8/10/2019 7119477 Deploying Wins Smith.N Studio
1/36
C H A P T E R 4
Windows Internet Name Service (WINS) in the MicrosoftWindowsServer !""# o$eratin% s&stem a''ows
'ar%e or%aniations to accom$'ish NetI*S name reso'+tion with hi%h avai'a,i'it&- sec+rit&- and $erformance.
The fo''owin% sections descri,e the WINS de$'o&ment $rocess- inc'+din% how to desi%n and c+stomie a sec+re
re$'ication strate%&. WINS mi%ration information and e/am$'es are a'so $rovided.
In This ChapterOverview of WINS Deployment ...........................................................................180
Building Your WINS Server Strategy ............................................ ........................184
Deigning Your WINS !epli"ation Strategy .................................. ........................1#$
Se"uring Your WINS Solution ............................................................ ...................$0%
Integrating WINS wit& Ot&er Servi"e ......................................... ........................$0'
Implementing Your WINS Solution ..................................................... ..................$0#
(dditional !eour"e .............................................................................. .............$1)
Related Information
0or more information a,o+t Windows Internet Name Service (WINS)- see theNetworkingGuide of theMicrosoftWindowsServer 2003 Resource Kit (or see theNetworking Guideon
the We, at htt$122www.microsoft.com2res3it).
0or more information a,o+t $'annin% and desi%nin% &o+r omain Name S&stem (NS)
networ3- see 5e$'o&in% NS6 in this ,oo3.
Deploying WINS
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
2/36
180 Chapter 4 Deploying WINS
Overview of WINS DeploymentWINS $rovides a d&namic so'+tion for networ3 ,asic in$+t2o+t$+t s&stem (NetI*S) name reso'+tion in
enter$rise networ3s. A'tho+%h most 'ar%e networ3s c+rrent'& have a WINS infrastr+ct+re- some sti'' re'& on
other methods of NetI*S name reso'+tion- s+ch as the 7mhosts fi'e. If &o+r or%aniation does not c+rrent'&+se WINS- and intends to contin+e o$eratin% with MicrosoftWindows89- Windows 8:-
Windows Mi''enni+m Edition- or MicrosoftWindows NTversion 4."- consider im$'ementin% WINS when
&o+ de$'o& Windows Server !""# in order to a+tomate NetI*S name reso'+tion. Certain a$$'ications- s+ch as
MicrosoftE/chan%e Server- a'so re'& on NetI*S name reso'+tion. Therefore- even if a'' of &o+r com$+ters
are r+nnin% MicrosoftWindows!"""- Windows ;P- or Windows Server !""#- &o+ mi%ht sti'' re
8/10/2019 7119477 Deploying Wins Smith.N Studio
3/36
Additional Resources 181
WINS Deployment Processe$'o&in% WINS invo'ves ,+i'din% a server strate%&- desi%nin% a re$'ication strate%&- sec+rin% &o+r WINS
so'+tion- inte%ratin% WINS with other services- and im$'ementin% &o+r WINS so'+tion. 0i%+re 4.= shows the
%enera' WINS de$'o&ment $rocess.
Figure 4.1 Deploying WINS
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
4/36
182 Chapter 4 Deploying WINS
Technology BackgroundSma''er- non>ro+ted networ3s can ,e confi%+red as ,roadcast nodes- a'so 3nown as >nodes- accom$'ishin%
NetI*S name re%istration and reso'+tion ,& +sin% ,roadcast $ac3ets. A non>WINS so'+tion is via,'e where the
,roadcast domain is sma'' and the res+'tin% ,roadcast traffic is 'ow. However- the traffic %enerated ,& ,roadcasts
can over'oad a 'ar%e networ3. In addition- some ro+ters do not a''ow ,roadcast messa%es to $ass thro+%h- so thismethod of name reso'+tion is not an o$tion for most enter$rise networ3s. A'tho+%h &o+ can a'so +se the static
7mhosts fi'e for NetI*S name reso'+tion- man+a''& editin% the fi'e with each name or IP address chan%e can
,e time>cons+min% and $rone to administrative error. A'so- it is not a via,'e so'+tion in a &namic Host
Confi%+ration Protoco' (HCP) environment. These more com$'e/ environments re,roadcast>,ased
so'+tion- which WINS $rovides ,& +sin% +nicast NetI*S name re%istration and reso'+tion.
WINS c'ient s+$$ort a''ows &o+ to s$ecif& +$ to =! WINS servers for red+ndanc&. ifferent confi%+rations- or
node t&$es- are avai'a,'e thro+%h WINS. The node t&$e determines the method or methods that are +sed for
NetI*S name reso'+tion. WINS s+$$orts the fo''owin% node t&$es- as shown in Ta,'e 4.=.
Table 4.1 NetI!S Node Types
Node Type Resolution "ethod
#node I$ broad%ast messages register and resol&e NetI!S namesto I$ addresses. Windo's ()))*based and "i%rosoft+Windo's+,$*based %omputers use modified #node nameresolution. If the broad%ast fails to resol&e the name- anlmhosts file is used.
$#node $oint#to#point %ommuni%ation 'ith a NetI!S name ser&er-su%h as WINS- to register and resol&e %omputer names to I$addresses.
"#node mi/ of #node and $#node %ommuni%ation to register andresol&e NetI!S names. "#node first uses broad%astresolution- and then attempts a ser&er 0uery if ne%essary.
#node hybrid of #node and $#node. n #node %omputer attempts
to 0uery a ser&er first and uses broad%asts only if dire%t0ueries fail. Windo's ())) and Windo's ,$*based%omputers are %onfigured to use #node by default.
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
5/36
Additional Resources 183
Ne' Features for Windo's Ser&er ())2
The fo''owin% im$rovements to the Windows Internet Name Service (WINS) have ,een made in the Windows
Server !""# fami'&1
Filtering re%ordsIm$roved fi'terin% and new search f+nctions he'$ &o+ 'ocate records ,& showin% on'& those records that fit the
criteria &o+ s$ecif&. These f+nctions are $artic+'ar'& +sef+' in ana'&in% ver& 'ar%e WINS data,ases. ?o+ can
+se m+'ti$'e criteria to $erform advanced searches for WINS data,ase records. This im$roved fi'terin%
ca$a,i'it& a''ows &o+ to com,ine fi'ters for c+stomied and $recise
8/10/2019 7119477 Deploying Wins Smith.N Studio
6/36
184 Chapter 4 Deploying WINS
Building our WINS ServerStrategyWhen ,+i'din% &o+r WINS server strate%&- acco+nt for an& e/istin% hardware that &o+ mi%ht need to +$%rade-
how man& WINS servers are needed for &o+r desi%n- and how &o+r server strate%& increases WINS avai'a,i'it&
and o$timies WINS $erformance. 0i%+re 4.! shows the $rocess for ,+i'din% &o+r WINS server strate%&.
Figure 4.( uilding 3our WINS Ser&er Strategy
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
7/36
Additional Resources 18
!eviewing WINS "ardwareetermine whether &o+r c+rrent WINS server hardware is s+fficient to +$%rade to Windows Server !""#. ?o+
mi%ht need to +$%rade &o+r server hardware for o$tima' WINS $erformance. A d+a'>$rocessor WINS server
increases $erformance a,o+t !9 $ercent- and a dedicated dis3 drive meas+ra,'& im$roves WINS server name
re$'ication res$onse time.
When se'ectin% &o+r hardware- consider the fo''owin% $erformance %+ide'ines1
@se hi%h>$erformance dis3 hardware. WINS ca+ses fre,ased so'+tion- which im$roves
dis3 access time.
When eva'+atin% the $erformance of a server- inc'+de WINS to ens+re the server can hand'e its
demandin% +se of centra' $rocessin% +nit (CP@)- memor&- and dis3 in$+t2o+t$+t (I2*). Monitor
server +sa%e to determine whether WINS server hardware needs to ,e +$%raded.
0or a c+rrent 'ist of com$ati,'e hardware- see the Hardware Com$ati,i'it& 7ist (HC7) 'in3 on the We,
Reso+rces $a%e at htt$122www.microsoft.com2windows2res3its2we,reso+rces.0or more information a,o+t determinin% hardware com$ati,i'it&- see 5P'annin% for e$'o&ment6 inPlanning,
Testing, and Piloting e!lo"#ent Pro$ectsof this 3it.
Determining "ow #any WINS Servers toDeployThe n+m,er of WINS servers needed and the 'ocations of each server de$end on the n+m,er of WINS c'ients
$er server and the networ3 to$o'o%&.
The n+m,er of +sers each server can s+$$ort de$ends on +sa%e $atterns- data stora%e- and the $rocessin%
ca$a,i'ities of the server. A WINS server can t&$ica''& re%ister =-9"" names $er min+te or answer 4-9"" ,&>+sa%e wide area networ3
(WAN) 'in3s. Set conservative c'ient co+nts for a WINS server to minimie c'ient 'oad conditions- s+ch as 'ar%e>sca'e $ower o+ta%es that force man& com$+ters to
restart sim+'taneo+s'&- there,& ,om,ardin% the WINS servers with re%istration re
8/10/2019 7119477 Deploying Wins Smith.N Studio
8/36
18! Chapter 4 Deploying WINS
Designing WINS for "igh $vaila%ilityAn& desi%n that re
8/10/2019 7119477 Deploying Wins Smith.N Studio
9/36
Additional Resources 18"
&sing #ultiple ServersTo $rovide additiona' fa+'t to'erance- confi%+re a secondar& (or ,ac3+$) WINS server. A'tho+%h WINS
re$'ication architect+re ,enefits from em$'o&in% a minim+m n+m,er of WINS servers- em$'o&in% a secondar&
WINS server im$roves the avai'a,i'it& of &o+r desi%n. This so'+tion ,a'ances $erformance and avai'a,i'it&
a%ainst cost and mana%ea,i'it&.When +sin% two WINS servers to $rovide red+ndanc& and 'oad ,a'ancin%- confi%+re the re$'ication re'ationshi$
,etween these servers as a $+'' or $+sh $artnershi$. When &o+ +se re$'ication- ,oth servers contain the same
WINS data,ase information.
When a WINS server is confi%+red as a $+'' $artner- it $eriodica''& s$eed WAN connections.
When the networ3 traffic created ,& fre
8/10/2019 7119477 Deploying Wins Smith.N Studio
10/36
188 Chapter 4 Deploying WINS
Restore fai'ed servers sooner- ,eca+se data,ase res&nchroniation is not re
8/10/2019 7119477 Deploying Wins Smith.N Studio
11/36
Additional Resources 18#
0i%+re 4.4 shows the new sim$'ified re$'ication matri/ +sin% a server c'+ster.
Figure 4.4 WINS Topology $ost#Clustering
Windows C'+sterin% on'& so'ves 'oca' avai'a,i'it& iss+es. Windows Server !""#B,ased servers that ,e'on% to the
same c'+ster res$eed connections ,etween a'' servers in the c'+ster.
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
12/36
1#0 Chapter 4 Deploying WINS
0or more information a,o+t server c'+sters- see 5esi%nin% Server C'+sters6 inPlanning Server e!lo"#ents of
this 3it.
Optimi-ing WINS PerformanceA'tho+%h WINS is desi%ned to he'$ red+ce ,roadcast traffic ,etween 'oca' s+,nets- it creates some traffic,etween servers and c'ients. This is $artic+'ar'& im$ortant if &o+ +se WINS on ro+ted TCP2IP networ3s.
To o$timie $erformance- ,e%in ,& estimatin% the amo+nt of networ3 traffic ,etween WINS c'ients and WINS
servers +nder norma' conditions. Estimate and monitor the fo''owin%1
NetI*S names common'& re%istered ,& WINS c'ients.
WINS re%istration and renewa' ca+sed ,& dai'& start+$ of c'ients.
Mo,i'e +sers and their effect when movin% within a ro+ted networ3.
The effects of s'ower 'in3s- s+ch as WAN 'in3s and their effect on re$'ication $erformance and
conver%ence.
Redu%ing Response Time
Red+cin% the res$onse time of WINS im$roves $erformance- with the %reatest visi,i'it& to +sers and
mana%ement. As a res+'t- a desi%n that red+ces the res$onse time of WINS is hi%h'& s+ccessf+'.
The $erformance of &o+r WINS desi%n 'ar%e'& de$ends on other networ3 traffic. 0or e/am$'e- a s+,net that
re'ies on a WINS server e'sewhere on the WAN mi%ht e/$erience $oor $erformance d+rin% $ea3 ho+rs when
networ3 +sa%e is hi%h. Increase the NetI*S name re%istration renewa' $eriod- which defa+'ts at si/ da&s- to
red+ce c'ient>to>server renewa' traffic. This settin% m+st ,e chan%ed on the WINS server.
*,tain re'ia,'e fi%+res on the n+m,er of 'ocations and hosts that &o+r WINS desi%n m+st s+$$ort. When
$'annin% for WINS c'ient traffic on 'ar%e- ro+ted networ3s- estimate and monitor the effect of name
8/10/2019 7119477 Deploying Wins Smith.N Studio
13/36
Additional Resources 1#1
Consolidating "ultiple Subnets
When &o+ have m+'ti$'e s+,nets in a sma'' remote office- consider conso'idatin% the office to one s+,net
address.
?o+ can do this +sin% as&nchrono+s transfer mode (ATM) switchin% or a virt+a' $rivate networ3 (PN)
confi%+ration. & conso'idatin% to one s+,net address- &o+ can confi%+re c'ients to +se 'oca' ,roadcasts to
reso've names ,efore attem$tin% to contact a WINS server across the WAN. Chan%in% the c'ient to M>node
a''ows it to ,roadcast 'oca''& for reso+rces ,efore contactin% a WINS server for NetI*S name reso'+tion. This
can he'$ to red+ce the overa'' amo+nt of WINS>associated traffic- es$ecia''& WAN traffic.
@se HCP sco$e o$tion "4D- WINS2NT Node T&$e- to confi%+re &o+r WINS c'ients as M>node c'ients. 0or
more information a,o+t confi%+rin% HCP o$tions at the HCP server- see 5Assi%n a sco$e>,ased o$tion6 in
He'$ and S+$$ort Center for Windows Server !""#.
Configuring urst andling
+rst hand'in% s+$$orts a hi%h vo'+me of WINS c'ient name re%istration. When a 'ar%e n+m,er of WINS c'ients
sim+'taneo+s'& tr& to re%ister their NetI*S names- the WINS server can ,ecome sat+rated. In ,+rst hand'in%
mode- the WINS server res$onds $ositive'& to c'ients that s+,mit a re%istration rec'ic3 the a$$ro$riate WINS server.
$. Se'ect the Advancedta, from theserver na#e$ro$erties dia'o% ,o/.
). In Enable Burst Handling- se'ect Low (300)- Medium (500)- High (1000)- or ustom(50!5000)as the ,+rst
8/10/2019 7119477 Deploying Wins Smith.N Studio
14/36
1#2 Chapter 4 Deploying WINS
7oad alan%ing 'ith Redundant WINS Databases
A WINS im$'ementation desi%n $rovides hi%her $erformance ,& s$ecif&in% that m+'ti$'e WINS servers contain
re$'icas of WINS data,ases. These red+ndant servers im$rove $erformance ,& $rovidin% 'oad ,a'ancin%.
@se 'oad ,a'ancin% with red+ndant WINS data,ases when1
The 'en%th of time to $erform WINS f+nctions is +nacce$ta,'& 'on%.
The connections ,etween the WINS servers s+$$ort the additiona' WINS re$'ication traffic.
The traffic %enerated ,& WINS c'ients accessin% a WINS server in another 'ocation sat+rates a
WAN 'in3.
The cost of addin% a server is not $rohi,itive.
Designing our WINS !eplicationStrategyA %ood re$'ication desi%n is essentia' to &o+r WINS avai'a,i'it& and $erformance. esi%ns encom$assin%
m+'ti$'e WINS servers distri,+te NetI*S name reso'+tion across 7AN and WAN environments- confinin%
WINS c'ient traffic to 'oca'ied areas. To ens+re consistent- networ3>wide name reso'+tion- WINS servers m+st
re$'icate their 'oca' entries to other servers. 0or more information a,o+t a WINS re$'ication strate%&- see the
e/am$'es 'ater in this section.
0i%+re 4.9 shows the $rocess for desi%nin% &o+r WINS re$'ication strate%&.
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
15/36
Additional Resources 1#3
Figure 4.8 Designing 3our WINS Repli%ation Strategy
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
16/36
1#4 Chapter 4 Deploying WINS
efore confi%+rin% re$'ication- caref+''& desi%n and review &o+r WINS re$'ication to$o'o%&. 0or WANs- this
$'annin% can ,e critica' to the s+ccess of &o+r de$'o&ment and +se of WINS.
WINS $rovides the fo''owin% choices when &o+ are confi%+rin% re$'ication1
?o+ can man+a''& confi%+re WINS re$'ication for a WAN environment.
0or 'ar%er networ3s- &o+ can confi%+re WINS to re$'icate within a 7AN environment.
In sma''er or ,o+nded 7AN insta''ations- consider ena,'in% and +sin% WINS a+tomatic $artner
confi%+ration for sim$'ified set+$ of WINS re$'ication.
In 'ar%er or %'o,a' insta''ations- &o+ mi%ht have to confi%+re WINS across +ntr+sted
Windows NT domains.
If &o+r networ3 +ses on'& two WINS servers- confi%+re them as $+sh2$+'' re$'ication $artners to each other.
When confi%+rin% re$'ication $artners- avoid $+sh>on'& or $+''>on'& servers e/ce$t where necessar& to
accommodate s'ow 'in3s. In %enera'- $+sh2$+'' re$'ication is the most sim$'e and effective wa& to ens+re f+''
WINS re$'ication ,etween $artners. This a'so ens+res that the $rimar& and secondar& WINS servers for an&
$artic+'ar WINS c'ient are $+sh2$+'' $artners of each other- a reand>s$o3e mode' $rovides a sim$'e and effective desi%n for or%aniations that re
8/10/2019 7119477 Deploying Wins Smith.N Studio
17/36
Additional Resources 1#
When +sin% a+tomatic $artner confi%+ration- each WINS server anno+nces its $resence on the networ3 ,& +sin%
$eriodic m+'ticasts. These anno+ncements are sent as Internet Fro+$ Mana%ement Protoco' (IFMP) messa%es
for the m+'ticast %ro+$ address of !!4.".=.!4- which is reserved for WINS server +se.
A+tomatic $artner confi%+ration is t&$ica''& +sef+' in sma'' networ3s- s+ch as sin%'e s+,net 7AN environments.
However- &o+ can +se a+tomatic $artner confi%+ration in ro+ted networ3s. 0or WINS m+'ticast s+$$ort in
ro+ted networ3s- the forwardin% of m+'ticast traffic is made $ossi,'e ,& confi%+rin% ro+ters for each s+,net to
forward traffic to the WINS m+'ticast %ro+$ address of. !!4.".=.!4.
eca+se $eriodic m+'ticast anno+ncements ,etween WINS servers can add traffic to &o+r networ3- a+tomatic
$artner confi%+ration is recommended on'& if &o+ have a sma'' n+m,er of insta''ed WINS servers (t&$ica''&-
three or fewer).
A+tomatic $artner confi%+ration monitors m+'ticast anno+ncements from other WINS servers- and $erforms the
fo''owin% confi%+ration ste$s1
Adds the IP addresses for the discovered servers to its 'ist of re$'ication $artner servers.
Confi%+res the discovered servers as $+sh2$+'' $artners.
Confi%+res $+'' re$'ication at two>ho+r interva's with the discovered servers.
If a remote server is discovered and added as a $artner ,& means of m+'ticastin%- it is removed as a re$'ication
$artner when WINS sh+ts down $ro$er'&. To have a+tomatic $artner information $ersist when WINS restarts-&o+ m+st man+a''& confi%+re the $artners.
To man+a''& confi%+re re$'ication with other WINS servers- +se the WINS Microsoft Mana%ement Conso'e
(MMC) sna$>in or the Netsh command>'ine too' to s$ecif& ro'es for each $artner and an& re'ated information.
0or more information a,o+t the Netsh command>'ine too'- see 5Netsh6 and 5Netsh commands for WINS6 in
He'$ and S+$$ort Center for Windows Server !""#.
Determining !eplication PartnersChoosin% whether to confi%+re a WINS server as a $+sh $artner- $+'' $artner- or $+sh2$+'' $artner de$ends on
severa' considerations- inc'+din% the s$ecific confi%+ration of servers at &o+r site- whether the $artner is across
a WAN- and how im$ortant it is to distri,+te chan%es immediate'& thro+%ho+t the networ3.
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
18/36
8/10/2019 7119477 Deploying Wins Smith.N Studio
19/36
Additional Resources 1#"
Determining 'onvergence TimeThe time needed to re$'icate a new entr& in a WINS data,ase- from the WINS server that owns the entr& to a''
other WINS servers on the networ3 is defined as convergence ti#e. When $'annin% for WINS servers- &o+ m+st
decide what is acce$ta,'e as the conver%ence time for &o+r networ3 the 'on%er the re$'ication $ath- the 'on%er
the conver%ence time.
Name and>s$o3e strate%&- indicate on &o+r networ3 to$o'o%&
ma$ which sites have the 5h+,6 server- and which have the 5s$o3e6 servers. A'so indicate whether the
re$'ication is $+sh2$+''- $+sh>on'&- or $+''>on'&.
oc+ment the confi%+rations of each WINS server- inc'+din% the hardware confi%+ration- IP address- re$'ication
confi%+ration- and re$'ication $artners.
0or more information a,o+t WIN confi%+ration across WANs- see 5Confi%+rin% WINS re$'ication6 in He'$ and
S+$$ort Center for Windows Server !""#.
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
20/36
1#8 Chapter 4 Deploying WINS
'onfiguring !eplication $cross 2$NsWhen confi%+rin% WINS re$'ication across 7ANs- the iss+es are simi'ar to those that occ+r in WAN
environments- a'tho+%h 'ess critica'.
eca+se the data thro+%h$+t of the +nder'&in% networ3 'in3s for 7ANs is m+ch %reater than for WANs- it mi%ht,e acce$ta,'e to increase the fre,ased
$artners on s'ower 'in3s.
0or e/am$'e- ,etween 7AN>,ased re$'ication $artners it often wor3s to ena,'e WINS to +se a $ersistent
connection ,etween the servers. Witho+t a $ersistent connection- the norma' +$date co+nt thresho'd defa+'ts to a
minim+m of !". ?o+ can s$ecif& a sma''er +$date co+nt with a $ersistent connection.
Ne/t- &o+ can s$ecif& a m+ch sma''er n+m,er- s+ch as a va'+e of one to three in the #umber o$ changes in
version %& be$ore re'lication settin% ,efore WINS sends a $+sh re$'ication tri%%er to the other $artner. 0or $+''
$artners- &o+ mi%ht a'so consider settin% the e'lication intervalsettin% to a va'+e in min+tes- instead of ho+rs.
As in WAN re$'ication $'annin%- the WINS server data,ase m+st re$'icate fre
8/10/2019 7119477 Deploying Wins Smith.N Studio
21/36
Additional Resources 1##
'onfiguring !eplication Between&ntrusted DomainsIt is $ossi,'e to set +$ WINS re$'ication ,etween one or more WINS servers in domains that do not have a tr+st
re'ationshi$. ?o+ can do this witho+t a va'id +ser acco+nt in the +ntr+stin% domain. To confi%+re re$'ication- an
administrator for each WINS server m+st +se the WINS sna$>in or Netsh commands to man+a''& confi%+re each
server to $ermit this re$'ication.
0or more information a,o+t WINS confi%+ration across domains that do not have tr+st re'ationshi$s- see
5Confi%+rin% WINS re$'ication6 in He'$ and S+$$ort Center for Windows Server !""#. 0or more information
a,o+t domain tr+sts- see theistri%uted Services Guideof the Windows Server 2003 Resource Kit (or see the
istri%uted Services Guideon the We, at htt$122www.microsoft.com2res3it).
#apping the !eplication $rchitecture to thePhysical NetworkAfter determinin% the re$'ication strate%& that wor3s ,est for &o+r or%aniation- ma$ the strate%& to &o+r
$h&sica' networ3. 0or e/am$'e- if &o+ have chosen a h+,>and>s$o3e strate%&- indicate on &o+r networ3 to$o'o%&
ma$ which sites wi'' have the 5h+,6 server- and which wi'' have the 5s$o3e6 servers. A'so indicate whether the
re$'ication is $+sh2$+''- $+sh>on'&- or $+''>on'&.
oc+ment the confi%+rations of each WINS server- inc'+din% the hardware confi%+ration- IP address- re$'ication
confi%+ration- and re$'ication $artners.
The conver%ence time for the s&stem is the s+m of the two 'on%est conver%ence times to the h+,. 0or e/am$'e-
in an or%aniation that has five WINS servers (WINS>A thro+%h WINS>E)- if WINS> and WINS> re$'icate
with WINS>A (the h+,) ever& #" min+tes- and WINS>C and WINS>E re$'icate with the h+, ever& 4 ho+rs- the
conver%ence time is : ho+rs.
The fo''owin% e/am$'es show three different t&$es of re$'ication.
Important
If you re)uire replication across a firewall( keep in mind that WINS
replication occurs over T'P port 3/, Therefore( this port must not %e
%locked on any network device %etween two WINS replication partners,
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
22/36
200 Chapter 4 Deploying WINS
/ample 15 Deploying WINS !&er a 7arge Number of ran%h !ffi%es
In this e/am$'e- a medi+m>sied com$an& has two main sites1 a New ?or3 and a 7os An%e'es office with 9""
com$+ters in each office- connected thro+%h hi%h>s$eed 'in3s. The com$an& a'so has more than =D" sma''
,ranch offices- inc'+din% 'oca' sa'es offices. To save on the costs of the 'in3s- some ,ranches act as
concentrators for a re%ion. 0i%+re 4.: shows a WINS server $'acement strate%& for an or%aniation with man&
sma'' ,ranch offices.
Figure 4.< Deploying WINS !&er a 7arge Number of ran%h !ffi%es
In most cases- the ,ranches do not have 'oca' WINS servers there is sim$'& no need for a se$arate server for
each ,ranch. Instead- the com$an& adds re%iona' WINS servers when the costs of re%istration and
8/10/2019 7119477 Deploying Wins Smith.N Studio
23/36
Additional Resources 201
The re%iona' WINS servers are not re
8/10/2019 7119477 Deploying Wins Smith.N Studio
24/36
202 Chapter 4 Deploying WINS
The c'ients are confi%+red with a 'oca' $rimar& and secondar& WINS server. Ha'f of the c'ients have one 'oca'
WINS server as $rimar& and the other as secondar&. The other ha'f has e/act'& the o$$osite confi%+ration. This
,a'ances the re%istration and
8/10/2019 7119477 Deploying Wins Smith.N Studio
25/36
8/10/2019 7119477 Deploying Wins Smith.N Studio
26/36
204 Chapter 4 Deploying WINS
The $rimar& WINS servers re$'icate with the h+,s ever& =9 min+tes- and the h+,>to>h+, re$'ication interva' is
#" min+tes. The conver%ence time of the WINS s&stem is the time it ta3es for a c'ient re%istration to ,e
re$'icated to a'' WINS servers.
In this case the 'on%est conver%ence time wo+'d ,e =.9 ho+rs from a Seatt'e $rimar& server to a Chica%o $rimar&
server. The tota' conver%ence time can ,e ca'c+'ated ,& addin% +$ the ma/im+m time ,etween1
Seatt'e $rimar& to Seatt'e secondar&- =9 min+tes
Seatt'e secondar& to San 0rancisco secondar&- #" min+tes
San 0rancisco secondar& to Chica%o secondar&- #" min+tes
Chica%o secondar& to Chica%o $rimar&- =9 min+tes
However- the conver%ence time mi%ht ,e 'on%er for WINS servers connected across s'ow 'in3s. It is $ro,a,'&
not necessar& for the servers in Paris or er'in to re$'icate ever& =9 min+tes. ?o+ mi%ht confi%+re them to
re$'icate ever& two ho+rs or even ever& !4 ho+rs- de$endin% on the vo'ati'it& of names in the WINS s&stem.
This networ3 contains 'ow red+ndanc&. If the 'in3 ,etween Seatt'e and 7os An%e'es is down- re$'ication sti''
occ+rs thro+%h San 0rancisco. If- for e/am$'e- the Seatt'e h+, fai's- the Seatt'e area can no 'on%er re$'icate with
the rest of the WINS s&stem. Networ3 connectivit&- however- is sti'' f+nctiona' a'' WINS servers contain the
entire WINS data,ase- and name reso'+tion f+nctions norma''&. A'' that is 'ost are chan%es to the WINS s&stem
that occ+rred since the Seatt'e h+, fai'ed. A Seatt'e +ser cannot reso've the name of a fi'e server in Chica%o thatcomes on'ine after the Seatt'e h+, fai's. When the h+, ret+rns to service- a'' chan%es to the WINS data,ase are
re$'icated norma''&.
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
27/36
Additional Resources 20
Securing our WINS SolutionIn man& WINS im$'ementations- WINS re$'ication occ+rs across $+,'ic networ3s- s+ch as the Internet.
Re$'icatin% the NetI*S names and IP addresses of a'' hosts within the or%aniation over these $+,'ic networ3s
creates a sec+rit& ris3- which &o+ can miti%ate ,& +sin% PN t+nne's or $'acin% servers within a $erimeternetwor3. 0i%+re 4.== shows where &o+ $erform this ste$ in the $rocess of de$'o&in% &o+r WINS so'+tion.
Figure 4.11 Se%uring WINS During the Deployment $ro%ess
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
28/36
20! Chapter 4 Deploying WINS
Securing WINS Traffic with TunnelsA'' WINS re$'ication traffic sent over $+,'ic networ3s sho+'d ,e encr&$ted. Encr&$t the re$'ication traffic ,&
+sin% Internet Protoco' sec+rit& (IPSec) or PN t+nne's. When choosin% to encr&$t re$'ication traffic ,& +sin%
IPSec or PN t+nne's- do the fo''owin% to f+rther increase sec+rit&1
@se the stron%est 'eve' of encr&$tion.
@se the Ro+tin% and Remote Access service to $rovide the IPSec or PN t+nne'.
@se Ker,eros 9 or other certificate>,ased a+thentication for sec+re comm+nication channe's.
0or more information a,o+t de$'o&in% IPSec- see 5e$'o&in% IPSec6 in this ,oo3. 0or more information a,o+t
virt+a' $rivate networ3s and the Ro+tin% and Remote Access service- see 5e$'o&in% ia'>@$ and PN Remote
Access Servers6 in this ,oo3. 0or more information a,o+t ena,'in% Ker,eros 9 a+thentication- see 5Ena,'in%
Ker,eros 9 a+thentication6 in He'$ and S+$$ort Center for Windows Server !""#.
!unning WINS on a Perimeter NetworkP'ace WINS servers in a $erimeter networ3 when &o+ m+st send WINS traffic over a $+,'ic networ3 to avoide/$osin% intranet NetI*S names and WINS data. This $'acement $rotects cor$orate reso+rces whi'e $rovidin%
NetI*S name reso'+tion to e/terna' c'ients that need access to these reso+rces.
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
29/36
Additional Resources 20"
Integrating WINS with OtherServicesMost networ3 administrators de$'o&in% WINS a'so $'an a strate%& for NS and HCP servers- ,eca+se WINS
is so c'ose'& 'in3ed to NS and HCP. 0i%+re 4.=! shows when &o+ $erform this ste$ in the $rocess of
de$'o&in% &o+r WINS so'+tion.
Figure 4.1( Integrating WINS During the Deployment $ro%ess
Caution
If you re)uire replication from the WINS server in the perimeter network
to a WINS server within the intranet( in the WINS snap*in( select
Repli%ate !nly 'ith $artnersin the Repli%ation $artners $roperties
dialog %o4 on %oth the WINS servers, $lso consider using only pull
replication from the intranet servers, To maintain security( encrypt all
replication traffic across the inner firewall using IPSec or 5PN tunnels,
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
30/36
208 Chapter 4 Deploying WINS
Integrating WINS with DNSIf most of &o+r c'ients +se NetI*S and &o+r servers are r+nnin% Windows !""" or Windows Server !""#
NS- ena,'e WINS 'oo3+$ on &o+r NS servers. When WINS 'oo3+$ is ena,'ed on NS servers- WINS
reso'ves an& names that NS reso'+tion does not find. NS does not s+$$ort the WINS forward 'oo3+$ and
WINS>R reverse 'oo3+$ records in versions of Windows ear'ier than Windows !""". 0or information a,o+tena,'in% WINS 'oo3+$- see 5e$'o&in% NS6 in this ,oo3.
If a'' of &o+r networ3 com$+ters are r+nnin% Windows !"""- Windows ;P- or Windows Server !""# and &o+
are not s+$$ortin% an& a$$'ications that re
8/10/2019 7119477 Deploying Wins Smith.N Studio
31/36
Additional Resources 20#
Integrating WINS with D"'PWhen +sin% HCP and WINS to%ether on &o+r networ3- +se additiona' HCP sco$e o$tions to assi%n WINS
node t&$es and to identif& WINS $rimar& and secondar& servers for HCP c'ients.
Com$+ters with static IP addresses can ,e $ro,'ematic and their initia' re%istration record in WINS ,ecomestom,stoned if the& are not $eriodica''& sto$$ed and restarted. ?o+ can have a more re'ia,'e and mana%ea,'e
networ3 ,& creatin% HCP reservations for these com$+ters. These reservations ens+re that the com$+ter %ets
the same IP address from the HCP server for each reassi%ned IP address. S$ecifica''&- the c'ient cannot send a WINS renewa'
re
8/10/2019 7119477 Deploying Wins Smith.N Studio
32/36
210 Chapter 4 Deploying WINS
Figure 4.12 Implementing 3our WINS Solution
#igrating WINS to Windows Server /001efore mi%ratin% from 'e%ac& WINS servers- ma3e s+re &o+r e/istin% WINS infrastr+ct+re is a$$ro$riate for
&o+r c+rrent needs. 0or e/am$'e- if &o+ have recent'& +$%raded most des3to$ com$+ters in &o+r or%aniation to
Windows !""" or Windows ;P- or if &o+ have recent'& sto$$ed +sin% an a$$'ication that re'ies heavi'& on
WINS- &o+r c+rrent WINS str+ct+re mi%ht ,e too ro,+st for &o+r c+rrent needs- and mi%ht not ,e str+ct+red in
the most efficient wa& $ossi,'e. In a case s+ch as this- start the de$'o&ment from the desi%n $hase- rather than
mi%ratin% the e/istin% data,ase to new servers.
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
33/36
Additional Resources 211
0o''ow these ste$s when mi%ratin% &o+r WINS data,ase from Windows NT 4." or Windows !""" to Windows
Server !""#1
1. Insta'' the WINS service.
This can ,e insta''ed either d+rin% or after insta''in% Windows Server !""#.
$. Confi%+re the WINS service.
erif& that the server is $ointin% to itse'f for WINS. ?o+ can do this ,& viewin% the TCP2IP
$ro$erties of &o+r networ3 ada$ter.
). Convert the WINS data,ase for +se on the Windows Server !""#B,ased server.
This conversion mi%ht occ+r a+tomatica''& from e/istin% Windows NT 4."B,ased or
Windows !"""B,ased servers. If not- fo''ow these ste$s1
a. At the command $rom$t- t&$e net sto' winson ,oth the e/istin% and new servers.
*. Co$& the contents of the LS&stemRootLS&stem#!Wins fo'der from the e/istin% serverto the new Windows Server !""#B,ased server.
". At the command $rom$t- t&$e net start winson ,oth servers.
+rin% the conversion $rocess- &o+ mi%ht ,e $rom$ted for additiona' fi'es from the Windows
Server !""# o$eratin% s&stem C.
To a%%ess WINS %on&ersion files
1. Co$& the Ed,9"".d' fi'e from the I#:D fo'der on the C>R*M to theLS&stemRootLS&stem#! fo'der on the server.
$. At the command $rom$t- t&$e e*'and edb500+dl, edb500+dllto e/$and the Ed,9"".d'fi'e on the server.
). At the command $rom$t- t&$e net start winsto finish the conversion $rocess.
4. erif& that the WINS data,ase is shown in the WINS sna$>in on the server.
Note
This process can take 10 minutes or more to complete depending on
the si-e of the data%ase, Do not stop the process until it is finished, It is
normal for 9etconv,e4e to re)uire heavy 'P& usage during the
conversion,
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
34/36
212 Chapter 4 Deploying WINS
Testing our WINS DesignAfter com$'etin% &o+r WINS desi%n- test it in a 'a, to find $otentia' $ro,'ems ,efore im$'ementin% &o+r desi%n
on &o+r $rod+ction networ3. As &o+ ro'' o+t &o+r desi%n- test &o+r networ3 to ens+re it is wor3in% as e/$ected.
The ,est time to discover $otentia' $ro,'ems with &o+r desi%n is in a test 'a, $rior to &o+r f+'' im$'ementation.When $re$arin% &o+r test 'a,- ,e s+re to1
@se a server com$+ter from the same vendor and with the same confi%+ration as the servers that
wi'' ,e +sed for the act+a' WINS servers. Set +$ a re$resentative sam$'e of the com$+ters in
&o+r or%aniation to ,e tested as WINS c'ients.
If &o+ are $'annin% to de$'o& WINS over a WAN- desi%n &o+r 'a, with ro+ters and +se a 'in3
sim+'ator to sim+'ate networ3 'atenc&.
e$'o& a t&$ica' set of a$$'ications to%ether on the WINS test server. This ste$ is vita' in
determinin% an& com$ati,i'it& iss+es that mi%ht arise when +sers r+n different a$$'ications
sim+'taneo+s'&.
0or more information a,o+t $'annin% a test environment- see 5esi%nin% a Test Environment6 inPlanning,
Testing, and Piloting e!lo"#ent Pro$ectsof this 3it.
:valuating the DeploymentAfter im$'ementin% &o+r WINS desi%n- eva'+ate &o+r de$'o&ment to ens+re that it com$'ies with &o+r desi%n
and meets &o+r or%aniationJs ,+siness %oa's.
Sta%e a sim+'ated fai'+re to ens+re that f+nctiona'it&-
sec+rit&- and $erformance are maintained.
isa,'e or disconnect each WINS server that is a $art of a
red+ndant WINS desi%n. Provide $roced+res detai'in% how to restore s&nchroniation of WINS data,ases after a
fai'ed server is reactivated or re$aired.
Initiate WINS re$'ication- and e/amine the data transmissions ,etween the'ocations to ens+re that the WINS re$'ication traffic is encr&$ted.
To assess the a&ailability of your design
To e&aluate WINS ser&i%e a&ailability
To e&aluate WINS se%urity
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
35/36
Additional Resources 213
$dditional !esources0or more information a,o+t WINS- refer to the fo''owin% so+rces1
Related Information
TheNetworking Guide of theWindows Server 2003 Resource Kit (or see theNetworking Guide
on the We, at htt$122www.microsoft.com2res3it) for more information a,o+t Windows Internet
Name Service (WINS)- Windows Server !""# NS- or the 7mhosts fi'e.
5e$'o&in% NS6 in this ,oo3 for information a,o+t ena,'in% WINS 'oo3+$ or a,o+t $'annin%
and desi%nin% &o+r NS networ3.
5esi%nin% Server C'+sters6 in thePlanning Server e!lo"#ents,oo3 of this 3it.
5e$'o&in% HCP6 in this ,oo3.
5e$'o&in% ia'>@$ and PN Remote Access Servers6 in this ,oo3 for more information a,o+t
virt+a' $rivate networ3s and the Ro+tin% and Remote Access service.
5e$'o&in% IPSec6 in this ,oo3.
5esi%nin% a Test Environment6 inPlanning, Testing, and Piloting e!lo"#ent Pro$ectsof this
3it.
Theistri%uted Services Guideof the Windows Server 2003 Resource Kit (or see the
istri%uted Services Guideon the We, at htt$122www.microsoft.com2res3it) for more
information a,o+t domain and forest tr+sts.
R0C =""=1Protocol Standard for a Net&'(S Service on a T)P*+P Trans!ort )once!ts and
Met-ods
Related Tools
0or more information a,o+t the Networ3 Monitor too'- see 5Networ3 Monitor6 in He'$ and
S+$$ort Center for Windows Server !""#.
0or more information a,o+t the Netsh command>'ine too'- see 5Netsh6 in He'$ and S+$$ortCenter for Windows Server !""#.
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St
ttps://www.facebook.com/SmithNguyenStudio
8/10/2019 7119477 Deploying Wins Smith.N Studio
36/36
214 Chapter 4 Deploying WINS
Related elp Topi%s
0or ,est res+'ts in identif&in% He'$ to$ics ,& tit'e- in He'$ and S+$$ort Center- +nder the -earch,o/- c'ic3 -et
search o'tions. @nder Hel' "o'ics- se'ect the-earch in title onl.chec3,o/.
5WINS6 in He'$ and S+$$ort Center for Windows Server !""#.
5Netsh Commands for WINS6 in He'$ and S+$$ort Center for Windows Server !""#.
5Confi%+rin% WINS re$'ication6 in He'$ and S+$$ort Center for Windows Server !""# for
more information a,o+t WINS confi%+ration across WANs- 7ANs- or +ntr+sted domains.
5Ena,'in% Ker,eros 9 a+thentication6 in He'$ and S+$$ort Center for Windows Server !""#.
Sm
i
t
h
Ng
u
y
e
nS
t
u
d
i
o
Smith Nguyen St