the office setup, or satellite users will be there for about a year before moved to new building being built...

yes, I can probably use LDAP or a AD connector with the NAS... just want less shit to worry about or break/issues.

Authentication over VPN i know is fine... its the fact we do roaming profiles and folder redirection. Thats reason for my thought of having onsite windows server. Is this wrong of me to think in that mindset?

Ofcourse I can easily setup a simple NAS with RAID-1, and then create file shares off that. But the fact is we have GPO settings on the PDC that also can be pushed to these users

IE; pushing a new default printer for this new office location. Hell, I still need to create a new security group / organization to put new users in and build a policy off that.

The move to this temporary office was a last minute item; and a get it done quick aspect from decision makers. Employee's have been there for a week now.

also carrying VOIP traffic over vpn tunnel. normal stuff.

Satellite office will need AD authentication, as right now they're authenticating over site-to-site vpn tunnel and pulling data over tunnel.

File shares over tunnel.

Local server, the mindset was local authentication (Secondary Domain controller / AD slave), and that server have shares.

I'm not aware of being able to use a NAS with file structure and appropriate file folder permissions from windows server. Would have to create file share on the NAS, and attach as network drive to windows server, and then from there build file folder permissions and such

We do have MS Maps account and access to keys and server 2012. Personally i cannot stand 2012, but it does work... or I'm just naive and not skills? I have skills, but I have a personal passion hate for windows servers and the overly complex bullshit. I've managed linux servers and just grew up with linux; besides the point here.

I understand the business aspect of posting a net revenue of XX, but only having a gross of such due to overhead and employee payroll expense.....

I would have no problem presenting a plan outline and I will do it regardless, so they can see it on paper. Just for our company size/structure does not make since. As I have direct line of communicate to the CEO.

I've given hard numbers and even a minimal proposal from Scale computing; just so they could get a general idea of numbers. Also obtained server quotes on new hardware to compare against using a new setup on XenServer.

Look - i was just throwing generalized idea out there, conceptual.

Yes -- would be two(2) NAS servers running HA / data sync.

Was considering two(2) servers to run XenServer 6.5 latest and greatest and to use OXA to manage; a single management portal (more features than XenCenter). The rolling delta back-ups is a nice feature...more worthwhile than snapshots.

That way can have rolling delta back-ups, and also HA-Storage on the network storage devices.

However, I was also considering rather than doing Network storage -- as I know @scottalanmiller has said otherwise..... that I can do a DRDB setup using HA-Lizard on XenServer 6.5

However, for DRDB setup -- I would have to spec the server nodes with large drives. Would have to be a nice 2U server with 12+ drives

As right now, We have over 1.5TB of data being stored. I see this growing much larger over the coming years.

Not to mention need a place locally to store snapshots, or back-up data.. and other NFS shares (System imaging, ISO store, misc)

Understood. I know ROI and TCO.. I've explained this to the CEO and asked him numerous times what his expectations are. What are the costs of downtime to him and the company?

Again, posted over 7m gross in 2015.. for a company of over 100 employee's. I don't see how would be such an issue to investigate new purchases. Also considering the fact, building a new 112,000 square foot facility to be moved into end of 2017 - although i have my doubts on being that soon.

Anyways, besides the fact of original posting. Essentially, DFS will not work for us due to file locks. I'm waiting to see if we can purchase an intel atom D525 server for this satellite office, or even a super micro i3 server that will run 2008 R2.... only will have ~20 employee's there.

I understand this. Just throwing it out there of the bigger picture for the production environment. Hence why wanting HA and also network storage.

I'm just worry about localized storage on the nodes/servers. As it has to sync across in nearly real time; and then the scalability of that. Would essentially have to spec out the local nodes to have as much storage capacity as possible; to sustain future growth and storage needs.

The production environment will be similar to K12 setup. (in my mind). Be for a larger company of 200+ employee's, plus overturn.

As workstations will have folder redirection and data everywhere for files / saves / network file shares for storage.

It's been about 3 years total since I've worked with XenServer. Current setup and primary Xenserver node is running 6.0 (old...) early on, i really did not like the strangle-hold citrix had on the features and such, But I know later version are much better. I'm worried to upgrade to 6.1 - should i be? or should it be seemless and not break and Windows VM's ?

Anyways.. really looking into option for a new deployment and future build for current office needs... Already looked at Scale computing. Looks very good and pricing is subjective to the quality of product. nice!

I really like Xen Orchestra and features it presents for XenServer hosts. This was not available tool back when I first implemented xen server. Its really amazing the new tools available to us today....

Was thinking 2 Xen Server hosts with HA-Enabled (is this availble on FREE?) and using Xen Orchestra.

Local storage (SR) sounds nice on the hosts.. not sure if HA-Lizard (DRDB) is supported with Xen Orchestra.

So was thinking of a redundant HA-setup with some high-end Synology 2U units... using NFS storage as SR (rather than iSCSI). Due to storage visibility over network (ability to access actual storage VHD)

Would have a dedicated 10Gbe switch that would have servers connected(2 NIC interfaces - LACP) and also the NAS units.

And then the 2 servers directly connected with patch cable(s) for Xen Orchestra to work.

this is all conceptual....

They were prospecting and projecting employee's based upon client acquisition/intake through the years. Employee prospects based upon average number of people to support X number of customers...

Big thanks for everyone with that insight.

Yeah - i've been here 8 years and have seen alot of growth. Although, unfortunately, treats it as a smaller business than what it should be. I try to keep a close relationship with CEO as when the company was smaller.

They refuse to give IT a budget. I seen on paper they only gave IT a 5,000 budget for year of 2015. I questioned it, and said there were other needs. I said, our new computer purchases blew past that already.

CEO wants to grow company to 250 employee's by 2017. And 50-100 employee's year after. These are projections I've had. But I can see him wanting a more formal proposal and outline.

I see that, good point. However, its a moot point.

Essentially, this is same info he's provided before (verbally) in meetings. When I brought up the information, data, quotes and our capacity and have asked for company forecasting; it goes back into a queue of 'timelines and priorities'.

I'm just over it, when I feel I have no control or say to better the technology needs. The fact we had downtime last week.

Well,

I just put a candid email reminder to the CEO and CFO (his father). See below his response... in in awe as to what to even reply to... Note, that my role here is "Director of IT"

I view you as my technology partner, my consultant, and my guide to help me steer this growing ship. You have mentioned several times that we are near capacity and things are growing old. I would expect some sort of written technology plan that outlines and itemizes our equipment, its life expectancy, its scheduled replacement data, and its cost. Then I would expect your analysis and recommendation on the priorities. From that point we would meet as a team to discuss timelines and priorities. How else can we plan and prepare?

We are both getting into unchartered territories with company size and technology needs. I find myself busier than ever and unable to be involved in each detail. I need data, analysis, and recommendations that will help company to grow and be efficient. I am relying upon you for those things.

So I put the challenge back to you. Can you please do some research and find out what other companies that are our size do when they are planning for technology and infrastructure plans? How can we professionalize our technology systems and processes just like we are doing in the rest of the company? What technology do we have now, what do we need (the gaps), and what are the costs?

Get it organized and professionalized and we will work together to make it a reality.

@Dashrender said:

Sounds doable.

You can also change AD users at the remote site to save their roaming profiles to that server.

And you'll want to change their redirected folders to that server as well.

Another great point.

I have a template use that I use for new user creation. Yes, I can modify the profile path to the new server UNC path. However, within GPO i have it specifically set for which folder for the User directory for their folder redirection.

basically, I would have to create a new GPO policy and also a new Security Group for these users at remote site? And link this Security group to the new GPO? Just thinking out loud.

@BBigford said:

I absolutely refuse to use my own gear. It just allows the company to continue to put off spending money. I just keep proposing something. Every time something gets complained about, I just bitch about under spending on infrastructure. If it gets to me, I simply quit and go work for someone else that refuses the concept of spending money to update and scale infrastructure.

This is position I'm at, and why I've been searching. no forward movement for myself at company. As I do more than IT role here, also some management side with employee's. Very involved.

So I'm seeing as quick and dirty solution.... Would be to get CEO/CFO to spend some money on a capable server to have at the satellite office. I'll use as a slave AD server that way users can authenticate locally to that onsite box. Only issue would then be the roaming profiles -- although they load fairly quickly over there (sign-on).

Can create local network share for the files they need and they would be set... then fire up offsite backup.

at same time I can press issue back full circle about the company's current hardware needs.

NOTE: This would only be a 1 year solution.... as supposibly we had approval from the county for us to take-over and build out a larger facility that we will move into late 2017....

he has yet to realize the cost of getting infrastructure installed there.. bahaha...

@coliver
@Dashrender

Thanks for insight and input. I've looked at those solutions as well. I think the point other ML users were getting at, is the cost standpoint. As for true HA setup. I would need multiple XenServer hosts and ofcourse redundant SAN storage and ofcourse switches. With that, the cost would be close to or greater than an investment with Scale Computing Cluster.

I would feel more comfortable with something with support. XenServer is a solid solution. However, I'm just very cautious and worry about HALizard or DRBD with XenServer for local storage. I would have to fill up a 2U-3U server with drives to size and a hardware raid card on each node.

Where be nearly the same cost to get a 'barebone' 1U server with simple RAID-1 for host operating system, and then networked storage that is directly attached to a core switch/backbone switch to that of the servers & network storage so rides on same subnet/switch. Or best, directly connected to back of servers.... can go on and on lol.

But great point regarding DFS and the file locking.... i see that being a large issue.

@Dashrender
Now this was a bit pointed, and I'm hoping you say, iSCSI isn't going over the router between subnets - to which I would reply, then we need to remove it and any other protocols not going between subnets, listing them just adds confusion.

A: The router is just tagging/mangle the TCP/UDP ports so i can do QoS. Otherwise, everything is at switch level.

@Dashrender

What security do you think you gain by not using VLAN 0?

on managed switches, when applicable or on most company installs, I'll create a different VLAN rather than VLAN0/1. As old security article and documentation of security issues of default VLAN on managed switches.

@Dashrender

If you can have two shares, one for those working at the main location, and a separate one for the remote, and people can accept a minor delay when looking at the remote ones, but they live mostly in the local ones.. that would solve it to.. and no replication would be required.

You know.. This is a good point and an Idea I've had. This office is doing a function or product offering to our clients, almost a seperate entity. In theory, we could have a secondary server there with AD integration for local authentication, and then data saved on this local server. Then if that file share needs to be accessed back from Main site -- thats no problem.

The issue is just convergence or keeping the information in one centralized area. I've been pushing for them to also spend money on a new platform such as salesforce so everything with our clients, functions and employee transparancy (as far as items completed by employees). Thats another mess

In regards to DFS File lock.. This would actually create a huge issue. We have quite a few Excel spreadsheets which are actually shared spreadsheets that are updated everyday and nearly open all day long. This is another issue. Essentially have an in-house call center that will take notes/info requests and log into a spreadsheet formatted columns..

You've given me some real thought about the mere fact of just pulling out my hardware and putting my foot down. Will they fire me, for this? Probably not. As many others have said and see; it can be difficult for management or even a CEO to find value in IT and what they do for the company. However, when there is an issue -- its put onto us to get back online and working again.

2 weeks ago we had 3 hour downtime due to our print server crashing. Print spooler blew-up (soon as service starts, TCP/IP stack fails). due to the XenServer node not having resources.... I had to spin-up another VM on my equipment to setup an all new print server and re-install and push the printers back out to users.

..

@Dashrender said:

@ntoxicator said:

The issue is that some employee's have access to different inboxes.

OK multiple inboxes have always been an issue - I don't know enough about the web client to offer anything

Main site where Primary Domain controller (PDC) has connection of:
Coax: 250meg/25

OK so this means that you can send to the other site at a max speed of 25 Mb or about 3 MB/s not counting the overhead of the VPN and other traffic running over the connection.

I can definitely see where roaming profiles would be a HUGE problem on this type of connection. Question - will users be roaming from site to site?

@Dashrender - Yes, office manager bounces back and forth and other key members

MikroTIK Router on both sides. RB1100Ahx2.
I have traffic shaping and queue Tree QoS setup. Mangling (tagging) packets based on TCP/UDP port numbers to do such. Ranging from VOIP ports, NFS ports, iSCSI ports, HTTP, HTTPS, DNS, etc..

Main office has many VLANS.

You have iSCSI traffic going over your router? between subnets? why?
Why many VLANs? I personally have many also, because I wasn't as smart when I set them up as I am now. I currently have 5, but want to get down to 2. Would thinks be simpler for you if you reduced it down to two with a subnet of /22? or even just one flat network, no VLANs.

@Dashrender - I should be more clear, as alot of the typing and text and explaining may not be clear due to the office setup.

I have a total of 4 different VLAN's on this network
1 - data vlan
1 - voip vlan
1- wifi network vlan
1 - vlan for switch management & Synology SAN traffic

iSCSI Traffic is NOT going over the VPN. iSCSI traffic is only at primary office; where everything is local.

Satellite office is on a single VLAN. No need for me to segment data & voip due to size.

Are you actually tagging the traffic as being on a VLAN? if so, why? Sure, the default is VLAN 0, but there are no tags, typically for that and nothing to manage.

@Dashrender - Satellite office is just single subnet, not using VLAN 0, for security reasons.

@Dashrender said:

What about just redirecting their Documents and Desktop instead of full blown roaming profiles

You mean redirecting their data to say \sharefilename\User map network drive? I already have folder redirection taking place, all their data is saved on the PDC to a shared network file UNC path.

If you have folder redirection already, then saving to the documents folder shouldn't matter, because those things should be saved to the server. The same goes for any other folder you redirect to the server.

Now personally, you shouldn't map that network location to a drive letter for the user - it just confuses them. Hey I see my documents in this network U: drive and in my documents folder.. what gives? etc... then you have users trying to clean things up.. they delete from the network share, and now their life files are gone.. yeah.. just bad.

@Dashrender - I agree with you 100% on this. I would not do that, but was looking for clarification. As right now, with file redirection, everything is seamless to the end-user.

To move to a single node Xen Server (We already have this). We would need over 64GB of RAM to handle our VM instances and needs and also storage space. We have Synology 1U NAS units using iSCSI to Xen Server host. Because CEO wouldnt spend money prior for upgrades. I had to move COMPANY resources / Virtual machines to my PERSONAL 1U SunFire servers to share the load cost. I have 3 - 1U SunServer's in our company rack using proxmox KVM's (was using as testing...)

64 GB RAM - is that all? My little server has 64, my big one has 120 GB, and you can easily buy servers today that will hold 512 GB + RAM. As for your storage, well, yeah - you have a storage problem. You just need to solve it. You might need more storage than a single typical server chassis can handle (though you can buy HPE and Dell servers that hold something like 18 drives - so you'd need some pretty crazy storage before you'd climb over that and need to go to DAS or NAS or SAN)

@Dashrender : this was also an example. To be all honest, We would actually need over 128GB of ram, and of-course the storage size to suite our needs.

I considered a XenServer HA setup with a HA setup for Network SAN units. Other users on here have bashed me for this idea and suggested a setup similar to Scale Computing (Where storage is local to servers).

I've been with company for 8 years and been here with all the growth. Been trying to find other opportunities in the area that will pay a livable wage. Its difficult and not had much luck. I have my personal technology that I do on the side and have done since I've worked here. although its not sustainable income.

I want to say try harder to find a job but after seeing Scott's post about how he was told that he wouldn't amount to anything while in school, only later finding out he has a mental condition that doesn't allow him to have good rote memorization skills - I'll just offer good luck in your continued efforts to find a new/better job.

I am still pursuing and looking elsewhere as I want to further stretch my legs.

I know... I had the servers already in the network rack and in development for my testing of KVM features for proxmox and discovering different features to see if feasible. As I'm running the current node on XenServer 6.0. I want to upgrade to 6.1 (have ISO right here). But worried what will break...

I've told CEO/CFO more than once that we do NOT have the resources or scalability to sustain more growth. We are maxxed out on resources and the fact I'm using 3 of my servers to get us by. I even told him its at point they need to buy the servers off me, as they're personal and was personal money used to purchase. They just turn a nose. again this is 7million net revenue company. I dont get it. Very frustrating.

CEO thinks he knows better as he use to fix computers back in early 90's, so decisions still bounce off him and what he feels necessary. More rant..

But anyways.

I'm looking for idea's to make access time of network shares similar as to if they are local resource or on a local server. As apparently, the 2 second delay over network share is not operating at "peak efficiency". Had a shoe string budget, and I mentioned at the beginning that we might need a server onsite at this location - and a general price was given.

Idea's how to make DFS work? Need it to work similar to the file shares.

Or I keep roaming profiles AS IS and the file redirection via UNC path "still saved locally on PDC". I could take our Primary network share's and robocopy that data to the new DFS shares?

Then through group policy, change the settings on drive maps to push out the DFS shares with same names?

@Dashrender said:

Employee's will 100% bitch that they're missing their sticky notes, or the time it takes for their Exchange email to download to local Outlook.... Employee's refuse to use and complain about the office365 webGUI.
Looks like you've provided an option that would solve the problem - if management allows, uninstall Outlook from the PCs. Another option would be to go to RDS or VDI

The issue is that some employee's have access to different inboxes. We have a corp inbox that some employee's have access to. And then some have access to each others as check and balance. Been issue of employee turnover for some larger roles, so new person needs access to active inbox to see old emails and such. I've suggested 'generalized' inbox(s) for specific items, that way all info is global in one single source rather than dealing with old employee inboxes.

Main site where Primary Domain controller (PDC) has connection of:
Coax: 250meg/25

MikroTIK Router on both sides. RB1100Ahx2.
I have traffic shaping and queue Tree QoS setup. Mangling (tagging) packets based on TCP/UDP port numbers to do such. Ranging from VOIP ports, NFS ports, iSCSI ports, HTTP, HTTPS, DNS, etc..

Main office has many VLANS.

Satellite office is on a single VLAN. No need for me to segment data & voip due to size.

@Dashrender said:

What about just redirecting their Documents and Desktop instead of full blown roaming profiles

You mean redirecting their data to say \sharefilename\User map network drive? I already have folder redirection taking place, all their data is saved on the PDC to a shared network file UNC path.

@Dashrender said:

Eggs in one basket? Unless you have high end needs, not sure what the problem is? I am moving to a single server XenServer box. All VMs on one host. The cost to go to something with shared storage and HA, just not required for me. But that's really a business question, not an IT one - and for another thread.

To move to a single node Xen Server (We already have this). We would need over 64GB of RAM to handle our VM instances and needs and also storage space. We have Synology 1U NAS units using iSCSI to Xen Server host. Because CEO wouldnt spend money prior for upgrades. I had to move COMPANY resources / Virtual machines to my PERSONAL 1U SunFire servers to share the load cost. I have 3 - 1U SunServer's in our company rack using proxmox KVM's (was using as testing...)

I've been with company for 8 years and been here with all the growth. Been trying to find other opportunities in the area that will pay a livable wage. Its difficult and not had much luck. I have my personal technology that I do on the side and have done since I've worked here. although its not sustainable income.

Hey there,

This is a slight rant and frustration and looking for assistance. I'm sure it will be an absolute PISSING contest here on the current setup...

Issue:

Have windows 2008 R2 server with UNC File shares along with Roaming profiles

Company Size: over 100 employee's.

Recently CEO just leased new office space to move ~15 employee's to new location as our current building we're out of space for parking and growth...

I setup the network and all wiring at new office location.

IPSEC site-to-site tunnel between our primary office location & satellite office

Today, the CEO called me, then starting texting me blowing up my phone complained that the remote office users are not able to work at 'peak efficiency' due to the delay when accessing the company File Share network drive. Asked if we can put onsite server and backup. Asked if internet speed is issue or VPN is issue and asking how we are connected...
PS: Coax 100/10 connection.

I know the answer is to install a secondary domain controller at this Satellite office and setup DFS

issue:

Primary Domain Controller (main site) also does all the file sharing and GPO settings.

I would need to Setup DFS namespace and KEEP the SAME UNC paths. As we use Roaming profiles. Have about 1.5 TB of data. This consists of user profile data, and company file share data & client info.

Also note; we move employee's around the office ALOT. meaning employee's will get shifted around to different desks or departments at random times.

Employee's will 100% bitch that they're missing their sticky notes, or the time it takes for their Exchange email to download to local Outlook.... Employee's refuse to use and complain about the office365 webGUI. I essentially give them evil eye.. I would love to get rid of roaming profiles, but due to the way the workstations are used. it would be difficult. As users tend to save files to Documents or desktop... and we use 2X Application gateway server (Now Parallels Gateway server) to host client applications across network. So not have to install specific client software on each new employee computer.

We deal with medical claims & billing... as FYI. Lots of emails and bouncing around between applications.

Any idea's of how I can migrate from file shares to a DFS name space setup? From there I know I can deploy a smaller Windows 2008 R2 or 2012 server (Action pack Subscription), and then fire up the DFS...

NOTE: This leased office space we will only be there for about 1 year..... waiting on new 112,000 square foot office space to be finished.

Before he complained of budget......

Further to complicate. Wont spend the $$ needed for new infrastructure (servers). Want to move everything to Scale computing setup... Everything is 'eggs in one basket'. Constantly banging head against wall here. And they just posted 7m gross revenue for 2015yr

I want to run.