Windows Server 2012 R2 AD Domain
I have a client that is in need of purchasing a server to maintain a financial package database (Peachtree) and user files (word, excel, pdf, etc.) They estimate 5 to 10 people will eventually need to access this server, but initially it will only be 4 people.
The server will be Dell T320 server with a single XEON processor, 16Gbs of RAM, and (3) 600Gb RAID drives for the OS and data.
They have no need for Exchange on-premise or Office365 since they are very happy with their Google mail solution.
I usually prefer setting an AD domain for offices that have a server and at least 5 users, but at the same time I am thinking this office could simply use this server as a member server with network shares, etc.
I am still inclined on setting up an AD domain, but I am not sure of the actual AD domain name to use. I have always used a .local domain, and now Microsoft recommends using a valid .com name instead. Microsoft keeps going back and forth on this matter.
So the domain name for this company's website and email is long, let’s say something like (www.automatedproductsgroup.com). They own this public domain, so am I supposed to setup the AD Domain Name as automatedproductsgroup.com
This office also has a need where the owners (3 people) will need to work remotely and access the financial application and user files. They will have laptops that travel with them and are used in the office. So they will not have desktop computers to remote into while out of the office. They have another facility setup across the country that was setup be a local consultant as follows:
They use logmein himachi to setup a VPN.
Once the VPN is established they can access network shares for that remote network.
They have a Peachtree icon on their desktops that opens slowly, but eventually allows them to open the company file from the peachtree server share residing on the remote server.
The problem is they do not have desktops in the office to RDP into, and have a dire need accessing their Peachtree database. Right now I am not concerned about the server setup at the other facility across the nation, and I am concerned about providing a more robust RDP solution at this new facility.
Since three people may need to simultaneously RDP and access the same database, I was thinking of purchasing a 5 pack license of Windows 2012 RDP CALS (approx $400.00). I would think they do not need a VPN connection, and be able to RDP to the public IP of their router, and have their router forward all RDP requests to the server. I believe Microsoft RDP is a secure enough connection without the need of a VPN. If so, all they would need to do is enter the pubic IP in the RDP connect host. I also need to find out with Peachtree whether using their application on a terminal server is an issue or even supported.
So, let me breakdown what I need help with:
1. Setup a simple member server instead of an AD domain? Thinking an AD domain the best way to go.
2. The internal AD domain name. This companies public domain automatedproductiongroup.c
3. A minimum of 3 people need to RDP this new server. They currently use logmein himachi as a VPN solution to access network server shares and access a Peachtree database. This solution works fine for file shares, but accessing the Peachtree database is a bit cumbersome and rather slow in my opinion. Possible resolution, purchase and setup Windows Server 2012 RDP CALs, and instruct the users to enter the public ip of the router to directly RDP to their server (terminal server) without a VPN.
4. Based on the server hardware config mentioned above, is it configured with enough resources (processor, RAM, hard disk space) for a server that will be the sole AD domain controller, DNS, DHCP, terminal server, TrendMicro worry free business standard server, printer shares, file shares, and Peachtree database server for 5 to 15 users. Terminal services will not be used by all employees. Not sure RRAS maybe included in the mix should VPN access be necessary.
Please forward your suggestions and recommendations. I just want to make sure I set things up looking at the future and not simply to quickly get things going.
The server will be Dell T320 server with a single XEON processor, 16Gbs of RAM, and (3) 600Gb RAID drives for the OS and data.
They have no need for Exchange on-premise or Office365 since they are very happy with their Google mail solution.
I usually prefer setting an AD domain for offices that have a server and at least 5 users, but at the same time I am thinking this office could simply use this server as a member server with network shares, etc.
I am still inclined on setting up an AD domain, but I am not sure of the actual AD domain name to use. I have always used a .local domain, and now Microsoft recommends using a valid .com name instead. Microsoft keeps going back and forth on this matter.
So the domain name for this company's website and email is long, let’s say something like (www.automatedproductsgroup.com). They own this public domain, so am I supposed to setup the AD Domain Name as automatedproductsgroup.com
This office also has a need where the owners (3 people) will need to work remotely and access the financial application and user files. They will have laptops that travel with them and are used in the office. So they will not have desktop computers to remote into while out of the office. They have another facility setup across the country that was setup be a local consultant as follows:
They use logmein himachi to setup a VPN.
Once the VPN is established they can access network shares for that remote network.
They have a Peachtree icon on their desktops that opens slowly, but eventually allows them to open the company file from the peachtree server share residing on the remote server.
The problem is they do not have desktops in the office to RDP into, and have a dire need accessing their Peachtree database. Right now I am not concerned about the server setup at the other facility across the nation, and I am concerned about providing a more robust RDP solution at this new facility.
Since three people may need to simultaneously RDP and access the same database, I was thinking of purchasing a 5 pack license of Windows 2012 RDP CALS (approx $400.00). I would think they do not need a VPN connection, and be able to RDP to the public IP of their router, and have their router forward all RDP requests to the server. I believe Microsoft RDP is a secure enough connection without the need of a VPN. If so, all they would need to do is enter the pubic IP in the RDP connect host. I also need to find out with Peachtree whether using their application on a terminal server is an issue or even supported.
So, let me breakdown what I need help with:
1. Setup a simple member server instead of an AD domain? Thinking an AD domain the best way to go.
2. The internal AD domain name. This companies public domain automatedproductiongroup.c
3. A minimum of 3 people need to RDP this new server. They currently use logmein himachi as a VPN solution to access network server shares and access a Peachtree database. This solution works fine for file shares, but accessing the Peachtree database is a bit cumbersome and rather slow in my opinion. Possible resolution, purchase and setup Windows Server 2012 RDP CALs, and instruct the users to enter the public ip of the router to directly RDP to their server (terminal server) without a VPN.
4. Based on the server hardware config mentioned above, is it configured with enough resources (processor, RAM, hard disk space) for a server that will be the sole AD domain controller, DNS, DHCP, terminal server, TrendMicro worry free business standard server, printer shares, file shares, and Peachtree database server for 5 to 15 users. Terminal services will not be used by all employees. Not sure RRAS maybe included in the mix should VPN access be necessary.
Please forward your suggestions and recommendations. I just want to make sure I set things up looking at the future and not simply to quickly get things going.
Tony Giangreco
I would add a second processor and more ram and setup Rdp right into the servers as a TS/Rdp server. Install Peachtree on the server as an app and allow employees to login with Rdp, run the app on the server and save their data right there. We do this with QuickBooks and it works well.
ASKER
Wow a second processor by itself is not cheap. I was not thinking it would be necessary. Adding more RAM and a second processor will be over $1K would be me guess. I do not think the client will tolerate such an increase in cost.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I understand what you're saying. I don't want to be put under those circumstances. My thought was the count of users hitting the server at an given time would be 5 to 10 at most. I usually get a second processor and more RAM (24 to 32gbs) for an SBS server that will host exchange, Sharepoint, and possibly SQL. I could possibly see doubling the RAM to 32Gbs, but the cost of the processor will be a tuff sell.
You can keep same AD domain name as external, it will be helpful.
This will simplify your digital Certificate management.
Also it won't create any problems even if your AD domain name is more than 15 characters long as it will limit domain NetBIOS name only to 15 characters.
I hope you will be having at least Two \ Four core to that XEON CPU which is enough according to me for 15 peoples
You can deploy Hyper-V 2012 \ 2012 R2 standard edition on host server with two free Virtual machines (one 2012 R2 server as a DC and another as a Application + RD Gateway server to which your users will get connected for accessing application).
Then you can have one public SSL certificate for Remote Desktop gateway server and RDS cals for users who are going to connect.
Mahesh.
This will simplify your digital Certificate management.
Also it won't create any problems even if your AD domain name is more than 15 characters long as it will limit domain NetBIOS name only to 15 characters.
I hope you will be having at least Two \ Four core to that XEON CPU which is enough according to me for 15 peoples
You can deploy Hyper-V 2012 \ 2012 R2 standard edition on host server with two free Virtual machines (one 2012 R2 server as a DC and another as a Application + RD Gateway server to which your users will get connected for accessing application).
Then you can have one public SSL certificate for Remote Desktop gateway server and RDS cals for users who are going to connect.
Mahesh.
ASKER
What do you think about using RDP without a VPN connection? My understanding is an RDP connection is already an encrypted connection.
ASKER
The single Intel XEON E-24XX V2 Processor has eight cores. I just don't like the idea of using automatedproductionsgroup\
In previous comment, When I said that you can use RD gateway server, you are ultimately using encrypted RDP sessions only because RD gateway requires SSL certificate for communications
RD Gateway is the server through which you are getting authenticated with AD and able to logon to internal server with RDP only
RD Gateway server IP is published on internet with public DNS name
For Ex: RDgateway.automatedProduct
OR
yourapp.automatedProductio
Also please note that even if you keep automatedProductiongroup.c
Check below link for more info to setup RD gateway server
http://ryanmangansitblog.com/2013/03/27/deploying-remote-desktop-gateway-rds-2012/
Mahesh.
RD Gateway is the server through which you are getting authenticated with AD and able to logon to internal server with RDP only
RD Gateway server IP is published on internet with public DNS name
For Ex: RDgateway.automatedProduct
OR
yourapp.automatedProductio
Also please note that even if you keep automatedProductiongroup.c
Check below link for more info to setup RD gateway server
http://ryanmangansitblog.com/2013/03/27/deploying-remote-desktop-gateway-rds-2012/
Mahesh.
ASKER
I am sorry to say the client stated they are happy using logmein himachi as a VPN solution to simply access server shares to access there data. They were not willing to spend more for RDP licenses, extra processor, more memory, and an SSL Certificate.
Thank you for your feedback. It was greatly appreciated.
Thank you for your feedback. It was greatly appreciated.
ASKER
Mahesh -
I am trying to understand your statement:
Also please note that even if you keep automatedProductiongroup.c
I presume you are suggesting I go ahead and setup the AD domain name as automatedProductiongroup.c
Maybe you can forward some articles pertaining to this so that I have a better understanding. Thank.s
I am trying to understand your statement:
Also please note that even if you keep automatedProductiongroup.c
I presume you are suggesting I go ahead and setup the AD domain name as automatedProductiongroup.c
Maybe you can forward some articles pertaining to this so that I have a better understanding. Thank.s
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you gentlemen for your input and suggestions.