@Dashrender said in Hyper V replica VS Veeam B&R Replica.:
The cost of purchasing and maintaining a second server is so rarely worth it.
See! That's the thing, I never implied purchasing a whole server and Windows license and setting up everything having to do with it from scratch... JUST to have a second Active Directory instance.
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
I've worked with a lot of companies, including some very large ones, that have run these numbers and indeed, just don't have enough impact from an outage to justify a second server.
He already has a second server with unused licenses. He's already setting things up. To bring up another DC while you are already setting things up is only minutes of work. It can actually be 0 minutes of work if you do it during the time you are "waiting" for things to complete on the other server, instead of watching a progress bar.
I do see your point, though. If I were to consult for some random small business with nothing set up, and they didn't have much at all... lack of equipment, users, resources, etc... then yes, there's just simply no good reason at all to buy double everything JUST to have a 2nd DC. That's so obvious it should go without saying.
I don't walk in to multiple companies every day who need things set up from scratch or rearranged... or go in to different companies decommissioning their 2nd DCs. What's "MOST" or "NORMAL" for you may not be "most" or "normal" for me.
I'm talking about already established SMBs, who have an entire infrastructure set up, already have file servers, application servers, switches, Hypervisors (multiple), etc. I don't know what you call a "normal" SMB, maybe I'm just used to bigger existing establishments. But it's rare (in my location) that I would walk into a place that doesn't already have multiple Hypervisors and licenses. Or at least consolidation opportunities to free up licenses. "Most" SMBs I've come buy are large enough in the relevant aspects that a second DC/infrastructure server are already in place, or that's what they are needing.
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
I can't imagine how infrequent it would be in a small enough shot where someone would consider a single DC.
It should be "most of the time." Give me some examples and, if they haven't artificially and probably foolishly created fragility that depends on AD itself, I can show that if they can justify HA, how near of a thing it actually is. And it is not about size, it's about how they are dependent on the workload. You can easily have a thousand person company that doesn't need failover.
Second servers are for getting your downtime under six hours. You can very cheaply have a very, very reliable "six hour outage" reliability with just one server and good backups.
I think you had taken that sentence out of context, and also misunderstood it.
I was referring to the amount of maintenance a 2nd DC vm would require. I'm saying almost none and rarely. I so infrequently have to touch an infrastructure server vm (such as the DC) that I sometimes forget they exist. If I have to add a user to AD, I don't do it on DC1 and then on DC2 doing twice the work. You do it once, via RSAT. Updates can happen automatically during off hours. That's no maintenance requirement either. I don't know why you'd have to spend time on the 2nd DC vm increasing maintenance time.
That's crazy...
If I stop paying my internet bill, they will shut it off. Why should it be any different for the chamber of commerce for a different service?
Sure you can: (you can add it as a SAN)
@fuznutz04 said in Copy file from Windows Server to hosted external CentOS server:
I'm doing something very similar but cannot get the scheduled task to take my arguments properly.
I'm not sure where it is failing. Scheduled tasks gives no errors, just information.
The only difference is that my server listens on a port other than 22 for SSH. So, I put a :XXXX (port number) in the first command. Still no dice. I'm not sure if it is failing on the contents of the script, or failing because of the arguments.
# Connect open sftp://<username>:<password>@123.45.67.890:XXXX -hostkey="ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"The only info I get from event viewer is:
Task Scheduler successfully completed task "\Get Call Recordings" , instance "{13fcf873-f123-46e6-8e80-6ce90b57638c}" , action "C:\Program Files (x86)\WinSCP\WinSCP.exe" with return code 0. 1111
See if you can connect normally.
Open up a command prompt and run winscp.exe.
Then type just:
open sftp://<username>@123.45.67.890:XXXX -hostkey="ssh-rsa 2048 <hostkey>"
If you can connect this way, by it prompting you to enter a username, then...
it might be that you may be using an unsupported character in your password... preventing you from including the password in the line you posted.
If the script actually runs, and you are using "/log=<path><log file>.log in the argument, you can check that log.
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
It's a best practice to include a second DC.
Like all things in the HA arena, it requires an evaluation of risk and cost for each workload. AD is actually one of the least critical workloads for a normal SMB, assuming that they have it. I've seen companies go weeks without even knowing that their one DC was down, let alone lose money from it.
These companies do not need AD then.
Just because they are resilient to downtime? That's not a good indicator. Email is like that, but would you say that companies don't need email just because it is asynchronous? Or that voicemail having a ten minute delay not being a problem means that they don't need it?
Lots of things can handle minutes or hours of downtime without causes problems, that doesn't make them unnecessary.
Of course, no company needs AD, some of the biggest run without it. But of those that use it, most don't need HA.
That's not what I mean. You can't run AD without DNS. So this means the company is running a server with ONLY AD on it, no dns, dhcp, etc. So if AD can go down for "weeks", you simply don't need it. AD being down is not being resilient to downtime. It's simply not using a service you are running. This means the small company is still functioning just fine with their other wasted server licenses that are running the dns, dhcp, and print services. And lets hope they aren't running any services that depend on AD.
You can run dhcp just fine on a switch. Your gateway can be set to use 8.8.8.8 for dns. DHCP on your switch can tell clients to use google dns. You can share printer connections. A small number of computers can have user logins without AD.
If your company can manage without AD for a week, you do not need it. That is a fact. Nothing resilient about it.
If you have a "DC" with AD/dns/dhcp/etc on it, sure you can reboot it, it can be down for 10 minutes and maybe nobody would notice. At least not enough to complain. They may not be able to get to a website, or someone turning on their computer might not be able to get on the network (lack of dhcp)... but all in all, yeah I agree that 10 minutes down is no biggy.
But if something happens and you are down for an hour because you need to restore from backup, yes most SMBs would definitely notice and wish they had a second server with DC/DNS/DHCP/etc.
It doesn't require the maintenance everyone is thinking... It's rare that I have to do anything on one DC, let alone another one. I barely ever touch the infrastructure servers in larger medium sized businesses. I can't imagine how infrequent it would be in a small enough shot where someone would consider a single DC.
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
Keep in mind that places who only would have one DC, would also have their other infrastructure services running on it as well... such as DNS, DHCP, Print, maybe FS.
That may be true, but....
- We aren't talking about other services, only AD.
- It's applications, not size that determines how an AD outage impacts you.
- Small companies can easily go days without DHCP and can fail over to external DNS in many cases.
- The average SMB can go days without their fileservers more cost effectively than protecting against an outage.
- Those that can't wouldn't have them on the same VM.
No buts, because in all of these cases we can't Not talk about "only" AD. In every single case where a company would only run 1 DC, they are either (a) running DC/DNS/DHCP/Print/etc all "on the DC" or, (b) running multiple physical or virtual servers 1 for DC, 1 for dns, 1 for dhcp, 1 for print, etc.
There are no other cases where an SMB would be running only a single DC by itself for their entire company or AD forest.
That being said, with case (a) they would definitely in fact need a second VM/server, or in case (b) they can consolidate and use a freed up license to run the second DC (infrastructure server) with the other services on it.
Why do you keep bringing up HA and clustering? I'm not talking or implying anything relating to HA or clustering. I only brought it up in a previous post to say NOT to use it in the OPs usage scenario.
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
It's a best practice to include a second DC.
Like all things in the HA arena, it requires an evaluation of risk and cost for each workload. AD is actually one of the least critical workloads for a normal SMB, assuming that they have it. I've seen companies go weeks without even knowing that their one DC was down, let alone lose money from it.
These companies do not need AD then.
In places where active directory IS NEEDED, you can't have AD down for days or weeks. If AD can be down without any cares in the world, then these places are wasting Windows licenses on separate DHCP servers, separate DNS servers, etc. They can combine them and bring about another DC with those services on. A place you feel only needs one DC isn't big enough to not have AD/DNS/DHCP/Print/etc all on the same server/vm. So yeah, you can't have just one.
If AD (and everything else on it) can go down for an hour while you restore it and nobody will notice, and if you can do all maintenance on your DC during off hours (if there are any for said company), then fine. This isn't most SMBs. Most SMBs have DNS and DHCP set up to use the DC dns on workstations. If your computers dns server is set to a machine that is turned off, it can't get out if it's not cached.
Keep in mind that places who only would have one DC, would also have their other infrastructure services running on it as well... such as DNS, DHCP, Print, maybe FS.
I think what you mean to say is that "most very tiny shops" should only have one DC. Places where DHCP, DNS and other services don't depend on that DC. I don't think these places need AD in the first place.
There's just too many assumptions to be made to say most SMBs should only have one DC. Too many things overlooked. SMBs just don't have a single server dedicated for only AD. Bigger places, sure. Not "most SMBs".
@JaredBusch said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
I'm still stuck scratching my head wondering why we need HA, Veeam, Starwind, SANs, etc... just for 1 DC and 1 FileServer???
I haven't seen anything else mentioned.
First, you don't want to replicate DC's. Have two DC's, both virtualized, on different physical servers, non-replicated.
Second, if you only have one other VM (your file server), you don't need anything else besides Windows Server Backup (WSB). There is no reason what so ever WSB can't handle backing up 2 DCs and 1 File Server. Three servers I can't see spending thousands on something you can do for free with no additional benefit (in your scenario).
I don't see the point in replicating a file server period. If you need replication for a file server, you can use DFS-R. That's even better.
Almost no SMB needs to have AD up so critically that they need multiple domain controllers.
It's a best practice to include a second DC. The only case where you would only have one DC at a site, is in what Microsoft considers a small branch office, where in that case, it wouldn't be the only DC in the forest anyways. There would be two over in the main site.
Sure, you can decide not to and you may be just fine. You may also be just fine with no UPS and no backups as well. To each his own.
But I would highly recommend implementing at minimum two DCs per AD forest.
If you are so small that you don't need 2 DCs, then do you even need Active Directory?
And you need to define SMB. You said "almost no SMB needs multiple DCs". I almost threw up when I read that. What you said is the same thing as saying: "Almost all SMBs should only have one DC".
Every SMB needs backups. So Veeam or some other product will be required always.
Replication is not HA, but is redundancy (and the OP knows that). He wants redundancy, and I have listed a few ways to obtain it.
Yes, every SMB does need backups. But if you only have 1 or two servers... one being a DC, and the other most likely being a tiny FS, why spend thousands on Veeam at that point?
The OP only mentioned replication... somehow, HA and everything else got mixed in. I wanted to kick it all back out, it doesn't belong.
I figured that if the OP wants anything replicated at all, it'd be the file server data, best done by DFSR.
However, you are right, I don't see a need for any replication what so ever. 2 DCs, 1 FS, and backups is all that's needed here. (unless the OP is leaving a lot of stuff out)
What I'm envisioning, is two hypervisors (hosts). HV1 and HV2.
HV1
-- DC1 (virtual machine on HV1)
-- FS1 (virtual machine on HV1)
------ FS1 is your file server with DFSR replicating to FS2.
HV2
-- DC2 (virtual machine on HV2)
-- FS2 (virtual machine on HV2)
----- FS2 is a second, separate file server running DFSR with FS1.
Windows Server Backup running on both hosts backing up everything if you have the room. May be redundant, but you only NEED to back up one host completely.
I'm still stuck scratching my head wondering why we need HA, Veeam, Starwind, SANs, etc... just for 1 DC and 1 FileServer???
I haven't seen anything else mentioned.
First, you don't want to replicate DC's. Have two DC's, both virtualized, on different physical servers, non-replicated.
Second, if you only have one other VM (your file server), you don't need anything else besides Windows Server Backup (WSB). There is no reason what so ever WSB can't handle backing up 2 DCs and 1 File Server. Three servers I can't see spending thousands on something you can do for free with no additional benefit (in your scenario).
I don't see the point in replicating a file server period. If you need replication for a file server, you can use DFS-R. That's even better.
My list:
I'd certainly love one of these for a home lab. That's for sure!
I can see the whole ROBO deployment scenario. Even in single/several use situations, like you mentioned... such as for specific critical high-performing services that won't outgrow it. Anywhere else, I'd feel stuck with it... what happens if you start to outgrow the resources? How scalable is it? That's what would determine it's worth for usage in place of regular 2u deployment servers.
Maybe I'm just not a blade type person.
Honestly, I would return EVERYTHING.
Then I would sit down and design it the right way, using a few R730xd servers, with appropriate specs to accommodate your needs. With that and Starwind vSAN, you can get your HA.
Do you actually need HA? Does the company feel spending the money for real HA is a business requirement and makes financial sense?
I got it working cleanly and smoothly with WinSCP. Thanks for the pointer everyone!
If anyone else who comes by this wants to know the procedure:
/log=C:\Users\<userProfile>\Desktop\<logName>.log /script=C:\Users\<userProfile>\Desktop\<scriptName>.txt
The <scriptName>.txt file can include what you need to happen. My use case was a simple one, and looked like this:
# Connect
open sftp://<username>:<password>@123.45.67.890 -hostkey="ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
# Change remote directory
cd /var/www/html/pki
# Force binary mode transfer
option transfer binary
# Upload the files to current working directory
put "D:\pki\<name>.html"
put "D:\pki\<name>.crl"
put "D:\pki\<name>+.crl"
put "D:\pki\<name>.crl"
put "D:\pki\<name>.crt"
put "D:\pki\<name>.crt"
# Disconnect
close
# Exit WinSCP
exit
Edit: Fixed formatting thanks to JaredBusch's advice below.
@scottalanmiller said in Copy file from Windows Server to hosted external CentOS server:
@Tim_G said in Copy file from Windows Server to hosted external CentOS server:
Note: There's not FTP access. ONLY SSH. WinSCP still a good place to start?
WinSCP is an SSH tool. SCP and SFTP are part of SSH. If you have SSH, you have SFTP.
That's right. I was thinking FTPS... Two very different things.
Excellent, definitely a few seeds planted for me to expand on.
I'll check into WinSCP first to see if there's a way I can get things going.
Note: There's not FTP access. ONLY SSH. WinSCP still a good place to start?
@scottalanmiller I looked for it and searched here and on SW. I must have forgotten the title I used, and not searching close enough to what I asked. I don't know. I gave it a good 10 minute search. I forgot what all the replies were because I got busy with something else (more important) and had to stick it on the back burner ^_^
I posted a question similar to this one maybe a couple months ago, either on ML or SW (can't remember, and can't find it!).
Anyways, I'm still at a loss here:
I have an on-prem Windows server (Serv2016) with internet access, but cannot be accessed externally.
I also have a virtual private server (CentOS) hosted with Godaddy, with SSH access. I can connect to it just fine with Putty.
What I'm trying to figure out, is how I can get a file from my on-prem Windows server, to the cloud server, automatically via Scheduled Task?
I'm stuck, and now in a spot where I can work on this some more. But I can't find my previous Post to bring this back into the light and review previous responses.