Cloud hosting Unifi controller
-
@JaredBusch said:
@thecreativeone91 said:
You really don't want extra applications running on Top of Domain Controllers.
I call BS on this. It is a waste of a VM to be DC only when you are a full windows shop. Running any kind of basic application on a DC hurts nothing and makes more efficient use of your licensing.
We run all of our DCs dedicated.
-
This is the offical Best Pratice related to DCs
these permitted applications and services should be comprised only of what is required for the computer to host AD DS and possibly DNS, plus any system security software such as antivirus software
It's quiet a big security issue with your DCs running other applications.
-
In a small shop, but only quite small, I'd be willing to double duty my DCs, but only with limited, first party services. DNS and DHCP obviously. But file serving for example. I think DC + FS is a common and sensible use of a license in a small shop if the other VM license needs to be used for something else. But things like databases and third party application serving I really never want to see combined on a DC.
-
@thecreativeone91 said:
these permitted applications and services should be comprised only of what is required for the computer to host AD DS and possibly DNS, plus any system security software such as antivirus software
Is that the Microsoft quote?
-
@scottalanmiller said:
@thecreativeone91 said:
these permitted applications and services should be comprised only of what is required for the computer to host AD DS and possibly DNS, plus any system security software such as antivirus software
Is that the Microsoft quote?
Yep
-
Best practice is most clearly to keep DCs separate. I think that there are good cases where it can make sense to combine some other tasks into that role, but the best practice is pretty clear. I think that the biggest issues start to arise around failover. If you have two DCs, the AD function will failover in one way. How do you then deal with other things running on one of the DCs?
If you only have a single DC this isn't a problem. And it is probably when you have only one that you are most likely to want to combine roles.
-
In a situation where you have a Datacenter license on your VM host, sure stand up an individual server for each process you need to support - but I don't. It's not worth $800+ to me to purchase another Windows license. That said - when things slow down in a few weeks (after the new building goes live), I'll probably just migrate this to a linux box.
-
@Dashrender said:
In a situation where you have a Datacenter license on your VM host, sure stand up an individual server for each process you need to support - but I don't. It's not worth $800+ to me to purchase another Windows license. That said - when things slow down in a few weeks (after the new building goes live), I'll probably just migrate this to a linux box.
$800+? You can get Server 2012 r2 Standard for around $700 which comes with 2 VOSE.
But, Really is $700 that much for security? When an application runs on your DC it has access to your whole AD/Global Catalog. That's the major issue. If buying another server licenses is too much then just do linux.
-
@Dashrender said:
It's not worth $800+ to me to purchase another Windows license. That said - when things slow down in a few weeks (after the new building goes live), I'll probably just migrate this to a linux box.
Who is giving you prices that high? $600 - $700 is more the normal range and that's two VMs.
-
Plus you don't necessarily need a Windows license for every VM. Once you are breaking things out there is more and more possibility that you will mix in other operating systems like Linux and FreeBSD that add discretion without licensing costs. Like for a dedicated application server or a database server, those are very popular UNIX roles.
-
@thecreativeone91 said:
@Dashrender said:
In a situation where you have a Datacenter license on your VM host, sure stand up an individual server for each process you need to support - but I don't. It's not worth $800+ to me to purchase another Windows license. That said - when things slow down in a few weeks (after the new building goes live), I'll probably just migrate this to a linux box.
$800+? You can get Server 2012 r2 Standard for around $700 which comes with 2 VOSE.
OK I pulled this number out of my ass, I haven't bought any licenses recently!
-
@thecreativeone91 said:
@Dashrender said:
In a situation where you have a Datacenter license on your VM host, sure stand up an individual server for each process you need to support - but I don't. It's not worth $800+ to me to purchase another Windows license. That said - when things slow down in a few weeks (after the new building goes live), I'll probably just migrate this to a linux box.
$800+? You can get Server 2012 r2 Standard for around $700 which comes with 2 VOSE.
But, Really is $700 that much for security? When an application runs on your DC it has access to your whole AD/Global Catalog. That's the major issue. If buying another server licenses is too much then just do linux.
No it doesn't. Not unless the app is running as a user who has more rights than is needed.
-
@scottalanmiller said:
Plus you don't necessarily need a Windows license for every VM. Once you are breaking things out there is more and more possibility that you will mix in other operating systems like Linux and FreeBSD that add discretion without licensing costs. Like for a dedicated application server or a database server, those are very popular UNIX roles.
Exactly - that's what I mentioned will probably happen when the move project is done.
-
@Dashrender said:
@thecreativeone91 said:
@Dashrender said:
In a situation where you have a Datacenter license on your VM host, sure stand up an individual server for each process you need to support - but I don't. It's not worth $800+ to me to purchase another Windows license. That said - when things slow down in a few weeks (after the new building goes live), I'll probably just migrate this to a linux box.
$800+? You can get Server 2012 r2 Standard for around $700 which comes with 2 VOSE.
But, Really is $700 that much for security? When an application runs on your DC it has access to your whole AD/Global Catalog. That's the major issue. If buying another server licenses is too much then just do linux.
No it doesn't. Not unless the app is running as a user who has more rights than is needed.
It doesn't matter what user it is running as on a DCs. It's still a major risk. Now I know not to be going to any doctors offices soon.
-
Just migrated my UniFi controller to a Ubuntu box today.
Chose Ubuntu because they have package updating for it. To go the CentOS route would require manual downloading and extracting of tar files.
Having problems with the UAP at one site not wanting to update and stay online.
Prior to migrating, I updated the Windows controller from 3.2.10 to 4.6.6 and updated all the AP's connected to it.
I downloaded the config backup from the existing controller GUI and then shut down the machine.
Then I spun up the new VM and restored the back on the first startup wizard screen. all up and happy.
