-1

Some context first: I've been maintaining a Windows server for an SME for the last 10 years; the company has changed size and shape over time (5 people in 1 office, then 10 people in 2 offices, now 15 people scattered around the world), leading to decreasing usage of our Win server:

  • Exchange: we started with our own Exchange server (ouch), and moved to a hosted Exchange solution (intermedia.net) 5 years ago (such a good idea)
  • File sharing: as the team spread (and most of us are frequently travelling), the use of a VPN to connect to our server became more and more painful, so we started using Dropbox as a complement 3 years ago. Now, I am thinking of moving the whole team to Dropbox for Business which has pretty compelling features (and some drawbacks).

However, our server still has some uses:

  • AD/authentification: it's not 100% essential, but keeping admin power away from users helps guaranteeing that all machines satisfy some specs (Antivirus ON, backup ON, login password ON etc.)
  • Network: basically DHCP and DNS for our LAN
  • Large file dump: I'm not sure DB (even with 1TB of data allocation) is adequate to store large (> 1GB) files such as: Outlook archives (PST), backups, ISOs (Win, Office...), HD movies.

So the question is: how can I (should I) completely get rid of my server and move everything "to the cloud"?

Now, I realise the very same question has been asked and answered here, but the question dates back to 2010 and the most recent answer to 2012, and much has changed in the Server vs. Cloud battle since then.

How would you approach the problem in 2014? More specifically, how would you handle these 2 problems (DNS and DHCP can be provided by my firewall device or a small Mac mini server):

  • Compliance with specs: I need all laptops to comply with a minimal set of rules at all time: use a strong login password, have our antivirus soft installed and running, have dropbox installed and running...
  • Large file dump: I would still need to have some NAS-like solution in our HQ office for a limited number of large files.

I'm looking for opinions based on experience mostly.

Thanks

Community
  • 1
Alexandre Halm
  • 99
  • 2

1 Answers1

2

I've previously answered a similar but not identical question here.

I think that you'll miss group policy. Especially with the compliance requirement. You can use something like Azure for authentication, but they say not to expect it to replace local group policy:

Do not expect Windows Azure Active Directory to be a replacement for on-premise Active Directory when it comes to authenticating, authorizing and applying Group Policy.

You can do without group policy for a small enough number of computers, but small tasks become huge. (Change password complexity policy on 5000 workstations. Without AD. Been there, done that. I used Altiris, not my bare hands, fortunately.)

If you're going to go without group policy, you might want to purchase some kind of management software, like Altiris Deployment Solution or LANdesk or Microsoft Intune. (Altiris and LANdesk require a server; Intune is cloud-based.)

Rather than recommend a particular one, I'd look for:

  • Remote software installation/scripting
  • Remote control/remote screen viewing

Optional in your case:

  • Reimaging. I've had trouble convincing some small shops that it's worthwhile to have this, because "we only have (5, 10, 15) machines and just buy them with the OS on." Then someone gets a hideous virus and rather than reimage someone gets out a pile of DVDs and rebuilds the machine from the ground up. I prefer to front-load that work and reuse it later, but it's up to you. It only works locally, so in your set up you might not be able to use it anyway.

Instead of management software, you could use things like psexec and Team Viewer/Logmein/etc. heavily. But something that has a client that forces your software installs is nicer. And having done it both ways, the management software with Group Policy is nicer than the management software without Group Policy. (Especially with laptops; I heard that it was "common knowledge" that if you connect your laptop to a former employer's network it'll reboot itself five or six times before you can use it.)

Community
  • 1
Katherine Villyard
  • 18,510
  • 4
  • 36
  • 59
  • 1
    Thanks, insightful and convincing. Looks like I'll keep my 2k8R2 licence and opt for a lighter server that runs just AD, and complement it with a small separate file server. – Alexandre Halm Dec 18 '14 at 10:19