Consulting for a Small Construction Company
-
So a friend of mine who I worked with in retail some years ago is now working at the executive level of his father's construction company. He's working to bring them into the 21st century. Three years ago, they all had flip phones. Now, they all have smart phones.
He's looking to get the company their first server, and I've been asked to consult on it. I was thinking @xByteSean or @BradfromxByte might be able to help with recommendations.
What it will be used for:
- Want it to be virtualized (obviously), and debating about what hypervisor to use (pretty sure Hyper-V would be cheaper but I need some advice on this)
- Going to need a license for Windows Server (2012 R2 Standard should work, or whatever it might be called now). That will act as their DC, file server, possibly print server and also might be used for their camera system.
- RAID 10 (again, obviously) with at least 2TB drives (4TB of storage should be plenty for them)
- Want to setup a UEB (forget what it's called now) for backup
As far as specs, I don't think they need anything super crazy, but we are looking for a rackmount server (also need suggestions for a decent rack, as they don't have one yet). I want to get them something that isn't over the top, but also gives them sufficient room to grow.
Some questions I have:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now. So while having a secondary, as a rule, is always advised, it'd be another Windows license, and could we get away without it?
- As much as I want to keep costs down, I also am not entirely comfortable having their one server be a single point of failure. Would it be better to use two VMs, one as the DC, and maybe the print server, and use a separate VM for the file server?
Other info:
All PCs are running either Windows 7 Pro SP1. They do have a couple XP machines still in use that I was thinking we could P2V (they have expensive, licensed software on those machines, so that's why). @scottalanmiller , if I did this, would licensing be an issue if the server has multiple processors? I know you've talked about this before but I can't remember if it was only if it had more than two processors.
Anything else I might have missed or not mentioned, just ask!
Thanks!
A.J. -
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
-
$0.02
skip 2nd DC
Single server (SPOF) is fine as long as you discuss it with the business. Pro's (cheap) cons (failure / restore time)
What's your DR plan?
-
@thanksajdotcom said in Consulting for a Small Construction Company:
- As much as I want to keep costs down, I also am not entirely comfortable having their one server be a single point of failure. Would it be better to use two VMs, one as the DC, and maybe the print server, and use a separate VM for the file server?
IF you need Windows (what made you jump to Windows in a green field deployment?) then you should have two VMs since you have paid for them.
But why have Windows for a file server? why have a print server at all?
-
@thanksajdotcom said in Consulting for a Small Construction Company:
- As much as I want to keep costs down, I also am not entirely comfortable having their one server be a single point of failure.
Comfort is emotion, remove it. What is the cost of downtime if this goes down?
-
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
-
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- As much as I want to keep costs down, I also am not entirely comfortable having their one server be a single point of failure.
Comfort is emotion, remove it. What is the cost of downtime if this goes down?
Currently, they are operating in a workgroup. So right at first, probably not much.
-
@thanksajdotcom said in Consulting for a Small Construction Company:
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously).
That's a bad idea. you can centrally manage other ways. Investing today and adding technical debt and dependencies and risk for an environment that needs 100% growth to be a viable candidate for today's solutions makes no sense. If he already hired five more people and they hadn't already started yet, maybe we'd think of discussing it. But for a seven person environment, I wouldn't even have this discussion.
-
@MattSpeller said in Consulting for a Small Construction Company:
$0.02
skip 2nd DC
Single server (SPOF) is fine as long as you discuss it with the business. Pro's (cheap) cons (failure / restore time)
What's your DR plan?
That was the point of having a UEB (again, or whatever it's called now, I forget). That was for backup/DR. We can always setup archiving with them. That's easy enough, and that'd allow them to have offsite backups.
-
@thanksajdotcom said in Consulting for a Small Construction Company:
@Not because they necessarily need it right now, but for future growth.
http://www.smbitjournal.com/2012/10/you-arent-gonna-need-it/
-
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
-
@travisdh1 said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
AJ knows Linux.
-
@scottalanmiller said in Consulting for a Small Construction Company:
@travisdh1 said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
AJ knows Linux.
I do, but this guy doesn't. My goal was to get this setup, give him some training, and make it easy enough for him to be able to manage mostly on his own.
-
@scottalanmiller said in Consulting for a Small Construction Company:
@travisdh1 said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
AJ knows Linux.
Yeah, but what about the person he's working with that actually has to support said environment?
-
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@travisdh1 said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
AJ knows Linux.
I do, but this guy doesn't. My goal was to get this setup, give him some training, and make it easy enough for him to be able to manage mostly on his own.
When it comes to situations like this generic super normal easy to manage (and google fixes for) reigns supreme.
-
Here is where I would go based off of the size and scenario without further information:
- No directory. They are too small, this is just wasting money at their size.
- CentOS Samba4. Free forever.
- Azure AD. No servers on site, no local dependencies.
- I wouldn't even consider a number for (which includes legacy AD.)
In that order.
-
@travisdh1 said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
I was thinking about Linux, because I know you can do pretty much all these things on Linux. I've setup SAMBA and that on Linux before. Never setup a Linux server to handle AD or that. I'm sure with some time and help, @scottalanmiller , I could do it. But that would drive the time to train this guy WAY up.
-
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@travisdh1 said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
AJ knows Linux.
I do, but this guy doesn't. My goal was to get this setup, give him some training, and make it easy enough for him to be able to manage mostly on his own.
Then no CentOS, and no AD. Rule both of those out on those grounds.
No central authentication is the answer here. Azure AD if you insist.
-
Here is what I'm thinking based off of what little I know...
If local storage is needed, Synology or ReadyNAS that gets backed up.
Nothing else, it's that simple.
-
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@travisdh1 said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
AJ knows Linux.
I do, but this guy doesn't. My goal was to get this setup, give him some training, and make it easy enough for him to be able to manage mostly on his own.
Then no CentOS, and no AD. Rule both of those out on those grounds.
No central authentication is the answer here. Azure AD if you insist.
That's the other thing I was thinking about. For such a small business, a cloud server makes a lot of sense. Mitigate the risk, cost of running the equipment (power, cooling, etc), and all that. They have a business-grade Verizon connection at the office. I believe it's FiOS (almost 100% sure of that). So setting them up on Rackspace, Azure, AWS, or the like was something else I was considering.