4

We currently have two servers which we are looking to upgrade, one is Small business server, runs exchange and hosts all our files, and the second server is a remote desktop services machine which runs our sales and accounts package.

Small business server was great when we had 20 users, we are no approaching 70 users hence the upgrade.

I am starting to get prices together for replacement servers, exchange licenses...etc

I know I shouldn't install exchange on a domain controller, so If I install the domain controller role on the server, then create a VM and install exchange on this VM and migrate the exchange data from our old SBS box, am I doing anything wrong, I have been told to virtualize the domain controller, but have read conflicting information on this.

I would also like to eventually virtualize the remote desktop server.

Should I virtualize the domain controller or not?

Thanks in advance for any help given

WL

Whacky Llama
  • 41
  • 1
  • 1
    How about switching to [Exchange Online](https://products.office.com/en-gb/exchange/exchange-online) for the Exchange part? Then you do not need to keep a server up and running only for a handfull users. – BastianW Nov 23 '16 at 12:20

3 Answers3

3

There is nothing bad in virtualizing the DC. Deploy 2 VMs: configure 1st as a "primary" DC and deploy second VM as a second DC, then replicate via AD Replication. Make sure that these 2 VMs are located on separate hardware or separate sites in order to achieve redundancy. In case if primary DC dies, you will be able to seize FSMO roles on the replica DC.

There are plenty of topology choices that corelate with MSFT best practises. Just google it and apply any that fits your deployment. Virtualized DCs don't consume much hardware resources. But on the other hand, speaking about security, you shouldn't use DC server for any other services.

This articles may be useful in your case:

https://dirteam.com/paul/2014/07/12/can-i-virtualize-all-my-dc-s-in-the-domain/ http://www.bestserversupport.com/blog/active-directory-replication-windows-server-2012.html

Strepsils
  • 5,000
  • 10
  • 14
1

I believe you are heading down the right path by asking, which is always good and educational. I encourage you to keep asking and within a few weeks, you will end up designing the best solution! One very important thing is to keep good notes and document your way to set milestones - go at the pace of your documentation. I suggest OneNote 2016. Trust me, one day, you will find me and thank me in person. :-)

Here is my experience and my suggestions.

The bad news is that SBS migrations (File Services, AD and Exchange) can be tricky. In many cases, data\DOMAIN loss. Your question wasn't specifically asking about this area for your upcoming adventure. You are probably all set in this phase and only need hardware recommendations. That said, if you want to discuss the migration process, let me know and I will provide some useful links; like http://www.sbsmigration.com, who offer reasonably kits for Swing and Traditional migrations.

I personally like both vMware and HyperV. I work with vMWare the most for large clients or where needed. For a long time I had a few dozens SLA clients between 20 - 100 users. Time has past and they have grown way beyond 100 users. I had all these clients on HyperV Server 2008 Core, around the time when it was first released. These kind of clients never like vMware prices. :-)

Below are hardware specs for users between 60-80 Users 7 years ago. These clients are always on a budget and difficult to impress when a DLINK or similar device kept them running for decades. So I designed a median system and kept the same.

  1. Two or three Dell R710 32GB to 128GB, most common was 64GB.
  2. Dual XEON Dual or Quad CORE of the time.
  3. RAID10 on 10RPM or 15RPM Drives.

  4. 4 Network Cards. 5a. Hypervisor Installed on separate drive. 5b. Hypervisor Installed on USB. 5c. Hypervisor Installed on Dual SD Cards.

  5. Decent managed switch for features such as VLAN's - if needed. I personally eliminate VLAN1 - whole different topic. :-)

Today, most of these clients are now on vMware clusters. Below is average scaled down version of a cluster setup using a SAN, two Dell Servers and two managed switches. The costs are not accurate - but within range.

  1. One EqualLogic Hybrid SAN (some SSD drives) 1GB -- around 30k 1a. One EqualLogic NON-Hybrid SAN -- around 17k 1GB
  2. Two PowerEdge R630 256GB RAM, 10CORE, 8 NICS -- around 8k per
  3. Two PowerConnect N3000 Series -- around 3k per

The above is a 1GB setup for iSCSI, vMotion, Management and your public network or VM's.

Today, 10GB is king! It's expensive and not always needed. If you want to know about 10GB, let me know, many variables.

To answer some of your questions...

  1. Domain Controller can be either or - physical or VM.

An example when you will regret not having a physical DC is when you have services or appliances outside of the VM Host using services like NTP or DNS. For example, with vMware, if you need to run updates, you have to enter the server in to Maintenance Mode which requires powering off all VM's. If the DC is powered off, appliances like your VPN server will not work.

The above example is just one of many. Please let me know if you want more information here to help you decide.

  1. Virtualize Remote Desktop Servers

I encourage best practices here and hopefully the RDP servers are behind a firewall with no NAT translation to PUBLIC. If you do have pinholes on the firewall, I recommend closing and getting SSL VPN, Meraki, SonicWALL for you size. A lot will hate on me, but I am a SonicWALL dude. :-)

RDP servers run great virtualized. And if you have lots of RDP users, look at hardware based load balancing. I am not a fan of MS Load Balancing service.

To conclude, I doubt you have 70 concurrent RDP users? That would change a lot, also expensive. I am going to guess that you have around 20 RDP users, maybe less for your accounting department.

Here are my questions before I give you a short executive summary of what I suggest.

  1. Are you planning to buy new servers?
  2. Are you planning to upgrade (physically) the current servers?
  3. May I ask for model of current servers or servers you want to buy?
  4. What is your network like? 1GB flat?
  5. Any of your switches manageable? Are you exploring features like VLAN's?

I will help you no matter what you want to do. I rather help the entire planet as a full time job then to see another non-practice setup. Not saying this is you, speaking generally because I see about 3-5 envionrments in bad shape, sometimes so bad that I have to refuse the work. hahaha, and that's hard for me to do. :-)

Hope to hear from you, sorry for massive email. I type pretty fast and thoughts pour within minutes. I also have a bad habit of going back and correcting, so please excuse errors. :-)

Thanks, Rob

Rob Duran
  • 21
  • 2
  • 1
    I also for one very important thing. Get rid of your Exchange server, no longer needed. Trust me, Exchange is something you can litterally put behind you. I was an expert for many years and now *NO MORE*. Go to Office 365, at least look at it. You can use an inexpensive service like BitTitan. They basically do the entire migration in phases. All you have to do is the Public DNS stuff and if you set things ahead of time, like TTL, you can be switched over instantly, not always, but fast. – Rob Duran Nov 23 '16 at 13:54
1

Gotta agree with Rob when talking Exchange. Exchange can be somewhat complex to manage with a full Exchange Server deployment and migration can be complex. Microsoft's SBS does some strange things. Microsoft has been pushing it and using a hosted service is what I would recommend for a smaller organization like yours. Microsoft has 4 plans that should cover all of your needs. This eliminates Exchange server licensing, hardware (phys or virtual) and product support issues. Four years ago, I saw O365 go down twice in a year. I'm guessing it's more stable now.

Microsoft recommends running Hyper-V with no other roles, but AD doesn't take much resource, so both roles should be fine. With one license, you can have 2 VMs on the server. With Exchange hosted, you could build a VM that is only a DC (I always recommend two domain controllers) and a second for your RDP server.

Servers should have MFG support. It's a critical box that runs your environment. Ask how much a few days of downtime would cost the org and compare that to 5 years of maintenance and support. I'd go Dell or HP. Cisco is fantastic but more expensive (however I love the Virtual Interface Cards and how they integrate with Nexus switching fabric!!).

SonicWall appliances are easy to manage with the built-in wizards, even though they are a little messy behind the scenes. Don't recommend ASA for a small business - they are way too complex for a part time admin. Even a freebie IPCop is a good product (and it uses the same SNORT that Cisco ASA uses with SourceFire) but it's going to be some work to support on your own. I recommend some kind of firewall solution that doesn't just NAT you over to the RDS server (like those consumer routers do). Some people think the renewals are too expensive, but the business being down due to malicious intent or data loss is a lot more expensive.

Small org like yours should be good with all 1G switching unless you are dealing with large things like PACS imaging, large graphics or engineering drawings and the like. Even then, we are fine with 1G to the switches with medical imaging (switches are then 10G to the core). If you are carrying VoIP on your network, I don't recommend NetGear switches - had a very bad support experience and threw 3 $600 switches into the junk pile, replacing them with another manufactures product that solved the problem (a firmware issue). Cisco Small Business has given me the best support (even had a free upgrade through support for an odd network error that a replacement didn't fix but the upgraded model did). HP or Dell are good also, but HP won't give you configuration support like Cisco does. I have a little Meraki under my desk connected to upstream to my Cisco distribution switches and it rocks - I am really impressed. If using VoIP or other things that should be on their own network, I recommend using VLANs. If you want be able to capture packets for troubleshooting and see who is on your network, doing what, I'd go with Meraki. It's a subscription model, so go for the longest term right off the bat. You can do a lot of things through their web interface. Attend a webinar and get a free one with PoE!!!

Wireless can be a lot of trouble. If you use independent access points, you need to worry about co-channel interference, the lack of mobility between radios, setup and troubleshooting. If you have Apple devices, I've seen some funny stuff with them. SonicWall's wireless works quite well (an appliance with wireless and a thin access point or more depending on how large of an area you have). I have a Meraki demo unit at home and it seems to work okay. Range isn't the best (not like my Cisco 3702s at work), but they are easy to manage. No matter what you do with APs, don't set power to 100% thinking that will help. I've seen many problems solved by turning the power down. Way down. SonicWall support can be very helpful with wireless issues if you go with them.

Dacid Salin
  • 204
  • 4
  • 12