Hi (sorry for the long post)

We have an HP Proliant server, running Server2008 r2. All of the clients are Windows 10 or MacOS.

When we set the server up, we were running applications that needed port forward and lookups as well as a lot of data for about 25 users. Increasingly, we moved apps towards cloud based programs and storage.

We have a Cisco router provided with our BTNet leased line and the server sits behind a  Cisco 5505 firewall. The server does the DHCPing and has a very light load, but is probably due for replacement based on age alone.

It handles the DHCP for several critical devices such as PDQ machines, IP phones for all users; as well the client machines, WAPs and printers. Other than DHCP and DNS duties, we use it for folder redirection and roaming profiles, as well as group policy.

My concern is that although we’re really well covered with local and networked bare metal backups, if there was a permanent hardware failure other than hard drive, the backups would be not that useful and getting back up and running. We’re in retail, so would need to be back up and running quickly, really. We’re small and family run, so I am the IT department really…

I know absolutely nothing about VMWare. However, I’m wondering if getting hold of a new server, and running the server duties within a VM would allow me to swap the server duties to non-identical hardware and copy the VM across? I imagine the VM would fail because the hardware is different, but am I right?

I suspect it would fail which might mean I buy two cheaper servers, one redundant in the event of a failure, and swap the VMs across that way.

The router and firewall have an SLA with BT. Would I be better just buying one new server with a 4hr SLA for 5 years and just continue with the bare metal backups?

tldr: is the best solution for a new critical server simply buying one with a 4 hour SLA, and ensuring I have good backup solutions?

Has everything moved on so much in 8 years that I should speak to a professional?

By group policy do you mean that the server is a domain controller? That can be replaced by cloud active directory. The DHCP can be handled by a dedicated bit of hardware. Look at it that way you no longer appear.to need a server at all.

As good as virtualization is it’s another thing to learn that you may not need the headache of.

Yes, sorry, the server is a domain controller but performs few functions really. Haven’t looked a cloud AD, will now…

I think I think we may not need a server either.

However, I’m wondering if getting hold of a new server, and running the server duties within a VM would allow me to swap the server duties to non-identical hardware and copy the VM across? I imagine the VM would fail because the hardware is different, but am I right?

No.  That’s exactly how VMware works, the HDD image is a flat file, copy it over, job jobbed.  The “hardware” is VMware, it’s an abstraction layer between the OS and the real hardware.  The only issue you might see is moving between Intel and AMD CPU architectures.

If you buy vCenter rather that using free versions, you can even automate this.  One server dies, the other takes over.  Look into Fault Tolerance and High Availability features.  HA is incredible, you can power off a live server and the guest OS has a downtime of about half a second, it’s voodoo.

Realistically, what hardware is likely to die?   Running on a decent Proliant (what, DL360?), your primary source of failure is mechanical hard disks, and that’s what RAID is for.  I’m struggling to think of an instance I’ve seen in recent years of catastrophic hardware failure of a Proliant beyond HDDs.  It just doesn’t happen.

Oh, and,

If it is a DC then really you need two of them.  Whilst not ideal, you could run two guest VMs on one physical server.  If budget is a concern I’d be tempted to run one VM DC and one physical, even if the latter is on a cheap-ass PC just for redundancy.  If your AD dies you’re boned.

VMware’s great but it’s a bit overkill to have a local 2-server cluster (I’m assuming you’re talking about keeping the old physical server and using it alongside a new physical server?) running a single VM, you need shared storage as well to get HA benefits (you could do that fairly cheaply with a NAS + NFS share, performance shouldn’t be took much of a concern from the workload you describe).

I would just buy a second physical server and run it as a second domain controller, DNS would automatically be resilient then (assuming you updated your DHCP config) and DHCP you could make resilient but there’s not a lot of point (unless your non-Windows clients don’t function if they can’t contact a DHCP server, Windows clients will retain their last issued IP address so continue to work). If your non-Windows stuff must have DHCP connectivity I’d probably change them to static IPs anyway (assuming it were an option), it doesn’t sound like you’re a particularly big deployment or are very dynamic in your needs (Windows clients could still use DHCP so if you have people with laptops who come and go they’d be covered).

Given Windows 2008R2 is end of life this year you want to factor moving the servers and AD to 2016 at some point as well (much easier once the second domain controller is up).

Migrating AD to the cloud is another option but I’d def get an IT consultancy in for that as you need to be aware of the options, the downsides, whether to keep some on-premise stuff, costs (Azure and AWS are not actually that cheap for 24×7 running workloads).

Hyper-V will be your friend here. Buy two cheap physical servers. Set up Hyper-V and run a couple of virtual boxes on each.

One of the decent NAS boxes from either Synology or QNAP will do what you require as you’re a small-ish network.

The Synology mail-server appears to be marginally easier to set up for the part-time IT department. (One of my responsibilities at work too). I haven’t yet put the effort into learning the software for this on QNAP. Synology’s help on the web appears to be a bit better than that for QNAP but I haven’t had to do much more than file serving and media playback on their (QNAP) machine at home.

Thanks everybody

Cougar: that’s the easiest explanation of VMWare I’ve read – thank you.  It’s a DL380 G6, so more than up to the job, just aware that Server 2006 is going to be end of life soon and everything is getting old.

Shocked myself this morning looking at the prices on eBay for a refurb unit, I think I’ll buy one and get it configured as a back up – really cheap option should there be a failure…  The server room is pretty hot, 28-32 degrees with little cooling/ventilation so I suppose I’m irrationally thinking it’ll shorten life expectancy.

I see Windows Server 2016 Essentials comes with two licences, so essentially I could run one as the OS to install VMWare on, and then once licence for the VM itself. I don’t really have any experience (beyond uni 20 years ago) of UNIX, so I don’t think I’d stray from Microsoft now.  I don’t really know what I’m doing to any great depth, but can get by at least.

That way, I’d be covered by RAID/backups if there’s a HDD failure, could rely on swapping to a back up copy of the VM on the first server if there was a software failure and if worst case there was a motherboard failure for example, I could just copy the VM box across to the spare server box/OS and away I go…

Sandwich: I don’t really want to lose Group Policy enforcement, folder redirection and roaming profiles amongst other things. We use O365 so don’t need worry about mail servers on site.

Fuzzy, I was thinking about just running one server and one DC.  It’s under no great load…  There are about 25 phones/fax machines (remember them) running through BT Cloud Voice going in next week.  They are Polycom VX601, and I’m not sure they can be given static IPs, so I think having a backup DCHP server is a must for us.

Ultimately, if I had spare server hardware, VM copies and good backups, is there any need for a second DC?

Sorry, one more, are CAL licences enforced in Server 2016 – I know they weren’t in 2008? It’s suggested that every device handled by the DHCP needs a licence.  We have a lot on the network, about 70 devices not including phones/tablets – I can’t believe people are buying CAL for all of the small devices, PDQs and printers?

Either way, the thread has made me realise I need a bit of help.  None of you do consultancy in Newcastle, do you? 😉

We have BT cloud telephony. The servers are still on prem at the moment (until I kick them to the cloud). DHCP is being provided by a Draytek Vigor firewall/router. If the DC (and secondary) dies then we will loose AD but connectivity will remain. Getting rid of our exchange box is my first concern as its a bastard if anything goes wrong (sounds like you’ve already taken that step).

Do you ‘really’ need roaming profiles and folder redirection etc. If everything is properly in the cloud this becomes a non-issue as its all linked to the users cloud credentials. My wife’s (very large IT company) employer works this way. They have spare laptops in the building. If you don’t have you laptop or it has an issue you just sign one out and carry on as normal (as absolutely everything is in the cloud).

Ultimately, if I had spare server hardware, VM copies and good backups, is there any need for a second DC?

Strictly no but personally I would always have at least two domain controllers in a domain, things can get in a mess quickly if your only DC goes down and you rely on restoring from backup. Not just under-the-hood stuff such a secure channels to clients getting messed up but things like what if your backup solution relies on AD (or at least DNS)?

DHCP in server 2012 and above is much improved (in terms of how you do resilience), no more of the split scope crap required

Not actually done much in 2016 myself yet but I’d highly doubt the CAL is enforced to a point any DHCP client requires an issued to CAL to work.

Bear in mind 2016 switches to per core licensing for physical servers (away from per CPU licensing) but not sure about the Essentials edition. Unlikely it will trip you up for a small server but just double check the total cores you need to licence.

You don’t install VMware onto a Microsoft OS. VMware IS the OS. What you are thinking of is Hyper-V. You can create two virtual servers on each physical server with he same licence.

Thinking about this thread a little more you really need to define what your RPO and RTO are before you start designing and spending money on kit. You may find that for your business, 24 or even 48 hours is acceptable. What will happen if your server crashes? What services will you loose and what will the effect be on the business?

I see Windows Server 2016 Essentials comes with two licences, so essentially I could run one as the OS to install VMWare on

You don’t install VMware onto Windows*, you install it onto the bare metal.  It’s an operating system** in its own right.

(* – well, you can, but you’d be daft to.)

(** – technically a “hypervisor”.)

If you want a simple solution in a box, consider ShadowProtect, you can imagine the server every 15 mins and even launch it on dissimilar hardware.

We’ve used it in business critical situations like this, imagine into a back-up server, or even a pokey PC as a ‘lifeboat server’ – if we pull out all the stops we can have it up and running in 20 mins or so from a hardware failure.

It’s a lot less ‘head ****’ than VM and is great for lost files etc.

What you are thinking of is Hyper-V

Yes and no. Hyper-V can also run as a bare metal version (Hyper-V server).

Hyper-V is still a type 1 hypervisor even when installed as a roll. It does something really clever when installing the roll and installs itself as a baremetal hypervisor and moves the management OS to a VM.

Make a list of the roles that are critical and supplied by the current machine.

The 5505 can serve as a DHCP server (it can do DNS forwarding as well but you might as well just let your DC managed that)

If you’re using O365 why are you still using redirected folders? OneDrive is pretty awesome for small businesses, then you can just let your backups slide, it even has some decent version history. Infact, if you’re running O365 I’d just hand all that off to MS and use Azure AD with Azure DNS in a private zone.

Server essentials only comes with one license (as far as i am aware) which can be used for 25 users / 50 devices. If your phones / fax machines aren’t touching the server then they won’t count towards the licenses. What you are allowed to do with Essentials is run an install with only the Hyper-V roll installed which is effectively only used for managing the hypervisor. You then create a VM running Essentials and have that as your DC etc.

If you are looking at doing it yourself then if you’ve got a spare computer you can download a free trial of Server 2016 Essentials. Install it and have a play. Install the hyper-v role, create a VM etc. You can then see the downsides and benefits yourself. Things like having to update two operating systems instead of one etc. You could go as far as creating a little lab and testing Hyper-V replica etc.

Also you may want to wait for Server 2019 instead of buying Server 2016 now. It’s meant to be released this October.

I am in a similar situation to you and have about 5 VM’s running on a single server with Server Essentials 2012 R2 acting as the DHCP server and AD domain controller. Having a single AD controller isn’t best practice but it works for us.

Having a single AD controller isn’t best practice but it works for us.

It works now, but you’ll have a Bad Day if it ever fails.

I’m liking @scaled’s suggestions.

Exactly, SME; I would be looking through a list of things I wanted to do with a computer and trying to find cloud services for all of them.

Christ, the fact I didn’t know that VMWare was its own bare metal OS probably is enough to convince anybody that I should bring an expert in.

We use roaming profiles and folder redirection because a lot of users still save a lot to their desktop, files as well as browser shortcuts. No amount of staff training/pleading appears to change this.

We’re trying to get all staff to be more diligent where they save their files, but I still regularly see them using O365 apps logged in locally, rather than their account. It wouldn’t be the end of the world to lose both though, it might rip the bandage off.

They’ve all got LastPass now so they are getting better at using it to remember urls and details, if I could specify which browser for which saved credential in LP it would be amazing…

Anyway, will look at VMWare as a bare metal install with Server 2016/19 on top. I’ll have a spare machine ready I can plug into and run the shadow in the event of a total machine loss…

The phones/fax/printers are all IP based, so do touch the server, I’ll look into licences.

if I was better, I’d look into running a second DC within a second VM, but I suspect that’ll be beyond me. What’s the version of VMWare I need as a bare metal OS, just Workstation?

Thanks so much everybody, big help 🙂

Forget about VMware. You are paying for the OS and then server 2016 on top of that.

Or, you could buy server2016 and run Hyper-V with a couple of vm`s at no extra costs.

Does anyone actually share any files? It sounds like they all save them locally and no-one else has acess? I would question if you actually need a server at all.

This is one of those times where a £500 a day contractor could save you money…

Forget about VMware. You are paying for the OS

The base edition is free.

What’s the version of VMWare I need as a bare metal OS, just Workstation?

ESXi.

We use roaming profiles and folder redirection because a lot of users still save a lot to their desktop, files as well as browser shortcuts. No amount of staff training/pleading appears to change this.

Then they’re idiots.  “Sorry, you’ve lost everything.  Oh dear, how sad, never mind.”

What’s the version of VMWare I need as a bare metal OS, just Workstation?

vSphere Hypervisor

Ah yeah, I forgot they renamed it ages ago, it’s still ESXi to anyone I know who works with it. (-:

Interesting read: https://www.altaro.com/vmware/esxi-free/

Still remember being at VMWare HQ in Frimley on a cushy corporate day out the office in the days of, I think ESX 2, and watching them demo HA by streaming a video of a car on the Nürburgring and bricking the server. It switched to the DR with nary a flicker in the playback.

Thankfully the room was well carpeted as you could hear everyone’s jaws dropping.

It really is voodoo.

If they are saving stuff locally then can you not stop them using the group policy? Browser short cuts will roam via the browser account (in chrome an Firefox).

Our main sticking point for having a server is source management but I’m now wishing I’d pushed it into the cloud version rather than on premises as the management is onerous.

Still remember being at VMWare HQ in Frimley on a cushy corporate day out the office in the days of, I think ESX 2, and watching them demo HA by streaming a video of a car on the Nürburgring and bricking the server. It switched to the DR with nary a flicker in the playback.

Thankfully the room was well carpeted as you could hear everyone’s jaws dropping.

My earliest experience of ESXi was 3.5, but yeah.  They did a similar thing on the VMware 5 course I went on and the silence in the room was deafening.  A dozen people all internally went “wait… what?”

If they are saving stuff locally then can you not stop them using the group policy? Browser short cuts will roam via the browser account (in chrome an Firefox).

I could, and probably will, but it’s how they like to work and I’ve always been a fan of trying to build something around how they want it to work for them if possible. It might be time to move away from that model though.

We use all browsers for different sites, the main portal on one site still needs IE and one of the CRM packages we use (and are tied to) uses .net through IE too.  Roaming/redirection has worked well (albeit with some restrictions).

The printer supplies are managed by a program which sits server side, I like many little policies in group policy and I like the server handling MS updates for the clients.

So much has moved to the cloud: the management system we use, accounts, payroll, storage, and the Avaya IP Office software used to sit on there, and there was a network tap for voice/call recording.  All gone this year.

It’s what I’m used to though (having a server) so I’ll stick with it.

I like the idea of it sitting the next server up on VMWare a lot, so I guess the next step is finding somebody who can come in and set it up, and swap it all across rather than me **** about with something that I’ll need to spend some time reading up on.  Ultimately, this thread has shown just how limited my IT really is, and I need to get somebody in.

I’m in Newcastle, so if anybody has any recommendations then I’d be grateful for them…

Y’know, if nothing else, why not just snag a donor PC and try it.  Setting up a standalone VMware host is a piece of piss, and you can migrate P2V (physical to virtual) existing servers with the freeware Converter from VMware.  (Obviously, you don’t want to have both on the same network at the same time, that would be Bad…)

Even if ultimately you get someone to set it all up for you, it’ll be good practice for when you have to look after it.

^^ This.

VMware host setup is easy, P2V your servers using their easy to use GUI tool and give it a spin. Even if nothing comes of it it’s another line on your CV and good fun. Plus it is Voodoo magic!

I’ve also used Oracle VirtualBox which is a lot less hardware dependent than VMware (or at least used to be) and runs on top of Windows OS (rather than as a hypervisor, hence less HW dependent) to give you a quick and easy feel for virtualisation.

It’s what I used to use at home for when the offshore “Microsoft support calls” came through telling me they had detected an issue with my PC.

I’d spin up the VM, waste up to 3 hours of their time, then laugh (manically while stroking a white cat on my lap) as I explained to them that while they were on my PC screwing me over and trying to extort money, it was actually a VM and I would power it off and go back to my base image.

Yeah, I don’t get out much.

I’m a VMware tech architect but I’m struggling to see the advantage here of going with VMware over Hyper-V, it just adds another product in the mix. ESXi free has a load of limitations (you’d be best looking off looking at Essentials bundles) and VMware support/maintenance is expensive (assuming you want that safety net). Hyper-V 2016 is a huge improvement over the 2008-era stuff and if you’re looking at moving more to the cloud in the future (assuming you go with Azure) then a lot of Hyper-V knowledge translates well to that.

a lot of Hyper-V knowledge translates well to that.

As long as you’re only spinning up Gen1 VMs in Hyper-V (seriously, if you’re considering a migration to Azure in the future, don’t use Gen2s in Hyper-V)

From the sounds of it you really want something to play with, sign yourself up with an Azure account and have a dick about with the free money on there, it will blow your mind.

I know i’m coming across as a bit of an Azure evangelist here but sometimes it’s the right tool for the job. I also have a huge VMWare estate with fancy multi site block level SRM.

We’re trying to get all staff to be more diligent where they save their files, but I still regularly see them using O365 apps logged in locally, rather than their account.

You can provision the Windows domain account to be set up with OneDrive set to the default Documents, Pictures folders. Typically users will just save from Word etc to whatever it defaults to, e.g. My Documents, and that will get a OneDrive sync (assuming OneDrive app installed). At least it’s in the cloud then and doesn’t matter so much what account the app is signed into. Getting users to store in the relevant SharePoint (shudders!) folders for shared work is more tricky.

Have managed VMWare based vBlocks and FlexPods in the past and have a long lapsed VCP – agree with scaled here. Using a ESXi shim to abstract with no experience and no real idea of possible downsides probably isn’t best Hyper V will do all you need and be a shallower learning curve. That said, I’ve seen it done and it can work perfectly well, so you pays your money (or not..)….

Assuming you don’t want to go Azure/o365 (which you should give a bit of time too, and implications thereof)..

As you’ll be buying new tin anyway buy it with ooples of RAM and storage, migrate the existing hardware across to it as a guest Hyper V VM – you could then format the old server, reinstall with as current a version of Windows as you can and make it a second DC (I also agree 1 copy of AD is not great, and try to avoid it as much as possible .. losing that would really ruin your week). If you can really only run 1 server physically, licence another VM to run a second DC on the same box. Better than nothing.

watching them demo HA by streaming a video of a car on the Nürburgring and bricking the server. It switched to the DR with nary a flicker in the playback.

That wasn’t HA – there must have been some streaming server clustering trickery. HA just spots the server has coughed it and attempts to restart, often on a new piece of tin in the cluster so you’d see a reboot break

That wasn’t HA – there must have been some streaming server clustering trickery. HA just spots the server has coughed it and attempts to restart, often on a new piece of tin in the cluster so you’d see a reboot break

That’s Fault Tolerance.  (Unless I’ve got the two mixed up – two different features, one spins up a new VM, the other already has.)