Mixing Linux & Windows Server in a SMB
-
Hi Everyone,
First post here, I'm doing some preliminary planning for a small business with 3 branches, each connected by VPN to the main branch. There are only about 10 employees per branch.
They use 3rd party software for point of sale and inventory management. The software is M$ only and require M$ SQL server and Windows Server for their software to run. The licencing costs for those have proven very expensive for such a small company.
Bandwidth restrictions have made me nervous about hosting active directory through the VPNs so I plan on setting up domain controllers and file servers at each branch.
To save a few thousand dollars I was considering going with Linux for each one of theses branches. However, this would mean that the entire company then would have a mix of Linux and windows servers.
This isn't a problem for me but if I were unavailable for some reason and another IT contractor had to step in I'm concerned I would be a mess to find someone with both Linux and Windows administration experience (it's a rural area).
I'm also wondering if i'm underestimating the time and cost to get these Linux servers up and running and integrated with Server 2016.
I know there are a lot of variables involved but I estimate the cost savings to be around $5,000 dollars with the Linux instead of windows at the branch stores.
So which, in your opinion, is the better investment?
-
@cggart welcome to MangoLassi!
-
@cggart said in Mixing Linux & Windows Server in a SMB:
Bandwidth restrictions have made me nervous about hosting active directory through the VPNs so I plan on setting up domain controllers and file servers at each branch.
How tight is the bandwidth? AD needs effectively nothing. How many users do you have at each branch? Even a 64Kb/s line could service hundreds of users on AD without an issue.
-
@cggart said in Mixing Linux & Windows Server in a SMB:
To save a few thousand dollars I was considering going with Linux for each one of theses branches.
Obvious question: if you are willing to have any Linux, why not go all Linux (for AD at least?)
-
@scottalanmiller said in Mixing Linux & Windows Server in a SMB:
@cggart said in Mixing Linux & Windows Server in a SMB:
To save a few thousand dollars I was considering going with Linux for each one of theses branches.
Obvious question: if you are willing to have any Linux, why not go all Linux (for AD at least?)
I was about to ask what about using SAMBA for the AD Domain Controllers.
-
@scottalanmiller We could go all Linux but as I mentioned we are required to have windows for the 3rd party software at the main branch. The licencing was already in place and I figured we could just use windows since it was already there. However, we could use Linux for all of it.
We have about 7Mb/s down and 2 Mb/s up i'm less concerned with the active directory as I am the file server and since we had a file server I figured having active directory on that same server would be a good idea. However, we could just have the file server at the remote branches and handle active directory through the central branch.
-
@cggart said in Mixing Linux & Windows Server in a SMB:
This isn't a problem for me but if I were unavailable for some reason and another IT contractor had to step in I'm concerned I would be a mess to find someone with both Linux and Windows administration experience (it's a rural area).
http://www.smbitjournal.com/2015/08/avoiding-local-service-providers/
You don't want local people for Linux or Windows. Server work should never have a "local" consideration. Cabling, electrical work, physically putting machines on desks... sure. But even those things a remote company can potentially accommodate. But for work on servers you should never be working on the servers "in person" anyway, even if the consulting admin lives across the street you wouldn't want him physically in your shop.
I need to pump out an article on why Linux is easier to hire than Windows and why needing Linux might make supporting Windows easier, but the theory is that Windows is the hardest thing to get serviced and the plethora of people and companies claiming to offer Windows services is so large that finding someone qualified and skilled is actually incredibly hard. Whereas finding someone to service Linux is actually, I believe, dramatically easier because the number of people claiming to do it is so much lower. Linux has a natural "you can't be bluffing" barring to it that Windows does not have (even people who have never seen Windows can click around and look semi-competent without knowing anything about how it works.)
I think that adding Linux will likely have some transitional overhead but overall will make support easier for you, not harder.
-
@cggart said in Mixing Linux & Windows Server in a SMB:
@scottalanmiller We could go all Linux but as I mentioned we are required to have windows for the 3rd party software at the main branch. The licencing was already in place and I figured we could just use windows since it was already there. However, we could use Linux for all of it.
It might make very little difference in licensing if you need CALs already for all of the POS software. But if the CALs for that are not as broad as you need for AD, you might have a bit of savings by scaling back your Windows infrastructure.
-
@cggart said in Mixing Linux & Windows Server in a SMB:
We have about 7Mb/s down and 2 Mb/s up i'm less concerned with the active directory as I am the file server and since we had a file server I figured having active directory on that same server would be a good idea. However, we could just have the file server at the remote branches and handle active directory through the central branch.
That's how I would normally handle that. AD from central works really well. Local file servers are often needed. They use all the bandwidth.
Linux fileservers are trivial to maintain. AD takes a bit more.
-
@scottalanmiller This actually makes a lot of rational sense but is counter intuitive for some reason. I guess I had a little too much of the M$ cool aid. I would love to see a write up your mentioned.
Also, regarding have remote support, I agree. We live is such a rural area (literally a 5 hour drive to a town big enough to have a stop light). Once the network is in place getting support shouldn't be an issue we can just give the VPN credentials to a qualified sysAdmin any where in the world.
-
@cggart said in Mixing Linux & Windows Server in a SMB:
I would be a mess to find someone with both Linux and Windows administration experience (it's a rural area).
You don't want someone with both, you want a Windows expert and a Linux expert. Don't look to hire consulting generalists unless they are CIO level. For technical experts you want people who are focused. Better skills, lower cost.
-
@cggart said in Mixing Linux & Windows Server in a SMB:
Also, regarding have remote support, I agree. We live is such a rural area (literally a 5 hour drive to a town big enough to have a stop light). That said I agree about the remote support.
In the enterprise, a system admin is not expected to ever even see their servers. Admins work from home or from high rises or whatever - office spaces. Servers go in datacenters with tight security and clean rooms. So generally admins aren't in the same area, often not even the same state or country, as their servers. There's no reason for it. Even if they are in the same building you would not want the people who have logical access to the servers to be the same ones that have physical access; and vice versa.
-
@cggart said in Mixing Linux & Windows Server in a SMB:
Once the network is in place getting support shouldn't be an issue we can just give the VPN credentials to a qualified sysAdmin any where in the world.
Not VPN. Other methods like ScreenConnect, TeamViewer, SSH, etc. VPN is a security problem and should never be used for outsiders to connect in. They should never need it, and no one should want it. It exposes you to them and them to you. It's bad for everyone and very cumbersome.
-
@cggart said in Mixing Linux & Windows Server in a SMB:
I'm also wondering if i'm underestimating the time and cost to get these Linux servers up and running and integrated with Server 2016.
Linux AD only goes to 2008 R2. So if your forest is still 2008 R2, not a big deal. If it is 2012 or higher, you are out of luck for now.
-
@scottalanmiller I see so we are stuck with Windows then anyways. Intresting point you made about the VPN. I've worked some other small business and that is how support was administered. Now that I think about it it does give access to the entire network where the other options you listed limit it only to where it is needed. I suppose that's obvious just didn't occur to me for some reason.
-
Hey Scott, I just wanted to make sure that there were no other file servers out there that support active directory integration with Server 2016 right? The ONLY option for us (given that we are stuck with 2016 already ) is the use Microsoft products for our entire domain right? Every file server including FreeNAS and BSD will be unusable in our environment?
-
@cggart said in Mixing Linux & Windows Server in a SMB:
Hey Scott, I just wanted to make sure that there were no other file servers out there that support active directory integration with Server 2016 right? The ONLY option for us (given that we are stuck with 2016 already ) is the use Microsoft products for our entire domain right? Every file server including FreeNAS and BSD will be unusable in our environment?
All fileservers should work fine. Any AD integrated NAS or file server will work with 2016. You have zero Windows dependency.
-
@cggart said in Mixing Linux & Windows Server in a SMB:
@scottalanmiller I see so we are stuck with Windows then anyways. Intresting point you made about the VPN. I've worked some other small business and that is how support was administered. Now that I think about it it does give access to the entire network where the other options you listed limit it only to where it is needed. I suppose that's obvious just didn't occur to me for some reason.
Yup. General rule is fire any vendor that requests VPN.
-
@cggart said in Mixing Linux & Windows Server in a SMB:
@scottalanmiller I see so we are stuck with Windows then anyways. Intresting point you made about the VPN. I've worked some other small business and that is how support was administered. Now that I think about it it does give access to the entire network where the other options you listed limit it only to where it is needed. I suppose that's obvious just didn't occur to me for some reason.
I'm using ZeroTier (no bridging!) to get to the bastion hosts of the systems I manage. Very recommended, It's easy to use and IMHO much more secure and simple than obscure NAT forwarding through many routers etc.
-
Linux AD only goes to 2008 R2. So if your forest is still 2008 R2, not a big deal. If it is 2012 or higher, you are out of luck for now.
I've been researching and have found a lot of posts stating 2012 DCs and 2008 DCs will work together. Provided the "functional level" is set to 2008.
- Mixing 2008r2 & 2012 DC's
- Mix of Windows Server versions for domain controllers
- Domain controller in mixed mode 2008 r2 and 2012 r2
- Any issues mixing 2003 and 2012 DCs?
- Add a 2012 R2 DC vs 2008 R2 DC
However , I found nothing regarding Linux & Windows Server 2016 AD support. Is there a reliable authority I can reference to determine what is or is not compatible or is this just trail and error?
I did find one page, on the SAMBA wiki, saying "Joining a Windows Server 2012 or 2012 R2 DC to a Samba AD breaks the AD replication!" Was this what you were referring to?
I've taken your word for it and moved on, but I would really like to understand why for my own benefit.
Would you mind elaborating on why 2016 DC wont play ball with a Linux DC, and why Linux file server will authenticate with a 2016 DC just fine?
Is it that there is some new features in 2016 DC that aren't available in 2008 DC that Windows 10+ clients might be expecting?
