Here is the list of servers/services we will be running. As I mentioned before I would like to run one service per virtual server to have better control over things. Another reason to do it this way is if one of the server is overloaded or down, it doesn't affect other services.
Domain Controller, DNS, DHCP
SQL Server- Staff
SQL Server- Students
Office web apps
Backup and Restore
Admin Server(SNMP, Syslog)/
This list includes most of the services we will be needing thogh I might have missed something. Can others tell me what services they are running apart from these ones. One other thing I would like to know is if I should be running three separate exchange and file servers for admin, staff and students or just one will do the job fine. I visited a school and they had this for security and easy manageability. Just wondering if it is worth the effort.
Papercut it is best suited on your print server, no need to separate.
That method is also known as overkill unless you are dealing with tens of thousands of users, I'd compress the roles further like putting VPN and firewall/edge on the same server. I'd also concatenate the web application servers a bit like helpdesk and intranet etc. You could easily be investing hundreds of hours more unnecessarily over the lifetime of the setup.
We have just installed HP 2920 switches on the edge to go with our existing two 5406zl cores.
They are brand new and recommended by HP for BYOD.
Be careful as the minimum cabinet depth for these switches is 500mm... We also found out hat the 58B SX modules will work with 2920, we had already bought the 58C just as backup...
Thanks for the correction.
Originally Posted by ass17
Sorry for the very late reply. Got busy at work.
Originally Posted by SYNACK
I take your suggestions. So which other services will you concatenate? Would you also be able to suggest the server configuration I should be looking at for this?
I am actually a Cisco guy but happy to consider other options. How much different/difficult is the configuration on HP switches in comparison to Cisco?
Originally Posted by ass17
5406zl is modular, is that right? Would you be able to give me a bit more information on how many and what type of ports do you have on these. If you can tell me the approx. price you paid for these and the topology it would be even better.
Originally Posted by ass17
You need 2 or more Domain Controllers really, I'll recommend 3 just in case. File Server would be best on two different servers, using DFS, so if one reboots or has a problem, so other server will still be providing file access. Only problem two this, is you need more storage, cause a copy of each file, is stored on both servers
Are you housing "everything" in one location?
You need to consider carefully your 19" rack layouts, temperature control and UPS provision.
I'm not seeing why you need so many servers or why wireless isn't right up there at the top of your list. It's a real problem-solver.
@Sam_narula I am a ICT manager at a P-12 school in Victoria, Australia as well and went through a very similar upgrade cycle when I took over the role in late 2009. We have 75 staff, 550 students, over 400 college owned devices (Mac, PC, and iPad) and an iPad and BYOD program.
I have replaced nearly every system, both hardware and software in that timeframe. In 2009, many systems did not work very well at all, there was very limited WiFi, no working backups systems, and no remote possibility of a BYOD program being implemented. We had the virtually the same problems that you need to solve or worse and we have managed to do so for 99% of them (I won't say 100% because when does that ever happen in IT?? ;).
We are about to undergo our next upgrade cycle at the end of this year and I would be happy to share my experiences with you and even give you an onsite tour if you want. If I can save you some headaches I'd be willing to do so. The choices in our systems and service providers has been made after significant testing with the desire to have reliable, cutting edge, and integrated systems. and it has cost me a lot of blood, sweat, and tears to make that happen. Some of the systems (hardware and software) we use is the following:
- Sun (now Oracle) servers (x4170s): more expensive upfront, but fantastically reliable, high performance and very good support. Ensure you have plenty of RAM, at least 48GB and 2-3 servers.
- Sun Unified Storage Array for SAN (7110, moving to 7120 soon). Excellent performance, flexibility, and GUI. These had some initial problems when they were first out :( - but the initial issues were fixes and they are great units to build your VM infrastructure on top of. On the other hand, you might be able to get by without a SAN if you have 3 high quality VM hosts and excellent backup and DR processes.
- VMWare vSphere Essentials Plus: Good for up to 3 servers, which is more than adequate if you are specing up your servers as you should
- HP ProCurve switches throughout. We use mostly 2520G-24 (PoE) for edge with a couple of 2810s in a building we don't require PoE and for the DMZ and SAN switches where we also don't require PoE. Core switch is an older HP chassis model 5304xl that we will be upgrading in the near future and a 4208vl. The HP chassis switches are great for the core as they offer great flexibility and capacity as your needs change. Unlike your situation, we have 16 separate buildings, 16 switch cabinets, and 23 network switches, so a bit more complex.
- Watchguard firewall: Used these for over 6 years now at two companies. Great bang for the buck, including good multi-WAN and built-in VPN features.
- iBoss web filter: Easily the best web filter you have ever seen, and GREAT value. You won't see these very often in Oz and I had to order them direct from US at the time, but the support is fantastic and everyone I've ever demonstrated it to, including companies selling other filters admitted it was unbelievably good. It is more than BYOD ready, it makes BYOD successful.
- Ruckus WIFi: We have 24 APs (internal and external) across 16 buildings providing full coverage of the campus and 5 different SSIDs on 5 VLANs (web filtering tied to VLAN for WiFi networks by iBoss). I also investigated Aruba, Meru, Xirrus, Aerohive, and Cisco. If I had to do it over again, the only other provider I might consider any sort of contender to Ruckus is Aerohive, which was on my short,short list anyway. Ruckus wasn't the one I initially thought I would go with, until I tested it in our environment and saw how well it worked in the real world (Tom's Hardware agrees - http://www.tomshardware.com/reviews/...ckus,2390.html).
- VEEAM backup and replication: A must have if you are putting all your eggs in the VM basket.
- BackupAssist: We use this with an LTO tape drive to take more traditional backups. It is nix pensive, easy to setup, and just works. This and VEEAM have "saved our bacon" more than once.
- FreeNAS server for backup storage: you won't find a more cost effective and reliable solution IMO.
- FOG: it will take you a bit of initial setup time, but it is free and it blows Ghost away. Great performance too.
- Windows 2008R2, SQL Server 2008, Windows 7: I would stay away from Win8. It is not ready for a managed environment IMO. Go with Windows 7. It's proven, it works, and it's easy to manage. And I've been told that Server 2012 is a dog's breakfast by a server admin I trust. Maybe in a couple of years, but not now.
- Avast! SOHO: Relatively low cost, simple to setup and manage, just works, and is minimally intrusive. Combined with the AV scanning from Watchguard, and malware site detection on iBoss it provides a great level of protection. Previously used Sophos, but tired of their faulty upgrade to v10 that created issues for us and the botched updates that caused problems for many users (http://www.zdnet.com/sophos-antiviru...re-7000004565/). I used Avast! for several years elsewhere as well and it worked well. Of course there are some other good ones I'm sure, but Avast! Is the best I've personally used (I've used Trend Micro, CA, MacAfee, Symantec, AVG in the past as well).
- PRTG and Splunk: a couple of the best and easiest to setup and use monitoring and logging tools available for the $. Have proven priceless on several occasions.
Ping me if you want to know more.
And if you do use DFS, only in shared locations. Do not under any circumstance use them on roaming profiles or user home directories.
Originally Posted by pritchardavid
Great product, When I worked for a company in NZ we had so many parents asking for this type of filtering and I recommended it a lot.
Originally Posted by seawolf
You can use DFS for roaming profiles, you just have to make sure they're pointing to a single target.
Originally Posted by synaesthesia
You really do need more than 2 servers, yes you could run that many hosts on 2 servers but it's at its limit and if you had a server failure or were upgrading one of the servers, you wouldn't have the capacity to run all your VM's, so you should always go with 1 more server than you need. Also, you normally want you run the backup server as a physical server, especially if you are going to be backing up to tape.
For SANS, if you are going with Dell servers then I would go with a Dell Equallogic SAN.
Make sure your DC's are on Server 2012 as it's the only version that properly supports DC virtualisation.
Also have a serious think about disaster recovery and availability, think if you lost the server room to fire/flood/theft, what are the essential services the school would need and how quickly would they need them.