Consulting for a Small Construction Company
-
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
-
$0.02
skip 2nd DC
Single server (SPOF) is fine as long as you discuss it with the business. Pro's (cheap) cons (failure / restore time)
What's your DR plan?
-
@thanksajdotcom said in Consulting for a Small Construction Company:
- As much as I want to keep costs down, I also am not entirely comfortable having their one server be a single point of failure. Would it be better to use two VMs, one as the DC, and maybe the print server, and use a separate VM for the file server?
IF you need Windows (what made you jump to Windows in a green field deployment?) then you should have two VMs since you have paid for them.
But why have Windows for a file server? why have a print server at all?
-
@thanksajdotcom said in Consulting for a Small Construction Company:
- As much as I want to keep costs down, I also am not entirely comfortable having their one server be a single point of failure.
Comfort is emotion, remove it. What is the cost of downtime if this goes down?
-
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
-
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- As much as I want to keep costs down, I also am not entirely comfortable having their one server be a single point of failure.
Comfort is emotion, remove it. What is the cost of downtime if this goes down?
Currently, they are operating in a workgroup. So right at first, probably not much.
-
@thanksajdotcom said in Consulting for a Small Construction Company:
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously).
That's a bad idea. you can centrally manage other ways. Investing today and adding technical debt and dependencies and risk for an environment that needs 100% growth to be a viable candidate for today's solutions makes no sense. If he already hired five more people and they hadn't already started yet, maybe we'd think of discussing it. But for a seven person environment, I wouldn't even have this discussion.
-
@MattSpeller said in Consulting for a Small Construction Company:
$0.02
skip 2nd DC
Single server (SPOF) is fine as long as you discuss it with the business. Pro's (cheap) cons (failure / restore time)
What's your DR plan?
That was the point of having a UEB (again, or whatever it's called now, I forget). That was for backup/DR. We can always setup archiving with them. That's easy enough, and that'd allow them to have offsite backups.
-
@thanksajdotcom said in Consulting for a Small Construction Company:
@Not because they necessarily need it right now, but for future growth.
http://www.smbitjournal.com/2012/10/you-arent-gonna-need-it/
-
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
-
@travisdh1 said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
AJ knows Linux.
-
@scottalanmiller said in Consulting for a Small Construction Company:
@travisdh1 said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
AJ knows Linux.
I do, but this guy doesn't. My goal was to get this setup, give him some training, and make it easy enough for him to be able to manage mostly on his own.
-
@scottalanmiller said in Consulting for a Small Construction Company:
@travisdh1 said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
AJ knows Linux.
Yeah, but what about the person he's working with that actually has to support said environment?
-
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@travisdh1 said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
AJ knows Linux.
I do, but this guy doesn't. My goal was to get this setup, give him some training, and make it easy enough for him to be able to manage mostly on his own.
When it comes to situations like this generic super normal easy to manage (and google fixes for) reigns supreme.
-
Here is where I would go based off of the size and scenario without further information:
- No directory. They are too small, this is just wasting money at their size.
- CentOS Samba4. Free forever.
- Azure AD. No servers on site, no local dependencies.
- I wouldn't even consider a number for (which includes legacy AD.)
In that order.
-
@travisdh1 said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
I was thinking about Linux, because I know you can do pretty much all these things on Linux. I've setup SAMBA and that on Linux before. Never setup a Linux server to handle AD or that. I'm sure with some time and help, @scottalanmiller , I could do it. But that would drive the time to train this guy WAY up.
-
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@travisdh1 said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
AJ knows Linux.
I do, but this guy doesn't. My goal was to get this setup, give him some training, and make it easy enough for him to be able to manage mostly on his own.
Then no CentOS, and no AD. Rule both of those out on those grounds.
No central authentication is the answer here. Azure AD if you insist.
-
Here is what I'm thinking based off of what little I know...
If local storage is needed, Synology or ReadyNAS that gets backed up.
Nothing else, it's that simple.
-
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@travisdh1 said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
- Would a secondary DC make sense? There are only seven computers in this entire environment right now.
At seven the rule is not to have DC at all (straight from Microsoft.) It's for 10+ and normally not until you get to 12+.
Then, in the 12+ category you normally do only one. AD for desktops has almost zero impact when offline, you can go weeks without anyone even noticing. So a failover would be wasted as it would save the company zero money in nearly all cases.
You only need a failover AD if you have other dependencies on AD that you introduce beyond logins.
Ok, that was my thinking (regarding failover). And the reason for the DC, even though the environment is small, is because they are looking to grow, and it allows for centralized management (obviously). The guy I'm working with is trying to consolidate a lot of things and if he can not have to touch every computer for a change in something, that'd make sense. That's why I wanted to implement AD. Not because they necessarily need it right now, but for future growth.
Is he comfortable with CentOS at all? I've setup a SAMBA4 AD environment here, not any more work for me than getting any other type of directory server setup, but if they're not already comfortable with CentOS that idea is probably off the table.
AJ knows Linux.
I do, but this guy doesn't. My goal was to get this setup, give him some training, and make it easy enough for him to be able to manage mostly on his own.
Then no CentOS, and no AD. Rule both of those out on those grounds.
No central authentication is the answer here. Azure AD if you insist.
That's the other thing I was thinking about. For such a small business, a cloud server makes a lot of sense. Mitigate the risk, cost of running the equipment (power, cooling, etc), and all that. They have a business-grade Verizon connection at the office. I believe it's FiOS (almost 100% sure of that). So setting them up on Rackspace, Azure, AWS, or the like was something else I was considering.
-
A two bay NAS will do the trick here unless I am missing something. Two 4GB drives and a little Unitrends shelf style backup unit and you are good to go. Super simple to manage, very little to break, lots of protection.
