Domain/Server Upgrade Options

scottalanmiller

@Dashrender said in Domain/Server Upgrade Options:

@scottalanmiller said in Domain/Server Upgrade Options:

@Dashrender said in Domain/Server Upgrade Options:

Scott, Why do you recommend a product like nethServer, but not the NAS solutions that you roll yourself?

You mean that you DON'T roll yourself? Rolling your own is great. It's getting something like FreeNAS that is a problem.

The biggest issues are around statefulness. FreeNAS is hugeles stateful, Netserver is trivially so. A FreeNAS failure means bit time outage and likely data loss. A Nethserver outage is normally an inconvenience. Recreating storage by hand is essentially impossible. Recreating AD by hand is an annoying afternoon.

OK fine sure - but why not just use the native SAMBA tools in CentOS instead of using nethServer?

Same reason that people use a GUI on Windows.

MattSpeller

@JaredBusch said in Domain/Server Upgrade Options:

NethServer

Alright you bastards, I'll take it for a spin

0_1495660460577_upload-ccfb9dc7-ac46-4bf0-8522-870f04cd1c75

BRRABill

I guess at some level I am concerned instead of it being "FFS install and move on" it blows something up.

MattSpeller

@BRRABill said in Domain/Server Upgrade Options:

I guess at some level I am concerned instead of it being "FFS install and move on" it blows something up.

Ditto

I've heard a lot about it around here so I'm going to test it in a vm and see what the fuss is about

scottalanmiller

@BRRABill said in Domain/Server Upgrade Options:

I guess at some level I am concerned instead of it being "FFS install and move on" it blows something up.

Part of the issue with AD is that lots of things tie into it. If anything goes wrong, things fail.

If your need is AD only for file serving, and the thought is that you don't need LAN file serving any longer, then this is a complication, cost and risk that need not exist.

scottalanmiller

You CAN run two AD systems side by side, that's a pain but lower risk. But if you can avoid AD, you could, in theory, move everyone to NextCloud while still using AD and just shut down AD when you are done using it. No migration, just phase it out.

Dashrender

NextCloud requires either the use of a local sync client (not tenable for huge network shares) or web based file sharing. I think WebDav might work - but I'm not sure anyone here has gotten it to work.

I still haven't seen a good solution for traditional network shares.

Sharepoint integration in to MS Office is about the best option I can think of.

BRRABill

That's definitely an option. Just totally scrap AD and local storage and move everything to the cloud.

I mean, that's my ultimate goal ... maybe I just skip the middle steps and do that now.

Obsolesce

Because you're already on Windows, I'd probably narrow it down to two.

OPTION 1
Same plan as your option 1, everything on one VM (AD/DNS/DHCP), and file server on 2nd VM. Anything else, make Linux VMs... such as Nethserver if you want to make it really easy on yourself.

This option 1 is obviously a little more expensive because of the Server 2016 licensing cost, but you'll save yourself a TON of labor costs, as everything (AD/DNS/DHCP/FILE/etc) will be familiar and simple migration. It will work well with minimal configuration and be compatible with most likely all of your existing Applications and client PCs best.

You can keep your costs down if you can get away with only a single 2016 standard license + CALs, and deploy Linux VMs thereafter.

OPTION 2
Your option 3. Azure AD / cloud-only. This is something you can do in parallel and migrate to. But cloud hosting costs. If you already have hardware, perhaps option 1 is better.

scottalanmiller

@BRRABill said in Domain/Server Upgrade Options:

That's definitely an option. Just totally scrap AD and local storage and move everything to the cloud.

I mean, that's my ultimate goal ... maybe I just skip the middle steps and do that now.

Once you know it is the goal, then I think so. Start with "this is our goal" then decide what's on the path from here to there. I doubt "implementing other things" is really part of that path.

scottalanmiller

@Dashrender said in Domain/Server Upgrade Options:

NextCloud requires either the use of a local sync client (not tenable for huge network shares) or web based file sharing. I think WebDav might work - but I'm not sure anyone here has gotten it to work.

I use WebDAV. it's on a small scale, but I've not had issues.

coliver

@BRRABill said in Domain/Server Upgrade Options:

That's definitely an option. Just totally scrap AD and local storage and move everything to the cloud.

I mean, that's my ultimate goal ... maybe I just skip the middle steps and do that now.

I think since that's your ultimate goal why not move there now? It's not like the "cloud" is untenable or unusable there are very few downsides to going with a cloud based solution especially if you're just replacing some very basic task like authentication and file sharing.

coliver

@scottalanmiller said in Domain/Server Upgrade Options:

@Dashrender said in Domain/Server Upgrade Options:

NextCloud requires either the use of a local sync client (not tenable for huge network shares) or web based file sharing. I think WebDav might work - but I'm not sure anyone here has gotten it to work.

I use WebDAV. it's on a small scale, but I've not had issues.

When I was using OwnCloud I was doing it exclusively through WebDAV. Worked flawlessly on Windows and Linux once you got a valid SSL cert.

BRRABill

@coliver said in Domain/Server Upgrade Options:

@BRRABill said in Domain/Server Upgrade Options:

That's definitely an option. Just totally scrap AD and local storage and move everything to the cloud.

I mean, that's my ultimate goal ... maybe I just skip the middle steps and do that now.

I think since that's your ultimate goal why not move there now? It's not like the "cloud" is untenable or unusable there are very few downsides to going with a cloud based solution especially if you're just replacing some very basic task like authentication and file sharing.

The main issue, as is always discussed here, is how to give access to the files that are currently available on the network. We always seem to fight about syncing and sync programs and whatnot.

But it's definitely an option.

coliver

@BRRABill said in Domain/Server Upgrade Options:

@coliver said in Domain/Server Upgrade Options:

@BRRABill said in Domain/Server Upgrade Options:

That's definitely an option. Just totally scrap AD and local storage and move everything to the cloud.

I mean, that's my ultimate goal ... maybe I just skip the middle steps and do that now.

I think since that's your ultimate goal why not move there now? It's not like the "cloud" is untenable or unusable there are very few downsides to going with a cloud based solution especially if you're just replacing some very basic task like authentication and file sharing.

The main issue, as is always discussed here, is how to give access to the files that are currently available on the network. We always seem to fight about syncing and sync programs and whatnot.

But it's definitely an option.

Don't use sync programs? What kinds of files do you currently have stored and what does your business use most often. If it's just word documents? Then you can drop them into a Sharepoint site with versioning and it will natively integrate into Office and Outlook.

travisdh1

@Dashrender said in Domain/Server Upgrade Options:

NextCloud requires either the use of a local sync client (not tenable for huge network shares) or web based file sharing. I think WebDav might work - but I'm not sure anyone here has gotten it to work.

I got it working without to much fuss. Maybe I'll redo that and do another how-to post on it.

stacksofplates

I say use virt-builder to create a template and then sysprep and inject your SSH keys into it. Then clone that into your systems and have an orchestration tool build your servers. Once you have full IaC sit back and drink espresso.

Dashrender

@travisdh1 said in Domain/Server Upgrade Options:

@Dashrender said in Domain/Server Upgrade Options:

NextCloud requires either the use of a local sync client (not tenable for huge network shares) or web based file sharing. I think WebDav might work - but I'm not sure anyone here has gotten it to work.

I got it working without to much fuss. Maybe I'll redo that and do another how-to post on it.

But even if you do get it to work, this is still a horrible solution - because it's really no different than old SMB shares, whatever infects your machine can still encrypt all the data the user has write access to.

JaredBusch

@Dashrender said in Domain/Server Upgrade Options:

@travisdh1 said in Domain/Server Upgrade Options:

@Dashrender said in Domain/Server Upgrade Options:

NextCloud requires either the use of a local sync client (not tenable for huge network shares) or web based file sharing. I think WebDav might work - but I'm not sure anyone here has gotten it to work.

I got it working without to much fuss. Maybe I'll redo that and do another how-to post on it.

But even if you do get it to work, this is still a horrible solution - because it's really no different than old SMB shares, whatever infects your machine can still encrypt all the data the user has write access to.

You have a damned complex about this. Get over it.

The best solution technically is almost never the best solution for usability.

Yourjob is to balance those for the business need.