Hi all. Just thought I'd throw this out there for your opinions. Have inherited an aging network as part of a new systems manager job. Girls school, 800 students, 100 or so staff, 300 workstations. 10 existing servers, all but 1 is over 8 years old, as follows:
1. PDC. 8 Year old Dell Poweredge. AD, DHCP, DNS and currently hosting Musac SMS data
2. FILE SERVER. 9 year old Proliant P3
3. ITM 8 Year old Dell Poweredge, hosting eTrust and Sibelius S/W
4. PRINT 9 year old Dell Poweredge. Printer, PapertCut NG and superVisor.net\
5. MONITOR. PC Box, running management software for swipe card print boxes
6. BACKUP. 8 Year old Proliant P3. Failed Exabyte Tape system
7. DCBACKUP. PC Box, P3, 512mb. Backup Domain Controller
8. WEB Proliant DL140. 3 Years old. Intranet and Moodle server
9. WEB TEST Dell PowerEdge 10 Years old. Internal student websites
10. TECH. Proilant ML350, 6 Years old. Tech (installers, WSUS etc.)
Gigabit from servers to main switching, 100Mb copper within buildings, 100Mb Fibre between buildings. Variety of 100Mb Switches around school. Fairly typical
Replacement plan is:
1. New 'Systems' server to host Antivirus, Print and Monitor, Ghost and backup with new LTO4 backup drive. Virtual servers for AV, Print and Monitor. Retire existing ITM, PRINT, MONITOR, BACKUP and TECH Servers
2. New server for Domain Controller. Retire existing PDC
3. New 'Apps' server to host SMS and any other network based apps
4. New File server or SAN/NAS for file storage. Retire existing FILE SERVER
5. Keep existing web server, migrate test web server to virtual server on this box
Hope this makes sense. Basically I want to consolidate the important, but non critical roles (AV, PRINT, GHOST, BACKUP etc.) onto one box, put a new PDC in, move file storage to 1 box and continue to use existing Web Server. Any thoughts on this? I can provide more info if necessary
The answer to this really depends on what you want to achive. To be honest you could probably implement all of the existing servers to the same or slightly better performance levels on a single hp DL380 with 16GB of RAM, a couple of quad cores, a decent RAID controller and a bunch of SAS hard drives. This however would not be the best solution for future proofing.
My recomendation would be to implement virtualisation heavily and invest in a SAN. If you want the teachers to have remote access to the MUSAC branded evil from home you will need to look at terminal services as they are retireing the CM Merge functionality. I have just implemented this on a 2008 x64 server (DL380 8GB RAM) with remote app meaning that the program can be run seamlessly from home over the internet without VPN hassle.
I would look seriously at a SAN soultion as given the amount of data schools are storeing now no other solution makes practical sense from a futureproofin point of view. We went with an hp MSA 2012i with dual PSUs and dual controllers which is really fast but given the larger size of your school you will probably need a unit that supports port teaming for increased speed.
For the rest of the servers you could probably look at a virtualised solution with another couple of DL380s (or compareable). PDC and DC could easily be teamed with some other services to save on liscence count by adding things like the AV distribution server. You would probably want a virtual 32bit server for the printers due to drivers and this could probably handle the monitering software as well.
With 2008 enterprise server on each box you have four virtual instances avalible for free on each computer and so two DL380s running 8 would give you plenty of room an lots of speed. The terminal services stuff could also be virtualised but it depends on how many staff you will have using the application at one time.
Depending on the virtualisation tech used you should also be able to implement fail over from one box to another to keep everything running in the case of a failure.
Personally I would also look at upgrading the fibres to 1GB as it would probably just mean a new transciver at each end and will give vast performance boosts to the end users. Gig to the edge is also offers a vast improvement useability wise even with only a single gig link back to the core because not all stations are using all bandwidth all the time.
We use 2 nas servers one to hold weekly backups and one to hold daily ones and that works well.
I would suggest that if you have a print server keep that on a separate server as they sometimes crash and need to be rebooted.
Also think about the core switches and the backbone infrastructure. For example if you plug a 1gig nic card into a 10/100 switch it will only run at 10/100.
Good luck with your plans.
I'd be keen to find out more about this in future Synack. We have an existing Terminal Services setup on a 2003 server, and for a while some of the teachers were using the SecureConnect VPN client (we use SchoolZone and as far as I am aware are forced to use this as our client?), but one of the big issues because we are in SchoolZone was that teachers had to change their home router IPs out of the 10.* range. Fine for some, but imagine trying to explain this to all of your teaching staff! What feature is it in server 2008 that you use to avoid VPN? Thanks
Originally Posted by SYNACK
Update on main thread. Am putting a proposal to the board tonight, basically revolving around 3 new servers, switching and cabling upgrades, and longer term, a SAN. As mentioned, we are looking at virtualising the system servers (AV, WSUS, Backup etc.), but having done some research am now looking at VMWare instead of HyperV on Server 2008 (have read time and time again about disk I/O speed issues with Hyper V). Having decided to move to Server 2008 though, I've now got to find some software to backup to my new LTO4 as server 2008 backuoe doesn't support backup to tape.....
The feature is called TS Gateway (Configuring the Windows Server 2008 Terminal Services Gateway (Part 1)) to pipe the RDP session through SSL instead of VPN and the nice little bit that makes it show up as a client icon is called Remote App. Both are a part of Server 2008.
Originally Posted by earlyriser
With SchoolZone you will still need to pay telecom the extra horrendous fees to host an SSL site off one of your internal servers but that cost should be less than the sacrifice that they ask for VPN access which if I remember rightly was insane seing as how we get as many as we want for free.
The home IP address thing was one of the primary reasons for going for this method as I fully understand when it comes to teachers home routers. I have not had IO issues with Hyper-V myself but VMWare will give you much better compatibility with linux systems as well which is definitly a bonus.
Good luck with your funding request and please post back on your discoveries for backup software as I need to upgrade a different site to 2008 and they will need a new backup solution so any more options that you come up with would be great.