How long to learn how to run and maintain a windows server?

[Danger_Dustin]

Hi,

 

one of the civil society organisations we are funding has asked for tech support to run a windows server. Apparently they want to be able to backup and share company data via this server. They already bought the server which is why my attempts to ask them to just use a paid and secure cloud storage based on sth. like nextcloud are futile. So let us just forget about the fact that what they aim to achieve here might be achievable for less money and focus on another major concern of mine. They do not have a dedicated IT person and the closest person to being tech savy is probably their comms guy. I am afraid nobody in the organisation knows anything about computers beyond how to use MS Office, Photoshop etc. They are quite young and quick learners though. So to make up for the lack of IT personnel, they budgeted for training on how to setup and maintain a server. According to their budget, they want to train three people for three days.

 

Do you think it is possible to learn how to run and maintain a windows server (and its clients) within three days? Again it will be mainly used as shared storage and accessed by up to 30 clients. I have a strong feeling that this is not a sustainable proposal. Am I wrong?

 

Cheers!

[Kilrah]

All depends on what's going to be done with it / what apps it's gonna run, the rest of the enviroment, the experience and skills of the people who are going to be trained... but basically that's a "hahahaha" moment indeed. 

[leadeater]

Honestly not enough detail about the total solution being sort after or needed. Is a Windows Active Directory Domain being setup or is required? What are the server specs, what Windows license do they have and thus number of VM instance entitlements? Is, this should be done, a hypervisor going to be installed.

 

Real short answer is no, 3 days is not enough if the requirement is a full Active Directory Domain with File Server (as different VMs!) and all computers joined to the domain.

 

A single server could work fine(ish) with the right backups but there is WAY more scoping of requirements and planning required.

[Danger_Dustin]

13 minutes ago, leadeater said:

Honestly not enough detail about the total solution...

they plan to buy windows server 2022 with 50 CALs. They want to use it to store all their data and access/share data among their staff. They want to setup a domain through which they can access the server (they have been told that they need this, but they do not really know what that means). I imagine they would want to setup permissions so not all staff can access all files.

So whoever learns this would probably need to start with the very basics. How long does it take to transform a very average PC user to someone who can run what is hopefully a pretty basic server like that? I think what needs to happen here is we need to be able to say how much training someone to maintain this will cost and - if this turns out to be too expensive - either advise them to hire a sever admin or stop spending any additional money on this.

[LIGISTX]

7 minutes ago, Danger_Dustin said:

they plan to buy windows server 2022 with 50 CALs. They want to use it to store all their data and access/share data among their staff. They want to setup a domain through which they can access the server (they have been told that they need this, but they do not really know what that means). I imagine they would want to setup permissions so not all staff can access all files.

So whoever learns this would probably need to start with the very basics. How long does it take to transform a very average PC user to someone who can run what is hopefully a pretty basic server like that? I think what needs to happen here is we need to be able to say how much training someone to maintain this will cost and - if this turns out to be too expensive - either advise them to hire a sever admin or stop spending any additional money on this.

Depends on the person and their background, and their interest in learning. If the person simply doesn’t have any motivation to learn…. A long time. If they are a tech enthusiast and this is stuff they would like to understand and just don’t yet, they could likely watch a days worth of YouTube videos, a few days of poking around forums and trying stuff, and maybe within a week they could have something working that “works” and they can tweak as they go. But if they have never done anything like this and have no motivation to learn, good luck. 

[leadeater]

34 minutes ago, Danger_Dustin said:

they plan to buy windows server 2022 with 50 CALs. They want to use it to store all their data and access/share data among their staff. They want to setup a domain through which they can access the server (they have been told that they need this, but they do not really know what that means). I imagine they would want to setup permissions so not all staff can access all files.

So whoever learns this would probably need to start with the very basics. How long does it take to transform a very average PC user to someone who can run what is hopefully a pretty basic server like that? I think what needs to happen here is we need to be able to say how much training someone to maintain this will cost and - if this turns out to be too expensive - either advise them to hire a sever admin or stop spending any additional money on this.

Well first thing is you should never combine Active Directory Domain Controller role with File Services or Print Services roles so your minimum deployment should be 2 VMs. Windows Server 2022 Standard minimum license purchase is 16 physical cores with entitlement to run 2 VM instances of Windows Server 2022 Standard. You must license all physical cores in the server so if the hardware has 24 cores then you need to purchase additional "2 core pack" licenses on top of the 16 minimum to reach a total of 24.

 

So you should have 2 VMs:

• VM1: Domain Controller, DHCP & DNS roles (these 3 in a single OS instance is fine)
• VM2: File Server (maybe Print Server of you need that)

 

This means you need to evaluate an appropriate Hypervisor, that also has accompanying hardware requirements. My general recommendation would be VMware ESXi or Windows Hyper-V Server, ESXi first personally. That means learning to run and maintain the Hypervisor is now a requirement.

 

Network layer also becomes important too because a single flat network isn't really advisable however that means learning VLAN tagging and untagging is required along with DHCP-Relay on switch devices, as well as a core/distribution switch that actually supports Layer 3 routing. You "can" get away with a single flat network here for such a small setup but I personally would not, caveat being I know how to set all that up.

 

3 days simply is not enough time to learn whatever Hypervisor is going to be used, how to setup and maintain Active Directory and Group Policies, how to configure DHCP with or without VLANs and subnetting involved, DNS (part of Active Directory setup and is mandatory), SMB File Shares with proper NTFS permissions with Active Directory groups used for ACL rules only (never do named users).

 

Then after that is all setup you'll have to figure out how to safely back all this up and then know how to recover from any possible failure type.

 

So no, even the above is still a short answer, 3 days is not enough time to learn this correctly and at a minimum an IT contracting company should be hired to set it all up correctly then hand over for self maintenance.

 

Since you mention they are a Civil Society I'm going to assume they would qualify for Microsoft Office 365 Non-Profit license model, they should use this and Azure Active Directory and have no server hardware at all. These two things will give them a managed Active Directory Domain with managed user accounts and managed computers with secure global access anywhere storage that can be shared directly from personal OneDrive or using SharePoint/Teams. This situation really is perfectly suited to Microsoft or Google cloud solutions and buying server hardware is the worst, least safe, more expensive option.

 

Edit:

P.S. Paying money for training also isn't the real problem, a training course simply cannot and will not substitute experience. An IT support contract aka a guiding hand should really be part of this if moving forward with it, that will not be all that cheap.

[Bdavis]

Are they tied to windows server? It's sounds to me like TrueNas might accomplish their goals. It can even run Nextcloud basically giving them a private cloud.

[Nick7]

In 3 days you may learn how to click something, and perform some tasks. How to try and google some solutions.

Will that make an adequate sysadmin for that role? No.

 

The known Dunning-Kruger effect:

 

After 3 days you are just climbing the 'peak of Mt. Stupid'.

[wseaton]

On 5/31/2022 at 10:09 AM, leadeater said:

Well first thing is you should never combine Active Directory Domain Controller role with File Services or Print Services roles so your minimum deployment should be 2 VMs. Windows Server 2022 Standard minimum license purchase is 16 physical cores with entitlement to run 2 VM instances of Windows Server 2022 Standard. You must license all physical cores in the server so if the hardware has 24 cores then you need to purchase additional "2 core pack" licenses on top of the 16 minimum to reach a total of 24.

 

So you should have 2 VMs:

• VM1: Domain Controller, DHCP & DNS roles (these 3 in a single OS instance is fine)
• VM2: File Server (maybe Print Server of you need that)

 

This means you need to evaluate an appropriate Hypervisor, that also has accompanying hardware requirements. My general recommendation would be VMware ESXi or Windows Hyper-V Server, ESXi first personally. That means learning to run and maintain the Hypervisor is now a requirement.

 

Network layer also becomes important too because a single flat network isn't really advisable however that means learning VLAN tagging and untagging is required along with DHCP-Relay on switch devices, as well as a core/distribution switch that actually supports Layer 3 routing. You "can" get away with a single flat network here for such a small setup but I personally would not, caveat being I know how to set all that up.

 

3 days simply is not enough time to learn whatever Hypervisor is going to be used, how to setup and maintain Active Directory and Group Policies, how to configure DHCP with or without VLANs and subnetting involved, DNS (part of Active Directory setup and is mandatory), SMB File Shares with proper NTFS permissions with Active Directory groups used for ACL rules only (never do named users).

 

Then after that is all setup you'll have to figure out how to safely back all this up and then know how to recover from any possible failure type.

 

So no, even the above is still a short answer, 3 days is not enough time to learn this correctly and at a minimum an IT contracting company should be hired to set it all up correctly then hand over for self maintenance.

 

Since you mention they are a Civil Society I'm going to assume they would qualify for Microsoft Office 365 Non-Profit license model, they should use this and Azure Active Directory and have no server hardware at all. These two things will give them a managed Active Directory Domain with managed user accounts and managed computers with secure global access anywhere storage that can be shared directly from personal OneDrive or using SharePoint/Teams. This situation really is perfectly suited to Microsoft or Google cloud solutions and buying server hardware is the worst, least safe, more expensive option.

 

Edit:

P.S. Paying money for training also isn't the real problem, a training course simply cannot and will not substitute experience. An IT support contract aka a guiding hand should really be part of this if moving forward with it, that will not be all that cheap.

With all due respect this sounds like an MSP trying to make a lot of money. Did I click on Spiceworks?

 

I agree with the cloud aspect, but 30 users and file sharing can be accomplished with a basic Synology and little training. If they are doing multimedia cloud sharing might not be a productive option. 

 

Also, I'm tired of the argument that you need to sprawl out superfluous Windows servers via defined roles and create VMs for all of them. AD, file services, and basic network roles function fine on a single box. This is 30 users. 30 users....  

 

Most of my smaller on prem clients running local servers aren't virtual at all, and dont run AD. Don't need it. Adds cost and complexity, and AD has proven its worthless defending against crypto because without a full time sysadmin that knows proper ACL protocols AD can make it easier for bad guys. 

 

They should have got a Synology and been done with it.

[leadeater]

32 minutes ago, wseaton said:

With all due respect this sounds like an MSP trying to make a lot of money. Did I click on Spiceworks?

lol no, but I have been part of one like 8 years ago and with all due respect what I said is completely true. Many think they know what they are doing, are doing a good job, but just are not and no week long training course is going to change that and that is even more true of the inexperienced of systems administration and systems engineering.

 

Is it really so wrong to advise a business to actually go seek paid professional help and services? Is it really? Will this result in a better more long term solution than just training alone?

 

Also do tell how I'd make money from that advice?

 

32 minutes ago, wseaton said:

AD, file services, and basic network roles function fine on a single box. This is 30 users. 30 users....  

No it's categorically not ok, never advise that. Doesn't matter if it's 1 user or thousands, files services off a domain controller is a horrendous idea for both security and performance. You are aware of all the default settings that are applied to the domain controller role that impacts performance and resource utilization right?

 

About 30 seconds of security mindset will tell you it's a bad idea, performance now days just doesn't matter as much as it used to but that still doesn't change what the domain controller role does that isn't optimal for basically any other windows server role. AD + DHCP + DNS is fine.

 

You have all the rights required at no extra license cost to run two instances of Windows Server Standard, just do it, stop being lazy. Sure you have to maintain two Windows installations, not a big deal, and a little bit extra resource requirement, also not a big deal.

 

32 minutes ago, wseaton said:

Most of my smaller on prem clients running local servers aren't virtual at all, and dont run AD. Don't need it. Adds cost and complexity, and AD has proven its worthless defending against crypto because without a full time sysadmin that knows proper ACL protocols AD can make it easier for bad guys. 

Correct, you just explained yourself why getting a professional in is the better idea yet question my advice and throw unhelpful shade why? (also "your clients", who's the MSP here? lol, sorry had to give that dig). If domain is required, maybe it is maybe it isn't neither of us really know, then as per my post a few days training is not sufficient to do it properly.

 

They should get whatever fits their requirements, something we barely know.

 

Also defending against crypto? That literally has nothing to do with it, that's not why anyone uses Active Directory. This is a very weird statement and take on the matter.

 

Edit:

P.S. All the extra costs motioned were for the expressed purposes of dissuading the current intention and going with a much better solution, single small servers in small networks just aren't a good idea currently unless internet connectivity tips that balance. There are so many other options than buying a server or NAS.