Server Configuration Suggestions

I have a client who I am working with to design a cost effective solution for their servers, especially from a microsoft licensing standpoint.

I would like to consolidate as many server roles as possible into these couple of servers. I know that I need 2 dc's at minimum to ensure that users can function within the domain in the event that one of the DC's fail. The problem is that best practice is to not combine the ADS role with other roles. I'm hoping not to purchase the CAL's for two severs where the only role is ADS. I don't want to shortcut this. Are there any roles that are safe to combine with ADS? I would imagine that terminal services and web services are an obvious no? Any suggestions are appreciated.
J CAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
What roles do you need?

AD/DHCP/DNS are commonly run from the same system so they are not a problem.

File services and print services are commonly done and honestly, for smaller environments I wouldn't hesitate to combine them.

Do NOT put Exchange or RDS on a DC.

Keep in mind, when installing virtually, you get TWO copies of Windows Server to run in VMs per 2012 license purchased.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
J CAuthor Commented:
Lee,

Thanks for the feedback. What about a web server that is accessible from the outside on a DC...Would that be as unwise as I think? I'd never ask this but trying to save them wherever I can.
Lee W, MVPTechnology and Business Process AdvisorCommented:
No - I wouldn't put a web server externally accessible on a DC.  For OWA, Exchange is already running on it so I'd probably let that handle the web site (assuming you're using exchange).  Database wise, I would put that on a DC, BUT I would TRY to put that elsewhere first (but NOT on the same server as an Exchange server).
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

J CAuthor Commented:
Thanks Lee. I knew the answers but I just wanted to confirm it. Appreciate your feedback
David Johnson, CD, MVPOwnerCommented:
I'm hoping not to purchase the CAL's for two severs where the only role is ADS if you have 100 servers and 50 users you only need 50 Server CALS but you will need 50 Standard Server Licenses
if you go over 7 Server 20XX VM's on 1 server then it is cheaper to have a Datacenter License ( 6 or less use standard, 7 or more use datacenter using current VL licensing pricing)

1 Standard License allows for 2 CPU's and 2 Virtual Machines of that server software.. not total # of virtual machines..
1 DataCenter License allows for 2 CPU's and unlimited virtual machines of that server software.. If you have Software Assurance then any Microsoft Server product (downgrade rights)
J CAuthor Commented:
These will all be physical servers. A total of 5. The biggest concern are the user CALS and making sure we are in compliance.
Lee W, MVPTechnology and Business Process AdvisorCommented:
These will all be physical servers. A total of 5.

Unless you have a VERY GOOD REASON to make these all physical, that's a huge waste of money and horribly unwise.  You lose MANY benefits by NOT virtualizing, starting with the additional license, but also replica (assuming hyper-V) the ability to easily migrate to new hardware, DR benefits... not virtualizing is a bad idea.  It's not new technology - it's been a part of Windows for 7 years and HUGE before that with VMWare.

The biggest concern are the user CALS and making sure we are in compliance.
As I stated, you need one CAL per user (most likely).  Separate servers do not require separate CALs.  That said:
Licensing Disclaimer
License information provided here is "best efforts".  The comments of the respondents are based on interpretation of the license agreements and their knowledge of the particular laws and regulations in their geographic location.  Laws in your location may invalidate certain aspects of the license and/or licenses can change.  "They told me on Experts-Exchange" will not be a valid excuse in an audit.  You need to contact the license granting authority to confirm any advice offered here.
J CAuthor Commented:
I understand the disclaimer, trust me.

Are you saying that if you have 5 servers within a domain and let's say you have 60 Users that need to access all 5 servers. You don't have to purchase 60 cals for each server? So you wouldn't need 300 CALS in this instance? My understanding was that CALS were needed for each server.

I am familiar with VMWare and HyperV and do understand the benefits. I guess I am not familiar with Microsoft Licensing enough to know what my best options are. A lot of what is driving this is my understanding of licensing and the budget.

It's not best practices to virtualize DC's is my understanding so 2 of the physical severs are hosting the DC roles.

1 Server will be a TS/Remote App Server/Database Server/Web Services for intranet web application
1 Server will be a DC/DNS/FileServer/DHCP/Print Server
1 Server will be another DC for redundancy
1 Server will be a Web Server
1 Server will be a RO DC at a satellite office.

All equipment has already been purchased. I welcome any recommendations if you see how I can make this all more cost effective with virtualization.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Microsoft has licensed per server in 15 years.

CALs are by the HUMAN BEING, not user account.  Or by the device (Computer, laptop, tablet, cell phone, etc).  In MOST cases, Per User is the best choice (factory floors where 20 users might use one machine connected to the network but otherwise NEVER touch a company computer would be better off with 1 device cal than 20 user CALs, but in offices where users might connect from home, have a laptop, a tablet, a copier connected to the network that scans documents, etc., USER CALs cover you.

Ask yourself this - does the PERSON - the HUMAN BEING - have a CAL assigned?  If so, they are licensed to access all servers of that CAL level and lower (if they have a 2008 CAL, they can access, ALL 2008, 2003, 2000 servers; if they have a 2012 CAL, they can access all 2012, 2008, 2003, 2000 servers.

You definitely* don't need 300 CALs for 60 users.

DCs can be virtualized with 2012.  One article: http://www.theregister.co.uk/2013/06/26/server_2012_virtualisation_domain_controllers/

I suspect you're asking this question to perfect your plan... the problem is you have a reasonably complicated environment and in my professional opinion, the advice you might get from me and others on how to set this up will be half-baked at best because we don't know you're environment, we don't see what you're doing, what you're needing and you don't appear to understand the technologies at play and in your attempts to solicit more information has revealed more and more bits of information as we go along that should have been outright provided.  I'm not trying to suggest you are intentionally withholding information, but being on site, learning about your business, having a conversation and SEEING what you have would GREATLY enhance one's ability to make recommendations.  In my opinion, you need to find a local consultant to help you go further.  We're good, but *I* don't feel this is an appropriate environment to do your network justice.

Assuming you're going to ignore that advice (sorry - I can be cynical and I know a LOT of people here would prefer to ignore it) Some more questions:
What kind of physical security will the main office have for the servers?
Why put an RO DC at the Satellite office?  
Why not do Hyper-V replica between offices to ensure you have a disaster recovery site in case your building burns down or has some other disaster preventing you from operating out of the main office for a length of time?


*see disclaimer
J CAuthor Commented:
I understand the technology, licensing is the thing I need to wrap my head around. I do have some catching up to do on the options that are available to me, for instance I wasn't aware that virtualizing a DC with 2012 was now acceptable.

Lee,

I get your point of view and your suggestion to find a local consultant. I didn't intentionally withhold information, I just wasn't expecting to have the virtualization conversation. I'll spend some time digging more into this and speak to a Microsoft Licensing Rep so that I can better wrap my head around everything on that end.

Thanks very much for your time and input.
Lee W, MVPTechnology and Business Process AdvisorCommented:
As I said, it's not a new technology - my follow up questions relate to designing your network and what to put where.  Your main point was "I have a client who I am working with to design a cost effective solution for their servers, especially from a microsoft licensing standpoint. " - well, a cost effective solution minimizes servers, electric usage, and may also provide additional benefits it appears you are not aware of.  You said this is your client - that's great... partner with a consultant who knows this stuff better.  I work with a consultant who has several clients, but is very weak on the server skills to manage their servers, so I do it for him.  This way, his clients get the best possible service.  I would strongly recommend you consider this model.
J CAuthor Commented:
Lee,

The only thing I don't understand is the licensing. I have built and deployed hyperV and vmware servers for virtualization. I understand the benefits but I've never been responsible for the licensing side of it.

If I can ask you one more question that would be helpful. When I purchase a 2012 Server license, I can install windows server 2012 as the host operating system and activate it using the key that ships with it and my understanding is that I would be provided with two additional product keys for the VSOE's? Or do I have to purchase additional copies of Windows 2012 Server for the VSOE's in order to be able to activate them and be in compliance?

Now that I know I can virtualize my DC's and if my grasp of the above information is correct then I think I have the direction I need. The information you have provided has been very helpful.

Thanks man!
Lee W, MVPTechnology and Business Process AdvisorCommented:
The 2012 license key included with the OS activate the Host AND two guests.

It's worth re-iterating/re-stating: The license is 1+2 - one physical + two virtual ON THE CONDITION that the physical install ONLY does Virtualization and related.  You CANNOT make the physical a file server, a DC, a print server, a DHCP server, etc.  The physical can ONLY do Hyper-V.  You can add other FEATURES but not roles.  Generally, if you aren't using it to DIRECTLY support Hyper-V hosts, then you shouldn't/can't do it.

And look at 5nine for a third party hyper-V manager that you can use with the Free Hyper-V Server 2012 R2.
David Johnson, CD, MVPOwnerCommented:
you use the same product key. Licensing and activation are two entirely different but related items.

For instance:
System 1 Quad XENON motherboard (4 cpu's 8 cores/cpu)
System 2 AMD 2 CPU motherboard with (2 cpu's 16 cores/cpu)
Both systems have 32 Cores.  System 1 requires 2 licenses and System 2 requires 1 license

Activation requires a product key of some sort.. Licensing is a piece of paper. (your invoice/purchase order)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.