locked
Need help to choose RRS feed

  • Question

  • Dear all,

    I have been called by a customer to help on redesign its infrastructure, I have some knowledge but not a real expert in this.
    Thew will only need a file server for sharing folders. All client workstation runs Windows 7

    Actually they are running themsleves there backup on 2 simple removeable hard disk of 300Mb .

    I have propose them a simple server runing Server 2008R2 Standard running AD and File Server. This will be the onlw server available in this small company. They have 10 client PC

    I did not select SBS cause they do not need Sharepoint and Excahnge

    Questions I have :

    - As it will be THE ONLY SERVER in this small company do I have to configure this single server as DC controler ?
    - What can I propose for better backup solution ( Sheap NAS ? ) if answer is yes how to integrate NAS under Server 2008? Is it single hard disks all connected to Network router ?
    - I need to run an antivirus on this Server in order to protect it and protect also the client PC. I have check Kaspersy which seems to do the job any other advise ?

    In case a Server is down they accept 2 hours break down

    Please note it is a small company with not heavy budget so I need to propose a clean, cheap and safe solution

    Thnaks for help

    serge


    Your knowledge is enhanced by that of others.
    Tuesday, April 19, 2011 8:03 AM

Answers

  •  As it will be THE ONLY SERVER in this small company do I have to configure this single server as DC controler ?

    One DC is not enough. It is recommanded to have at least two DC/DNS/GC servers. If you use just one, you may turn in troubles one day and lose your domain.

    What can I propose for better backup solution ( Sheap NAS ? ) if answer is yes how to integrate NAS under Server 2008? Is it single hard disks all connected to Network router ?

    You can post here for more information:

    http://social.technet.microsoft.com/Forums/en-us/exchangesvravailabilityandisasterrecovery/threads

    You can use the Microsoft Windows Server Backup utility. I recommand that your backup your DCs periodically.

    Don't do snapshots or images for your DC because they are not supported.

    I need to run an antivirus on this Server in order to protect it and protect also the client PC. I have check Kaspersy which seems to do the job any other advise ?

    You can use a TMG antivirus solution but there is no problem using Kaspersky.



    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Tuesday, April 19, 2011 8:17 AM
  • Hello,

    if you like to have easier management a domain is better, what about using the Windows server foundation, no Exchange, up to 15 users in a domain! and upgradable for future use to regular Windows server versions?

    http://www.microsoft.com/windowsserver2008/en/us/foundation.aspx

    Otherwise you have to use a workgroup scenario with having the disadvantages of maintaining multiple user accounts on different machines, no GPOs etc.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Tuesday, April 19, 2011 8:31 AM
  • If an organization's one and only server is lost, and their backups are also lost, then they must start over no matter what. I'm biased by the many customers I've seen recover after their one and only server died. In some cases their backup was corrupt and they started over. In most cases they were able to recover. Yes, there is risk, but I don't think the solution is a workgroup. I still see customers with only one DC.

     


    Richard Mueller - MVP Directory Services
    Tuesday, April 19, 2011 3:39 PM
  • You can run the environment with single DC too but for business continuity & reduce the downtime & meet SLA its been advisable not the mandate.

    If there is disaster complete city is wiped out. Still people are running with single server & all their info i.e SBS server.

    Just check the below article, why its not recommended to work with single DC(just for info).

    http://cbfive.com/blog/post/Unorthodox-Forest-Recovery.aspx

     

    Regards


    Awinish Vishwakarma| MY Blog

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, April 19, 2011 3:59 PM

All replies

  • Dear all,

    I have been called by a customer to help on redesign its infrastructure, I have some knowledge but not a real expert in this.
    Thew will only need a file server for sharing folders. All client workstation runs Windows 7

    Actually they are running themsleves there backup on 2 300Mb simple removeable hard disk.

    I have propose them a simple server runing Server 2008R2 Standard running AD and File Server. This will be the onlw server available in this small company. They have 10 client PC

    Questions I have :

    - Do I have to configure this single server as DC controler
    - What can I propose for better backup solution ( Sheap NAS ? ) if answer is yes and to integrate NAS under Server 2008? Is it single hard disks all connected to Network router ?
    - I need to run an antivirus on this Server in order to protect it and protect also the client PC. I have check Kaspersy which seems to do the job any other advise ?

    Thnaks for help

    serge

     


    Your knowledge is enhanced by that of others.
    • Moved by Bechir Gharbi Wednesday, April 20, 2011 9:18 AM (From:Windows Server 2008 R2 and Windows Server 2008)
    • Merged by Nina Liu - MSFT Thursday, April 21, 2011 2:33 AM dup
    Monday, April 18, 2011 2:59 PM
  • Hello,

    please note that you are in a French forum. I advise to submit your problem in

    this forum :http://social.technet.microsoft.com/Forums/en/winserverDS/threads

    good luck


    Anouar KETAT
    My Blog: Directory Services
    Knowledge is only power if it's shared
    Monday, April 18, 2011 3:26 PM
  • Hello,

    this is a frensh forum and not an english one.

    Personally I recommand the use of SBS.

    If you want to use Windows Server 2008 R2 then I recommand that you install at least two DC/DNS/GC servers. If you will use just one then you may lost your domain if you have got problems with your backups and your DC is down.

    You can run the DC as a file server but make sure that it is not multihomed because this will cause DNS problems and it leads to AD problems.

    For the antivirus, you can use Kaspersky or TMG antivirus. So, you can choose what you want.

    Also, you need to use a firewall to protect your server.

    For the backup, you use the Microsoft Windows utility for backups and restore operations.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner

    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Monday, April 18, 2011 3:29 PM
  • Thn for your reply Mr X

    What do you mean by "multihomed "

    They do not need anything else than file server so why should I go with SBS with all sharepoint and Exchange stuff ?

    By backup I mean, does backuping on External USB HARD Disk is enough ?

    regards

    Serge


    Your knowledge is enhanced by that of others.
    Tuesday, April 19, 2011 7:59 AM
  • Check Ace Fekay article for more information about multihoming:

    http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

    I suggested SBS because it is a better solution for Small Businesses.

    For backups, you can try use USB HARD Disks.

    If you don't want to to use SBS then use at least two DC/DNS/GC servers because if you use just one you may lose your domain one.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner

    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Tuesday, April 19, 2011 8:09 AM
  •  As it will be THE ONLY SERVER in this small company do I have to configure this single server as DC controler ?

    One DC is not enough. It is recommanded to have at least two DC/DNS/GC servers. If you use just one, you may turn in troubles one day and lose your domain.

    What can I propose for better backup solution ( Sheap NAS ? ) if answer is yes how to integrate NAS under Server 2008? Is it single hard disks all connected to Network router ?

    You can post here for more information:

    http://social.technet.microsoft.com/Forums/en-us/exchangesvravailabilityandisasterrecovery/threads

    You can use the Microsoft Windows Server Backup utility. I recommand that your backup your DCs periodically.

    Don't do snapshots or images for your DC because they are not supported.

    I need to run an antivirus on this Server in order to protect it and protect also the client PC. I have check Kaspersy which seems to do the job any other advise ?

    You can use a TMG antivirus solution but there is no problem using Kaspersky.



    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Tuesday, April 19, 2011 8:17 AM
  • So then I can simply install this Server running AD and FS and define a networkGroup without any DC as it wwill be the only single Server, correct ?
    Your knowledge is enhanced by that of others.
    Tuesday, April 19, 2011 8:24 AM
  • If what you need to perform can be done using workgroups then there is no need to use AD.

    Like I suggested, if you are using AD, it is recommanded to have at least two DC/DNS/GC servers so you need a second server which I see that it is not possible in your case.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Tuesday, April 19, 2011 8:27 AM
  • Hello,

    if you like to have easier management a domain is better, what about using the Windows server foundation, no Exchange, up to 15 users in a domain! and upgradable for future use to regular Windows server versions?

    http://www.microsoft.com/windowsserver2008/en/us/foundation.aspx

    Otherwise you have to use a workgroup scenario with having the disadvantages of maintaining multiple user accounts on different machines, no GPOs etc.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Tuesday, April 19, 2011 8:31 AM
  • I have seen several schools (about 40 client computers) that went with one Domain Controller until they could afford a second, and this worked out well for them. Their backup included a backup of the system state, so they could have restored Active Directory. This allowed users to logon to any computer.

     


    Richard Mueller - MVP Directory Services
    Tuesday, April 19, 2011 9:17 AM
  • i would recommend for Windows foundation server. You can create AD & it supports upto 15 users in AD only, You can also configure it as a file server too, for more info take a look at below link.

    http://www.microsoft.com/windowsserver2008/en/us/foundation.aspx

    http://www.petri.co.il/introduction-to-windows-server-2008-foundation.htm

    http://h18000.www1.hp.com/products/servers/software/microsoft/os/windows2008fr2/index.html

     

    Regards


    Awinish Vishwakarma| MY Blog

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, April 19, 2011 10:38 AM
  • It sounds like there will only be a couple of machines and a tiny budget, I don't think a Active Directory domain is the best idea.  To properly configure you should have two dc's so in the event you lose one a second one can authenticate you.  That alone puts you over the limit.  I would just build out a workgroup model and manage things from there.  A Windows server license alone will probably run over $500.00 and some small company's just don't have the cash.

    I think the best thing to do is define exactly how many servers and what they need for protection of the data itself. 

    From what you described I would suggest keeping it as a workgroup.

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please

    Tuesday, April 19, 2011 11:34 AM
  • based on SBS are we able to not install Exchange and Sharepoint ?

    Based on the fact that I do not use SBS but a single Server 2008, I can go without configuring it as a DC right ?


    Your knowledge is enhanced by that of others.
    Tuesday, April 19, 2011 11:43 AM
  • It seems that even between expert ideas are different.

    The idea I was thinking to go for a server solution and AD + FS was to better manage client computers and file sharing.
    Adding WSUS  will offer central update of client.

    Today client PC are running as workgroup and all users manage theire update and antivirus and so one. Which is definitly not theire role and Job.

    So haveing a server solution capable to cover this is a real added value to existing solution. Now question was more oriented on the fact it will be the only Server so seems DC can not be used according to what you said but according to others Server Foundation could bring what I need as DC, AD, FS, WSUS and of course backup

    correct ?

    regards
    serge


    Your knowledge is enhanced by that of others.
    Tuesday, April 19, 2011 11:54 AM
  • You didn't provide much info on the topology itself.  I think you would have gotten a more consistent answer if you provided more details.  If you are looking to manage computers and av, etc... you could evalute Windows inTune, although I'm not sureif it is ready for Italy yet.  It is acloud based service to help manage user pc's and you could do it remotely.  It is pretty slick.

    http://www.microsoft.com/online/windows-intune.aspx

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please

    Tuesday, April 19, 2011 12:01 PM
  • ok so here is the full topology in order to better understand.
    After auditing the customer based on his request I have discover that the topology used is a Star like.
    They are 10 client PC running Windows 7 and 1 PC runing XP Pro.

    All PC's are connected in same WORKGROUP:
    The PC running XP Pro is hosting a centrized file database application dedicated to Lawers business. All client PC are sharing the folder where this application from XP pro is installed.

    The XP Pro machine act in a way as a server but is not a real server.

    All client PC + XP pro PC have direct access to Internet through the ISP router
    3 Client PC is sharing a USB printer with others
    Microsoft Essential is running on all client PC

    BUt the Worst thing I have seen, is that users have no knowledge at all of computers and are logged in administrator. So a huge gap in security exist

    This is the actuall situation at that customer which have been done by an other company and theire report me some real slow of network trafic time to time and unstability.

    So which to come to them with a more secure and reliable solution they can trust and at a cheap cost.

    here is the fact, so based on this fact some of you could describe me a small drawing on how the architecture could be done that would be great.

    regards

    serge


    Your knowledge is enhanced by that of others.
    Tuesday, April 19, 2011 12:18 PM
  • Hello,

    it is not a problem to use a single DC in a domain but the recommendation for redundancy and failover are 2 DC/DNS/GC per domain.

    WSUS do not require a domain and is free to download also for earlier OS versions.

    As Paul said Windows Intune is the "Cloud" WSUS, of course it cost some money and a bit management is required.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Tuesday, April 19, 2011 12:18 PM
  • As Pbbergs suggested, go for cloud solution or you can go for your own server solution, but both require some investments, if you want to minimize downtime. AD with single server is always a risk & i would not recommend. Workgroup can be the solution but management will have to be negotiated. AD solution is much better solution considering you introduce two DC's atleast.

     

    Regards


    Awinish Vishwakarma| MY Blog

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, April 19, 2011 1:36 PM
  • It is clear that if you listen Microsoft recomandation you will need one server per dedicated job sure.

    by knowing now the fact of the DC on a single Server, if I setup a scheduling backup of the server for instance duringthe night, in case of trouble I can always revover no ?

    regards

    serge


    Your knowledge is enhanced by that of others.
    Tuesday, April 19, 2011 2:25 PM
  • You can recover, yes.

    But imagine if you are unable to recover => all is lost.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Tuesday, April 19, 2011 2:37 PM
  • If same server is used for backup too then in case of Disk corruption, recovery would not be possible.

    If you take backup of the server data on other box that's too not going to be easy for reconfiguring AD using system state data can be time consuming too.

     

    Regards


    Awinish Vishwakarma| MY Blog

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, April 19, 2011 2:39 PM
  • unless I have previously backup the System state.

    At that time in case of big crash, I can restore my server from full backup
    Then restore the previous system state backup

    will it work like that ?


    Your knowledge is enhanced by that of others.
    Tuesday, April 19, 2011 3:34 PM
  • For AD, you need to perform forest recovery & that can be time consuming. Take a look at below.

    http://technet.microsoft.com/en-us/library/planning-active-directory-forest-recovery%28WS.10%29.aspx

    http://blogs.technet.com/b/janelewis/archive/2009/05/22/new-planning-for-active-directory-forest-recovery-guide-for-active-directory-2008-now-available-for-download.aspx

     

     

    Regards


    Awinish Vishwakarma| MY Blog

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, April 19, 2011 3:38 PM
  • If an organization's one and only server is lost, and their backups are also lost, then they must start over no matter what. I'm biased by the many customers I've seen recover after their one and only server died. In some cases their backup was corrupt and they started over. In most cases they were able to recover. Yes, there is risk, but I don't think the solution is a workgroup. I still see customers with only one DC.

     


    Richard Mueller - MVP Directory Services
    Tuesday, April 19, 2011 3:39 PM
  • unless I have previously backup the System state.

    At that time in case of big crash, I can restore my server from full backup
    Then restore the previous system state backup

    will it work like that ?


    Your knowledge is enhanced by that of others.

    You can recover but if there will be a problem with your backups, you will not be able to recover. So, you will take a risk.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

    Tuesday, April 19, 2011 3:44 PM
  • As you said richard, this is a small company with 10 people, no heavy configuration, no forest or at least teh default one, just FS and AD.
    My customer do not expect a 5 or 9 level of security..
    That s why I agreed with you , i have seen also customer with single DC.

    IF 2 DC an big crassh you will be any way in same situation as single DC, so we might enter in a never ending disussing if we talk about percentage of risk that 2 server goes down or a single one.

    Is everything is lost or damage wether you have 1, 2,3 dc your are at same level of trouble so....

    regards
    serge


    Your knowledge is enhanced by that of others.
    Tuesday, April 19, 2011 3:47 PM
  • You can run the environment with single DC too but for business continuity & reduce the downtime & meet SLA its been advisable not the mandate.

    If there is disaster complete city is wiped out. Still people are running with single server & all their info i.e SBS server.

    Just check the below article, why its not recommended to work with single DC(just for info).

    http://cbfive.com/blog/post/Unorthodox-Forest-Recovery.aspx

     

    Regards


    Awinish Vishwakarma| MY Blog

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, April 19, 2011 3:59 PM
  • Hello,

    please stick to:

    http://social.technet.microsoft.com/Forums/en/winserverDS/thread/e9e23d54-4c14-4ec9-b158-7351229ec1de


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Wednesday, April 20, 2011 10:52 AM