Windows SBS 2003 -> What next?

swinnie · 7 Feb 2015 at 14:54

Hi All,

I have been looking after a customer for around five years now, but only with developing and now maintaining their website and the odd bit of technical support on their desktops. They had a number of issues last year where they would be locked out of their server. I found that this was caused if the VPN Service was enabled on an old Dell Server running Windows 2003 Small Business Server.

They have approached me again to re-enable their remote access as this has now become a requirement again. My issue is that I didn't setup the box, and I feel they have been massively oversold as there are only 4 desktops in the business, and a laptop which access a shared drive. They are setup in a Windows AD Environment via SBS 2003.

What would you be tempted to do?

Their broadband is not the best, so Cloud Services are not where I think we should go. They also got burned very badly due to a now ex-employee was accessing all of their data via a Cloud Backup service they had.

What I am thinking of doing is putting them onto a simple workgroup type setup. Transfer all of the data to a Windows 7 Pro box and enable file sharing and install some VPN Software so that the Director can remotely access files from home.

Thanks all.

#Chri5# · 7 Feb 2015 at 15:17

If they are running SBS, are they using Exchange for e-mail / groupware?

Depending on e-mail requirements, I would consider migrating them to Server 2012 R2 Essentials. You could add Office 365 (or just the Exchange part of O365) for e-mail and that will integrate into Server Essentials. Obviously that means all internal e-mail is going via the broadband but on the other hand, it does mean that if their broadband goes down, they could access their e-mail from any Internet connection.

swinnie · 7 Feb 2015 at 15:23

No, their email is via Google Apps which I migrated them to a couple of years ago.

#Chri5# · 7 Feb 2015 at 15:51

If the PCs are already enrolled in the AD domain, I'd go to Essentials - would save having to mess with the user profiles. It's about £250+VAT for the license and something like Remote Web Access might fit the VPN requirements.

Stick that on something like a HP ML310 G8 or perhaps a Microserver (though the G8 Microserver isn't any cheaper than the ML310 so I'd take the bigger server which is easier to work inside).

Three USB HDs for backup using the built-in Server Backup or add Backup Assist for better management.

Caged · 7 Feb 2015 at 18:18

You need *something* to act as a directory just because it massively simplifies password and account management, so I still think AD is the way to go.

If you are sure the company is going to stay at around 4/5 people and you'd struggle to get a new server + software (and CALs if the server OS requires them) approved then you could probably get away with using the internal user directory on a Synology NAS and then tying other things into that via LDAP if you wanted to. This will also give you a decent remote file share viewing capability, and Dropbox-like features if you wanted to keep folders synced. Just know when the time comes to jump off the Synology train and go with something 'proper'.

I wouldn't have a Windows desktop running file shares.

jameshurrell · 7 Feb 2015 at 21:09

I'm moving a client off SBS2003 next week as it happens. It has worked well for them but time to move on. There are 4 workstations at the moment (there were originally 15) so I'm moving them back to workgroup... Not that much work to move their files etc to new local user profiles. I did consider Essentials, but I personally think AD is overkill for only 4 users.

They are getting a Synology DS214+ backed up to rotated USB drives and AWS S3 off site. I will create users on the Synology that are identical to the local user on each workstation. Mail will move to Office 365 as they are on FTTC. They never used the remote access capabilities of SBS, but if they need it I can enable the remote file browser on the Synology. The Synology will be plugged into their existing APC UPS. SharePoint was never used either.

Muffin` · 8 Feb 2015 at 10:26

jameshurrell said:
I'm moving a client off SBS2003 next week as it happens. It has worked well for them but time to move on. There are 4 workstations at the moment (there were originally 15) so I'm moving them back to workgroup... Not that much work to move their files etc to new local user profiles. I did consider Essentials, but I personally think AD is overkill for only 4 users.

They are getting a Synology DS214+ backed up to rotated USB drives and AWS S3 off site. I will create users on the Synology that are identical to the local user on each workstation. Mail will move to Office 365 as they are on FTTC. They never used the remote access capabilities of SBS, but if they need it I can enable the remote file browser on the Synology. The Synology will be plugged into their existing APC UPS. SharePoint was never used either.

If the Synology needs repairing, what will they use?

swinnie · 8 Feb 2015 at 11:00

#Chri5# said:
If the PCs are already enrolled in the AD domain, I'd go to Essentials - would save having to mess with the user profiles. It's about £250+VAT for the license and something like Remote Web Access might fit the VPN requirements.

Stick that on something like a HP ML310 G8 or perhaps a Microserver (though the G8 Microserver isn't any cheaper than the ML310 so I'd take the bigger server which is easier to work inside).

Three USB HDs for backup using the built-in Server Backup or add Backup Assist for better management.

There isn't a massive amount of data on their profiles, just a copy and paste of each users Documents, Pictures and their Outlook PST would be all that is required for three of them. As one machine isn't even on the domain.

Is the Windows Server 2012 licence you mention not the R2 version? As I note that is considerably more expensive...

The issue with this customer is they have left it far too late to let me know about this, and I have a week to deliver the solution as the Director needs remote access from Monday week due to a short stay in hospital. Also, they are always so focused on the cost. It took over a year to convince the Director that they needed to replace one of the laptops, and that only happened because it actually failed cue me having to go and get a laptop and get them back up and running.

Caged said:
You need *something* to act as a directory just because it massively simplifies password and account management, so I still think AD is the way to go.

If you are sure the company is going to stay at around 4/5 people and you'd struggle to get a new server + software (and CALs if the server OS requires them) approved then you could probably get away with using the internal user directory on a Synology NAS and then tying other things into that via LDAP if you wanted to. This will also give you a decent remote file share viewing capability, and Dropbox-like features if you wanted to keep folders synced. Just know when the time comes to jump off the Synology train and go with something 'proper'.

I wouldn't have a Windows desktop running file shares.

If it was for four users with the view on growing, then I think I would be all for another AD based solution. I'm a little wary of Synology type solutions.

jameshurrell said:
I'm moving a client off SBS2003 next week as it happens. It has worked well for them but time to move on. There are 4 workstations at the moment (there were originally 15) so I'm moving them back to workgroup... Not that much work to move their files etc to new local user profiles. I did consider Essentials, but I personally think AD is overkill for only 4 users.

They are getting a Synology DS214+ backed up to rotated USB drives and AWS S3 off site. I will create users on the Synology that are identical to the local user on each workstation. Mail will move to Office 365 as they are on FTTC. They never used the remote access capabilities of SBS, but if they need it I can enable the remote file browser on the Synology. The Synology will be plugged into their existing APC UPS. SharePoint was never used either.

What's the AWS S3 service like?

Muffin` said:
If the Synology needs repairing, what will they use?

That's my concern with Synology/Qnap type solutions.

----

However, just for instance, what would be your processes for replacing their SBS Server with a Server 2012 server. How easy is it to re-create the domain and have everything working smoothly again. 3 of the Desktops are Windows Vista, the PC is a Windows 7 Pro and the laptop used remotely is a Windows 8.1 which won't be added just remotely accessing the file shares.

#Chri5# · 8 Feb 2015 at 11:56

I gave up with peer-to-peer networks a long time ago - AD removes so much faffing with Workgroup settings, permissions and the like.

748919-B21 is the HP Reseller Option Kit (ROK) for 2012 R2 Essentials - £215+VAT (obviously can't link to it). If you want cheaper 2012 R2 Foundation (748920-B21) is £133+VAT and supports up to 15 users. As these are HP parts, they do look for an HP BIOS when installing. No doubt Dell etc have their own locked versions.

Build the new server, install Essentials. Join it to the existing AD domain, promote it to a DC which replicates the users. Move file shares over using the MS File Server Migration Toolkit. Move DHCP over to the new DC. Then you can decommission the SBS box - is Exchange still alive on it?

Alternatively, build Essentials as a new domain, create users & shares, drop the PCs out of the SBS domain, add to the Essentials domain and re-create profiles.

jameshurrell · 8 Feb 2015 at 20:14

Muffin` said:
If the Synology needs repairing, what will they use?

If it comes to it, next day delivery of another Synology (probably a one disk enclosure and restore backup data to it). They are aware of the lack of onsite support with the NAS.

They are such a small shop that they can probably do without files for a few days.

swinnie said:
What's the AWS S3 service like?

I've used it for a long while - Synologys and QNAPs have backup to AWS S3 built in. It's cheap and easy to use but the billing is a bit complex. Basically you pay for storage and for access (upload/download). I pay around $4 a month to store 70GB - this includes the access to the data from the NAS every night during the backup.

Caged · 8 Feb 2015 at 20:40

If all you're trying to give them is file sharing, "they can probably do without files for a few days" suggests that they also don't really do much collaboration stuff. Just get 4x Box.net business accounts and be done with it. They can pick the folders they want to sync, and then there's no sitting around waiting for remote access.

swinnie said:
If it was for four users with the view on growing, then I think I would be all for another AD based solution. I'm a little wary of Synology type solutions.

So am I, hence why the OP needs to make sure that the company isn't in danger of growing. If that can't be guaranteed or it looks like they might grow then push for AD.

swinnie · 8 Feb 2015 at 21:05

#Chri5# said:
I gave up with peer-to-peer networks a long time ago - AD removes so much faffing with Workgroup settings, permissions and the like.

748919-B21 is the HP Reseller Option Kit (ROK) for 2012 R2 Essentials - £215+VAT (obviously can't link to it). If you want cheaper 2012 R2 Foundation (748920-B21) is £133+VAT and supports up to 15 users. As these are HP parts, they do look for an HP BIOS when installing. No doubt Dell etc have their own locked versions.

Build the new server, install Essentials. Join it to the existing AD domain, promote it to a DC which replicates the users. Move file shares over using the MS File Server Migration Toolkit. Move DHCP over to the new DC. Then you can decommission the SBS box - is Exchange still alive on it?

Alternatively, build Essentials as a new domain, create users & shares, drop the PCs out of the SBS domain, add to the Essentials domain and re-create profiles.

I have downloaded an Essentials Evaluation version and it looks very straightforward, even having a built in "migration" assistant on setup. They literally have some users and a main file share which houses all of their data. Very little is stored within their local profiles.

I can only find G7 examples of the server; would you be able to Trust me some details of places to pick up the G8s?

jameshurrell said:
I've used it for a long while - Synologys and QNAPs have backup to AWS S3 built in. It's cheap and easy to use but the billing is a bit complex. Basically you pay for storage and for access (upload/download). I pay around $4 a month to store 70GB - this includes the access to the data from the NAS every night during the backup.

That sounds exceptionally cheap! Will have to do some more research in a quiet period around that as that may appeal to many of my customers.

Caged said:
So am I, hence why the OP needs to make sure that the company isn't in danger of growing. If that can't be guaranteed or it looks like they might grow then push for AD.

I'm reasonably sure that they are not planning on expanding. They are a small family outfit. But I will be putting that in my proposal for the options.

jameshurrell · 8 Feb 2015 at 21:06

Caged said:
If all you're trying to give them is file sharing, "they can probably do without files for a few days" suggests that they also don't really do much collaboration stuff. Just get 4x Box.net business accounts and be done with it. They can pick the folders they want to sync, and then there's no sitting around waiting for remote access.

Lots of ways to do this - and you could argue they all have good and bad points.

#Chri5# · 8 Feb 2015 at 21:39

Have sent you a message Swinnie.

One question that pops into my head - do they run anything like Sage Accounts?

Up until the 2015 version of Sage, network installs just needed a basic file share for the Sage data so the AccData folder would happily sit on a NAS. With 2015 you need to run a server side install on a Windows box as Line 50 requires some services to be running for the remote workstations to access Sage.

I don't have anything against NASs but a Windows Server is a much more open platform for a small business IMHO. My experience of SMBs is that what they want and envisage today can easily change in 6 to 12 months. A NAS might be cheaper initially but not if you have to replace it if they want to use some specific software.

Quartz · 8 Feb 2015 at 22:12

The big advantage of WSE2012 is that it backs up every workstation on the LAN. And you can put WSUS on it to reduce WAN data costs.

swinnie · 8 Feb 2015 at 23:15

#Chri5# said:
Have sent you a message Swinnie.

One question that pops into my head - do they run anything like Sage Accounts?

Up until the 2015 version of Sage, network installs just needed a basic file share for the Sage data so the AccData folder would happily sit on a NAS. With 2015 you need to run a server side install on a Windows box as Line 50 requires some services to be running for the remote workstations to access Sage.

I don't have anything against NASs but a Windows Server is a much more open platform for a small business IMHO. My experience of SMBs is that what they want and envisage today can easily change in 6 to 12 months. A NAS might be cheaper initially but not if you have to replace it if they want to use some specific software.

Chris, thanks - received and replied.

They do run Sage, but they are on a local install only on one machine. I have quite a bit of experience with Sage and network installs thankfully! But not an issue with this customer.

I don't have anything against NASs either, but I have yet to put one into a business. They are great for the "power" user, I look after a number of Enthusiast Photographers and the Synology units have been excellent for archiving etc. I am just dubious about installing them in a business setting for some reason.

Quartz said:
The big advantage of WSE2012 is that it backs up every workstation on the LAN. And you can put WSUS on it to reduce WAN data costs.

I didn't realise that WSUS was 'included' in Essentials, would have thought it was stripped out; good to hear!

jameshurrell · 9 Feb 2015 at 08:48

#Chri5# said:
Up until the 2015 version of Sage, network installs just needed a basic file share for the Sage data so the AccData folder would happily sit on a NAS. With 2015 you need to run a server side install on a Windows box as Line 50 requires some services to be running for the remote workstations to access Sage.

Yes, this is a pain in the rear for a lot of my clients running with the AccData on NAS's or on plain file shares.

swinnie · 9 Feb 2015 at 09:03

jameshurrell said:
Yes, this is a pain in the rear for a lot of my clients running with the AccData on NAS's or on plain file shares.

It always amazed me that QuickBooks required a "server" application on a machine whereas Sage would just happily sit in a flat file environment. Probably attempting to get more people on Sage Online...

Quartz · 9 Feb 2015 at 11:01

swinnie said:
I didn't realise that WSUS was 'included' in Essentials, would have thought it was stripped out; good to hear!

WSUS is not enabled by default, but is easy to install.

swinnie · 9 Feb 2015 at 21:45

Playing around with the Evaluation version on one of my HP Microservers and have installed Anywhere Access and attempting to connect to the VPN via my iPhone's Hotspot on my Laptop; but I can't get it to "stick" - does DHCP have to be running on the server as well?