Migrate to DFS from UNC file shares?  Complications..
- 
 @ntoxicator said: The issue is that some employee's have access to different inboxes. OK multiple inboxes have always been an issue - I don't know enough about the web client to offer anything Main site where Primary Domain controller (PDC) has connection of: 
 Coax: 250meg/25OK so this means that you can send to the other site at a max speed of 25 Mb or about 3 MB/s not counting the overhead of the VPN and other traffic running over the connection. I can definitely see where roaming profiles would be a HUGE problem on this type of connection. Question - will users be roaming from site to site? MikroTIK Router on both sides. RB1100Ahx2. 
 I have traffic shaping and queue Tree QoS setup. Mangling (tagging) packets based on TCP/UDP port numbers to do such. Ranging from VOIP ports, NFS ports, iSCSI ports, HTTP, HTTPS, DNS, etc..Main office has many VLANS. You have iSCSI traffic going over your router? between subnets? why? 
 Why many VLANs? I personally have many also, because I wasn't as smart when I set them up as I am now. I currently have 5, but want to get down to 2. Would thinks be simpler for you if you reduced it down to two with a subnet of /22? or even just one flat network, no VLANs.Satellite office is on a single VLAN. No need for me to segment data & voip due to size. Are you actually tagging the traffic as being on a VLAN? if so, why? Sure, the default is VLAN 0, but there are no tags, typically for that and nothing to manage. @Dashrender said: What about just redirecting their Documents and Desktop instead of full blown roaming profiles You mean redirecting their data to say \sharefilename\User map network drive? I already have folder redirection taking place, all their data is saved on the PDC to a shared network file UNC path. If you have folder redirection already, then saving to the documents folder shouldn't matter, because those things should be saved to the server. The same goes for any other folder you redirect to the server. Now personally, you shouldn't map that network location to a drive letter for the user - it just confuses them. Hey I see my documents in this network U: drive and in my documents folder.. what gives? etc... then you have users trying to clean things up.. they delete from the network share, and now their life files are gone.. yeah.. just bad. To move to a single node Xen Server (We already have this). We would need over 64GB of RAM to handle our VM instances and needs and also storage space. We have Synology 1U NAS units using iSCSI to Xen Server host. Because CEO wouldnt spend money prior for upgrades. I had to move COMPANY resources / Virtual machines to my PERSONAL 1U SunFire servers to share the load cost. I have 3 - 1U SunServer's in our company rack using proxmox KVM's (was using as testing...) 64 GB RAM - is that all? My little server has 64, my big one has 120 GB, and you can easily buy servers today that will hold 512 GB + RAM. As for your storage, well, yeah - you have a storage problem. You just need to solve it. You might need more storage than a single typical server chassis can handle (though you can buy HPE and Dell servers that hold something like 18 drives - so you'd need some pretty crazy storage before you'd climb over that and need to go to DAS or NAS or SAN) I've been with company for 8 years and been here with all the growth. Been trying to find other opportunities in the area that will pay a livable wage. Its difficult and not had much luck. I have my personal technology that I do on the side and have done since I've worked here. although its not sustainable income. I want to say try harder to find a job but after seeing Scott's post about how he was told that he wouldn't amount to anything while in school, only later finding out he has a mental condition that doesn't allow him to have good rote memorization skills - I'll just offer good luck in your continued efforts to find a new/better job. 
- 
 @ntoxicator said: I know... I had the servers already in the network rack and in development for my testing of KVM features for proxmox and discovering different features to see if feasible. As I'm running the current node on XenServer 6.0. I want to upgrade to 6.1 (have ISO right here). But worried what will break... I've told CEO/CFO more than once that we do NOT have the resources or scalability to sustain more growth. We are maxxed out on resources and the fact I'm using 3 of my servers to get us by. I even told him its at point they need to buy the servers off me, as they're personal and was personal money used to purchase. They just turn a nose. again this is 7million net revenue company. Sadly, you're going to have to quit, or at minimum be prepared to quit to get them to move off your stuff. Anything of yours that is there that is currently not in use, I'd shut it down and take it home tonight. PERIOD. done.. no more growth for you on my dime Once you're ready to force the issue though.. call your boss, set a meeting with him.. inform him you are removing your gear from the rack that day. that you will move his data to another source on the network, create backups, etc.. but that you are removing your servers that day. that the services being provided won't be available until they acquire the equipment needed to run on, but you are more than happy to save/backup/move their data. They might fire you on the spot, and you'll have to provide proof that you own the servers. emails that you've sent to management stating it's your equipment, especially ones with replies are probably ample, but receipts would be best. Then after they fire you, demand they return your servers that instant, if they refuse, call 911 and report a theft. 
- 
 @Dashrender said: @ntoxicator said: The issue is that some employee's have access to different inboxes. OK multiple inboxes have always been an issue - I don't know enough about the web client to offer anything Main site where Primary Domain controller (PDC) has connection of: 
 Coax: 250meg/25OK so this means that you can send to the other site at a max speed of 25 Mb or about 3 MB/s not counting the overhead of the VPN and other traffic running over the connection. I can definitely see where roaming profiles would be a HUGE problem on this type of connection. Question - will users be roaming from site to site? @Dashrender - Yes, office manager bounces back and forth and other key members MikroTIK Router on both sides. RB1100Ahx2. 
 I have traffic shaping and queue Tree QoS setup. Mangling (tagging) packets based on TCP/UDP port numbers to do such. Ranging from VOIP ports, NFS ports, iSCSI ports, HTTP, HTTPS, DNS, etc..Main office has many VLANS. You have iSCSI traffic going over your router? between subnets? why? 
 Why many VLANs? I personally have many also, because I wasn't as smart when I set them up as I am now. I currently have 5, but want to get down to 2. Would thinks be simpler for you if you reduced it down to two with a subnet of /22? or even just one flat network, no VLANs.@Dashrender - I should be more clear, as alot of the typing and text and explaining may not be clear due to the office setup. I have a total of 4 different VLAN's on this network 
 1 - data vlan
 1 - voip vlan
 1- wifi network vlan
 1 - vlan for switch management & Synology SAN trafficiSCSI Traffic is NOT going over the VPN. iSCSI traffic is only at primary office; where everything is local. Satellite office is on a single VLAN. No need for me to segment data & voip due to size. Are you actually tagging the traffic as being on a VLAN? if so, why? Sure, the default is VLAN 0, but there are no tags, typically for that and nothing to manage. @Dashrender - Satellite office is just single subnet, not using VLAN 0, for security reasons. @Dashrender said: What about just redirecting their Documents and Desktop instead of full blown roaming profiles You mean redirecting their data to say \sharefilename\User map network drive? I already have folder redirection taking place, all their data is saved on the PDC to a shared network file UNC path. If you have folder redirection already, then saving to the documents folder shouldn't matter, because those things should be saved to the server. The same goes for any other folder you redirect to the server. Now personally, you shouldn't map that network location to a drive letter for the user - it just confuses them. Hey I see my documents in this network U: drive and in my documents folder.. what gives? etc... then you have users trying to clean things up.. they delete from the network share, and now their life files are gone.. yeah.. just bad. @Dashrender - I agree with you 100% on this. I would not do that, but was looking for clarification. As right now, with file redirection, everything is seamless to the end-user. To move to a single node Xen Server (We already have this). We would need over 64GB of RAM to handle our VM instances and needs and also storage space. We have Synology 1U NAS units using iSCSI to Xen Server host. Because CEO wouldnt spend money prior for upgrades. I had to move COMPANY resources / Virtual machines to my PERSONAL 1U SunFire servers to share the load cost. I have 3 - 1U SunServer's in our company rack using proxmox KVM's (was using as testing...) 64 GB RAM - is that all? My little server has 64, my big one has 120 GB, and you can easily buy servers today that will hold 512 GB + RAM. As for your storage, well, yeah - you have a storage problem. You just need to solve it. You might need more storage than a single typical server chassis can handle (though you can buy HPE and Dell servers that hold something like 18 drives - so you'd need some pretty crazy storage before you'd climb over that and need to go to DAS or NAS or SAN) @Dashrender : this was also an example. To be all honest, We would actually need over 128GB of ram, and of-course the storage size to suite our needs. I considered a XenServer HA setup with a HA setup for Network SAN units. Other users on here have bashed me for this idea and suggested a setup similar to Scale Computing (Where storage is local to servers). I've been with company for 8 years and been here with all the growth. Been trying to find other opportunities in the area that will pay a livable wage. Its difficult and not had much luck. I have my personal technology that I do on the side and have done since I've worked here. although its not sustainable income. I want to say try harder to find a job but after seeing Scott's post about how he was told that he wouldn't amount to anything while in school, only later finding out he has a mental condition that doesn't allow him to have good rote memorization skills - I'll just offer good luck in your continued efforts to find a new/better job. I am still pursuing and looking elsewhere as I want to further stretch my legs. 
- 
 @ntoxicator said: CEO thinks he knows better as he use to fix computers back in early 90's, so decisions still bounce off him and what he feels necessary. More rant.. This is something I personally struggle with - not in the same way. My struggle is a desire to keep us secure, and doing what needs to be done to do so. But management doesn't agree. Something i have learned, but still struggle with, from Scott is that it's their company. It's my job to do it their way or find a new job. 
 So fine, do it his way, and when it comes crashing down... they'll blame you - but the question is.. will they fire you? In my experience, more often than not, they won't fire you, they'll just complain a lot and buy the minimum to get back working again.I'm looking for idea's to make access time of network shares similar as to if they are local 
 resource or on a local server. As apparently, the 2 second delay over network share is not operating at "peak efficiency". Had a shoe string budget, and I mentioned at the beginning that we might need a server onsite at this location - and a general price was given.Idea's how to make DFS work? Need it to work similar to the file shares. DFS are file shares. But you're introducing a new possible issue. Let's say you have a file that many people use at the main office today. Once on person opens it, there's a write lock put on the file, no one else can open a write-able copy of it, they are left with read only copies. I'm not sure what happens when you DFS replication and two people open the same file from two different servers. The users don't realize they are two different servers, that's all hidden in DFS. This is a question you need to answer. If you don't have people working in both offices, then the roaming profiles won't be a problem either, they will be assigned to the local server and you're golden. Or I keep roaming profiles AS IS and the file redirection via UNC path "still saved locally on PDC". I could take our Primary network share's and robocopy that data to the new DFS shares? Then through group policy, change the settings on drive maps to push out the DFS shares with same names? If by same name, you mean the same drive letter, sure you can change the path the drive letter is pointing to.. but your users will notice the change. For example, currently my shares are s: \mycompany\netshare but when I move to DFS they will look like s: \DFSname\share\netshare They are both on the S: drive, but the names (which actually show up in My Computer before the drive letter does) is totally different. My users barely know there is a drive letter there. because the patch is so long, the short view shows the sharename, and they can't even see the drive letter. 
  I don't see robocopy being useful here - I'm assuming you need to keep the data synced between the two servers - so anyone can access it from anywhere. If you can have two shares, one for those working at the main location, and a separate one for the remote, and people can accept a minor delay when looking at the remote ones, but they live mostly in the local ones.. that would solve it to.. and no replication would be required. 
- 
 @ntoxicator said: @Dashrender - I should be more clear, as alot of the typing and text and explaining may not be clear due to the office setup. I have a total of 4 different VLAN's on this network 
 1 - data vlan
 1 - voip vlan
 1- wifi network vlan
 1 - vlan for switch management & Synology SAN trafficiSCSI Traffic is NOT going over the VPN. iSCSI traffic is only at primary office; where everything is local. At first I thought you were saying iSCSI traffic went over the VPN, but then I realized probably wasn't. But you mentioned iSCSI in relation to your router - so this made me ask You have iSCSI traffic going over your router? between subnets? why? Now this was a bit pointed, and I'm hoping you say, iSCSI isn't going over the router between subnets - to which I would reply, then we need to remove it and any other protocols not going between subnets, listing them just adds confusion. 
- 
 @ntoxicator said: @Dashrender said: Are you actually tagging the traffic as being on a VLAN? if so, why? Sure, the default is VLAN 0, but there are no tags, typically for that and nothing to manage. @Dashrender - Satellite office is just single subnet, not using VLAN 0, for security reasons. What security do you think you gain by not using VLAN 0? 
- 
 @Dashrender 
 Now this was a bit pointed, and I'm hoping you say, iSCSI isn't going over the router between subnets - to which I would reply, then we need to remove it and any other protocols not going between subnets, listing them just adds confusion.A: The router is just tagging/mangle the TCP/UDP ports so i can do QoS. Otherwise, everything is at switch level. What security do you think you gain by not using VLAN 0? on managed switches, when applicable or on most company installs, I'll create a different VLAN rather than VLAN0/1. As old security article and documentation of security issues of default VLAN on managed switches. If you can have two shares, one for those working at the main location, and a separate one for the remote, and people can accept a minor delay when looking at the remote ones, but they live mostly in the local ones.. that would solve it to.. and no replication would be required. You know.. This is a good point and an Idea I've had. This office is doing a function or product offering to our clients, almost a seperate entity. In theory, we could have a secondary server there with AD integration for local authentication, and then data saved on this local server. Then if that file share needs to be accessed back from Main site -- thats no problem. The issue is just convergence or keeping the information in one centralized area. I've been pushing for them to also spend money on a new platform such as salesforce so everything with our clients, functions and employee transparancy (as far as items completed by employees). Thats another mess In regards to DFS File lock.. This would actually create a huge issue. We have quite a few Excel spreadsheets which are actually shared spreadsheets that are updated everyday and nearly open all day long. This is another issue. Essentially have an in-house call center that will take notes/info requests and log into a spreadsheet formatted columns.. You've given me some real thought about the mere fact of just pulling out my hardware and putting my foot down. Will they fire me, for this? Probably not. As many others have said and see; it can be difficult for management or even a CEO to find value in IT and what they do for the company. However, when there is an issue -- its put onto us to get back online and working again. 2 weeks ago we had 3 hour downtime due to our print server crashing. Print spooler blew-up (soon as service starts, TCP/IP stack fails). due to the XenServer node not having resources.... I had to spin-up another VM on my equipment to setup an all new print server and re-install and push the printers back out to users. .. 
- 
 @ntoxicator said: @Dashrender said: 64 GB RAM - is that all? My little server has 64, my big one has 120 GB, and you can easily buy servers today that will hold 512 GB + RAM. As for your storage, well, yeah - you have a storage problem. You just need to solve it. You might need more storage than a single typical server chassis can handle (though you can buy HPE and Dell servers that hold something like 18 drives - so you'd need some pretty crazy storage before you'd climb over that and need to go to DAS or NAS or SAN) @Dashrender : this was also an example. To be all honest, We would actually need over 128GB of ram, and of-course the storage size to suite our needs. I considered a XenServer HA setup with a HA setup for Network SAN units. Other users on here have bashed me for this idea and suggested a setup similar to Scale Computing (Where storage is local to servers). Sux if someone bashed you here on ML - we try to be better than that other forum. That said, talking frankly and asking you to think critically is something most push for here at ML, sadly this comes off as bashing. That said, yeah I know bashing does still actually happen here on ML. Scale is definitely a good solution, but it's not for everyone. it's not cheap to get into, $25K to start. Another option would be StarWinds vSAN software with Hyper-V (starwinds is free for 2 nodes if you are in SpiceWorks) or DRBD with XenServer (software is all free). 
- 
 @Dashrender said: @ntoxicator said: @Dashrender said: 64 GB RAM - is that all? My little server has 64, my big one has 120 GB, and you can easily buy servers today that will hold 512 GB + RAM. As for your storage, well, yeah - you have a storage problem. You just need to solve it. You might need more storage than a single typical server chassis can handle (though you can buy HPE and Dell servers that hold something like 18 drives - so you'd need some pretty crazy storage before you'd climb over that and need to go to DAS or NAS or SAN) @Dashrender : this was also an example. To be all honest, We would actually need over 128GB of ram, and of-course the storage size to suite our needs. I considered a XenServer HA setup with a HA setup for Network SAN units. Other users on here have bashed me for this idea and suggested a setup similar to Scale Computing (Where storage is local to servers). Sux if someone bashed you here on ML - we try to be better than that other forum. That said, talking frankly and asking you to think critically is something most push for here at ML, sadly this comes off as bashing. That said, yeah I know bashing does still actually happen here on ML. Scale is definitely a good solution, but it's not for everyone. it's not cheap to get into, $25K to start. Another option would be StarWinds vSAN software with Hyper-V (starwinds is free for 2 nodes if you are in SpiceWorks) or DRBD with XenServer (software is all free). XenServer has HALizard as well. 
- 
 Thanks for insight and input. I've looked at those solutions as well. I think the point other ML users were getting at, is the cost standpoint. As for true HA setup. I would need multiple XenServer hosts and ofcourse redundant SAN storage and ofcourse switches. With that, the cost would be close to or greater than an investment with Scale Computing Cluster. I would feel more comfortable with something with support. XenServer is a solid solution. However, I'm just very cautious and worry about HALizard or DRBD with XenServer for local storage. I would have to fill up a 2U-3U server with drives to size and a hardware raid card on each node. Where be nearly the same cost to get a 'barebone' 1U server with simple RAID-1 for host operating system, and then networked storage that is directly attached to a core switch/backbone switch to that of the servers & network storage so rides on same subnet/switch. Or best, directly connected to back of servers.... can go on and on lol. But great point regarding DFS and the file locking.... i see that being a large issue. 
- 
 @ntoxicator What you're talking about there with two 1U servers and NAS/SAN is an inverted pyramid of doom (IPOD). Scott wrote something up on this (again) this morning. http://mangolassi.it/topic/8743/risk-single-server-versus-the-smallest-inverted-pyramid-design He explains why this is a bad design. Also, in all of my discussion around HA (Starwind, DBRD) I never mentioned SAN or external storage. Will you need twice the amount in each of two server to have yourself covered? Of course, but if you don't, well then you don't ever actually have HA. If you have that shared storage you're talking about, what happens if that storage fails? Ok I'll stop there and let you read Scott's post. 
- 
 @ntoxicator said: Thanks for insight and input. I've looked at those solutions as well. I think the point other ML users were getting at, is the cost standpoint. As for true HA setup. I would need multiple XenServer hosts and ofcourse redundant SAN storage and ofcourse switches. With that, the cost would be close to or greater than an investment with Scale Computing Cluster. I would feel more comfortable with something with support. XenServer is a solid solution. However, I'm just very cautious and worry about HALizard or DRBD with XenServer for local storage. I would have to fill up a 2U-3U server with drives to size and a hardware raid card on each node. Where be nearly the same cost to get a 'barebone' 1U server with simple RAID-1 for host operating system, and then networked storage that is directly attached to a core switch/backbone switch to that of the servers & network storage so rides on same subnet/switch. Or best, directly connected to back of servers.... can go on and on lol. But great point regarding DFS and the file locking.... i see that being a large issue. You should look at some of @scottalanmiller's articles about the IPOD and when you should choose network storage. I haven't seen anywhere here that mentions how much data you have on your network. You would definitely need a hardware RAID card why would you ever consider getting a server without one? You can do MD RAID on XenServer, and KVM, this is completely enterprise grade. However in this instance it is probably better to offload that to a hardware controller. 
- 
 So I'm seeing as quick and dirty solution.... Would be to get CEO/CFO to spend some money on a capable server to have at the satellite office. I'll use as a slave AD server that way users can authenticate locally to that onsite box. Only issue would then be the roaming profiles -- although they load fairly quickly over there (sign-on). Can create local network share for the files they need and they would be set... then fire up offsite backup. at same time I can press issue back full circle about the company's current hardware needs. NOTE: This would only be a 1 year solution.... as supposibly we had approval from the county for us to take-over and build out a larger facility that we will move into late 2017.... he has yet to realize the cost of getting infrastructure installed there.. bahaha... 
- 
 Sounds doable. You can also change AD users at the remote site to save their roaming profiles to that server. And you'll want to change their redirected folders to that server as well. 
- 
 I absolutely refuse to use my own gear. It just allows the company to continue to put off spending money. I just keep proposing something. Every time something gets complained about, I just bitch about under spending on infrastructure. If it gets to me, I simply quit and go work for someone else that refuses the concept of spending money to update and scale infrastructure. 
- 
 @BBigford said: I absolutely refuse to use my own gear. It just allows the company to continue to put off spending money. I just keep proposing something. Every time something gets complained about, I just bitch about under spending on infrastructure. If it gets to me, I simply quit and go work for someone else that refuses the concept of spending money to update and scale infrastructure. This is position I'm at, and why I've been searching. no forward movement for myself at company. As I do more than IT role here, also some management side with employee's. Very involved. 
- 
 @Dashrender said: Sounds doable. You can also change AD users at the remote site to save their roaming profiles to that server. And you'll want to change their redirected folders to that server as well. Another great point. I have a template use that I use for new user creation. Yes, I can modify the profile path to the new server UNC path. However, within GPO i have it specifically set for which folder for the User directory for their folder redirection. basically, I would have to create a new GPO policy and also a new Security Group for these users at remote site? And link this Security group to the new GPO? Just thinking out loud. 
- 
 @BBigford said: I absolutely refuse to use my own gear. It just allows the company to continue to put off spending money. Yes, it's empowering in a bad way. 
- 
 @ntoxicator said: @Dashrender said: Sounds doable. You can also change AD users at the remote site to save their roaming profiles to that server. And you'll want to change their redirected folders to that server as well. Another great point. I have a template use that I use for new user creation. Yes, I can modify the profile path to the new server UNC path. However, within GPO i have it specifically set for which folder for the User directory for their folder redirection. basically, I would have to create a new GPO policy and also a new Security Group for these users at remote site? And link this Security group to the new GPO? Just thinking out loud. correct, you would have a new OU and new GPOs. When you say you're saying you have it specifically set for which folder for the User directory, I assume you're using something like \servername\sharename%username% ? 
- 
 @scottalanmiller said: @BBigford said: I absolutely refuse to use my own gear. It just allows the company to continue to put off spending money. Yes, it's empowering in a bad way. Not covering it up with janky work arounds (when you KNOW the company has the money to upgrade critical services) and dumping your own money in, makes the situation glare its ugly face. If the higher ups start experiencing the problem, then things start getting funding real quick. I know when something pisses our CEO off, like an old server that is hindering company performance, and the bottom line has been money, we have that "thing" (hardware or software), overnight. 




