A Fresh Windows Server Network Build

Question

I am about to start as the IT Administrator at a small-med size law firm. They have a couple of branch offices, with a main office of about 50 people. 200 users all up. Their IT systems setup at the moment is:

• 8 servers (server 2003, 2000 and a Linux box running a share drive)
• All computers running XP.
• Exchange 2003 with no mailbox limits
• All computers in a workgroup! No domain!

The 'IT guy' that has been looking after the network to date is a bit in over his head so they are giving him the chop and hiring me (woohoo!) I am starting a list of things to improve, and one that I will ask for is some new server hardware. I want to buy 2 servers to replace the fleet of 8 old ones.

Now for my actual question! I want to implement Citrix Xen Server and use this to host the following:

• Domain Controller
• Exchange Server
• Citrix Farm
• SAN (1TB should do it by the looks of things)
• And a backup device for it all

Please don't think that I am being lazy and just asking for someone to tell me what to get - I am looking into options for this. I would just like a bit of an open forum for combinations of what people thing would be the best gear.

Thank you for your time everyone!

Answer 1

I'm going to echo pcampbell here, but my tone is going to be even more grim and strong. Take it as "jaded early-30-something IT guy who thinks he has seen it all" talking, for what it's worth.

Walking in and asking to replace anything right out of the gate isn't a viable strategy. You need to have a very good understanging of what's there already before you attempt to even spec replacement infrastructure, let alone actually implementing it. I'll go out on a limb here and, brashly, suggest that you don't know as much about the needs of this business as you think you do. The comment you made re: "...can't wait to get my hands on a network of my own." speaks volumes. W/ no disrespect intended, I've been the contractor that follows-up these "grand re-architecting" efforts on several occasions, and usually I find that the new stuff is as much of a mess as whatever preceeded it.

I would put away any small, let alone grand, visions of replacement and start by documenting everything that's in place now. You need to understand the hardware, the software, and the business needs. You need to be able to keep things running as they are now while you make plans for improvement.

Here are the things that I'd tackle (with a nod to pcampbell for getting me started... I should've been reading Server Fault an hour ago instead of trying in vain to sleep):

• Top to bottom documentation of server computer hardware, operating system configuration, network infrastructure hardware and protocol configuration, physical topology, logical topology. No one besides you may ever read it, but you need to document it so that you understand it yourself.

• Identification of business-critical data and systems and planning steps to immediately insure that high-risk faulure modes (think servers w/o redundant disks, data that's not backed-up, etc) are mitigated ASAP. It's your butt on the line, once you take over, if things start failing. That's the last thing you need happening while you're still trying to "learn the ropes".

• Identification of the shortcomings, challenges, and inefficiencies in the current system. You can't know what to improve until you know what's wrong to begin with. This means interviewing users, reviewing past trouble ticket history, benchmarking, and digging to find out where time and money are being sunk in the current infrastructure.

• While you're doing all that, keep the current system running. You're going to learn a lot about what's going on there by dealing with day-to-day problems.

• Build rapport with the users, the executives, and any third-parties that you have to deal with. From your very first day you need to cultivate your image of being a trusted advisor. You need to take a personal stake and act in such a manner that it's clear to everyone that you're working in the best interests of the Firm, and not because you like playing with technology.

To speak to some practical matters:

Call me curmudgenly, but I'm going to stick my neck out re: your proposed "solution" and suggest that you're buying into virtualization because you perceive a cost savings in hardware that may or may not exist, and because you don't understand the potential performance hurdles (especially with database-based applications) that you could be running into. I've spent a year watching a Customer (who came to my Firm unexpectedly in an emergency situation) struggle with performance problems from a pair of very expensive Dell 6950 server computers and an iSCSI SAN. Their VMware ESX cluster that the last "IT person" put in during a fit of "grand rearchitecting" works, but some of their applications are performing poorly and they're finding out that a few "traditional" server computers w/ non-trendy, non-exciting features like RAID and DASD would have performed far better for less money for some of their needs. Somebody was sold a bill of goods, though, and now they're stick with a lot of cost sunk into an inflexibile infrastructure.

Here are some practical items that I'd go after, arranged in somewhat of a priority order... but only somewhat:

• I mentioned backup already-- that should be nearly first in your mind on day 1. Expanding to a larger view, though, what's the disaster recovery plan like? Does it even exist? Get a plan togeter, and get it tested. Interview the partners / owners and find out what their level of comfort is with spending money to deal with various kinds of disasters (loss of a server, loss of all the servers, etc). If there's any place that I don't feel guilty asking to spend money it's on disaster avoidance and recovery. 200 people losing their jobs because of an IT disaster sounds like a preventable tragedy to me.

• What's the redundancy model like for Active Directory? Are there multiple DC's? If not, get that straightened out ASAP. You need multiple DC's... period. They're cheap, cheap, cheap insurance and having a replica of AD around after a disaster makes for much easier recovery.

• Why aren't the client computers joined to the AD domain? Get them joined up. Get WSUS going for the client and server computers.

• What's the anti-virus like? Anti-spam? Internet filtering / monitoring? Firewalls? VPN's? Are users running as "Administrator"-level accounts on their PCs? What are password policies like? What kind of notification do you have for attempted intrusion, unauthorized access?

• What are the line-of-business applications? How well do they work? Can their performance / efficiency / availabiltiy be improved? What are the SLA's associated with these applications and availability? What are the vendor support relationships like? Can you recommend new applications in thei stead?

• What's performance like in the branch offices? How can it be improved if it's poor? What's the WAN connectivity? Is it cost-effective or are there better alternatives out there? Would server computers in the branch offices help or hinder?

• What does space usage look like on file servers? What is the space trend? Is data accessible and organized? How's the security with shared data (groups, permissions, etc)? How can you improve it?

• What does the stored email look like? What kind of concerns are there for archiving / retention / destruction of email? What's the size trending here? What are the SLA's the business would like to see for disaster-recovery in the event of email server failure? Secondarily, what kind of replacement / enhancements would you suggest to meet those SLA's (clustering, addt'l servers to spread the load, etc)?

• Are there specific pieces of server computer or network infrastructure hardware causing problemds with efficiency or security? Plan to replace / repurpose them.

• What kind of instrumentation exists to provide notifications of errors, outages, etc? Why aren't you getting e-mail or SMS notifications of things like disk failures, temperatures out of spec, services becoming unavailable? You should be proactively managing outages by preventing them or, at the very least, knowing about them before users do.

• What's the voice telephone infrastructure look like? Would unified messaging be a win? How does that tie into handheld computers / PDAs / wireless phones, if at all?

The list could go on and on. Replacement and retirement of infastructure happens as part of those items, but it isn't, to my mind, an item unto itself. No business buys IT for the sake of buying IT. You need to build a case for recommended replacements based on what the cusiness is going to realize in increased efficiency / productivity / revenue from the expense.

Answer 2

Find what the customers want and need. In this case, your customers are probably your CFO and your users. The CFO wants to keep the budget tight as possible, because hey, he thinks IT is a cost-centre, right? So you've got to be able to show ROI, or even better, cost savings. Think licenses, power, cooling, recovery time, reorg of printers, etc.

Answer the question: "By purchasing this new gear, and modifying the 'working' infrastructure, what is the business going to gain?"

Tackle the restore and backup strategy first. That safety net is most important, and you can only point the finger back at the last IT guy for so long. Once a server HDD crashes, the backup has got to be quick.

The users probably have a list of things they grumble about the 'IT guy'. When you are introducing yourself, ask questions like:

• "What kind of problems do you have on a day-to-day basis that you think I could help with?" Once users see that your ears are open, they'll let you know things you probably hadn't thought of. This right here can give you 6 months worth of work.
• Are they doing the Exchange/Outlook shared-calendaring?
• "Hey, did you know that you can print and physically post the Boardroom schedule each morning so that people know if the room is booked during the day?". Admin assistant types love that stuff.

Certainly there are problems when a company this size doesn't have a domain. Well they must, as they've got Exchange. Boggles the mind that users have Exchange accounts yet their machines aren't in the domain?

That sounds like a fun challenge, and good luck, and have fun!

Answer 3

Make sure you know all administrators passwords.

Answer 4

As there's no domain, your first job would be planning, deploying and trouble-shooting Active Directory - not something that needs a lot of new hardware.

Two servers seems like way too many eggs in one basket for 200 employees as well, you'll want to look at more hosts I'd say - at least three vm hosts and then a few bare-metal hosts for non-virtualized loads like at least one DC, a high-performing management server and some spares. The backup host might be better placed off-site or at least on another floor and depending on the infrastructure and backup device and strategy for off-site storage.

The SAN will be critical if you go with that plan so it needs to be well-tested and something you or a contractor can really prove will handle it and expand with the needs. Poorly chosen or implemented SANs are likely one of the more common performance problems today in smaller companies.

I'd also put more thought into this "and a backup device" bullet before I go switching out the main servers and storage. It should be more important to complete ^^

And yes, there are no good answers as the feedback you could get are basically what the work is all about figuring out in the first place - good luck, remember to have fun, always be nice and be very careful with the data. Business routines and work flows are usually more important to figure out before you can "improve" on anything using technology ^^