@hobbit666 If you want to stay with Ubuntu (which is based on Debian), you might have a look at NoMachine for remote desktop. The default NX protocol of NoMachine is a bit more responsive than VNC under Linux in my experience and gives you remote audio.
That said, VNC should work. You might want to try un-commenting the line βforce_hdmi_hotplug=1β in /boot/config.txt. That will force the pi to act as if a monitor is plugged into the hdmi port at boot if you're running headless.
@dashrender said in AD best practices:
...
So in your case I would be more apt to setup an AD/DNS/DHCP VM and a file serving VM. At minimum I'd probably put DNS on the second VM as well - this would allow you use Windows DNS and reboot either VM without causing an internet interruption.
@wirestyle22 said in [AD best practices]
It can seriously hinder your work to not be able to reboot your domain controller at will.
Thank you - that's exactly the input I was looking for. So single DC with DNS, DHCP on one VM and another VM on the same physical machine running DNS and FS. Perfectly simple - easy to install and maintain.
@dashrender said in AD best practices:
@jfath said in AD best practices:
@dashrender said in AD best practices:
that is very old thinking, and wasn't even right back then. physical DC haha...
Sorry, I meant two DC VMs running on two separate physical machines, not actually physical DCs.
@scottalanmiller said in AD best practices:
That's a lot of money. Is there any value to it? I mean that literally - is there any at all?
Nope, absolutely none. And that's my mistake - there's much misinformation on the Internet that says it's a best practice and my lack of experience prompted me to accept it. That's why I asked you smart guys. I'll put the second server in my home lab or deploy it somewhere that it actually makes sense.
Convincing them to go with a non-AD/MS solution is another matter. Simply not going to happen.
So... still the remaining first question - is there any problem with putting DC, DNS, DHCP, and FS roles all on a single VM? Should FS be split?
@dashrender said in AD best practices:
...
Make good backups, test the backups and go. One DC, One server should be all that's needed.
Good to know and makes my life easier. Not having much experience in this area, I was following the 'wisdom' of the Internet that seems to insist on separate physical primary and secondary DCs for every installation.
@dashrender Yep, T30 are the low end Dell servers. ECC and single Xeon E3-1225, but no redundant PS. I'll throw in an LSI HW raid controller before deployment. And the $329 price was a one day sale. Just AD replication between sites.
@dashrender said in AD best practices:
Well, this would be a reason for the non-profit to fire their paid consultants. The non-profit isn't looking for the best solution, instead they are keeping some consultants in cash for no reason.
I'm pretty sure @scottalanmiller would call this corruption.
Fear, not corruption. They are weaning themselves from old consulting firm, but worry that I (as an unpaid volunteer) will not always be available. They want to be left with a network that can be maintained by available resources.
My second DC will be at a second location connected by the 50 mb internet location. Both sites will have local authentication and the link is plenty to handle replication given the relatively small number of users.
The new servers are Dell T30s at $329 each. A 2 core Server 2016 pack costs $8 (16 required) and a CAL is $3. Fairly cost effective and they stay in their comfort zone.
I appreciate all of the feedback, especially regarding splitting DHCP and FS. I'm still unsure as to whether it's bad practice to run the FS on the same instance of Windows server as DC/DNS. I have a vague memory of reading that somewhere, but that's the way the former consultants set up the current server.
The MS license allows two VMs, so I can split the roles if it's needed and best to stay all MS, or offload FS and DHCP to linux. My take on the feedback so far (given that I'm definitely going with two physical servers running MS Server) is that offloading FS and DHCP roles is possible, but may create additional headaches and lose some degree of functionality.
I do plan to use a second physical machine with another Win Server VM as the secondary DC. I understand AD well enough to know why it's important to have two if you're going to have one.
The non-profit wants to stay with Win Server and AD because their paid consultants won't support anything else. esxi to KVM doesn't matter as much because it won't change authentication admin. I think I can run a Linux VM for FS because they'll see no difference after initial setup and I really want to use Win Server for as little as possible.
Tech Soup offers Win Server licenses (yes, CALs too) at extremely low prices for non-profits, so that's covered. They've already purchased more than enough.
I am interested in @dbeato 's statement about DHCP on a DC integrating with DNS. Are there things that can't be accomplished with a separate DHCP server and IP reservations for shared resources? I know I need to use Win Server for DNS in an AD environment, but are there compelling reasons to keep DHCP on the server too? Do I end up manually setting up DNS entries if I use a separate server?
I'm updating a MS Server running 2008 at a local non-profit. I'm more of a Linux dev than a network admin, but it's volunteer work, so they're getting what they pay for...
The current server is a single VM running on esxi as primary (and only) DC along with DNS, DHCP, and file server. I''ll be adding a second DC shortly - especially at Tech Soup prices, no need to be without.
I've read that the FS should be on a separate VM. I'm also not crazy about running DHCP on MS Server since any little cheap embedded device can fill that role and might be more reliable (my experience). They have Comcast IP phones which use DHCP, I'd like to keep them working if the server goes down.
So my thought is run DNS and AD PDC on a single VM under KVM, run a Linux VM and samba for FS, and use DHCP from the Comcast gateway router or pfsense once I have that installed on a nuc.
BTW - less than 50 devices on the network an 50 mb service.
Does my plan sound reasonable, or is there a better way? Any reason to keep DHCP on the MS server VM?
Thanks.
I had 5x s905x Android boxes scattered around my house. A different brand (Nexbox), but it seems all brands are pretty much an Amlogic reference design.
I really liked them - fast and flexible. I was able to set up the interface to be usable for family. Apps for everything imaginable and auto-update.
Unfortunately, we took a lightning strike nearby a few month ago and it fried every one of the boxes, plus a couple of network switches. No other end devices, just those TV boxes.
I added several network surge surpressors throughout the house and replaced the TV boxes with Fire TVs. I prefer the Nexbox to the Fire TV. Amazon makes it tough to change the launcher and the new interface is much more concerned with selling you something than helping you find what you want to watch.
I think you'll be pleased with the Android box.
Although official support would be great (of course), I'm more concerned with a decent size user base, good documentation, and availability of configuration and troubleshooting information on the Web. VMware's pervasive presence makes it appealing in these areas. But, XS and KVM are also very well known and community support seems good.
After considering the options everyone has presented, I'm going to install and test KVM on a spare server, then move forward with either that or XS/XO. I think the value of an open source solution is the deciding factor for me in this particular case.
It does make me feel like less of a dunce that there are differing opinions even amongst smart, experienced IT guys like the group offering help here on ML 
I really appreciate all of the effort, information, and suggestions - thank you!
And $349 for non-profit - wow. That's going to be hard to beat.
@dashrender said in Hypervisor choice:
ESXi Essentials is like $100/yr for updates. Come on, if they can't afford that, they really can't afford computers at all.
Yes, that's the kind of number they like. I assumed it was another $560 for each additional year (still very reasonable)
@dashrender said in Hypervisor choice:
IF money is going to be spent, and you have a separate backup solution already, I'm seriously wondering why ESXi Essentials isn't the go to option here?
IF money isn't going to be spent, well, then the choice of free options is what it is.
Definitely an option. A big part of this problem is trying to spec a solution with complete uncertainty about future budget. Maybe, there will be money to spend this year but maybe not next year so I need a fall back in that case. At least Essentials doesn't cease to function if they don't buy support next year, and the free HTML5 client is getting better.
In the for-profit sector this would be unacceptable - even when I was involved in small tech startups on very tight budgets, we understood there was a certain IT cost involved in doing business efficiently. Unfortunately, a less tech-savy group, especially a non-profit, may not have that understanding so free is often the goal.
@bnrstnr Interesting, I think I'll log in to get the call too.
I assume new versions still become completely non-functional after license expiration? Thats a problem for me because of the uncertain budget situation.
@Dashrender said in Hypervisor choice:
Tech Soup.
Yes, we use Tech Soup for our Windows desktop and server licensing. It's very, very generous. I don't think they offer VMware products, but SCCM-VMM and Hyper-V would be reasonable after discount.
I have to admit, I was wrong about 5nine previously licensing on a per core basis. Clearly though, from their price history, they want to position as enterprise class software. In fairness, there have been tremendous gains in functionality during this period.
5nine Manager prices:
2011: $119 / server (and sometimes discounted)
2013: $149 / server
2014: $199 / 2 cpu
2015: $299 / 2 cpu
2016: $350 / 2 cpu
2017: $749 datacenter and no functionality at license expiration
Also, @John Nicholson mentioned the ESXI HTML5 client as an option. I have been using that client in my homelab since it was a VMware fling created to quickly fill the gap when the old Web client broke due to removal of NPAPI in Chrome and FireFox. It's now in general availability and is quite good. Some posts in other forums claim it's still not at feature parity with the old thick client, but I haven't used it much in months, so I can't comment. The client situation was definitely a mess for a while, but seems to be getting better. I also really appreciate the VMware EVALExperience option for homelab use, though I haven't purchased.
@scottalanmiller said in Hypervisor choice:
I often offer to volunteer my time as I think it is important. Most non-profits turn away IT volunteers, though... too much money to be made handing money off to friends reselling stuff heavily marked up. It's so lucrative that nearly all non-profits I come across will have nothing to do with anyone honest in IT.
Exactly the situation I found when I stepped in. I was disgusted by the waste I found, the unopened network equipment scattered around the offices, the contracts in place for unused support, and on and on. One former staff member had actually been hired by the IT services firm doing most of the work.
Luckily, a new director had recently been hired to oversee operations at all three clubs in the area and he questioned the spending taking place. At this point, they are probably a little too tight, but once bitten...
I also understand that my use case is not typical. I believe strongly in the work the B&G Clubs do and am happy that the money they are saving on IT can be used to provide other services for the kids. If this were a for-profit or the unit directors I work with were pulling down big bucks, my criteria would be different. These local clubs do good work on a shoe string budget.
@Dashrender said in Hypervisor choice:
Something that confuses me - the company felt there was value in the 5Nine's paid product last year, but not this year - why not? If $750 really is making that much of a big deal to them, I have to wonder how solvent they really are.
I like to reward SW devs who are making good products. Last year, I purchased and donated the 5nine license with the assumption that if the club couldn't find budget this year, at least I contributed something to a company making a very nice product and then would go on using the feature limited free version. The loss of the free version completely changes that plan.
Also, as I mentioned before, the pricing model has changed drastically in the last several years. The drastic price increases and now change from core base to enterprise license with no free version is what leaves me with no confidence as to what next year's model might be.
As @scottalanmiller says, I could just do another year of 5nine if I can get the club to pony up, but I don't know that they see the value (always a danger when something is/was free), I don't want to donate more product along with my time, and I don't like the direction 5nine seems to be heading. It may well be a good business decision for them, but it doesn't fit my needs, so it's time to move on.
@DustinB3403 So, no limitations on using the community edition in a business / non-profit environment? Other than risking possible build-it-yourself issues? I was assuming I should stick with the free XOA if they can't pony up.