Introduction
Networks have evolved from loose collections
of connected devices to complex subsystems made up of
interdependent resources. For example, in the past, printers
were assigned to a specific group of users. Today, users expect
to be able to find and use the printer that best meets their
needs, wherever they happen to be. Administrators need to think
of adding printers as adding network resources that are
available to everyone. And it�s not just about printers;
it�s about every component of the network�s fabric being
dynamic, discoverable, and ready to be used in ways that were
not anticipated.
In the past, companies went to great lengths
to build such networks by assembling bits and pieces of
technology from many different vendors. The result was generally
higher costs and fragile networks. The message to Microsoft from
customers was clear: deliver the kind of simplified network we
want but without all of the systems integration and complexity:
just make it work.
In response to this requirement, Microsoft
invested greatly to ensure that some of the most important
advances in the Windows� 2000 Server operating system are in
the system�s infrastructure. They include a state-of-the-art
directory service, public key security technologies that are
uniquely integrated with both the operating system and
the directory service, the latest communications
technologies�and more. Combined, the infrastructure services
provided by Windows 2000 Server let organizations:
Simplify Management. Distributed
systems often lead to time-consuming and redundant management
that grows more complex as your computing infrastructure
expands. For example, when you add new applications to your
computing infrastructure, you may find you need to manage
multiple directories. Or, when you add new employees, you need
to distribute software to their desktops, and make sure it stays
up to date. This is the type of issue that is addressed by the
Active Directory
TM service�the central, unifying infrastructure element
of Windows 2000 Server.
Active Directory serves several essential
functions. First, it provides a logically centralized place to
store, manage and publish essential information about the
hardware, software, and users throughout a network. Tasks such
as delegating administrative privileges become easy�and enable
companies to lower costs by achieving the right balance of
centralized control and local autonomy. Second, the Active
Directory provides a policy-based environment to centrally
manage and control network resources and security. Third, it
allows developers to build applications that build upon and
extend the management infrastructure provided by Active
Directory instead of building a proprietary solution. For
example, Microsoft� Exchange Server 2000 uses Active Directory
instead of a separate directory, enabling administrators to
manage users and mailbox information in one place.
Another example of how Windows 2000 simplifies
management is with the IntelliMirror� management technologies,
which manage users' data, settings, and software through
group-level policies set by the network administrator. Through
integration with Active Directory, IntelliMirror features are
able keep track of and present the users' complete environment,
even making it available when users are roaming or working
offline.
Strengthen Security. Security services
are an essential part of a modern network operating system. With
the integration of a standards-based public key infrastructure (PKI)
and Lightweight Directory Access Protocol (LDAP) directory
services in Active Directory, and the underlying distributed
security infrastructure of Windows 2000, companies can extend
their networks to customers, partners and suppliers faster and
more securely than ever before. The Windows 2000 Server security
services provide strong and consistent protection for your
corporate network, while reducing management overhead and the
risk of making an error when managing user authentication and
access control.
Another key aspect of the Windows 2000 Server
security infrastructure is Active Directory integration. Active
Directory allows centralized management and enforces role-based
security consistent with your organization's business processes.
Active Directory also makes it easier for companies to use the
latest security technologies such as X.509 certificates and
Smart Cards to ensure remote access security, build secure
e-commerce sites and deploy extranets.
Extend Interoperability. Since it�s
unlikely you�ll be building your computing infrastructure from
scratch, Windows 2000 Server can help you integrate the diverse
collection of technologies you already have. For example, Active
Directory provides a number of standard interfaces for
application integration. Microsoft also provides a range of
directory interoperability solutions to help reduce the cost and
complexity of managing a diverse network and application
environment. These include synchronization connectors that make
it simple to manage environments that contain both Active
Directory and Novell�s NDS, and industry-leading metadirectory
technologies to handle more complex requirements.
In addition to directory services, Microsoft
also has worked hard to ensure that the Windows 2000 security
infrastructure is interoperable with other important security
technologies. For example, the Windows 2000 Server public key
infrastructure is interoperable with popular certificate
authorities, and the Kerberos technologies in Windows 2000
Server are fully standards-compliant, enabling powerful single
sign-on solutions.