Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Sun, May 10, 1998
NTools E-NewsFlash[tm] - May 10, 1998
This issue of W2Knews contains:
<<< NTools E-NewsFlash >>>[tm] May 10, 1998
Again there is a lot of 3-rd party NT-stuff happening
that will not fit in the NTools E-News next weekend, so
here are some hot items right away!
1) YOU WERE RIGHT TO LOOK AT CONVOY; MICROSOFT & TITANIC RUN IT NOW
2) SUPERDISK-NT/SLM V4 (SUPER LARGE MEMORY) RELEASED
3) SUDDEN STRONG INTEREST IN TEM: DELEGATE SYSTEM ADMIN TASKS
1) YOU WERE RIGHT TO LOOK AT CONVOY; MICROSOFT & TITANIC RUN IT NOW
Many of our subscribers that are running IIS for their corporate
intranet or perhaps on their Internet web servers looked at ways
to scale their systems easily and at an affordable price level.
Convoy Cluster Software is a software-only solution that clusters
NT4.0 systems and creates a virtual IP address that can consist of
up to 32 nodes that service web requests transparently. We have it
up & running at Sunbelt and it works great. Free 30-day eval
downloads here: http://www.sunbelt-software.com/convoy.htm
Two megasites have recently decided to implement Convoy: Microsoft
and Titanicproducts. Here is some news about the Microsoft: Convoy
is currently installed on a limited basis at Microsoft Corporation
and is operational on Microsoft?s flagship web site. As one of the
largest and fastest growing web sites in the world, it handles 192
million hits per day and has grown 90% in the past 6 months. This
is where it sits: http://www.microsoft.com !
To meet this heavy demand, Microsoft turned to the highest performing
TCP/IP load balancing product on the market, Convoy Cluster Software.
With a demonstrated throughput of over 250 Mbits per second on
gigabit Ethernet, Convoy is the only solution capable of handle
the extreme traffic loads that are common on the world?s largest web
sites. Convoy dramatically speeds up TCP/IP services and improves
their ability to avoid outages. Convoy is ideally suited for mission-
critical Internet/Intranet servers, such as web, firewall, FTP, and
The other recent giant site with a projected 60 million hits per day
is http://www.titanicproducts.com/main.htm . Sunbelt has sponsored
this site with three of our performance tools: Convoy, AutoPilot and
Superdisk. If you go have a look you will find the logo's at the
bottom of the main page. They will probably implement some fault-
tolerance tools from us as well, and are running on three super fast
InterGraph servers similar to the one we have the Sunbelt Website
They got cool gear that you can buy on-line with a credit card. You
might want to check it out. Guess what the Sunbelt team soon
will be walking around in!
2) SUPERDISK-NT/SLM V4 (SUPER LARGE MEMORY) RELEASED
EEC Systems released SuperDisk-NT/SLM V4.0-1. The SLM feature stands
for Super Large Memory. This new release offers users the ability to
create Ram Disks and Ram Disks backed by magnetic storage of immense
size. On Intel Systems the maximum size has been raised from 1.4GB
to 8GB. Alpha systems now support 28GB up from the previous 2GB
supported by V3.0-2 of the software. Version 4.0-1 of SuperDisk-NT
is supported on both NT Workstation & NT Server. Only version 4.0 of
Windows NT is supported. We recommend you use Service Pack 3.
Windows NT is currently a 32-bit operating system with a 4GB
maximum memory size, and people can use the extra memory available
on 64-bit Alpha systems for real speed. Lab tests show disk speeds of
over 50 times that of regular cached magnetic disks with SLM. Your
data is 100% safe, even in a system crash or power failure.
What can you use this huge high speed disk device for, you may be
asking yourself? Here are a few examples some of our customers have
found very useful:
- Placing entire databases in high performance SuperDisk-NT memory.
- Running all of Windows NT from a SuperDisk-NT unit which is backed
to a magnetic disk partition.
- Place the Page File on your RAM-disk
Many people have found that it's possible to improve overall NT
performance by placing the page file on a lazy write backed
SuperDisk-NT partition. It appears that since the Working Set
Size is set automatically by NT, paging may start, even when the
physical memory has not been completely used up. This premature
paging to disk slows everything down. If you're lucky enough to
have a large memory configuration, this method of improving
performance works really well.
Several sites have placed the heavily used parts of their web
sites on a SuperDisk-NT volume. It prevents slow downs during
Many application developers place their compilers and development
tools on SuperDisk. Having to wait for compiles is boring. Doing
the job in one 20th of the time brings a lot of smiles :-))
30-day eval copies here: http://www.sunbelt-software.com/sdnt.htm
SUDDEN STRONG INTEREST IN TEM: DELEGATE SYSTEM ADMIN TASKS
Since the beginning of this year we see a very strong interest in
getting user administration delegated. That is not so surprising
of course. Last year the average amount of servers was 11. Now it
is 24, with many hundreds of users. This causes a nasty problem
that many of you have come to run into. I decided to send you a
Technology Overview of Trusted Enterprise Manager that you should
read through at your leisure. Print this out and take it home
where you can spend a bit of time and actually examine the problem
and how TEM is a great solution.
Trusted Enterprise Manager (TEM) allows enterprise system managers
to partition (delegate) administrative activities securely and
efficiently for Microsoft's Windows NT 3.51 and 4.0. TEM enables
enterprise NT administration by providing the ability to delegate
specific administrative permissions without comprising network
Strategic network administrators are typically bestowed the role
of an Enterprise Manager. Enterprise Managers assign junior
administrators, called Trusted Managers, to supervise global groups
of users. Each Trusted Manager can be assigned any combination of
22 individual permissions over a global group.
The TEM Service is a substitute NT Administrator that processes
requests from the TEM Admin and TEM Client applications. After the
client requests have been authorized, the TEM Service completes the
requests on the behalf of the TEM Client or Administrator.
Unauthorized requests are dismissed and logged in NT's native Event
TEM relies on NT's internal communication and authentication schemes
to validate user requests. Native Microsoft Windows NT network,
security, and event logging APIs are used by TEM to provide a safe,
dependable, and industry standard solution. TEM does not alter NT
in any way; thus ensuring a consistent and simple migration to the
next generation of Microsoft's NT Server network operating system.
Adopting TEM reduces, if not eliminates, the need for NT Account
Operator and Domain Administrator accounts by enabling ordinary NT
user accounts to have measured administrative authority. This
capability significantly scales Windows NT management by off-loading
time-consuming administration tasks from essential NT Administrators
to the appropriate support levels.
Delegated Administration using TEM
Trusted Enterprise Manager overcomes NT's limitations by giving you
the ability to delegate individual permissions of administrative
control across organizational groups. TEM permissions are
categorized as USER functions, GROUP functions and TEM functions.
A Trusted Manager can be delegated the following permissions in
- Enable or Disable the User Cannot Change Password option on
- Set or modify expiration and account type (global or local)
for user account(s).
- Copy a user account in order to create new user account(s).
- Delete user account(s).
- Enable or disable user account(s).
- Enable or disable remote access information for user account(s).
- Force a password change request on the next logon session of
- Set or modify logon hour restrictions and machine restrictions
for user account(s).
- Modify user profile path, logon script name, and home directory
path for user account(s).
- Enable or Disable the Password Never Expires option for
- Reset passwords of user account(s).
- Modify the Account Name, Full Name, Description, and default
global group of user account(s).
- Unlock user account(s).
- Copy managed global group(s) to create Virtual Organizational
Units with naming standards.
- Delete global group(s).
- Select accounts from the Domain Users global group to add
to designated group(s).
- Add members to designated global group(s).
- Remove members from designated global group(s).
- Rename global group(s).
- Release designated group(s) from TEM management.
- Delegate administrative rights to other user account(s).
Trusted Enterprise Manager Distinguishing Features
The following paragraphs describe many distinguishing features
that have the shipping of over 1,000,000 licenses of TEM worldwide.
These features have made TEM successful in many large organizations
like Chevron, NASA, USA Today, MTV, University of Houston, US Armed
Forces, and many more.
Based on Microsoft Standards
Trusted Enterprise Manager uses existing NT network objects like
global groups, local groups and users when delegating permissions.
This strict adherence to standards leverages your corporate
investment in NT training and your system administrator's existing
knowledge of NT. By not introducing new terms and foreign
concepts like territories, sectors, and others, your company is
guaranteed a smooth migration to NT 5.0 and Active Directory
Introduction of Active Collections[tm] Technology
Available only from MDD, Active Collections are "templates" that
contain combinations of permissions. Enterprise Managers can define
their own Active Collections to fit their organization's needs.
As a result, TEM allows rapid enterprise-wide standardization of
Why Active, you might ask? As an Enterprise Manager modifies an
Active Collection, that change is immediately proliferated to all
Trusted Managers who have been assigned that Active Collection.
This technology enables organizations to standardize on permissions
throughout their enterprise.
TEM 2.0 ships with Microsoft Access compatible reporting options
that make auditing and information gathering much simpler for the
TEM Enterprise Manager. TEM 2.0 also allows a TEM Enterprise Manager
to report, filter, and sort on almost any NT user account property
for auditing and troubleshooting purposes. For example, a TEM
Enterprise Manager can quickly run a report to determine which user
accounts have the Password Never Expires option invoked.
Virtual Organizational Units (Virtual OUs)
When Microsoft releases their X.500-like directory services product,
(Active Directory Services will be available in NT 5.0), organiza-
tions will be compelled to define naming conventions and create
hierarchical relationships for network objects like, groups and
other resources. TEM 2.0 is the only product that allows you to get
a head start on these key concepts by enforcing a hierarchical
naming structure on an otherwise "flat" NT account database.
Trusted Managers with the Copy Group (Cg) permission must use
naming conventions determined by TEM Enterprise Managers when
copying the parent global groups.
A Virtual Organizational Unit is a native NT global group that
can be conceptually thought of as a "parent group." TEM Enterprise
Managers, as well as some Trusted Managers, can create and establish
these parent groups. A delegated Trusted Manager of that global
group can only create and rename "child-groups" within that logical
structure with pre-defined naming conventions. MDD refers to these
"parent groups" and "child groups" as Virtual Organizational Units.
Since MDD's Virtual OU's are nothing more than NT's native global
groups with a naming structure applied, they can be easily migrated
to native Organizational Unit objects when NT 5.0 arrives.
Global & Local Group Renaming
A feature currently lacking from NT 3.51 and 4.0 is the ability to
rename groups. With TEM Admin, the renaming of global and local
groups is effortless. Additionally, the Rename Global Group (Rn)
permission, including an enforced naming convention, can be
delegated to Trusted Managers.
Real Time Fault-Tolerance and Contingency Recovery
Trusted Enterprise Manager's true client/server architecture
enables the client portions of the product to communicate with and
administer multiple TEM services. Both TEM Admin and TEM Client can
communicate with multiple TEM services without having to stop and
start the services each time. This design provides for real-time
fault tolerance and configuration flexibility enabling your
organization to support a "24 by 7" operation.
With proper contingency recovery planning, TEM users can easily
switch to the next available active TEM service. This feature
allows administration of the Domain to occur as long as the Primary
Domain Controller (PDC) is operational. If the PDC does fail, a
Backup Domain Controller (BDC) with TEM service and a recently
replicated control file can be promoted to a PDC to resume
Distributed Local Caching
Another advantage to TEM's client/server design is it inherently
supports distributed server-side caching of user account information.
User account properties are locally cached by running multiple TEM
services to simultaneously manage the same domain. Furthermore, the
TEM Client is faster than Microsoft's User Manager in large
environments; as it manages only pertinent subsets of the users in
a domain. Companies with satellite and slow terrestrial network
links can take advantage of TEM's optimized client/server
The TEM Service caches all NT Domain User account information. This
allows the TEM Client to retrieve and display NT account information
much quicker than Microsoft NT User Manager. In some corporate
environments, performance improved 1200% over NT User Manager for
Quick Password Reset (QPR)
More than 40% of all Helpdesk calls pertain to password
troubleshooting. Helpdesk personnel can reset users' passwords
quickly and easily by simply selecting an icon in TEM Client.
This saves a tremendous amount of time for Helpdesk staff and LAN
Administrators by eliminating the need to type and verify new
With TEM Client's Quick Password Reset, a standard corporate
password is defined that will be automatically be assigned to
users who require their password to be reset. This feature is
widely used when rolling out new workstations, or when converting
current workstations to a "standardized desktop" or new operating
system. This feature allows the TEM Enterprise Manager to
configure the Force Password Reset as a default option when QPR
feature is invoked.
Get Password Age
Common Problem: A user tells the Helpdesk that they just changed
their password and now they cannot log on? Oftentimes, the user
has changed a password for another system or application and has
not actually changed their NT password. TEM's Get Password Age
feature allows Helpdesk personnel to verify when a user's NT
password was last changed, thereby saving hours of frustration
testing invalid passwords.
Remote Access Service (RAS) Support
Tired of administering dial-in access? A Trusted Manager with the
Enable RAS (Er) permission can assign dial-in permissions to
specific users. Whether you are running NT 3.51 or NT 4.0, a
Trusted Manager can enable NT's Remote Access Service (RAS) for
user accounts via the User Properties dialog box.
TEM has a very agressive development schedule. Several requested
features are in development. If you are interested in knowing which
features will be released when, give us a call. 30-day evals and
this document in Word Format can be found over here:
That's all for this time.
(email me with feedback: [email protected])