Small business solution

[Nijholt]

Hi guys!

 

I'm new here on the forum and love watching LTT. So first of all 'Hi!'.

 

My mother has here own small business, with around 6/7 employees, 5 workstations and 2 printers at the moment. The workstations are connected to an SMB share on the Synology NAS to access business files. In about 3 weeks she's going to move into a bigger office and we would like to move to a better system for the workstations.

 

At this moment the workstations are just stand-alone and all have the same login credentials. (The employees don't have their own login, and every PC' desktop is different) Every little change in the network or software i manually have to change on every workstation what takes me a lot of time. We would like to move to something like a domain environment to make the workstations more flexible and give all the employees their own login and desktop.

But how should i do this?

 

I've looked into a HP Proliant server to install Windows Server 2012 R2 and make a domain controller on it. Online i'm reading about a hardware firewall to protect the whole business, but is this really necessary? Also what about a backup AD and a VPN server on the Server?

 

Thanks!

 

 

[Electronics Wizardy]

Id higly suggest you move to AD, like you said.

 

Id probably get a dell poweredge server(something like a dell r330 look like a good option, depending on budget)

 

A hardware firewall isn't really needed and can be done with software just fine. Id probably get all buiness grade switches and routers. 

[AverageHardware]

Buy a small tower server. With that amount of employees, you don't need anything super powerful. Set up a domain, and give everyone an account with their own logins. From there, you can use Group Policy to push out software, printers, and permissions to different employees.

 

As for the firewall, it depends on how your network is configured and what network equipment you have now. What router/switch do you have?

[Nijholt]

5 minutes ago, AverageHardware said:

Buy a small tower server. With that amount of employees, you don't need anything super powerful. Set up a domain, and give everyone an account with their own logins. From there, you can use Group Policy to push out software, printers, and permissions to different employees.

 

As for the firewall, it depends on how your network is configured and what network equipment you have now. What router/switch do you have?

Is it possible to make a network share with file versioning on that same Windows Server instance? 

 

At this moment the office is at home and we got a business-grade modem from our ISP. A long LAN cable is running from the modem to the office and at the office there is a switch to give all the workstations internet access. The Synology is also connected to the ISP modem. Nothing special.... At the new office a small internet company next-door gives us a fiber connection, i don't really know how that is gonna be.

[Sir Asvald]

22 minutes ago, Nijholt said:

Hi guys!

 

I'm new here on the forum and love watching LTT. So first of all 'Hi!'.

 

My mother has here own small business, with around 6/7 employees, 5 workstations and 2 printers at the moment. The workstations are connected to an SMB share on the Synology NAS to access business files. In about 3 weeks she's going to move into a bigger office and we would like to move to a better system for the workstations.

 

At this moment the workstations are just stand-alone and all have the same login credentials. (The employees don't have their own login, and every PC' desktop is different) Every little change in the network or software i manually have to change on every workstation what takes me a lot of time. We would like to move to something like a domain environment to make the workstations more flexible and give all the employees their own login and desktop.

But how should i do this? I've looked into a HP Proliant server to install Windows Server 2012 R2 and make a domain controller on it. Online i'm reading about a hardware firewall to protect the whole business, but is this really necessary?

 

Thanks!

 

 

I'd recommend Dell Tower servers. Much cheaper than the rack servers. 

[GDRRiley]

nevermind finding raid cards is hard

Edited August 12, 2016 by GDRRiley

[glitchmaster0001]

id say find an old server. though stay away from anything LGA 771 since those are notorious for not being energy efficient and they run really hot. id say the best used server platform for value for money has to be something from LGA 1366. anything newer is too expensive. 

[Nijholt]

I like this one http://www8.hp.com/my/en/products/proliant-servers/product-detail.html?oid=1008772199

[glitchmaster0001]

 

8 minutes ago, Nijholt said:

I like this one http://www8.hp.com/my/en/products/proliant-servers/product-detail.html?oid=1008772199

that one is going to be expensive... its HPE if you want a cheap server for a startup company id say to find a used server for cheap. 

[Nijholt]

2 minutes ago, glitchmaster0001 said:

 

that one is going to be expensive... its HPE if you want a cheap server for a startup company id say to find a used server for cheap. 

In The Netherlands it's €650. And i think that isn't very expensive if you look at the specs. I get 2x 1TB harddisks with it and 8GB RAM. 

[glitchmaster0001]

3 minutes ago, Nijholt said:

In The Netherlands it's €650. And i think that isn't very expensive if you look at the specs. I get 2x 1TB harddisks with it and 8GB RAM. 

well given that HPE provides excellent on site support id say if you like it then go for it. but if you really want to save money then go for a used older server. 

[Nijholt]

2 minutes ago, glitchmaster0001 said:

well given that HPE provides excellent on site support id say if you like it then go for it. but if you really want to save money then go for a used older server. 

But what are my minimum needs for what i want?

• Domain controller
• Folder sharing
• VPN

Really don't know the processor and RAM needs.

 

Also, is it important to have a backup domain controller?

[dalekphalm]

49 minutes ago, Nijholt said:

But what are my minimum needs for what i want?

• Domain controller
• Folder sharing
• VPN

Really don't know the processor and RAM needs.

 

Also, is it important to have a backup domain controller?

A backup DC isn't NECESSARY, and in a small environment like yours, I'd say you shouldn't worry about it.

 

But it is "Industry Standard" practice to have a backup DC.

 

The backup DC needs to be installed as a separate OS, ideally on totally separate hardware (Eg: Running 2 VM's on the same machine- Primary DC and Backup DC - would be a waste of time and money).

 

For your needs, you could host all three services (DC, File/Print Sharing, VPN Server) all on the same physical machine, under a single Windows Server install.

 

You won't need especially high powered equipment, either.

For CPU: 4c/8t Xeon (Or 8c Xeon if you can afford it)

RAM: 32GB would likely be fine - more if you can afford it (this is a recurring theme, if you hadn't noticed lol)

The rest of the hardware specs, at this point, aren't too important for a server. Buy enough disks to fill your needs.

 

Your HDD setup will depend on how much storage you need.

 

Make sure the OS is on a separate drive, and any "shared folders" go on a RAID array of some sort.

 

For example, if you need 2TB of space on your Network Share (This is the folder everyone connects to), I'd recommend a simple 2x2TB RAID1 mirrored setup. So your Server might look like this:

1x 500GB HDD

2x 2TB HDD

All plugged directly into the motherboard. You could setup RAID1 using the built-in Motherboard RAID, or you could use Windows built-in software raid to Mirror the disks.

 

You could also get a RAID Card with the server - many servers come with a RAID Card by default.

 

Also, you should pick up a stand-alone NAS, or a USB HDD, or some extra HDD's, to create backups with (Remember, RAID IS NOT A BACKUP - RAID is about uptime and recovery time, and does not protect against file corruption, and many other ways you could lose files).

 

Your "backup" setup should have the same capacity as your primary storage device. So if your server has a 2TB network share, your backup drive should be 2TB as well (or larger, to provide for multiple backups on a rotating schedule).

 

If the Server has hot-swap HDD bays on the front, you could use those bays for the Backup Drive.

 

Ideally, you should be using the "3-2-1" backup method. This means at any given moment in time, you have three sets (or copies) of the data, two of which are stored locally, but on different mediums (meaning devices - eg: one copy on your main pool, one copy on a set of backup disks), and one off-site copy (This could simply mean backing up your data to two different HDD's - one which stays in the computer, and the other you take home with you every night - or you could get more sophisticated, and have an off-site NAS that auto-replicates w/ your working storage pool, etc).

 

Hope some of these insights help.

 

Remember, with 7-8 users, you REALLY don't need a lot of power. But I would still recommend buying new with warranty servers, if you can afford it. The business class support that both HP and Dell (and other Enterprise grade vendors) offers is fantastic.

 

EDIT: Link on 3-2-1 backup strategy:

https://www.backblaze.com/blog/the-3-2-1-backup-strategy/

[leadeater]

13 hours ago, dalekphalm said:

A backup DC isn't NECESSARY, and in a small environment like yours, I'd say you shouldn't worry about it.

 

But it is "Industry Standard" practice to have a backup DC.

 

The backup DC needs to be installed as a separate OS, ideally on totally separate hardware (Eg: Running 2 VM's on the same machine- Primary DC and Backup DC - would be a waste of time and money).

Generally I have come to the conclusion that a second DC should always be created, even on the same hardware when only using one virtual host. More than once I've had to deal with clients that had power loss or similar issue causing a DC to improperly shut down and corrupt ntds.dit (AD database). After this I have always deployed two regardless and a few times it has actually prevented extended down time when one DC has been corrupted but the other has not, even on the same virtual host.

 

You still have to fix the issue, especially if the affected DC is the FSMO roles owner. You can either restore from backup or force take ownership of the FSMO roles using the working DC and deploy a new DC.

 

The main benefit is the domain is functional while this work is carried out and users can login etc

[Nijholt]

3 hours ago, leadeater said:

Generally I have come to the conclusion that a second DC should always be created, even on the same hardware when only using one virtual host. More than once I've had to deal with clients that had power loss or similar issue causing a DC to improperly shut down and corrupt ntds.dit (AD database). After this I have always deployed two regardless and a few times it has actually prevented extended down time when one DC has been corrupted but the other has not, even on the same virtual host.

 

You still have to fix the issue, especially if the effect DC is the FSMO roles owner. You can either restore from backup or force take ownership of the FSMO roles using the working DC and deploy a new DC.

 

The main benefit is the domain is functional while this work is carried out and users can login etc

And how should i Make a backup DC? Do i have to buy a whole extra machine? Isn't it possible to make a backup on my Old NAS, for example, and restore that one in case of a failure? Thanks.

[leadeater]

1 minute ago, Nijholt said:

And how should i Make a backup DC? Do i have to buy a whole extra machine? Isn't it possible to make a backup on my Old NAS, for example, and restore that one in case of a failure? Thanks.

I always virtualize so what ever server you end up buying I would put ESXi/Hyper-V etc on it then create VMs to run what you require. One of the reasons I like to do this is when it comes round to replacing the server hardware you can just move the VMs to the new host, multiple ways to do this and some methods require paid licenses but that's a different issue.

 

This allows you to segregate hardware and software from each other, running bare metal ties things rather closely which isn't necessarily a bad thing but it does add more variables to the equation when you go to do either a hardware replacement or software.

 

The other benefit is by virtualizing it opens up more backup options than in OS agents, VM backups. There a plenty of good ones out there but the most popular is Veeam. Veeam has a free option but the biggest feature the free version lacks is scheduling. Another option is Quantum DXi V-Series which is free for up to 15TB.

 

Veeam

https://www.veeam.com/virtual-machine-backup-solution-free.html

 

Quantum DXi V-Series

http://www.quantum.com/products/disk-basedbackup/dxiv-series/index.aspx

 

For small networks virtualizing isn't all positives however, there are down sides. The hypervisor does introduce overhead, around 2GB ram, and if you follow good practice and not run and file/web type services off a DC then you increase Microsoft licensing cost. I would advise only running a DC with DNS and DHCP anyway. Another downside is complexity as you have to manage more server OS installations along with the hypervisor.

 

Looking at your network as you described it I would run 3 VMs: Domain Controller, File Server, Sophos UTM/pfsense etc. The only downside to Sophos UTM is while it's free for home use it's not for businesses. The real issue is that from a technical standpoint going with a virtualization option using multiple VMs is better but it's hard to justify the increased hardware cost and potential software cost for so few users.

 

@dalekphalm is spot on for either a direct single OS install, a virtual single OS install or a 3 VM install except for that last one where you would have to increase the disk performance by using a mirror pair of SSDs to host the OS's of the 3 VMs and then a mirror of slow/cheaper capacity disks for the file server data disk.

[leadeater]

28 minutes ago, Nijholt said:

And how should i Make a backup DC? Do i have to buy a whole extra machine? Isn't it possible to make a backup on my Old NAS, for example, and restore that one in case of a failure? Thanks.

As for backing up to a NAS and restoring in an event when you need to use it yes that will work. It's really just a question of how much down time you are prepared to have and what the actual fault is.

 

If it's a hardware fault that takes the server offline then having 2 virtual DC's on the same hardware isn't going to improve anything, unless as I mentioned when it is back online one DC is corrupt and the other isn't. Don't read in to that too much, the likelihood of a corrupt DC is low I just have a higher chance of seeming them since I used to work for an IT service company.

 

Keep in mind I usually deal with much larger networks so it can be hard for me to scale down some of the things I would normally do and some clients really really don't want any down time where ever possible but refuse to buy more than one server, only so much you can do.

[Nijholt]

Thanks for all your answers! I'm learning a lot about WS2012. I still have a few questions:

• The OS and data on seprate disks i understand, but why doesn't the OS have to run in a RAID?
• What if the OS crashes and all my DHCP, DNS and AD data would be gone? I've red this all is stored in the system state data?
• And is it easy to restore the OS in case of a system failure with a full system backup? Or is a full system backup, overkill?

Thanks!

[leadeater]

1 minute ago, Nijholt said:

Thanks for all your answers! I'm learning a lot about WS2012. I still have a few questions:

• The OS and data on seprate disks i understand, but why doesn't the OS have to run in a RAID?
• What if the OS crashes and all my DHCP, DNS and AD data would be gone? I've red this all is stored in the system state data?
• And is it easy to restore the OS in case of a system failure with a full system backup? Or is a full system backup, overkill?

Thanks!

I always run OS disks in a RAID 1 mirror, for the reason you mentioned, and yes you'll always need a full system backup with once a week being generally fine.

[Nijholt]

6 hours ago, leadeater said:

I always run OS disks in a RAID 1 mirror, for the reason you mentioned, and yes you'll always need a full system backup with once a week being generally fine.

Do you know how much space i would need for WS2012? I'm planning to buy 2 SSD's in RAID1 for the installation. All the data stuff is stored on the HDD's in RAID1.

But i really don't know how much space WS2012 is gonna take.

 

[leadeater]

4 minutes ago, Nijholt said:

Do you know how much space i would need for WS2012? I'm planning to buy 2 SSD's in RAID1 for the installation. All the data stuff is stored on the HDD's in RAID1.

But i really don't know how much space WS2012 is gonna take.

 

Doesn't use much at all, all our VM templates have 80GB system disks.

[Nijholt]

Just now, leadeater said:

Doesn't use much at all, all our VM templates have 80GB system disks.

Ok, thanks!

[dalekphalm]

17 minutes ago, leadeater said:

Doesn't use much at all, all our VM templates have 80GB system disks.

Agreed - most of our WS2012 VM's have 100GB VHD's (Virtual Hard Drives) and they hardly use the space given.

[Nijholt]

I'm reading on the internet people have problems with Samsung SSD's in HPE Proliant servers.

Do you guys know anything about this? I want to buy this server: http://www8.hp.com/emea_middle_east/en/products/proliant-servers/product-detail.html?oid=1008771942#!tab=specs

 

And i would like to put 2x Samsung EVO 750 128GB SSD's in there in a RAID. Wouldn't this be a problem, or should i buy HDD's instead, just for safety?

 

Thanks!

[dalekphalm]

17 minutes ago, Nijholt said:

I'm reading on the internet people have problems with Samsung SSD's in HPE Proliant servers.

Do you guys know anything about this? I want to buy this server: http://www8.hp.com/emea_middle_east/en/products/proliant-servers/product-detail.html?oid=1008771942#!tab=specs

 

And i would like to put 2x Samsung EVO 750 128GB SSD's in there in a RAID. Wouldn't this be a problem, or should i buy HDD's instead, just for safety?

 

Thanks!

Can you link some of the comments (Or just put them in a post)?

 

I'm not aware of any specific incompatibilities with that server and Samsung SSD's.