Expand your knowledge on Windows Server 2012!

windows-server-2012-logoOkay, we know that you are probably upset that Windows Small Business Server is being retired.  Fortunately Windows Server 2012 R2 will do you well… but do you know everything you will ever need to know about Windows Server 2012 R2 for the SMB space? Probably not… but that’s okay, because we are here to help!  Microsoft Canada is offering a free webinar with a colleague of mine that will really help.

Join Sharon Bennett, Microsoft’s SMB Technology Advisor, to learn about the key benefits of Windows Server 2012.  Topics include:

  • How to upgrade from Windows Server 2003 to Windows Server 2012
  • SBS migration path
  • ROK – Reseller Option Kit
  • CALs – Client Access Licenses

Register early as spots are limited. You will also have a chance to receive an exciting giveaway during the webinar!

Date: Feb 24, 2014

Time: 2-3pm EST

Register here: https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032577602&Culture=en-CA&community=0

Best Practices About SMB IT

Last year I wrote an article called Virtualizing your Domain Controllers.  I called out some of the best practices from my own experience, as well as from conversations with hundreds of IT Pros around the world.  This week I received a very well thought-out response to that article from a reader named Andrew.  I set out to respond to him in the Comments section, then decided that the response needs its own article.

His comment (in full and unedited) reads as follows:

I don’t entirely agree with the advice here. It does sound a little like the person who wrote it has done too much reading and not enough network infrastructure. More than one dc? Really? Are you serious talking of a business of 25 people, running on a tight budget, that they spend 1000 or so on a server just to replicate? And what if the AD database becomes corrupt, this could be months before you notice, replication would have taken place and now you have to rebuild anyway. So no, nice advice, but in the real world, in a small business, one DC with system state backed up will suffice. Only run DC on a server? Are you serious? On the whole domain controllers don’t actually do a lot, they authenticate, replicate, but once the log on/log off process has taken place they sit there, till the next replication. wow! what a waste of resources! contrary to belief dhcp and dns don’t require a lot. And what if you virtualise the other roles anyway? You still have it all running on one system, so whether it’s virtualised or not the effect is the same. Snapshots are great, but if the mainboard fails the system fails – virtual or not.

I recently went in to rebuild a network than had one server running ad, dhcp, dns, file server etc for over 200 people. Not one person ever complained the network was slow – this server was running 4gb of ram! I simply added another server and shared resources. In this example I did replicate, and there’s the problem, I only have two servers both acting as dc’s, I have to put the other roles somewhere! – even if I have a san attached it will still run through the server.

More than one server is great. Replication is great. Virtualisation is great. But budgets come first.

Everything that Andrew says is true… for real-world SMALL businesses.  The problem is with what I call the SBSer Mindset, which I discussed in an article I wrote in 2007 (Why I am not an SBSer).  I can assure you I was not very popular in certain circles for that article, and if I had to rewrite it again today I likely would not.  However the basic premise holds true.

IT Best Practices are almost always deprecated in small- and midsized IT environments to the detriment of security and functionality in exchange for simplicity and usability.  I have been telling small business IT Pros for years that they should learn the enterprise best practices… even if they are not going to always implement them, they should know what they are. 

As silly as it may sound, you should know what the laws are before you break them,  By knowing what Enterprise Beast Practices are and how they benefit the environment you can then make an informed decision when you decide to break one of them… because you understand the reasons and consequences behind them.

I have been telling people for years that Enterprise Best Practices scale down a lot better (and more securely) than Small Business ‘Common Practices’ scale up.  As a small businesses grow it is easier for them to do so properly if the infrastructure was properly planned out… so if you have 200 users and think you might grow to 260 you should not use the standard 192.168.0.0/24 IP range.  Thinking outside the ‘small business’ may not be important for some, but it is if you want growth, security, high availability, and such.

When I said that “Your Domain Controllers should be just that… and not much else!” I was serious, but I also added a compromise in there; DNS and DHCP can easily co-exist on your DCs… especially in smaller organizations, but even in the Enterprise space DNS is a core requirement of Active Directory, and indeed the DNS Server role is installed automatically when you create a Domain Controller.  However by then expanding that to File Server role breaks a huge tenet of Enterprise Best Practice, that the only people who should be able to authenticate to a Domain Controller is a Domain Administrator.  By putting the File Server onto the DC you are automatically letting the entire organization authenticate to it.  Bad Bad Bad.

Andrew is right by the way… “…I recently went in to rebuild a network than had one server running ad, dhcp, dns, file server etc for over 200 people. Not one person ever complained the network was slow – this server was running 4gb of ram!”  I will not argue that the resources discussed will not have any effect on the speed of your network… but you will notice that if you leave all of your doors and windows open it is much quicker for you to get into your house.  Security does not mean speed.

Virtualization, of course, will allow you to solve a lot of these issues.  However he is right, there are replication issues and if you are not monitoring your domain you may not realize that one is down, or that replication is broken.  This is true… but it is also why it I important to have monitoring in place for your organization.  I am not saying that a small business should be implementing a complete System Center environment, but there are definitely monitoring tools available that will allow you to keep an eye on it… starting with the Server Manager Dashboard in Windows Server 2012

And what if the AD database becomes corrupt, this could be months before you notice, replication would have taken place and now you have to rebuild anyway.

Monitoring your environment is part and parcel of your job as a system administrator; no IT Pro should ever have to say ‘One component was broken for months and I didn’t notice.’  That should be a true RGE for an IT Pro.  It is a rookie mistake – monitor your environment and you will never have that problem.

Andrew is right… budgets are hugely important, more so to small businesses where every penny spent on IT means money out of the pocket of the business owner.  However balancing the budgets versus potential risks is important, and that is where proper planning comes into play.

It does sound a little like the person who wrote it has done too much reading and not enough network infrastructure.

My IT pedigree is well known, but I do acknowledge that I do much less SMB-IT than I used to, and definitely understand where you are coming from.  I hope that you are willing to acknowledge that at least some of my points are valid Winking smile

SMB 150: A Real Race!

Wow… I had no idea that I had so much influence on so many of you.  I want to thank you all from the bottom of my heart.  It is because of all of you that I am in a real fight for top spot in voting for the SMB 150 Awards for 2013.

As the voting stands right now, Carlos Fernando Paleo da Rocha (an SBS MVP from Brazil) and I are vying for the top spot.  While I have not seen him in a few years, I know Carlos and think he is a great guy.  If I were to come in behind him I would see absolutely no shame in that.

Now with that being said, it would still be incredible to be right at the top of that list… Even that likely does not guarantee me anything, because the judges take the list once the voting is closed and according to the rules their votes account for 60% of the final award.

I am going to ask all of you one more time to vote; you can vote once per day from any given IP address… that means that if you have 5 IP addresses (phones, tablets, etc…) you can vote for me five times per day! Smile  I appreciate your help and thank you in advance.

Please ask all of your friends and contacts to do the same… let’s show the SMB world that someone who speaks Enterprise can still be a top influencer for SMBs!

SMB 150: Nominated again!

Mitch Garvis

Mitch Garvis (Photo credit: Jean-Luc David)

Mitch Garvis

The last 18 months have been incredible.  Last April I was awarded one of the SMB 150 (SMB 150- Thank you for your votes!).  I was thrilled, and just disappointed that I couldn’t attend the award dinner.

This year I found out early that I was nominated again, and hope that you will take the time to vote for me again.  Last year you were allowed to vote for a candidate once per day, and I have no reason to think it would be different this year.  So I ask that you click on this link and then VOTE once every day, now through the day voting closes.

Thanks for your help… I hope I am still considered as influential this year as I was last year!