Network set up/overhaul

[autumn]

G day all

it's been a while since I last posted, have read threads occasionally. I have my head down and bum up.

Anyway.

I have a client with 7 sites, most are connected back to the Head Office (HO) via hardware VPN's a couple (with only 1 user) are software VPN's however I'm trying to routers in to these sites as well. These site are up to 4 hours away from HO. They have grown with an adhoc solutions.

Sorry a bit of long wind for back ground.
A bit of back ground, I started working for these guys about 3 years ago as a subbie to another tech, he wasn't paying and asked me to do a job for them and told him only if I can get them to pay me directly. He's base is 6 hours from their HO hence why I was going in. He is not up with current technologies and against VM's, cloud etc. He is friends with the the main decision marker (not the owners). I've have contact mainly with the 2IC and below and the owner. These guys seem happy with me however I think some of them think I'm part of the original tech.

Currently setup

HO site

4 servers:- (all bare metal, no VM's)
SBS 2011 - AD, exchange, file sharing, DNS (another issue user count is between 70 and 85)
Server 2003 - I know not supported, used for RDC (15 to 20 users) for the remote site to access their SQL DB and used for their intranet.
Server 2003 - SQL server (about 50 users including the 15 to 20 RDC's)
Server 2012 essentials upgraded to standard - has been setup to move the SQL over to, (I have issues here as well, might touch on this here or in another thread), I'm thinking about including the RDC and intranet here as well, thoughts?
Fibre link 50/25 connect speed

Remote sites

No servers,
most DSL 2+ connections (about 8~10/1.5~2)
have access to intranet and RDCsome site file sharing to HO via VPN
all local machines are workgroups

I would like to recommend some overhaul directly to the customer (have suggested solutions to the other tech), I was considering VM's however wondering about securing the remote sites. as well as backing up the desktops, documents (which they shouldn't have however we all know)

Now I'm not completely up with Cloud stuff, I have looked at clouding the SQL server via a large Australian"private" cloud provider however didn't further in to it from the reaction of the other tech.

SO here are my questions:

What would you do?
With the cloud stuff, can you basically get rid of all the bare metal servers (including the AD) and run them from the cloud? how do they connect to them (VPN's)?
If the SQL Db is hosted what are the requirements with internet at the sites? It has a exe on the SBS server atm and an ini file that points to the SQL instance.

What about Azure?
Can you have multiple cloud provides? s it worth while?

Question about the SQL Db moving, the instance is setup on the 2012 server, and I can access the Db from the exe on the 2012 server however not from any other device on the network. I have opened the TCP port and restarted the service, what could I be missing?

thanks in advance

 

[YeOldeStonecat]

Sounds like something you could start shifting to the cloud....staring with Office 365 (which would include Exchange).

What is their current primary server again? I see "SBS 2012"...there is no Small Business Server 2012. The last SBS was 2011. Has a max user allowance of 75.
Server 2012 Essentials replaced SBS....but as SBS had Exchange included in it, (and SQL if you had Premium)....Essentials does not have Essentials or SQL, as Microsoft wants the recurreing revenue of O365 now. And Essentials maxes at 25 users.

Starting with Server 08 R2, but greatly improved with Server 12, is a feature "Direct Access". Basically client workstations log into active directory..and gain access to the internal resources. You don't need a VPN. Just....logs in across the internet like logging into the domain on the LAN. Still can control those rigs via group policy, etc.

So that's one way cloud servers can control clients. Just finds it via FQDN instead of local IP address or host name.

So in total over a hundred users.
I'd probably virtualize a lot of stuff at the mothership.
Have a big virtual host, and for guests....had a DC, a file/print server, a SQL server, and a Remote Desktop Services (formerly known as terminal server) box.
I'd have a small bare metal not on the VM host....as a second DC.

 

[autumn]

OK fixed the type o yes sbs 2011 and yes I know about the 75 user limit, total number of users is between 70 and 85 users (depending on who's been fired, lol). I looked in to Office 365 for them whoever I was told by a distie that they wouldn't be able to go full O365 due to people don't have a computer/laptop they use as a primary hardware, (not sure about this, multiple users use multiple computers however they have emails on their phones). Might be something of an Australian thing, MS likes to change the licensing agreements here compared to the rest of the world. There is a email only O365 license which I can't see why that can't be used on phones. With O365 is there a size cost? the current exchange Db's are about 200 Gig?

How does Direct Access work, when you explained that however how to implement it? Is it available through sbs 2011?Or R2 and 2012?

Can I clarify, when you say Virtualiize and VM you are talking about cloud hosting? Or on metal onsite?

 

[YeOldeStonecat]

By default users are allowed up to 50 gig mailboxes..."per user". Are you talking about the entire infostore being 200 gigs? Or you have a few users there with mailboxes around 200 gigs in size?
I'm not sure why the prior person discouraged O365 due to "no assigned computers"....the Office Pro Plus package (E series) supports "Shared Computer Activation"....meaning you can install it on a computer that has more than 1x user log in (like a terminal server or general use computer at the front desk)...and it will tie in with whatever login account is signed in.
If you have many people that will never use a computer, may need to get creative with licenses here.

I "think" the "shared computer access" feature is not permitted on the business plans...would need to double check that.

Direct Access feature started with Server 08 r2...but greatly improved with Server 2012. I am not sure if the feature is included in SBS11...never tried it with that (nor with 08 server).
Workstations that are already joined to AD...just access it externally You can join workstation to the domain via direct access through a setup wizard...for computers "far away". Basically it takes away the need for VPN.

I referred to virtualizing servers locally at the mothership office. I don't rush to move things to "all cloud" without studying the needs of the client, how they use their network..there is a lot to consider. Things they may run at the office...MFPs that scan to folders on the server but don't have e-mail capability, license services for specialized software on the LAN . Most businesses still have the needs for local servers. You can do hybrid setups though...which we're doing quite a bit of now. Office 365 brings Sharpoint and Exchange to the cloud. We're doing DattoDrive to also allow remote access to files on the server.

 

[fencepost]

Regarding the hardware, anything that's still running 2003 servers on bare metal might as well not exist - don't plan on re-using those servers. Odds are you could get better hardware used now for the cost of 1 year of electricity for those older boxes (see discussions elsewhere on TN of used Dell R710 servers, for example).

With that many users, I'd not recommend trying to go to offsite cloud, and based on my experience with "fat" client apps connecting to a remote database I'd try to keep as much of that "local" with Remote Desktop or RDS RemoteApp. Depending on the types of documents they use, I'd say the same for the remote offices - at least if they're opening remote documents over a VPN over a DSL link.

 

[frederick]

Id do a local VM solution at the HQ, or lease a half rack at your nearest data center to act as a meet in the middle point for all the locations. id set up the HQ to operate as a backup for domain services and implement an MPLS between yhe DC and HQ. everyone makes a VPN connection back to the HQ and the DC.

You dont need a big MPLS. a 100Mbps, non dedicated connection, will be good enough unless you see consistent reaching of up those speeds.

 

[autumn]

Thanks all.

Yes this client is a pain in the arse. Yes I've been trying to get them off the 2003 servers for a couple of years, the other tech has had the run and recommends second hand equipment including servers (stupid) which I they are starting to come around to new stuff.