We help IT Professionals succeed at work.

Looking for guidance planning the replacement of SBS 2011

Hi,

I am looking for some help with planning the replacement of SBS 2011.  I see a few threads on the topic already, but they seem to cover a transition to Essentials.

I'm already looking at 30 users with potential to grow, so I think we have already outgrown the 'small business' part of SBS.  

I won't pretend to know much of anything about licensing/server features/etc., and don't stay current with M$ release 'news', so starting from scratch would be an accurate statement.

That said, I need to make sure I can replace/replicate the current functions of 2011.  

No doubt this list is far from complete, but these are the things I know it does that I'm worried about replacing (assuming DC/AD roles are covered no matter what route I go)...


  • On-site Exchange server
  • OWA features for rdp
  • Backups
  • File storage
  • Everything else I don't have the foresight to realize I'm losing


We don't use SP and don't have an intranet...so two things off the list of worries.

I know O365 is an option to replace the on-site exchange server, but I have my concerns about going cloud...namely cost effectiveness, security, and data retention.  I also don't know if it's a seamless transition in terms of features available to Outlook users.

As for the OWA side, we have a few users that remote in frequently from home.  I'm not really sure what route to go on an Enterprise level.  Is a quick and dirty fix just to assign static IP's and route RDP requests via port forwarding?  Similar to the M$ Server line, I'm not too well versed on the latest and greatest options for remote options that are easy on my less than expert user bsaed.

Does the current M$ server line include any sort of native backup feature, or am I on my own for finding a new solution?
 
Lastly, are there any glaring omissions from my early brain-storm here?  I inherited this server and this will be my first implementation/migration...needless to say anxiety levels are high.  If anyone has gone through a similar move, I would love to hear about it.

Thank you for reading.
Comment
Watch Question

Peter HutchisonSenior Network Systems Specialist
CERTIFIED EXPERT

Commented:
What you need is:
Windows 2016 or 2019 standard edition (incl. IIS, Windows Backup, File and Print services, ADDC, DHCP,DNS etc)
Exchange 2016/2019 Standard or switch to Office 365 (much easier and probably cheaper in long term). Supports 1-5 mailbox databases.

Licenses:
https://www.microsoft.com/en-gb/cloud-platform/windows-server-pricing

https://products.office.com/en-gb/exchange/microsoft-exchange-server-licensing-licensing-overview

Author

Commented:
Just to make sure I'm understanding this while I recover from the shock...jumping from SBS to standard requires us to buy a $1000 license for each user?  That can't be right...40 grand in licensing?!
Peter HutchisonSenior Network Systems Specialist
CERTIFIED EXPERT

Commented:
That doesn't sound right for your small organisation.

Purchasing per device CALs rather than user CALs would be cheaper. Ask a vendor for more accurate quotes.

See
http://woshub.com/calculating-the-number-of-client-access-licenses-cal-for-exchange-server/
Andrew WrightIT Coordinator
CERTIFIED EXPERT

Commented:
"Just to make sure I'm understanding this while I recover from the shock...jumping from SBS to standard requires us to buy a $1000 license for each user?  That can't be right...40 grand in licensing?! "

No, The licence cost is for 1 licensed server (with no more than 16 cores)

Author

Commented:
Sorry, Peter, I'm confused...are we talking strictly exchange here?  I will probably move to O365 for email.

I have many more devices here than users, so I'm not sure device CALs are the way if it's a 1:1 license.

Edit...ok, thank you Andrew, I can breathe again!

This is what had me worried about the per user cost...


Andrew WrightIT Coordinator
CERTIFIED EXPERT

Commented:
You will still need Client Access Licences (CALs) but they are not $1000 each *phew*

https://www.microsoft.com/en-us/licensing/product-licensing/client-access-license
As Peter says it's best to speak to your current software provider and get a proper quote.

Andrew

Author

Commented:
Not to beat a dead horse here, but what I'm seeing just isn't meshing here...these screen caps from a large IT vendor we all know and love.

I guess I can just call a vendor and risk being oversold, but is it just me or have they made this more complicated that it needs to be?

Edit:  You beat me to it, Andrew.  Thanks again...I'll figure this out eventually!



Author

Commented:
Ok, so I do need per user licenses and not just a '24-core' license...but yeah, the cost isn't quite $1000.  :)

Author

Commented:
Last one before I go back to some independent reading/researching...

Any input on the RDP feature...I know I won't have the same simple web based OWA option, are people just going 3rd party these days?  
Philip ElderTechnical Architect - HA/Compute/Storage
CERTIFIED EXPERT

Commented:
RyanIrish,

Without SharePoint in the mix is there any SQL or need for database backends?

The starting place is:
 * VM0: Active Directory, DNS, DHCP (2 vCPUs and 4GB vRAM)
 * VM1: File, Print, and Database Backends (2 vCPUs and 4GB vRAM to start)
 * VM2: Exchange (4 vCPUs and 16GB vRAM to start)
 * VM3: RD Broker/Gateway/Web and possible Session Host

We've done lots of SBS 2011 Standard and Premium to the Microsoft Stack keeping Exchange on-premises. The main thing with Exchange is that the install requires .NET compiling on-the-fly but once in place it can generally run on the above specs.

Licensing required:
 (2) Windows Server Standard 16 Core licenses (assuming physical box has 16 cores or less)
 (30) Windows Server Use CALs (or mix and match with Device if shift work per PC)
 (1) Exchange Standard License
 (30) Exchange Server User/Device CALs

NOTE: We just won a competitive bid against an IT firm what wanted mail and collaboration in O365 and our cost per user per month was less. So, it is _not_ less expensive.

Author

Commented:
Hi Philip,

SQL...that's a good question, and something I hadn't considered yet.  Outside of the SBS monitor, I don't know that anything else is using.

KAV_CS is a remnant of Kaspersky, and the BKUPEXEC is probably from an old install of Symantec...

I do have our door access system on this server, that might depend on SQL.

Can I assume that anything SQL dependent would show up on this list in SQL management? 

Author

Commented:

Looks like I will need SQL afterall.
Philip ElderTechnical Architect - HA/Compute/Storage
CERTIFIED EXPERT

Commented:
RyanIrish,

The SQL version and edition is probably something the vendor supplied. More than likely it's the freebie "Express" edition.

So, here's a slightly revised version given that there's 30 users I'll bump things up a bit since I don't know the whole story as far as overall data and I/O needs:

 * VM0: Active Directory, DNS, DHCP (2 vCPUs and 4GB vRAM)
 * VM1: File, Print, and Database Backends (2 vCPUs and 4GB vRAM to start)
 * VM2: Exchange (4 vCPUs and 16GB vRAM to start)
 * VM3: RD Broker/Gateway/Web (2 vCPUs and 4GB vRAM)
 * VM4: RD Session Host (RemoteApps and Session Host Desktops) (4 vCPUs and 16GB-24Gb vRAM)
 * VM5: SQL, MySQL (Sage/Intuit/ETC), and other active database backend (4 vCPUs and 8GB-16GB vRAM)

License Needs:
 (3) Windows Server Standard 16 Core licenses (assuming physical box has 16 cores or less)
 (30) Windows Server Use CALs (or mix and match with Device if shift work per PC)
 (1) Exchange Standard License
 (30) Exchange Server User/Device CALs

I bumped up the license count by one to allow for up to six (6) virtual machines.

EDIT: Physical server setup would be the next step.
EDIT2: SQL instances are listed in Services.MSC
Andrew WrightIT Coordinator
CERTIFIED EXPERT

Commented:
The door access software will probably run on SQL Express Edition (especially if it's Paxton Net2).
Technology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013
Commented:
Ok, I think you've gotten some good advice but I disagree with some configuration suggestions given your size.  If cost is not an issue, then by all means, follow Philip's recommendation - from a technical standpoint, it's the right way to go.  However, since most small businesses don't want to spend 20,000 to upgrade their SBS environment, here's my recommendations:

1. Yes, VIRTUALIZE.  This should be considered a requirement.  Unless you have a VERY good reason not to, you want to virtualize. Too many benefits with few (generally easily worked around) drawbacks.
2. Hardware.  Don't know enough about your environment, but when you virtualize, you want fast disks (you're going to have multiple servers running off one set of disks, you want them fast), you want RAM (RAM helps everything run smoothly) and unless you're doing some compute intensive stuff, you don't need a crazy amount of CPU - get a single processor with 16 or fewer cores or a dual processor with 8 or fewer cores per processor (the latter is getting harder to find these days).  For BASIC but relatively budget conscious configs with a moderate amount of data, I'd recommend a RAID 10 of SSDs with 250 GB per VM plus current data plus DOUBLE your expected data growth.
3. VMs. Yes, IDEALLY you keep all services on their own VM as it minimizes disruption when you need to restart a system.  However, even though Windows licensing is relatively kind, offering 2 VMs per Windows license, that's still $500 per license rounded up to the nearest $1000.  Six servers to support an environment of 30 users when you had been doing everything on (presumably) 1 server, is, I believe, overkill for the vast majority of environments.  Considering that your databases are LIKELY SQL express (unless you're using SBS Premium), then you don't need a database server.  It's a nice to have, but is it worth $1000 to you on the off chance you need to reboot it once in a while?  Will 30 people who are unable to work for 15 minutes on the database once a year be a problem worth a $1000 fix plus maintenance costs?  For my more cost conscious clients, two servers will suffice - which is a single Windows Server license.  
VM1: AD/DC/File/Print/DNS/DHCP/Database backend
VM2: RD Gateway(/Session Host if you want.) -- Assuming you want a Remote Desktop (RDS) solution -- THIS will require RDS CALs which are not too cheap.

Licensing:
Microsoft licenses by the device OR by the user (which really means human being).  You can mix and match.  You can't create one user account, get one client access license (CAL) and have 5 people share the account.  That's a license violation.  You need 1 CAL PER HUMAN BEING (if not licensing by the device).  Licensing by device means the ENDPOINT device.  If you have a PC at the office that one person remotes in from his home, his parent's home, his laptop, his ipad, and on occasion, his parent's house, ONE device CAL does NOT cover things because the ENDPOINT is the computer he's physically typing on, not the one he's remoted into... and EACH one of those devices needs it's own CAL.  So in MOST cases, a user cal is better as that one user CAL covers him from ANY device he uses.
To that end, most businesses as you describe would do well with (and assuming you want RDS):
1 Windows Server license (~$1000)
30 Windows CALs ($45/EACH)
30 RDS CALs ($135/EACH)
(Pricing is based on my memory and could be slightly off by about 10%)
Also important to understand, CALs are ADDITIVE - one RDS CAL grants rights to access RDS features, but does NOTHING for accessing Windows.

Given your self described lack of expertise, I would strongly recommend finding a local consultant who can work with you on this and make sure you get what's right for your business.  If your a stock broker, you may want far more resiliance than if you're a florist and that can affect what you put in and how you put it in.  Forums are great, but it's really hard to do justice to recommendations when we've never even seen the network.

Author

Commented:
Many thanks for the continued advice, you guys are awesome.

Welcome to the fray, Lee!

So I hadn't planned on virtualizing anything as I figured that would just add extra layers of complexity (and cost) to a project that I'm already less than confident about...but it seems I need to reconsider.  

We are on the standard version of SBS, and so I'll assume the free version of SQL will suffice for the door access, which is CardAccess3000.

Cost is definitely a factor.  I would probably rather spend a bit more on performance and storage at the expense of additional VM's.  If the only real benefit of the extra VM's is reduced risk of restart disruption, I (they) will have to live with the rare reboot during production hours. Your version of 2 VM's may be a better fit for us.  I really don't like saying one opinion offered is better than the next, as I don't have the experience or knowledge to do so, but I do need to avoid overkill and cost creep where possible.

As for storage, I'm at 845/2000 gigs of storage now, but much of that is going to exchange.

You're the first one to mention my lack of experience, and you're 100% correct...the idea of attempting this solo is costing me sleep.  If I had a server that wasn't crashing daily ( https://www.experts-exchange.com/questions/29174927/SBS2011-crashing-rebooting-with-Event-41-Kernel-Power-error.html ) and driving my users crazy this would be a different story, but I feel like I'm on borrowed time already.  I've been going back and forth on trying to find a consultant or just buying a migration guide from a site like server-essentials, which at a glance seems to offer pretty thorough guides.  

As for the network, I'm sure you all would consider it very simple.  Two physical servers (SBS and ERP), a few unmanaged switches and a bunch of workstations.  I do have two locations connected by IPSEC, but the remote location has only clients, no servers.

The more I read and learn the deeper this hole seems to get!!  I don't want to go overboard with the gratitude, but you all have no idea how much it helps someone with my experience/skill level (lack thereof) to have a place like this to seek out help and advice...thank you again.