te chan%es immediate'& thro+%ho+t the networ3.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
1#! Chapter 4 Deploying WINS
In the h+,>and>s$o3e confi%+ration- &o+ can confi%+re one WINS server as the centra' server and a'' other
WINS servers as $+sh2$+'' $artners of this centra' server. S+ch a confi%+ration ens+res that the WINS data,ase
on each server contains addresses for ever& node on the WAN. 0i%+re 4.D shows re$'ication +sin% a h+,>and>
s$o3e to$o'o%&.
Figure 4.9 WINS Repli%ation in a 1ub#and#Spo:e Topology
?o+ can se'ect other confi%+rations for re$'ication $artner confi%+rations to meet the $artic+'ar needs of &o+r
site. 0or e/am$'e- 0i%+re 4.G shows re$'ication in a T networ3 to$o'o%&- in which Server= has on'& Server! as a
$artner- ,+t Server! has three $artners. So Server= %ets a'' the re$'icated information from Server!- ,+t Server!
%ets information from Server=- Server#- and Server4.
Figure 4.; Repli%ation in a T Net'or: Topology
If Server! needs to $erform $+'' re$'ications with Server#- ma3e s+re it is a $+sh $artner of Server#. If Server!
needs to $+sh re$'ications to Server#- confi%+re it as a $+'' $artner of Server#. 4etermine whether to confi%+re
WINS servers as either $+'' or $+sh $artners- and set $artner $references for each server.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 1#"
Determining 'onvergence Time
The time needed to re$'icate a new entr& in a WINS data,ase- from the WINS server that owns the entr& to a''
other WINS servers on the networ3 is defined as convergence ti#e. When $'annin% for WINS servers- &o+ m+st
decide what is acce$ta,'e as the conver%ence time for &o+r networ3H the 'on%er the re$'ication $ath- the 'on%er
the conver%ence time.
Name <+er& re<+ests can s+cceed ,efore the conver%ence time e'a$ses- res+'tin% in ear'ier re$'ication of the new
entr&. This ha$$ens when1
The entries re$'icate over a shorter $ath than the worst>case $ath.
"he #umber o$ changes in version %& be$ore re'lication thresho'd e/$ires in the $+sh
re$'ication settin%s ,efore the (e'lication %nterval e/$ires in the $+'' re$'ication settin%s in the
(e'lication )artners )ro'erties dia'o% ,o/ in the WINS sna$>in.
'onfiguring !eplication $cross W$Ns
When confi%+rin% WINS re$'ication across WANs- the two most im$ortant iss+es are1
Whether &o+r WINS re$'ication occ+rs over s'ower WAN 'in3s.
The 'en%th of time re<+ired for a'' re$'icated chan%es in the WINS data,ase to conver%e and
achieve consistenc& on the networ3.
The fre<+enc& of WINS data,ase re$'ication ,etween WINS servers is a maEor desi%n iss+e. The WINS server
data,ase m+st ,e re$'icated fre<+ent'& eno+%h to $revent the downtime of a sin%'e WINS server from affectin%
the re'ia,i'it& of the ma$$in% information in other WINS servers. However- the time interva' ,etween
re$'ications cannot ,e so sma'' that it interferes with networ3 thro+%h$+t.
Networ3 to$o'o%& can inf'+ence &o+r decision on re$'ication fre<+enc&. 0or e/am$'e- if &o+r networ3 has
m+'ti$'e h+,s connected ,& re'ative'& s'ow WAN 'in3s- &o+ can confi%+re WINS data,ase re$'ication ,etween
WINS servers on the s'ow 'in3s to occ+r 'ess fre<+ent'& than re$'ication on the 7AN or on fast WAN 'in3s. This
red+ces traffic across the s'ow 'in3 and red+ces contention ,etween re$'ication traffic and WINS c'ient name
<+eries.
After determinin% the re$'ication strate%& that wor3s ,est for &o+r or%ani(ation- ma$ the strate%& to &o+r
$h&sica' networ3. 0or e/am$'e- if &o+ have chosen a h+,>and>s$o3e strate%&- indicate on &o+r networ3 to$o'o%&
ma$ which sites have the 5h+,6 server- and which have the 5s$o3e6 servers. A'so indicate whether the
re$'ication is $+sh2$+''- $+sh>on'&- or $+''>on'&.
4oc+ment the confi%+rations of each WINS server- inc'+din% the hardware confi%+ration- IP address- re$'ication
confi%+ration- and re$'ication $artners.
0or more information a,o+t WIN confi%+ration across WANs- see 5Confi%+rin% WINS re$'ication6 in He'$ and
S+$$ort Center for Windows Server !""#.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
1#8 Chapter 4 Deploying WINS
'onfiguring !eplication $cross 2$Ns
When confi%+rin% WINS re$'ication across 7ANs- the iss+es are simi'ar to those that occ+r in WAN
environments- a'tho+%h 'ess critica'.
)eca+se the data thro+%h$+t of the +nder'&in% networ3 'in3s for 7ANs is m+ch %reater than for WANs- it mi%ht
,e acce$ta,'e to increase the fre<+enc& of WINS data,ase re$'ication ,& s$ecif&in% $+sh and $+'' $arameters
for 7AN>,ased re$'ication $artners. 0or $+sh2$+'' $artners- &o+ can do this ,& decreasin% the #umber o$
changes in version %& be$ore re'lication and (e'lication interval settin%s from what &o+ +se for WAN>,ased
$artners on s'ower 'in3s.
0or e/am$'e- ,etween 7AN>,ased re$'ication $artners it often wor3s to ena,'e WINS to +se a $ersistent
connection ,etween the servers. Witho+t a $ersistent connection- the norma' +$date co+nt thresho'd defa+'ts to a
minim+m of !". ?o+ can s$ecif& a sma''er +$date co+nt with a $ersistent connection.
Ne/t- &o+ can s$ecif& a m+ch sma''er n+m,er- s+ch as a va'+e of one to three in the #umber o$ changes in
version %& be$ore re'lication settin% ,efore WINS sends a $+sh re$'ication tri%%er to the other $artner. 0or $+''
$artners- &o+ mi%ht a'so consider settin% the (e'lication interval settin% to a va'+e in min+tes- instead of ho+rs.
As in WAN re$'ication $'annin%- the WINS server data,ase m+st re$'icate fre<+ent'& eno+%h to $revent the
downtime of a sin%'e WINS server from affectin% the re'ia,i'it& of the ma$$in% information in other WINS
servers. However- the time interva' ,etween re$'ications cannot ,e so sma'' that it interferes with networ3
thro+%h$+t.
In environments with a 'ar%e amo+nt of networ3 traffic it is a %ood idea to +se a networ3 monitorin% too'- s+ch
as Networ3 Monitor- to he'$ meas+re and determine how to o$timi(e &o+r WINS re$'ication strate%&.
0or more information a,o+t WINS confi%+ration across 7ANs- see 5Confi%+rin% WINS re$'ication6 in He'$ and
S+$$ort Center for Windows Server !""#. 0or more information a,o+t the Networ3 Monitor too'- see 5Networ3
Monitor6 in He'$ and S+$$ort Center for Windows Server !""#.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 1##
'onfiguring !eplication Between
&ntrusted Domains
It is $ossi,'e to set +$ WINS re$'ication ,etween one or more WINS servers in domains that do not have a tr+st
re'ationshi$. ?o+ can do this witho+t a va'id +ser acco+nt in the +ntr+stin% domain. To confi%+re re$'ication- an
administrator for each WINS server m+st +se the WINS sna$>in or Netsh commands to man+a''& confi%+re each
server to $ermit this re$'ication.
0or more information a,o+t WINS confi%+ration across domains that do not have tr+st re'ationshi$s- see
5Confi%+rin% WINS re$'ication6 in He'$ and S+$$ort Center for Windows Server !""#. 0or more information
a,o+t domain tr+sts- see the istri%uted Services Guide of the Windows Server 2003 Resource Kit (or see the
istri%uted Services Guide on the We, at htt$122www.microsoft.com2res3it).
#apping the !eplication $rchitecture to the
Physical Network
After determinin% the re$'ication strate%& that wor3s ,est for &o+r or%ani(ation- ma$ the strate%& to &o+r
$h&sica' networ3. 0or e/am$'e- if &o+ have chosen a h+,>and>s$o3e strate%&- indicate on &o+r networ3 to$o'o%&
ma$ which sites wi'' have the 5h+,6 server- and which wi'' have the 5s$o3e6 servers. A'so indicate whether the
re$'ication is $+sh2$+''- $+sh>on'&- or $+''>on'&.
4oc+ment the confi%+rations of each WINS server- inc'+din% the hardware confi%+ration- IP address- re$'ication
confi%+ration- and re$'ication $artners.
The conver%ence time for the s&stem is the s+m of the two 'on%est conver%ence times to the h+,. 0or e/am$'e-
in an or%ani(ation that has five WINS servers (WINS>A thro+%h WINS>E)- if WINS>) and WINS>4 re$'icate
with WINS>A (the h+,) ever& #" min+tes- and WINS>C and WINS>E re$'icate with the h+, ever& 4 ho+rs- the
conver%ence time is : ho+rs.
The fo''owin% e/am$'es show three different t&$es of re$'ication.
Important
If you re)uire replication across a firewall( keep in mind that WINS
replication occurs over T'P port 3/, Therefore( this port must not %e
%locked on any network device %etween two WINS replication partners,
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
200 Chapter 4 Deploying WINS
4/ample 15 Deploying WINS !&er a 7arge Number of ran%h !ffi%es
In this e/am$'e- a medi+m>si(ed com$an& has two main sites1 a New ?or3 and a 7os An%e'es office with 9""
com$+ters in each office- connected thro+%h hi%h>s$eed 'in3s. The com$an& a'so has more than =D" sma''
,ranch offices- inc'+din% 'oca' sa'es offices. To save on the costs of the 'in3s- some ,ranches act as
concentrators for a re%ion. 0i%+re 4.: shows a WINS server $'acement strate%& for an or%ani(ation with man&
sma'' ,ranch offices.
Figure 4.< Deploying WINS !&er a 7arge Number of ran%h !ffi%es
In most cases- the ,ranches do not have 'oca' WINS servers I there is sim$'& no need for a se$arate server for
each ,ranch. Instead- the com$an& adds re%iona' WINS servers when the costs of re%istration and <+er& traffic
increase a,ove the cost of de$'o&in% the additiona' server. When the 'in3 to a re%iona' WINS server fai's- 'oca'
names can sti'' ,e reso'ved ,& the ,roadcast mechanism.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 201
The re%iona' WINS servers are not re<+ired for this confi%+ration to f+nction correct'&- ,+t the& do $rovide a
cost o$timi(ation. The com$an&Js networ3 administrators avoid de$'o&in% the re%iona' servers whenever
$ossi,'e ,eca+se the added servers increase the conver%ence time. Administrators confi%+re re%iona' WINS
servers as re$'ication $artners of the WINS servers in the main sites.
C'ients in the main site are confi%+red with the IP address of their 'oca' WINS server as $rimar&- and the IP
address of the WINS server in the other main site as secondar&. C'ients in the re%iona' ,ranches are confi%+red
with the IP address of the re%iona' WINS server as $rimar&- and the address of the c'osest main site WINS
server as secondar&. The re$'ication interva' is set to =9 min+tes ,etween sitesH therefore- a'' com$+ters are
reacha,'e within =9 min+tes of an address re%istration or chan%e.
4/ample (5 Deploying WINS 'ith a Con%entrated 6ser ase
0i%+re 4.8 shows the networ3 confi%+ration of another e/am$'e com$an& that is ver& different. The networ3
serves a 'ar%er com$an& with three sites- Phi'ade'$hia- Seatt'e- and Ho+ston- each with 9-""" +sers. The n+m,er
of +sers E+stifies two WINS servers at each site.
Figure 4.= Deploying WINS !&er a Fe' 7arge Sites
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
202 Chapter 4 Deploying WINS
The c'ients are confi%+red with a 'oca' $rimar& and secondar& WINS server. Ha'f of the c'ients have one 'oca'
WINS server as $rimar& and the other as secondar&. The other ha'f has e/act'& the o$$osite confi%+ration. This
,a'ances the re%istration and <+er& 'oad over ,oth WINS servers- and it $rovides a ,ac3+$ for maintenance
$+r$oses and in case of a server fai'+re.
The 'oca' WINS servers +se a ver& short re$'ication interva' of =" min+tesH therefore- a'' com$+ters within the
same site are reacha,'e within =" min+tes of an address re%istration or chan%e. The re$'ication interva' ,etween
the sites can ,e 'on%er I a,o+t #" min+tes I ,eca+se most +sers wor3 with reso+rces within their site.
4/ample 25 . 7arge 1ub#and#Spo:e Design
0i%+re 4.=" shows an e/treme'& 'ar%e WINS im$'ementation- servin% more than =""-""" nodes. In a
confi%+ration with so man& WINS servers- a common error is to create man& $+sh2$+'' re'ationshi$s for
red+ndanc&. This can 'ead to a s&stem that- whi'e f+nctiona'- is over'& com$'e/ and diffic+'t to +nderstand and
tro+,'eshoot.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 203
Figure 4.1) 7arge#S%ale WINS Deployment 6sing 1ub Topology
0o+r maEor h+,s are 'ocated in Seatt'e- San 0rancisco- Chica%o- and 7os An%e'es. These h+,s serve as
secondar& WINS servers for their re%ions whi'e connectin% the fo+r %eo%ra$hic 'ocations. A'' $rimar& WINS
servers are confi%+red as $+sh2$+'' $artners with their h+,s- and the h+,s are confi%+red as $+sh2$+'' $artners
with other h+,s.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
204 Chapter 4 Deploying WINS
The $rimar& WINS servers re$'icate with the h+,s ever& =9 min+tes- and the h+,>to>h+, re$'ication interva' is
#" min+tes. The conver%ence time of the WINS s&stem is the time it ta3es for a c'ient re%istration to ,e
re$'icated to a'' WINS servers.
In this case the 'on%est conver%ence time wo+'d ,e =.9 ho+rs from a Seatt'e $rimar& server to a Chica%o $rimar&
server. The tota' conver%ence time can ,e ca'c+'ated ,& addin% +$ the ma/im+m time ,etween1
Seatt'e $rimar& to Seatt'e secondar&- =9 min+tes
Seatt'e secondar& to San 0rancisco secondar&- #" min+tes
San 0rancisco secondar& to Chica%o secondar&- #" min+tes
Chica%o secondar& to Chica%o $rimar&- =9 min+tes
However- the conver%ence time mi%ht ,e 'on%er for WINS servers connected across s'ow 'in3s. It is $ro,a,'&
not necessar& for the servers in Paris or )er'in to re$'icate ever& =9 min+tes. ?o+ mi%ht confi%+re them to
re$'icate ever& two ho+rs or even ever& !4 ho+rs- de$endin% on the vo'ati'it& of names in the WINS s&stem.
This networ3 contains 'ow red+ndanc&. If the 'in3 ,etween Seatt'e and 7os An%e'es is down- re$'ication sti''
occ+rs thro+%h San 0rancisco. If- for e/am$'e- the Seatt'e h+, fai's- the Seatt'e area can no 'on%er re$'icate with
the rest of the WINS s&stem. Networ3 connectivit&- however- is sti'' f+nctiona' I a'' WINS servers contain the
entire WINS data,ase- and name reso'+tion f+nctions norma''&. A'' that is 'ost are chan%es to the WINS s&stem
that occ+rred since the Seatt'e h+, fai'ed. A Seatt'e +ser cannot reso've the name of a fi'e server in Chica%o that
comes on'ine after the Seatt'e h+, fai's. When the h+, ret+rns to service- a'' chan%es to the WINS data,ase are
re$'icated norma''&.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 20
Securing our WINS Solution
In man& WINS im$'ementations- WINS re$'ication occ+rs across $+,'ic networ3s- s+ch as the Internet.
Re$'icatin% the Net)I*S names and IP addresses of a'' hosts within the or%ani(ation over these $+,'ic networ3s
creates a sec+rit& ris3- which &o+ can miti%ate ,& +sin% CPN t+nne's or $'acin% servers within a $erimeter
networ3. 0i%+re 4.== shows where &o+ $erform this ste$ in the $rocess of de$'o&in% &o+r WINS so'+tion.
Figure 4.11 Se%uring WINS During the Deployment $ro%ess
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
20! Chapter 4 Deploying WINS
Securing WINS Traffic with Tunnels
A'' WINS re$'ication traffic sent over $+,'ic networ3s sho+'d ,e encr&$ted. Encr&$t the re$'ication traffic ,&
+sin% Internet Protoco' sec+rit& (IPSec) or CPN t+nne's. When choosin% to encr&$t re$'ication traffic ,& +sin%
IPSec or CPN t+nne's- do the fo''owin% to f+rther increase sec+rit&1
@se the stron%est 'eve' of encr&$tion.
@se the Ro+tin% and Remote Access service to $rovide the IPSec or CPN t+nne'.
@se Ker,eros C9 or other certificate>,ased a+thentication for sec+re comm+nication channe's.
0or more information a,o+t de$'o&in% IPSec- see 54e$'o&in% IPSec6 in this ,oo3. 0or more information a,o+t
virt+a' $rivate networ3s and the Ro+tin% and Remote Access service- see 54e$'o&in% 4ia'>@$ and CPN Remote
Access Servers6 in this ,oo3. 0or more information a,o+t ena,'in% Ker,eros C9 a+thentication- see 5Ena,'in%
Ker,eros C9 a+thentication6 in He'$ and S+$$ort Center for Windows Server !""#.
!unning WINS on a Perimeter Network
P'ace WINS servers in a $erimeter networ3 when &o+ m+st send WINS traffic over a $+,'ic networ3 to avoid
e/$osin% intranet Net)I*S names and WINS data. This $'acement $rotects cor$orate reso+rces whi'e $rovidin%
Net)I*S name reso'+tion to e/terna' c'ients that need access to these reso+rces.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 20"
Integrating WINS with Other
Services
Most networ3 administrators de$'o&in% WINS a'so $'an a strate%& for 4NS and 4HCP servers- ,eca+se WINS
is so c'ose'& 'in3ed to 4NS and 4HCP. 0i%+re 4.=! shows when &o+ $erform this ste$ in the $rocess of
de$'o&in% &o+r WINS so'+tion.
Figure 4.1( Integrating WINS During the Deployment $ro%ess
Caution
If you re)uire replication from the WINS server in the perimeter network
to a WINS server within the intranet( in the WINS snap*in( select
Repli%ate !nly 'ith $artners in the Repli%ation $artners $roperties
dialog %o4 on %oth the WINS servers, $lso consider using only pull
replication from the intranet servers, To maintain security( encrypt all
replication traffic across the inner firewall using IPSec or 5PN tunnels,
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
208 Chapter 4 Deploying WINS
Integrating WINS with DNS
If most of &o+r c'ients +se Net)I*S and &o+r servers are r+nnin% Windows !""" or Windows Server !""#
4NS- ena,'e WINS 'oo3+$ on &o+r 4NS servers. When WINS 'oo3+$ is ena,'ed on 4NS servers- WINS
reso'ves an& names that 4NS reso'+tion does not find. 4NS does not s+$$ort the WINS forward 'oo3+$ and
WINS>R reverse 'oo3+$ records in versions of Windows ear'ier than Windows !""". 0or information a,o+t
ena,'in% WINS 'oo3+$- see 54e$'o&in% 4NS6 in this ,oo3.
If a'' of &o+r networ3 com$+ters are r+nnin% Windows !"""- Windows ;P- or Windows Server !""# and &o+
are not s+$$ortin% an& a$$'ications that re<+ire Net)I*S names- &o+ mi%ht consider esta,'ishin% 4NS as &o+r
on'& method of name reso'+tion. However- ,efore &o+ consider decommissionin% &o+r WINS servers- identif&
an& com$+ters or a$$'ications that re'& on Net)I*S- and determine the im$act of removin% Net)I*S. ?o+
mi%ht find that a critica' a$$'ication re'ies on Net)I*S (with no a'ternative c+rrent'& avai'a,'e) in which case-
&o+ m+st contin+e to +se WINS. 0or e/am$'e- certain a$$'ications- s+ch as Microsoft S&stems Mana%ement
Server (SMS) and Microsoft )ac3*ffice c'ient2server mai' confi%+rations +sin% E/chan%e Server- mi%ht
re<+ire Net)I*S namin%.
0or more information a,o+t 4NS- see 54e$'o&in% 4NS6 in this ,oo3 or see the Networking Guide of the
Windows Server 2003 Resource Kit (or see the Networking Guide on the We, at
htt$122www.microsoft.com2res3it).
Note
6or a smooth integration with DNS( do not use e4tended characters in
NetBIOS names( especially the underscore 7 >8 and the period 7.8,
'onsult with your DNS administrator when determining NetBIOS
naming standards,
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 20#
Integrating WINS with D"'P
When +sin% 4HCP and WINS to%ether on &o+r networ3- +se additiona' 4HCP sco$e o$tions to assi%n WINS
node t&$es and to identif& WINS $rimar& and secondar& servers for 4HCP c'ients.
Com$+ters with static IP addresses can ,e $ro,'ematic and their initia' re%istration record in WINS ,ecomes
tom,stoned if the& are not $eriodica''& sto$$ed and restarted. ?o+ can have a more re'ia,'e and mana%ea,'e
networ3 ,& creatin% 4HCP reservations for these com$+ters. These reservations ens+re that the com$+ter %ets
the same IP address from the 4HCP server for each re<+est.
When &o+ confi%+re a networ3 to +se ,oth 4HCP and WINS- set the 4HCP 'ease $eriod to ,e e<+a' to or
%reater than the WINS renewa' $eriod. This $revents a sit+ation in which the WINS server fai's to notice that a
4HCP c'ient has re'eased a 4HCP>assi%ned IP address. S$ecifica''&- the c'ient cannot send a WINS renewa'
re<+est ,eca+se it did not renew its IP address. If another com$+ter is assi%ned that IP address ,efore the WINS
server notes the chan%e- the WINS server mista3en'& directs re<+ests for the address to the new c'ient. This is
si%nificant on'& if &o+ do not +se the defa+'t 'ease 'en%ths for ,oth services- and 'ease d+rations were chan%ed
for either 4HCP or WINS individ+a''&.
0or more information a,o+t de$'o&in% 4HCP- see 54e$'o&in% 4HCP6 in this ,oo3.
Implementing our WINS Solution
0or ,est $erformance- avoid de$'o&in% WINS on heavi'& 'oaded servers- or on servers that $erform other tas3s
that mi%ht red+ce $erformance of the hard dis3- memor&- and $rocessors. If &o+ do host more than one service
on a WINS server- consider how each service mi%ht im$act the others. 0or e/am$'e- hostin% two name services
(s+ch as WINS and 4NS) on the same server can res+'t in s'ow $erformance for each service d+e to intensive
hard dis3 access. *r a WINS server hostin% a $rint service mi%ht ,e s'ow to re%ister names if it is hand'in%
severa' 'ar%e $rint Eo,s sim+'taneo+s'&. It mi%ht ,e a$$ro$riate to r+n m+'ti$'e services on the same com$+ter in
a ,ranch office ,eca+se servers in ,ranch offices are +s+a''& not +nder heav& +se.
0i%+re 4.=# shows the $rocess for im$'ementin% &o+r WINS so'+tion.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
210 Chapter 4 Deploying WINS
Figure 4.12 Implementing 3our WINS Solution
#igrating WINS to Windows Server /001
)efore mi%ratin% from 'e%ac& WINS servers- ma3e s+re &o+r e/istin% WINS infrastr+ct+re is a$$ro$riate for
&o+r c+rrent needs. 0or e/am$'e- if &o+ have recent'& +$%raded most des3to$ com$+ters in &o+r or%ani(ation to
Windows !""" or Windows ;P- or if &o+ have recent'& sto$$ed +sin% an a$$'ication that re'ies heavi'& on
WINS- &o+r c+rrent WINS str+ct+re mi%ht ,e too ro,+st for &o+r c+rrent needs- and mi%ht not ,e str+ct+red in
the most efficient wa& $ossi,'e. In a case s+ch as this- start the de$'o&ment from the desi%n $hase- rather than
mi%ratin% the e/istin% data,ase to new servers.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 211
0o''ow these ste$s when mi%ratin% &o+r WINS data,ase from Windows NT 4." or Windows !""" to Windows
Server !""#1
1. Insta'' the WINS service.
This can ,e insta''ed either d+rin% or after insta''in% Windows Server !""#.
$. Confi%+re the WINS service.
Cerif& that the server is $ointin% to itse'f for WINS. ?o+ can do this ,& viewin% the TCP2IP
$ro$erties of &o+r networ3 ada$ter.
). Convert the WINS data,ase for +se on the Windows Server !""#B,ased server.
This conversion mi%ht occ+r a+tomatica''& from e/istin% Windows NT 4."B,ased or
Windows !"""B,ased servers. If not- fo''ow these ste$s1
a. At the command $rom$t- t&$e net sto' wins on ,oth the e/istin% and new servers.
*. Co$& the contents of the LS&stemRootLMS&stem#!MWins fo'der from the e/istin% server
to the new Windows Server !""#B,ased server.
". At the command $rom$t- t&$e net start wins on ,oth servers.
4+rin% the conversion $rocess- &o+ mi%ht ,e $rom$ted for additiona' fi'es from the Windows
Server !""# o$eratin% s&stem C4.
To a%%ess WINS %on&ersion files
1. Co$& the Ed,9"".d'N fi'e from the I#:D fo'der on the C4>R*M to the
LS&stemRootLMS&stem#! fo'der on the server.
$. At the command $rom$t- t&$e e*'and edb500+dl, edb500+dll to e/$and the Ed,9"".d'N
fi'e on the server.
). At the command $rom$t- t&$e net start wins to finish the conversion $rocess.
4. Cerif& that the WINS data,ase is shown in the WINS sna$>in on the server.
Note
This process can take 10 minutes or more to complete depending on
the si-e of the data%ase, Do not stop the process until it is finished, It is
normal for 9etconv,e4e to re)uire heavy 'P& usage during the
conversion,
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
212 Chapter 4 Deploying WINS
Testing our WINS Design
After com$'etin% &o+r WINS desi%n- test it in a 'a, to find $otentia' $ro,'ems ,efore im$'ementin% &o+r desi%n
on &o+r $rod+ction networ3. As &o+ ro'' o+t &o+r desi%n- test &o+r networ3 to ens+re it is wor3in% as e/$ected.
The ,est time to discover $otentia' $ro,'ems with &o+r desi%n is in a test 'a, $rior to &o+r f+'' im$'ementation.
When $re$arin% &o+r test 'a,- ,e s+re to1
@se a server com$+ter from the same vendor and with the same confi%+ration as the servers that
wi'' ,e +sed for the act+a' WINS servers. Set +$ a re$resentative sam$'e of the com$+ters in
&o+r or%ani(ation to ,e tested as WINS c'ients.
If &o+ are $'annin% to de$'o& WINS over a WAN- desi%n &o+r 'a, with ro+ters and +se a 'in3
sim+'ator to sim+'ate networ3 'atenc&.
4e$'o& a t&$ica' set of a$$'ications to%ether on the WINS test server. This ste$ is vita' in
determinin% an& com$ati,i'it& iss+es that mi%ht arise when +sers r+n different a$$'ications
sim+'taneo+s'&.
0or more information a,o+t $'annin% a test environment- see 54esi%nin% a Test Environment6 in Planning,
Testing, and Piloting e!lo"#ent Pro$ects of this 3it.
:valuating the Deployment
After im$'ementin% &o+r WINS desi%n- eva'+ate &o+r de$'o&ment to ens+re that it com$'ies with &o+r desi%n
and meets &o+r or%ani(ationJs ,+siness %oa's.
Sta%e a sim+'ated fai'+re to ens+re that f+nctiona'it&-
sec+rit&- and $erformance are maintained.
4isa,'e or disconnect each WINS server that is a $art of a
red+ndant WINS desi%n. Provide $roced+res detai'in% how to restore s&nchroni(ation of WINS data,ases after a
fai'ed server is reactivated or re$aired.
Initiate WINS re$'ication- and e/amine the data transmissions ,etween the
'ocations to ens+re that the WINS re$'ication traffic is encr&$ted.
To assess the a&ailability of your design
To e&aluate WINS ser&i%e a&ailability
To e&aluate WINS se%urity
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
Additional Resources 213
$dditional !esources
0or more information a,o+t WINS- refer to the fo''owin% so+rces1
Related Information
The Networking Guide of the Windows Server 2003 Resource Kit (or see the Networking Guide
on the We, at htt$122www.microsoft.com2res3it) for more information a,o+t Windows Internet
Name Service (WINS)- Windows Server !""# 4NS- or the 7mhosts fi'e.
54e$'o&in% 4NS6 in this ,oo3 for information a,o+t ena,'in% WINS 'oo3+$ or a,o+t $'annin%
and desi%nin% &o+r 4NS networ3.
54esi%nin% Server C'+sters6 in the Planning Server e!lo"#ents ,oo3 of this 3it.
54e$'o&in% 4HCP6 in this ,oo3.
54e$'o&in% 4ia'>@$ and CPN Remote Access Servers6 in this ,oo3 for more information a,o+t
virt+a' $rivate networ3s and the Ro+tin% and Remote Access service.
54e$'o&in% IPSec6 in this ,oo3.
54esi%nin% a Test Environment6 in Planning, Testing, and Piloting e!lo"#ent Pro$ects of this
3it.
The istri%uted Services Guide of the Windows Server 2003 Resource Kit (or see the
istri%uted Services Guide on the We, at htt$122www.microsoft.com2res3it) for more
information a,o+t domain and forest tr+sts.
R0C =""=1 Protocol Standard for a Net&'(S Service on a T)P*+P Trans!ort, )once!ts and
Met-ods
Related Tools
0or more information a,o+t the Networ3 Monitor too'- see 5Networ3 Monitor6 in He'$ and
S+$$ort Center for Windows Server !""#.
0or more information a,o+t the Netsh command>'ine too'- see 5Netsh6 in He'$ and S+$$ort
Center for Windows Server !""#.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio
214 Chapter 4 Deploying WINS
Related 1elp Topi%s
0or ,est res+'ts in identif&in% He'$ to$ics ,& tit'e- in He'$ and S+$$ort Center- +nder the -earch ,o/- c'ic3 -et
search o'tions. @nder Hel' "o'ics- se'ect the -earch in title onl. chec3,o/.
5WINS6 in He'$ and S+$$ort Center for Windows Server !""#.
5Netsh Commands for WINS6 in He'$ and S+$$ort Center for Windows Server !""#.
5Confi%+rin% WINS re$'ication6 in He'$ and S+$$ort Center for Windows Server !""# for
more information a,o+t WINS confi%+ration across WANs- 7ANs- or +ntr+sted domains.
5Ena,'in% Ker,eros C9 a+thentication6 in He'$ and S+$$ort Center for Windows Server !""#.
Smith Nguyen Studio.
https:/ / www.facebook.com/ SmithNguyenStudio

You might also like