MS Server build for 25 users

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
Jul 2, 2016
62
13
8
39
Iceland
Can you think of a good server (not too expensive) that would serve these tasks:

Domain controller, Malwarebytes endpoint security (still evaluating whether to use MS Server Essentials or MS Server Standard license).
Being able to have some central management of network of computers at a company (all documents stored in Google Drive). Around 25 users/computers (in workgroup today) using Windows 10 professional.

Mainly using these applications:
Office365 (using Office applications on their desktop), Google for work (using Gmail and Google Drive)
Several Autodesk AutoCAD users
Are implementing DynamicNav 365

Printer:
1 Konica Minolta c224e network printer

Networking Equipment:
50 Mbit fiber optic cable
Cisco 800 series router (rented by Vodafone)
Apple router (printer, pos system and cisco router connected to the router)
Planet 24 gsw2401 ports - Gigabit Ethernet switch

3CX IP PBX network installed on the old HP Compaq tower (would like to virtualize if possible)
 

vl1969

Active Member
Feb 5, 2014
634
76
28
may I ask, what is your projected budget and what exactly are you trying to centralise.
depending on your plans you need to think ahead for more than one server maybe.

1st. if you are moving to Domain from Workgroup plan for having at least 2 Domain controllers.
yes you can have one, but if the DC fails many thing will stop working and that means downtime.
so speaking in old slang you need PDC(primary Domain controller) and BDC(Backup Domain controller).
although today you simply have 2 or more Domain controller machine which setup to sync between each other. none of them actually classified as PDC or BDC nowadays. just DC1. DC2, DCn...

do you need a file server?
a DNS server?

I am not sure how the 3CX IP PBX works so no help here.
but if you plan to virtualise , what is your choice for hypervisor?

windows based / Linux based ? I assume windows based preferred, since you run office 365.
if so this is not cheap undertaking.

here is an example based on my recent(started last year and just finished this fall) update of the office setup.
we had several dedicated old servers running mixed soft. MS Server 2000, MS Server 2003, MS Server 2008 for DC (the youngest server was 5 years old.)
we got a CriptoLocker infestation on the network followed by File server raid failure all in a single year.

in the last 2 years after recovery from above mentioned disasters, we moved to
2 node Server 2012 R2 Hyper-V cluster setup with all the old servers and roles virtualized.
Hardware :
2x Dell PowerEdge 730dx servers
Plus reused rebuild 1x Dell PowerEdge 310 Server former Server 2008 DC

Software :
2 MS data center Server 2012 R2 licenses for cluster. this allows you unlimited Server 2012 VM per node.

setup:
a Hyper-Convergence Cluster using StarWind Free 2 node for shared storage. this allows you to use local storage from each server node to be used a SAN/NAS so no need for extra hardware.
FYI MS Server 2016 will make this setup obsolete as it has built in Storage spaces direct functionality which mimic the starwind functions.

on that, I run 2 DC VM one on each node.
a file server VM
an MS SQL server VM
and several single purpose VMs for various specific needs (you might be able to run your PBX software on it.)

however all that cost a bunch.

each Dell 730 was roughly $7500
your Server license will add to that at least another 1k or more. we had an MS assurance subscritpion so we could upgrade existing 2008 license on the cheap but YMMV

I am assuming "Cisco 800 " router is also a modem from Vodafone to connect your Fiber to Ethernet. is not a router per see even though it has functionality. so let it go.
now ditch the Apple router and get a real firewall like SonicWall or something. you can even build DIY using pfSense if you capable.
can not say anything about the switch, I am partial for Netgear but it is just my kink.
if the switch is old I say keep the replacement budget handy or bite the boulet and replace it now.
 

pricklypunter

Well-Known Member
Nov 10, 2015
1,708
515
113
Canada
To add to the above, if you are using or planning on using any kind of TDM card in your PBX setup, you might bump into a real latency issue by virtualising it. One way round that is to use an ATA of some sort rather than a TDM card, Cisco do several that are fine, but there are others :)
 

vl1969

Active Member
Feb 5, 2014
634
76
28
just to add to my last post a few things I forgot to mention.

#1. if you do plan to virtualise using cluster, make sure you get servers that have couple of 10GB nics in addition to 1GB nics. unless your Ethernet is 10GB now converting all infrastructure is no-go,
but you will need 10GB for fast sync and failover between nodes. I made that mistake in my setup as initially I only got single 730 server I skipped 10GB card. however StarWind really sucks on 1GB as it needs iSCSI for data sync, so I had to buy extra 10GB card for the first server when we decided to go with cluster setup and make sure I get the card in the new server as well.
the setup I have now is
2x730 servers that linked to main network via teamed 1GB cards (each server has 4 1GB nics by default )
and linked directly to each other via 2x10GB ports (an extra 2 port 10GB card)
in hind site , If I did my home work better before I would have had a 4 port 10 GB card ordered. yes it is more money but the speed would be worth it. for you, for 20-25 user it might not be as important.

also if getting new is not important for you(my bosses were very insistent on getting brand new hardware ) you can check out xByte for refurbs. save a few grands , why not.
 
  • Like
Reactions: abundantmussel
Jul 2, 2016
62
13
8
39
Iceland
Thank you for your reply´s. Just to clarify a little bit.

I don´t have a Real budget in mind , but this is a cloud centric company (so no File server on prem needed) , the users use Google Drie for their Fileshare.

My main focus is to have strengthened security for the Workstation machines (Malwarebytes endpoint secuirty setup on the server in case of ransomeware and have a real time scan on the machines).
I think having two Domain controllers is a overkill for this setup (i know it´s recommended but it has to make sense budget wise).
I want to implement Password policy's / lockdown policys and being able to script certain reapeated tasks. To deploy software to workstations would be ideal but not necessary.

I think i will setup a good Freenas Box to backup this server (and use a powershell script to backup the GPO objects in case of DC failure to the freenas server, in case i need to import them on another device).
I want to have a good reduncdancy on the hardware , dual everything in case of any hardware failure.
I would do a ADDS integration with the Freenas server mainly for backups (but might use it for other tasks/roles)
 

vl1969

Active Member
Feb 5, 2014
634
76
28
well I think a good Firewall in order ASAP.
now if you plan to dual everything, I say just get 2 servers and build a fail over Hyper-V cluster on MS server 2016 using the Share Spaces Direct. this will eliminate the need for extra SAN and give you ability to use the local storage from each server node instead. saving some money in the process.
once that is in place, you can actually run 2 DC VM, and what ever else you want, and if you do need file server alter 2016 have it built in, no extra steps needed.
 
  • Like
Reactions: Hjalti Atlason
Jul 2, 2016
62
13
8
39
Iceland
Thanks for the tip , i´ll look into this and do a little research before i implement the solution for this company.
I have two extra Deskto machines at home and MSDN license , so i can try out a Hyper-v cluster on server 2016 in a test lab)

Yeah Pfsense/Sonicwall sounds like a plan , i´m actually not the networking admin for this company but i will definitely let the CEO know about the options available . I walked into this company two days ago to advise them on a soultion that would work for their business and assist the CEO on making their life/business easier using the right solution.

This will not happen until January , but i might try to squeeze into the CEO's head to go for a new Firewall ASAP.
 

vl1969

Active Member
Feb 5, 2014
634
76
28
well we use SonicWall, I am not a network admin (well I kind of double in everything here, but I am stretching my limits too thin)
and was not up-to building my own. so SW was it. works good but our managing company (we outsource some IT stuff out but maybe next year I will bring most of it in-house) is too aggressive in filtering, it's annoying to hell and back.
if you good with Linux/BSD and know networking I say pfSense is a way to go. I am building pfSense machine for my home use as we speak.
but this is essential. maybe if we had SonicWall in place 2 years ago we might not have been hit with cryptolocker.
 

Jeff Robertson

Active Member
Oct 18, 2016
429
115
43
Chico, CA
I have a suggestion since I deal with this type of setup all the time. Without a budget this is just a shot in the dark of course. I would recommend a single HP or Dell server, I'm partial to HP myself and would recommend an ML350 G9 or DL380 G9. On that server I would recommend purchasing Server 2016 standard and loading it with two VMs. Make one of them a domain controller/dns/dhcp server and nothing else. Make the second VM a generic "apps" server and load up your virus software and any other software they need to function. In order to back all of this up I would seriously look into Altaro's backup software, it is cheap, reliable, and dead simple to set up. I usually run all of my backups to a small NAS from qnap or synology. The Altaro software also has the ability to run offsite backups on top of the normal backups which gives it some good flexibility. If you are worried about uptime I would recommend buying a second server, putting it in a different location and the run hyper-v replica (built into windows) to replicate the two VMs in near real time to the backup server. The backup server doesn't have to be as beefy as long as it is reasonably similar (hard drives instead of SSDs, a lower clocked CPU with the same amount of cores, etc). That simple config will get you up and running pretty darn quickly and won't break the bank. Good luck!
 
  • Like
Reactions: vl1969
Jul 2, 2016
62
13
8
39
Iceland
I´m thinking about this Supermicro Mini Tower and might pick another similar server if i do a hyper-v cluster.
I´m actually working with little space at this office (small server would be perfect).

1 X 2,5" 100 gb intel DC s3700 Enterprise series Sata SSD (for the Windows server os)
1 X 2,5" 300 gb intel DC s3700 Enterprise series Sata SSD (for the VHD files for the servers running on hyper-v)
32gb DDR4 PC4-1700 (2133 mhz) lrdimm Ecc registered RAM

Any thoughts ?

Supermicro.JPG
 

Jeff Robertson

Active Member
Oct 18, 2016
429
115
43
Chico, CA
That is a good server and would be perfect in a cluster. Standalone I might be a bit concerned about the single power supply. I would also consider using some sort of RAID if you are going to use a single server, just in case. If you are going to replace the router I would also look at something from the ubiquiti line, their edgerouters are very, very good and inexpensive. I've had quite a bit of experience with sonicwall and won't touch them unless forced to. Good luck!
 
  • Like
Reactions: Hjalti Atlason

Jeff Robertson

Active Member
Oct 18, 2016
429
115
43
Chico, CA
I forgot to mention your memory choice. While 32GB is probably plenty it is a quad channel system so using a single DIMM will limit the system to 25% of the bandwidth it's capable of. You might be better off with 4 8GB DIMMs instead, same amount of ram but it will be faster.
 

Net-Runner

Member
Feb 25, 2016
81
22
8
40
...setup:
a Hyper-Convergence Cluster using StarWind Free 2 node for shared storage. this allows you to use local storage from each server node to be used a SAN/NAS so no need for extra hardware.
FYI MS Server 2016 will make this setup obsolete as it has built in Storage spaces direct functionality which mimic the starwind functions...
It will and will not. There are still some points why we keep using starwinds instead of WS2016 S2D, especially on 2-node clusters. The first one is the redundancy. In the case of S2D, you have some kind of RAID10 over the network which means if you loose a drive in each host at the same moment - you will loose all your data. Starwind works on top of hardware RAID that results in less capacity but allows you to go nice AFA configurations building RAID51/61 over the network on flash which is awesome. Second is the performance which sucks in S2D software pseudo-raid compared to what a hardware RAID controller is capable of squeezing out of the drives you have. And pricing... yeah, at least $7k per host for datacenter license.

... StarWind really sucks on 1GB ...
It depends on your storage speed. If you need to mirror a couple of SATA drives 1 GbE should be more than enough. If the storage is faster, obviously it gets bottlenecked by the network. We have a test cluster that runs starwinds free version on top of 4 x SATA RAID10 drives and dual 1 GbE networks (one for management and iSCSI and the other one for synchronization) and it works like a charm.
 
  • Like
Reactions: Mr. Raspberry

vl1969

Active Member
Feb 5, 2014
634
76
28
It will and will not. There are still some points why we keep using starwinds instead of WS2016 S2D, especially on 2-node clusters. The first one is the redundancy. In the case of S2D, you have some kind of RAID10 over the network which means if you loose a drive in each host at the same moment - you will loose all your data. Starwind works on top of hardware RAID that results in less capacity but allows you to go nice AFA configurations building RAID51/61 over the network on flash which is awesome. Second is the performance which sucks in S2D software pseudo-raid compared to what a hardware RAID controller is capable of squeezing out of the drives you have. And pricing... yeah, at least $7k per host for datacenter license.



It depends on your storage speed. If you need to mirror a couple of SATA drives 1 GbE should be more than enough. If the storage is faster, obviously it gets bottlenecked by the network. We have a test cluster that runs starwinds free version on top of 4 x SATA RAID10 drives and dual 1 GbE networks (one for management and iSCSI and the other one for synchronization) and it works like a charm.
I am not overly good with all this network storage stuff etc...

but I do believe that nothing will stop you from using raided volumes with S2D just as nothing stopping you from suing the very same volumes with StarWind.
as for performance, I am not sure but can't be worst than StarWind. it all depends on your network backbone and other various factors, as always YMMV.

as for $7K pricing it will be the same for either setup, the type of the server license depends on your plans for the setup, whether you use S2D or not.
License level depends on how many VM you plan to run on a specific hardware set.
S2D available on any license Server 2016 SKU, you can use it or not but it is there.
now the licensing level depends on your virtualization needs.
if you plan on running more than 2 VMs on any node (clustered or not) you need licence to provide you with that many clients.
in clustered setup each node needs a licence to be able to run all VMs in the cluster that can be assigned to it.
i.e. if you have 3 node cluster where each node ,under normal condition , runs 6 VMs all nodes in the cluster need licensing to be able to run at least 9 VMs as you need to move the VMs to them in case of one node failure or maintenance. it might be cheaper over all to get a datacenter licence each planning for the future.
now in this case you will also need to add 2K-3K to the setup for StarWind licence where with Windows 2016 the functionality already there.
FYI: I am not arguing against StarWind, I am suing it myself.
but I run Windows 2012 R2 setup with 2 nodes and s2d was not actively available or advised to e used,at the time I had my cluster setuped. now on the other hand it seams to be ready.
 

vl1969

Active Member
Feb 5, 2014
634
76
28
Storage Spaces is on both editions but S2D is only a Datacenter feature.
oh my, I guess I missed that. the way MS toots the 2016 horn seams like it is available on all skus.
just checked the licensing breakdown page and you are right.
wll in this case I guess StarWind will be around for a while.
in my case I still can use it as I do have 2 DC licensed servers, with usable specs (2x6 cores CPU), running Hyper-V cluster. so I can upgrade and use S2D function in place of StarWind but some people may be outside the budget.
 

Net-Runner

Member
Feb 25, 2016
81
22
8
40
I do believe that nothing will stop you from using raided volumes with S2D just as nothing stopping you from suing the very same volumes with StarWind.
as for performance, I am not sure but can't be worst than StarWind. it all depends on your network backbone and other various factors, as always YMMV.
As already mentioned above you do need datacenter licensing, unfortunately. Furthermore, there is no way you can use S2D with raided volumes since it is not supported at all. You need a strictly non-RAID/SAS HBA controller or RAID controller in pass-through mode in order to run S2D. And that is the reason why the performance of it does suck compared to hardware RAID. That is also valid for VMware VSAN too. I've done a lot of benchmarking of these solutions and StarWind's overhead is only 10%-15% from what hardware actually can. S2D is far away from this, especially in real 60/30 mixed scenarios. That is why I believe MSFT shows only 90%-100% READ benchmarks in their marketing videos and materials which are crap :-(
 
  • Like
Reactions: Mr. Raspberry