+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Windows Thread, Server Roles in Technical; Does anyone have a best practice or guidelines on server role allocation. Starting to look at planning our new virtual ...
  1. #1

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,286
    Thank Post
    225
    Thanked 405 Times in 302 Posts
    Rep Power
    162

    Server Roles

    Does anyone have a best practice or guidelines on server role allocation.

    Starting to look at planning our new virtual environment and had the realisation that I'm not really restricted as before to how many servers I have to play with. Obviously I don't want to go over board but I have the luxury of separating out roles.

    My current thoughts are to have:
    - domain services server (DNS, DHCP, FSMO, RADIUS)
    - user server (profiles, home areas. shares)
    - SIMS
    - Exchange
    - AntiVirus + Printers + network services
    - IIS Web server
    - Apache Web server

    Things I'm thunking:
    - Will having all users and shares on one server cause problems, should they be spread out?
    - Would a secondary domain services server be a good idea for fail over even though we have Virtual failover?
    - Would a dedicated printer server be a good choice or a waste?

    Any thoughts, links or other ideas?

    Ta

  2. #2

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,942
    Thank Post
    862
    Thanked 1,442 Times in 991 Posts
    Blog Entries
    47
    Rep Power
    616
    I would think that, given the light footprint of DCs, it's worth having an extra DC in case of software failure, not just hardware.

    I'm intending on having a separate print server but that's mostly because I'm not getting round to my file server for a while yet and I want the old physical print server out of the way sooner rather than later. I suppose it'd be easy enough to merge it back into the file server later, seeing as the role is more or less combined in the OS anyway...

  3. Thanks to sonofsanta from:

    TechMonkey (28th February 2012)

  4. #3
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,762
    Thank Post
    897
    Thanked 416 Times in 350 Posts
    Blog Entries
    12
    Rep Power
    86
    I would separate profiles from the file server or just remove profiles all together.

    Get rid of the exchange server, its pointless these days with live@edu/google apps available for free for schools.

    As already said get a 2nd DC but I would be careful about virtualizing it. Personally I still like physical boxes for DC's.

    I would also setup a 2nd file server, just to replicate whats on the main fileserver. This means you never have to worry about that going down. Just setup a robocopy or manually back up to it all the time.
    Last edited by zag; 28th February 2012 at 11:11 AM.

  5. Thanks to zag from:

    TechMonkey (28th February 2012)

  6. #4

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,286
    Thank Post
    225
    Thanked 405 Times in 302 Posts
    Rep Power
    162
    @zag by no profiles do you mean mandatory profiles?

    Think we will stick with an internal mail server for now. Just because I really can't be tinkering with too many changes all at once!! We have a large SAN so no worries about needing to replicate file server.

    But good points. Ta both.

  7. #5

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,942
    Thank Post
    862
    Thanked 1,442 Times in 991 Posts
    Blog Entries
    47
    Rep Power
    616
    Quote Originally Posted by zag View Post
    As already said get a 2nd DC but I would be careful about virtualizing it. Personally I still like physical boxes for DC's.
    Ah yes - missed the fact that your first planned DC is virtual already as mine is physical and my backup will be virtual... worth having a DC outside the virtual infrastructure to remove the SPOF there, a cheap and cheerful rack server will do the job, E5606 and 4Gb of RAM in a DL160 or similar with local storage. Just one more layer of resiliency to your design.

  8. Thanks to sonofsanta from:

    TechMonkey (28th February 2012)

  9. #6

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,712
    Thank Post
    144
    Thanked 548 Times in 492 Posts
    Rep Power
    149
    Quote Originally Posted by zag View Post
    Just setup a robocopy or manually back up to it all the time.
    Agreed on spreading the load, but we use DFS-R for this (no scripts needed, redundancy then possible).

  10. Thanks to 3s-gtech from:

    TechMonkey (28th February 2012)

  11. #7

    Join Date
    Sep 2010
    Posts
    228
    Thank Post
    3
    Thanked 36 Times in 33 Posts
    Rep Power
    15
    No WSUS server? How do you push out microsoft updates?

    "Will having all users and shares on one server cause problems, should they be spread out?" - It's the disk access thats the killer if you are running a lot of apps / media from the server but you later say your using a SAN? so I cant see it making any difference.
    Last edited by ToyHeartsFan; 28th February 2012 at 12:37 PM. Reason: typo

  12. Thanks to ToyHeartsFan from:

    TechMonkey (28th February 2012)

  13. #8
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,457
    Thank Post
    349
    Thanked 255 Times in 210 Posts
    Rep Power
    98
    Quote Originally Posted by TechMonkey View Post
    Things I'm thunking:
    - Will having all users and shares on one server cause problems, should they be spread out?
    - Would a secondary domain services server be a good idea for fail over even though we have Virtual failover?
    - Would a dedicated printer server be a good choice or a waste?

    Any thoughts, links or other ideas?

    Ta
    First off: lol @ thunking

    Depends entirely on how you do your profiles, personally with around 95% of my users on mandatory profiles i have the profiles on a DFS-R share between our DCs (of which we have 8 - 1 per building and a backup to the pdc, and one for the wireless vlan, the clients in each building then pull from their local dc) EDIT: if you meant users STOREs rather than profiles, then no should be fine having them all on one server, that comes down to your network storage solution as to what you do with that though.

    yes to secondary domain services, always good to have a failover in this respect.

    No need to dedicate a whole server purely to printing, it should be fine sharing AV etc. Wouldn't give it any heavily resource hungry services though just in case.

  14. Thanks to mrbios from:

    TechMonkey (28th February 2012)

  15. #9

    Join Date
    Jan 2011
    Posts
    21
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I would also agree to the 2nd DC. I have 3 as a just in case. Apart from that I have pretyy much the same breakdown.

  16. #10

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,286
    Thank Post
    225
    Thanked 405 Times in 302 Posts
    Rep Power
    162
    Thanks again all.

    WSUS - We are going to be using KACE boxes to hopefully cover all our deployment and patching needs. Will let you know about that.
    DC's - Currently looking at 2 maybe 3 of the servers being made DC's. The domain services one, the network services one and then maybe the Exchange or print server box if it becomes it's own box.
    Print Server - Tempted to have it as it's own as we have had cases of Art sending HUGE print jobs by accident/cluelessness and slowing down the server for other services.
    Profiles - I need a longer look at mandatory profiles.
    File server - my main concern was if having all home directories AND shares AND profiles (unless we go mandatory) could cause too much server load or disk access from one server say at change over. Currently we have staff on one server and students on another but that is purely because it is a CC3 system and it was suggested as a good idea.
    Thunking - I love me a good old thunk.

  17. #11
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,457
    Thank Post
    349
    Thanked 255 Times in 210 Posts
    Rep Power
    98
    Quote Originally Posted by TechMonkey View Post
    Print Server - Tempted to have it as it's own as we have had cases of Art sending HUGE print jobs by accident/cluelessness and slowing down the server for other services.

    File server - my main concern was if having all home directories AND shares AND profiles (unless we go mandatory) could cause too much server load or disk access from one server say at change over. Currently we have staff on one server and students on another but that is purely because it is a CC3 system and it was suggested as a good idea.
    In the case of the art printer, why not set that one to "render print jobs on client" or whatever it was called, so all the processing work is done on the client rather than the server for that particular piece?

    I still like the idea of having the profiles, even if they are roaming, on the DCs as they're essentially a part of logon process not unlike the DCs, and if you ever go down the route i've done it, the load is always low as only people local to the DC ever load from it (and so long as it's a DFS-R with one of the locations being the file server, it still gets backed up safetly without having to backup from each DC) DC per building or school section works really well, though just one of many ways you could do it That route obviously requires that you probably have more DCs than you want for your particular setup though.

    Out of interest how many client pc's are we talking?

  18. Thanks to mrbios from:

    TechMonkey (28th February 2012)

  19. #12

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,286
    Thank Post
    225
    Thanked 405 Times in 302 Posts
    Rep Power
    162
    I may be getting my profile terminology all confuddled then. Currently we have profile folders with settings on the server as well as home directories. This was how I was thinking it would work but had assumed that mandatory profiles were a single template each user used which would be simpler I guess.

    Only 300 clients at the moment but hoping to start increasing that with the new system and the possibility of thin clients on BYOD in the near future. Quite a compact site as well so hadn't considered a DC per school area.

  20. #13
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,457
    Thank Post
    349
    Thanked 255 Times in 210 Posts
    Rep Power
    98
    The profile directories you're talking about sound like roaming profiles, where all the desktop, searches, etc. folders live and are pulled down by the client on logon and saved back on logoff. A mandatory profile is a single one of these that replaces all of them with an unwritable template, everything that was previously saved to the roaming profile can then be redirected to the users home folder, so no more pulling down files and folders on logon as everything stays sat in one place all the time.

    Also means any details contained in the ntuser.dat (which would now be ntuser.man) are no longer writen by the user, they remain as a set template so every user logon is identical.

    Probably better explanations than that, but that's how i understand it and how i implement it

    Worth considering all options and ways of doing things, mine is just one of many, though i must admit....it works very very well! /end blowing own trumpet

  21. Thanks to mrbios from:

    TechMonkey (28th February 2012)

  22. #14

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,286
    Thank Post
    225
    Thanked 405 Times in 302 Posts
    Rep Power
    162
    Well I think RM may have done something right then as they do appear to be roaming but only certain things get downloaded to the client, most lives in the home directory. Mandatory looks the way to go then as that is roughly what we are used to.

    If you don't blow your own trumpet, no one else will

  23. #15

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,800
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    Personally I would


    2 x- domain services server (DNS, FSMO, RADIUS) - No DHCP Supposedly this is a risk and not advised on a DC. Personally I use a linux box (could then run on apache server)
    2 x - user server (profiles, home areas. shares) - Split this up. I currently have 5 file servers so the load is evenly balanced. Although its excessive I have 900 desktops which are used widely. I tend to evenly spilt years in half so that when an entire year has IT/using a computer room you don't have a slow down.
    - SIMS
    - Exchange - how many mailboxes? I have around 1000 per server (12.5Gb ram 4 CPU's)
    - AntiVirus + Printers + network services - Possibly Add DHCP with Spilt Zone
    - IIS Web server - Possibly Add DHCP with Split Zone
    - Apache Web server


    EDIT: I would go with Dedicated Print Servers - they can be a pain sometimes so I always keep them separate.

  24. Thanks to glennda from:

    TechMonkey (28th February 2012)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Installing Hyper-V on a server with the DHCP server role
    By dhoward_westexetc in forum Windows Server 2008 R2
    Replies: 3
    Last Post: 14th February 2011, 03:50 PM
  2. Server roles
    By itgeek in forum Windows Server 2008
    Replies: 1
    Last Post: 11th January 2011, 07:06 AM
  3. Virtualising more server roles and Learning Gateway
    By ranj in forum Thin Client and Virtual Machines
    Replies: 5
    Last Post: 6th February 2009, 03:28 PM
  4. Moving server roles
    By modcoms in forum Windows
    Replies: 10
    Last Post: 8th September 2008, 10:30 AM
  5. Replies: 2
    Last Post: 31st October 2007, 02:25 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •