Input needed for a setup

Posted on 2008-11-15
Last Modified: 2012-05-05
Hi All, i need some advise to see how i will roll out the following. I have a company which has 5 sites all over the country with about 50 users in the main office and about 20 users at each of the other sites. The users will be authenticating in AD and working with office docs and also email/outlook. The VPN solution i will use is MPLS and i think this will be put into place so dont need to worry about working out the VPN's. In order to build a network that will have resilliance i was thinking of putting 2 server2003 DC's at the main site and an exchange server 2003. Then i was thinking of putting a server 2003 at each of the other sites and an exchange server 2003 at those sites too. I was thinking of implimenting DFS so we can manage the office documents site wide and also should a mail server go offline at any site they still function with the others. Im also looking at getting the exchange to have 3 domains to put email from.
Would you guys be kind enough to let me know your thoughts on this. The Hardware setup of the servers ie RAID and NAS and Backups is something id like ideas on as well.
Thanks in advance.
Question by:Paris_Jordanou
    LVL 15

    Accepted Solution

             for that amount of users, implementing all those servers at remote sites is just going to increase your admin burden - through increased number of servers to look after, multiple backups etc etc... alot more things to look after and more things that can go wrong.

    For a user base of 150, i'd strongly suggest locating 2 DC's in head office and one exchange server - esnure the servers have appropriate hardware redundancy and know how to recover in the even of a diaster. It will be a far more efficient and easier to manage network - you just need to make sure you know your stuff enough to recover quickly in event of something bad happening.

    With outlook cache mode - you simply dont need an exchange server in each site - it would cause far more hassles and save you bugger all bandwidth.

    The other alternative is ofcourse is to cluster your important services, but obviously your looking at alot more $ for that.

    If it was me - it have a spare server at HO, probably with hyper-V on it, and base images so i could bring up another box in minutes if needed... and then create dial-tone mailboxes for example, while recovering the prod exchange box.

    appropriate hardware redundancy - well, is pretty standard these days, dual nics, dual power, RAID 0, 5 or a combo... and a decent UPS. I'm also a big fan of getting the same servers where possible. That way you can have a spare HDD or two just sitting there - and covering yourself for disks dying for a couple of hundread $.
    LVL 95

    Expert Comment

    by:Lee W, MVP
    I would recommend 2 DCs at the main site, plus one DC for authentication at each of the remote sites, allowing users the ability to work even if the link went down between the main site and the remote office.  I like the replication idea, especially if all (or MOST) of your documents need to be accessed by any given person at any given site.  

    For Exchange, the only way I would use more than one exchange server is if you went virtual.  This can get expensive to do it right though... For example, while you can probably do this with other hardware, I'm familiar and generally recommend Dell...

    If money were not an issue, I would setup the following instead:
    Main Site:
    1 Physical DC
    1 Server running VMWare (you may be able to do this with Hyper-V as well if you run 2008)
    on the VMWare server, 1 DC, 1 Exchange Server
    1 EqualLogic iSCSI SAN.  The virtual servers virtual hard drives would reside on this with replication enabled to a second one at the largest secondary site. Additionally, all data would be stored here - since replication would be enabled, this would provide a live "off-site" backup if the systems failed.

    Largest Secondary site:
    1 physical DC
    1 Server running VMWare configured as a failover for the Exchange Server (if the Main Site VM fies, then this site literrally takes ownership of the Exchange server.
    1 EqualLogic iSCSI SAN.  

    Remaining sites:
    1 DC each site configured to act as a file server and replicate only the data they need.

    This solution could end up costing you $50,000 to $100,000 total considering that iSCSI SANs, while cheaper than Fiber SANs can still run in the 5 figure range, plus the VMWare licenses and a total of 9 servers.

    If your company needs a GOOD DR plan and if downtime can cost you $1000's per hour, then this is probably worth it.

    I would suggest:
    Main Site:
    1 DC
    1 VMWare (or Hyper-V, since we're not going to do SANs) server running 1 Exchange Server and 1 DC.  (For Virtual Machine Hosts that don't need to run a great deal of hosts (so memory won't be an issue), then Hyper-V is free and should work just fine).

    Other Sites:
    1 Physical DC that doubles as a file server/print server.

    The cost of such a config would probably be in the range of $25,000-$50,000

    Putting Exchange at EACH site is costly and generally not necessary.  You might put in a second at another site so you can have a second MX record to receive mail if the first goes down, but other than that, there shouldn't be much of a performance issue provided your links between sites are at least 1.5 Mbit AND not being used for VoIP as well.  (If you use VoIP at the sites, I would double the minimum site-to-site links speeds as a minimum.

    RAID should be considered Mandatory for all servers discussed above (and most in general).  GENERALLY, a RAID 1 is my preference, or RAID 10 if RAID 1 is not going to provide you volumes as large as you need.  I've used RAID 5 in the past and used to be a big proponent of it, but I've had too many false alarms that bring down the array for me to trust it anymore.  

    Backup is critical to most businesses.  Exactly what you do for backup depends on how much data you have, your long term regulatory requirements, and other issues.  I would suggest reading my article on backup... I need to update it a little, but many of the concepts and considerations are still very much in effect.
    LVL 18

    Expert Comment

    You may want to  start out with 2 DCs in your mail site then 1 DC in another 1 or two site each. It is ture that the more DCs the more works you will have to maintain. It will also take out some of your bandwidth depending what you loaded on the replications storage area. You can always add additional DC as needed. Generally with the size of users in each site, just 2 DCs would be more than enough. The 3rd and 4th in different site is generally for redundancy, not much with authentication or logon speed. I have worked with company with much more users than 20 and with no DC and authentication for logon is quite smooth. Honestly, since your sites are in different countries and with the different time zone, the number of users logon to your DCs would be no more than 20 roughly. Now if you are putting tons of stuff to load from the NETLOGON then, having a local DC would help. But generally that's for logon scripts etc and quite small and not a concern for a small group of uers. As far as replication, suggest to use whenever and where ever you can. You can replicate between site whether you have a DC in that site or not as multiple physical sites can be assigned to a logical site while you can use the site design in AD to control replicaiton as well as authentication for the sites.

    Exchange servers place in the main site, may be a second one would be fine for redundancy. One on each site is not needed unless you have too much $ and looking for more works.

    Hardware is just a matter of which one you prefer and familiar with. For me, I have worked with Dell, IBM, and HP. Dell has been coming a long way and is catching up on the server side partically in Windows platform. HP's remote management feature is the best as it allow you for complete remote control including power on/off of a server. This feature has been around the longest where it is completely indenpendent of the OS. Dell is doing beter in these features in the recent years or two. But both HP and Dell are worth the comparison.

    RAID 1+0 is for OS and pretty much a standard. The only time you do RAID 5 is when you want to save space and when an application really wants better performance on READ. But in reality, most of the time you would not see any difference in terms of performance. Of course, if you have a file server that need a lot of space more than a RAID 1 can provide, you would need RAID 5 or other higher. Other RAIDs you may want to know is when you create transaction logs for database server, you should put it in a RAID 1 as it usually do more WRITEs. But you should also try your best to put the OS on RAID one for redundancy and preformance as well as quick recovery etc.

    Backup--check with your management or legal fist. Find out the requirements and rentention policies etc.
    In general, find out the datasize and recovery uptime policy. If data is small enough and you have the backup devices that can storage plenty backups, the FULL backup dailly is better if you want quick recovery. Otherwise Differential daily and Full weekend. For your main site,  you may want to consider a tape library if a tape drive cannot provide enough storage to backup all data without change tapes more than once. Backup are usually for complete system recovery. But restore from backup tape may not be the quickest way to do. ShadowCopy could save you time when comes to restore user data file etc.

    Author Comment

    Guys the solutions above are looking good. I will go through them later on today and come back with questions. I suppose i should of mentioned that we do have a budget of about $150K.
    If any more of you guys want to add comments please do!
    Personally i have good skills with server2003 and exchange 2003 but i have not yet installed and played with the new versions of 2008 and exchange 2007 but im guessing it wont be impossible to do. Obviously i will do this in a test enviroment first !
    LVL 3

    Expert Comment

    We have 19 site in the UK and about the same in the US I designed the AD for this system, in your case.

    1 DC at each site could also be used for local data storage (docs etc) makee them all GC's.
    1 exchange server in the Data Centre if possible (your ISP suppling the MPLS should have a DC)

    If not 1 exchange server at your biggest office.
    make it a single domain with sites and subnets for each office.
    with a 150k budget you could then look at backup technolgies to SAN in the DC instead of tape at each site.

    Hope this helps

    LVL 3

    Expert Comment

    each Domain controller would have DNS DHCP, print queues etc.
    LVL 18

    Expert Comment

    With all of the above suggestions, you may want to do a total cost analysis before deciding what you want to do. For $150k, it a good amount of $ for the number of uses you have. Just keep in mind that it can be spent easily as well. If you have a nice reliable and managable network your life working in IT will be much easier. This means you probably would want to save some $ on Admnistration Tools such as for your AD, reliable and friendly backup software, Monitoring tools like SCOM(MOM), Configuration/Deployment/Inventory and reporting software like SCCM(SMS). These are not cheap products but it will make your life more meaningful and would be easier to buy now than later. With these things in mind, each of your servers will average around $8-$15k.  I would also use reliable server but light and simple that would only service as  DC, DHCP, and DNS but nothing else. If you can afford to have a reliable and dedicated server with a lot of memory and storage space for your Virtual server host, you can do apps and print servers in VM. It will be much easier to manage VM than an actual hardware. You would know what you can afford with the $150k with all the above expert advise..

    Author Comment

    Guys Thank you for all your help on this, sorry in delay coming back but it looks like the project is on hold!
    LVL 95

    Expert Comment

    by:Lee W, MVP
    Wow... I spent a lot of time on my post in this question... and it looks like others did as well... don't you think on a question simply asking for input, a split might have been more fair?
    LVL 18

    Expert Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Set up iPhone and iPad email signatures to always send in high-quality HTML with this step-by step guide.
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now