ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Moving Forward: Converting a mess to the right solution

    Scheduled Pinned Locked Moved IT Discussion
    virtualizationserver
    56 Posts 8 Posters 9.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User @thanksajdotcom
      last edited by

      @ajstringham said:

      @DenisKelley said:

      @ajstringham said:

      Considering AD has almost zero system load, is there really any reason to separate out AD from the file and print services? If anything, use the license of Windows server you would have used for File/Print on a secondary DC.

      Yeah, little load, but rebooting is a likely candidate for separating the roles. A second DC is a good idea, but we don't know how large this company is.

      A second DC is always a good idea. It's never really "should I have two DCs?" It's "when should I add a third?" Why is rebooting an issue? It's not like you'll be doing that during production time. It'll be during off-hours. Also, he said it's for ten counties, or more. I still say have your main DC with File/Print on it. Use the next license for your secondary DC, and go from there.

      Sure a Second DC is great but, it only provides a active backup for data. It's not going to be handing out DHCP/DNS on the network (or at least not on the same subnet) so their will still be down time.

      It would be great if issues only happen after hours when no one would be bothered by them but in my experience they happen during the day. You don't want to have to restart your DC because of an issue on your file/print server. Sometimes printing issues require the server to be restart to fix not just the services. Are you going to tell the CEO he has to wait til the next day to print his golf dates because you didn't separate out the DC & File/print services? Remember in a organization with AD implemented well many if not most things will authenticate against the domain. not just the local login. You have to plan for issue that will occur, it's just when.

      thanksajdotcomT scottalanmillerS C 3 Replies Last reply Reply Quote 2
      • thanksajdotcomT
        thanksajdotcom @A Former User
        last edited by

        @thecreativeone91 said:

        @ajstringham said:

        @DenisKelley said:

        @ajstringham said:

        Considering AD has almost zero system load, is there really any reason to separate out AD from the file and print services? If anything, use the license of Windows server you would have used for File/Print on a secondary DC.

        Yeah, little load, but rebooting is a likely candidate for separating the roles. A second DC is a good idea, but we don't know how large this company is.

        A second DC is always a good idea. It's never really "should I have two DCs?" It's "when should I add a third?" Why is rebooting an issue? It's not like you'll be doing that during production time. It'll be during off-hours. Also, he said it's for ten counties, or more. I still say have your main DC with File/Print on it. Use the next license for your secondary DC, and go from there.

        Sure a Second DC is great but, it only provides a active backup for data. It's not going to be handing out DHCP/DNS on the network (or at least not on the same subnet) so their will still be down time.

        It would be great if issues only happen after hours when no one would be bothered by them but in my experience they happen during the day. You don't want to have to restart your DC because of an issue on your file/print server. Sometimes printing issues require the server to be restart to fix not just the services. Are you going to tell the CEO he has to wait til the next day to print his golf dates because you didn't separate out the DC & File/print services? Remember in a organization with AD implemented well many if not most things will authenticate against the domain. not just the local login. You have to plan for issue that will occur, it's just when.

        Fair enough. I guess it goes back to the size of the organization, and how critical uptime is. No one likes downtime, no matter how brief. However, it's certainly true that it's more acceptable for some companies than others, and in different lengths.

        1 Reply Last reply Reply Quote -1
        • scottalanmillerS
          scottalanmiller @thanksajdotcom
          last edited by

          @ajstringham said:

          A second DC is always a good idea. It's never really "should I have two DCs?" It's "when should I add a third?"

          The bulk of SMBs should only have one. DCs, of all things, rarely have noticeable downtime. NTG can go a week with the DC down and no one would realize it. The cost of downtime for many SMBs is literally zero. Even a day or two or ten. Some companies tie other things to AD that doesn't cache like logins and downtime can impact them. But a typical SMB can definitely take a few hours of AD downtime with possibly zero impact.

          Considering that - the cost of a second server hardware (say $2K minimum) and another Windows Server license (say $750 minimum) and the electric and cooling to keep that running and the IT time to administer it. Likely you are talking $4K or more for a failover system that has no means of ever recouping its costs no matter how bad the outage(s) are.

          There is pretty much no risk mitigation system that is an "always", especially in the SMB. The closest thing would be RAID 1 disks - if you are putting a disk in a server, it should be in RAID always... is almost true. But even that there are exceptions. Just very few.

          C 1 Reply Last reply Reply Quote 1
          • scottalanmillerS
            scottalanmiller @A Former User
            last edited by

            @thecreativeone91 said:

            Sure a Second DC is great but, it only provides a active backup for data. It's not going to be handing out DHCP/DNS on the network (or at least not on the same subnet) so their will still be down time.

            It should be doing DNS and DHCP if needed. Secondary DNS is more important than secondary AD.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @thanksajdotcom
              last edited by

              @ajstringham said:

              I've heard Thin Clients is kind of dead. Maybe I heard wrong but VDI is more what people are doing now. In any case...

              I think that you are confused as to these terms. Thin clients and VDI are not opposing concepts. All early and many current VDI implementations use thin clients. And VDI is in no way the "path forward." It has a place but remains an "only when other things are not an option."

              Don't get caught in the VDI and Zero Clients everywhere hype. VDI is insanely expensive and an extremely niche solution for special cases. In enterprise where there is huge scale to make it pay off, VDI is starting to creep in more and more, but in the SMB, it has almost no place at all.

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @A Former User
                last edited by

                @thecreativeone91 said:

                It's not about system load, It's about priority/and potential down time and loss of services to end users. Your DC is always your most important server once implemented in a network.

                Quite often it is the least important, especially in an SMB.

                ? 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller
                  last edited by

                  Because AD and File Services are probably tightly coupled here, having them on the same VM makes sense. If you need to do a reboot, both go down and come back together. If there is a dependency of one on the other, which there is, then having them on separate VMs doesn't really help much.

                  I think that one Windows Server Standard license is adequate. Two VMs. Keep it simple.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller
                    last edited by

                    If doing a single, stand alone server, generally HyperV is the way to go because it supports backups whereas VMware ESXi does not.

                    1 Reply Last reply Reply Quote 1
                    • scottalanmillerS
                      scottalanmiller
                      last edited by

                      So... one VM for AD/DNS/FS and one VM for SQL Server? That should work fine.

                      1 Reply Last reply Reply Quote 0
                      • ?
                        A Former User @scottalanmiller
                        last edited by

                        @scottalanmiller said:

                        @thecreativeone91 said:

                        It's not about system load, It's about priority/and potential down time and loss of services to end users. Your DC is always your most important server once implemented in a network.

                        Quite often it is the least important, especially in an SMB.

                        How small are we talking? if AD goes down and you have a content filter with AD integration no one is getting out to the web. If you talking ma & pop shop maybe. Anything much larger it's highly important. It's been very important everywhere I've been. VPNs, Webservices, filter etc all using LDAP.

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @A Former User
                          last edited by

                          @thecreativeone91 Even 100 person SMBs rarely have AD integrated networking. That's extremely expensive and cumbersome (and risky) with little to no payoff. Not a place where SMBs are likely to spend money.

                          ? 1 Reply Last reply Reply Quote 0
                          • ?
                            A Former User @scottalanmiller
                            last edited by

                            @scottalanmiller I'm more talking about 300-500 people that's what I tend to call an average SMB.

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @A Former User
                              last edited by

                              @thecreativeone91 said:

                              @scottalanmiller I'm more talking about 300-500 people that's what I tend to call an average SMB.

                              That's an extremely large SMB. The vast majority of SMBs are under 100 people. But even at 500, why would you spend money on AD integrated content filtering for an average business? What's the financial (business) benefit? That's pretty small to be doing that stuff.

                              But at 500 you'd have more than one server for lots of reasons.

                              But the average company when ALL companies are considered is far less than forty people. Take just the SMBs and that number drops quite a bit, obviously.

                              ? C 2 Replies Last reply Reply Quote 0
                              • ?
                                A Former User @scottalanmiller
                                last edited by A Former User

                                @scottalanmiller I guess it depends on the area. around here most companies are either larger or part of another large company. there are very few successful small under 100 - Most are either failing or have already failed.

                                C 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller
                                  last edited by

                                  Most companies are failing. The vast majority of businesses will never see eight years. But I guarantee that there are tons and tons of small companies all around you that you just don't realize.

                                  1 Reply Last reply Reply Quote 0
                                  • gjacobseG
                                    gjacobse
                                    last edited by

                                    What resources we havve are grossly mismanaged and poorly configured. There is no way I could ever 'fix' in one weekend, or even one 'action'

                                    Some general Stats:

                                    Two main business units, One organization but comprised of different ares. We are a Non Profit, so pricing isn't going to be an issue.

                                    Between the two, there are roughly 300 to maybe 400 staff. Transportations has about 40 (including drivers); Each program has about 15 each, Admin staff is about 30 or so, teachers about 140 - 200 depending on the time of year.

                                    One side runs Server 2003 with AD and Exchange, File and Print services: 200-250 users.
                                    Other side is the big mess:

                                    • Fiscal server - SQL Abilia MIP Fund accounting
                                    • HR Server - Sage software
                                    • Transportation server - SQL - Routematch (which is crap)
                                    • WX server - FS - access db
                                    • Shared server - FS

                                    No AD, F&P services are running, email is being moved to O365, so reduction of services needed.

                                    We have offices in nine counties, but only six or so persons per site. The idea behind the thin client is that documents in the remote offices are at risk. But the idea is to have a off site back up as well. We have a few places to put it,.. so that's not a problem.

                                    File and Print services are 'hogs' nor is AD, but I want to make sure that it's done right as opposed to the crap shot S&&) that's there now.

                                    I figure, built an AD and FS box, then start pulling things in, setting up prper file shares and security. I have 2 boxes that could be just rebuilt and put back into service...

                                    ? 1 Reply Last reply Reply Quote 0
                                    • ?
                                      A Former User @gjacobse
                                      last edited by

                                      @g.jacobse Really, You don't like Routematch? I'm surprised I've head good things about it from school bus garages. I've never used it though.

                                      1 Reply Last reply Reply Quote 0
                                      • C
                                        Carnival Boy @scottalanmiller
                                        last edited by

                                        @scottalanmiller said:

                                        But even at 500, why would you spend money on AD integrated content filtering for an average business? What's the financial (business) benefit? That's pretty small to be doing that stuff.

                                        What's expensive about it? Webroot web filtering includes AD integration in it's basic offering, as does GFI's MailMax spam filtering. Do you mean the expense of securing your AD after exposing it to the internet?

                                        1 Reply Last reply Reply Quote 1
                                        • C
                                          Carnival Boy @A Former User
                                          last edited by

                                          @thecreativeone91 said:

                                          @scottalanmiller I guess it depends on the area. around here most companies are either larger or part of another large company. there are very few successful small under 100 - Most are either failing or have already failed.

                                          I've managed to make a decent living working for companies this size. They're not always independently owned, just independently run. For example, I worked for a 150 user company that was part of a $12 billion turnover US company. I was given almost complete autonomy on everything. The only time I ever engaged with the CIO of the head office was when he turned down my proposal to buy Oracle Financials.

                                          A lot of big companies effectively operate as a series of connected SMBs, rather than one big enterprise.

                                          1 Reply Last reply Reply Quote 0
                                          • C
                                            Carnival Boy @A Former User
                                            last edited by

                                            @thecreativeone91 said:

                                            Sure a Second DC is great but, it only provides a active backup for data. It's not going to be handing out DHCP/DNS on the network (or at least not on the same subnet) so their will still be down time.

                                            Isn't it? DNS is replicated across servers, right? And you can have two DHCP servers giving out a different range of IP address but all on the same subnet, can't you? Why down time?

                                            ? 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 2 / 3
                                            • First post
                                              Last post