Moving Forward: Converting a mess to the right solution
-
If doing a single, stand alone server, generally HyperV is the way to go because it supports backups whereas VMware ESXi does not.
-
So... one VM for AD/DNS/FS and one VM for SQL Server? That should work fine.
-
@scottalanmiller said:
@thecreativeone91 said:
It's not about system load, It's about priority/and potential down time and loss of services to end users. Your DC is always your most important server once implemented in a network.
Quite often it is the least important, especially in an SMB.
How small are we talking? if AD goes down and you have a content filter with AD integration no one is getting out to the web. If you talking ma & pop shop maybe. Anything much larger it's highly important. It's been very important everywhere I've been. VPNs, Webservices, filter etc all using LDAP.
-
@thecreativeone91 Even 100 person SMBs rarely have AD integrated networking. That's extremely expensive and cumbersome (and risky) with little to no payoff. Not a place where SMBs are likely to spend money.
-
@scottalanmiller I'm more talking about 300-500 people that's what I tend to call an average SMB.
-
@thecreativeone91 said:
@scottalanmiller I'm more talking about 300-500 people that's what I tend to call an average SMB.
That's an extremely large SMB. The vast majority of SMBs are under 100 people. But even at 500, why would you spend money on AD integrated content filtering for an average business? What's the financial (business) benefit? That's pretty small to be doing that stuff.
But at 500 you'd have more than one server for lots of reasons.
But the average company when ALL companies are considered is far less than forty people. Take just the SMBs and that number drops quite a bit, obviously.
-
@scottalanmiller I guess it depends on the area. around here most companies are either larger or part of another large company. there are very few successful small under 100 - Most are either failing or have already failed.
-
Most companies are failing. The vast majority of businesses will never see eight years. But I guarantee that there are tons and tons of small companies all around you that you just don't realize.
-
What resources we havve are grossly mismanaged and poorly configured. There is no way I could ever 'fix' in one weekend, or even one 'action'
Some general Stats:
Two main business units, One organization but comprised of different ares. We are a Non Profit, so pricing isn't going to be an issue.
Between the two, there are roughly 300 to maybe 400 staff. Transportations has about 40 (including drivers); Each program has about 15 each, Admin staff is about 30 or so, teachers about 140 - 200 depending on the time of year.
One side runs Server 2003 with AD and Exchange, File and Print services: 200-250 users.
Other side is the big mess:- Fiscal server - SQL Abilia MIP Fund accounting
- HR Server - Sage software
- Transportation server - SQL - Routematch (which is crap)
- WX server - FS - access db
- Shared server - FS
No AD, F&P services are running, email is being moved to O365, so reduction of services needed.
We have offices in nine counties, but only six or so persons per site. The idea behind the thin client is that documents in the remote offices are at risk. But the idea is to have a off site back up as well. We have a few places to put it,.. so that's not a problem.
File and Print services are 'hogs' nor is AD, but I want to make sure that it's done right as opposed to the crap shot S&&) that's there now.
I figure, built an AD and FS box, then start pulling things in, setting up prper file shares and security. I have 2 boxes that could be just rebuilt and put back into service...
-
@g.jacobse Really, You don't like Routematch? I'm surprised I've head good things about it from school bus garages. I've never used it though.
-
@scottalanmiller said:
But even at 500, why would you spend money on AD integrated content filtering for an average business? What's the financial (business) benefit? That's pretty small to be doing that stuff.
What's expensive about it? Webroot web filtering includes AD integration in it's basic offering, as does GFI's MailMax spam filtering. Do you mean the expense of securing your AD after exposing it to the internet?
-
@thecreativeone91 said:
@scottalanmiller I guess it depends on the area. around here most companies are either larger or part of another large company. there are very few successful small under 100 - Most are either failing or have already failed.
I've managed to make a decent living working for companies this size. They're not always independently owned, just independently run. For example, I worked for a 150 user company that was part of a $12 billion turnover US company. I was given almost complete autonomy on everything. The only time I ever engaged with the CIO of the head office was when he turned down my proposal to buy Oracle Financials.
A lot of big companies effectively operate as a series of connected SMBs, rather than one big enterprise.
-
@thecreativeone91 said:
Sure a Second DC is great but, it only provides a active backup for data. It's not going to be handing out DHCP/DNS on the network (or at least not on the same subnet) so their will still be down time.
Isn't it? DNS is replicated across servers, right? And you can have two DHCP servers giving out a different range of IP address but all on the same subnet, can't you? Why down time?
-
@scottalanmiller said:
The bulk of SMBs should only have one. DCs, of all things, rarely have noticeable downtime. NTG can go a week with the DC down and no one would realize it. The cost of downtime for many SMBs is literally zero. Even a day or two or ten. Some companies tie other things to AD that doesn't cache like logins and downtime can impact them. But a typical SMB can definitely take a few hours of AD downtime with possibly zero impact.
This is interesting. I need to know more! How do services that rely on AD authentication work when AD isn't available? I'm thinking specifically of File & Print, Exchange and Sharepoint? Do they all use cached credentials, and if so, how does that work?
DNS server runs on a DC. So if your only DC is down, how are DNS requests handled?
What happens when the lease on an IP address expires and DHCP is down? Will it continue to use the same IP address?
-
NTG now has much if not all of their stuff in Office 365. This has decoupled their need for AD for the most part.
Assuming they are mostly working from home, there's little if any need for the workstations they are using to join/log into a Domain. Print services will all come locally (again, they are at home). File permissions are handled by O365.
I've been wondering what a good solution for a company is that is smaller, say less than 20 - at what point do you implement AD these days? Considering the host of new solutions (namely Office 365 and intune or some other PC management software) I think that number has grown.
-
Depends on the structure of the organisation and the type of roles people do as much as headcount, I'd have thought. There's no magic number.
But for a typical SMB, without O365, do you need at least two DCs, and if not, what happens when one goes down?
-
@Carnival-Boy said:
Depends on the structure of the organisation and the type of roles people do as much as headcount, I'd have thought. There's no magic number.
But for a typical SMB, without O365, do you need at least two DCs, and if not, what happens when one goes down?
Everyone works on cached credentials until the server comes back up. Besides, their shared files and such are not available anyway. Most times email was not either because it was a SBS server.
-
I don't really know anything about SBS. I've never used it. SBS users typically wouldn't run two DCs anyway though, would they? I'm talking about a typical SMB running a separate file server, Exchange server, Sharepoint server and DC.
-
@Carnival-Boy said:
I don't really know anything about SBS. I've never used it. SBS users typically wouldn't run two DCs anyway though, would they? I'm talking about a typical SMB running a separate file server, Exchange server, Sharepoint server and DC.
That setup is not what I have seen in a typical SMB. Maybe more towards the M side where I have not done a lot of work.
-
@Carnival-Boy said:
Depends on the structure of the organisation and the type of roles people do as much as headcount, I'd have thought. There's no magic number.
But for a typical SMB, without O365, do you need at least two DCs, and if not, what happens when one goes down?
Definitely no magic number. It is all about workload. A company of 1,000 pure AD login users doesn't care about DC downtime for days. But an LOB app tied to AD might care very quickly.
