Setting up Windows Server 2019 in my small business

Question

I am very new to the networking world so excuse my illiteracy in this subject! I tried searching for answers but there isn't any definite answer out there that I was able to find.

I'm trying to setup Windows Server 2019 in my small business organization and would like to know what are the best practices to follow when installing AD, DC, DHCP, SQL Server.

What I have done currently:

1. Installed SQL Server 2019 on HyperV VM.
2. Configured/Promoted the host to the Active Directory Domain controller. (or should I have created a VM for this ? ).

I need to configure DHCP and File server as well. Should this be done on host or on a separate VM ?

Thanks in advance!

Answer 1

If you're saying you've installed a VM host machine, and now you're running VM guests on it, you should install all your services on the guests.

So if you've installed AD Domain Services on the VM host, remove it and install it on one of the guests. AD and DNS must co-exist. You may have DHCP on there as well, although this is really only recommended in a small environment.

SQL and file services should also generally be on different servers. However, again, if the organisation is very small and you're constrained with operating system license costs, you might consider SQL and file services on the same machine. Basically, I'm assuming you've only purchased a Windows Server Standard license, which allows you to deploy 2 VMs.

In that case, you should set SQL Max Server Memory to at least 4GB less than the physical memory allocated to the guest operating system. In theory, SQL does dynamic memory management by default, but in practice, it can take it a little time to free up memory for the OS if you're wanting to do something with a lot of files.

Partition the guest OS disk for SQL:

• Windows OS (ensure there's plenty of space for updates - no less than 60GB)
• page file (this does NOT have to be 2 x RAM or 1.5 x RAM or any other multiple of the memory size)
• a partition for the SQL instance and databases
• perhaps another partition for SQL backups
• a partition for the file shares

If it were an enterprise situation, you'd normally have partitions for SQL transaction logs, but it's probably overkill in this instance.

Answer 2

The recommendation from a security perspective would be to separate roles: Run only AD and DNS on one machine, run your SQL server on another, DHCP service on one, file services on yet another one, etc.

In reality you will likely need to balance best practices against your budget, which may require you to consolidate services somewhat.

Answer 3

There's a very practical reason to keep the Hyper-V host only as a host and spread the server roles across VMs: you can easily move and replicate VMs between hosts. That enables fast recovery and easy migration.

As Active Directory is an essential part of a Windows Domain, it's recommended to avoid installing anything else on domain controllers, just to ensure the operation of the AD domain. DNS and DHCP are quite simple roles that could reside on a domain controller. However, e.g. SQL and web services (IIS) are better to host on another VM. File sharing is something in between.

It's also recommended to have at least two domain controllers. The financial situation might obstruct from following best practices. E.g. having only one physical server and using Windows 2019 Standard (in comparison to Datacenter) licensing has its limitations, and while you have to face them, you are forced to make some compromises. However, it's wise to make choices that keeps it easier to move towards recommendations & best practices when you have better resources. One is not to use the Hyper-V host for anything else.