Thoughts on Server upgrades

[Adam1V]

I have very limited knowledge when it comes to the possibilities with servers, so im hoping someone could offer some input.

I don?t work in IT, im an electrical engineer by day, who also seems to be tasked with looking after the IT.

We have head office with approx. 25 users, everyone has their own computer and we have two servers.

Server1 is running SBS2003, has exchange, sharepoint, makes all the backups and is the primary domain controller.

Server2 is simply a server with lots of storage and is used for all the network shares (I don?t want to call it a file server as I believe a file server is running the proprietary MS file server software?). The operating system on this is 2008.

We?ve just opened a remote office many miles away which could eventually house up to 10 people.

At the moment, the head office has 8mb down and 512mb up on the internet connection.

There?s only two people working there, who are currently using remote VPN (not a tunnel between routers) for file access and OWA for emails.

If the number of people increases, it?s been mentioned that another server may be beneficial down there.

As we?re a small company, we cannot afford to buy big expensive servers, virtualisation etc, its simply not affordable for us.

When the users use VPN, they find the internet incredibly slow (which is understandable), but I was wondering what common practise would be for remote offices etc.

We?re talking about possibly upgrading server1 to a new machine and purchasing it with SBS2011 (when available) which will include the new exchange etc.

Does anyone have any thoughts/comments towards remote offices, common setups etc?

[c.grz]

My first suggestion would be to increase the bandwidth at the head office. You'll want to increase the upload speeds. Who is the ISP?

[sc302 Veteran]

2 SBS servers can't exist as part of the same domain.

Internet is going to be slow, there is no way around that, well at least without dumping even more money into a proxy server that can cache webpages...but you aren't big enough to really see the benefits from that unless everyone hits the same website constantly.

Here is how I see it, you purchase a new server with a server standard os. You make it a member server. You put this server out there. I would go to the extent of getting a hardware based vpn solution so that the clients seemlessly access the common network. You will need to back this up somehow, (tape, external harddrive, cloud based solution, etc). The clients should be using cached exchange mode so that mail is fast (it caches the mail locally and they would open attachments locally vs off of the server), it would be much better than owa doing it this way (currently have 1.5Mb/s between sites here, using cached exchange mode and everyone is extremely happy with the speed as it is nice and fast when opening or viewing attachments).

Your weakest link is 512kb/s, this is your speed (ignore the 8Mb/s, you can only get this if your up at your main site is also 8Mb/s..you are limited by the upload at either site).

[Adam1V]

Thanks for the comments guys.

We're a UK company and are currently with Plusnet (owned by BT).

Fibre isnt yet common in the UK, but BT/Plusnet are starting to roll out trials. Our telephone exchange wont be upgraded until June, but from then on, it'll be 20mb up and 40mb down.

We have a pair of Drayteks which are capable of establishing a VPN tunnel between them, but we tried this once before and found the tunnel was regularly dropping (once or twice a day maybe). Im not sure if this was down to the other company having an extremly poor connection or bandwidth issues.

[StrikedOut]

Looking at the speed of your connection I would guess your in the UK? If so ask your ISP about FTTC (Fiber To The Cabinet). Its being rolled out fairly fast and is in alot of places and will give you a massive boost in speed.

[sc302 Veteran]

Alright then maybe this may answer your question about vpn dropping by me asking this question....WTF is a Draytek? A POS soho router that barely belongs in a home much less in a business environment? Quality equipment = quality connection, crap equipment = roll the dice.

If this is any clue as to what kind of equipment we are dealing with

http://www.draytek.us/ (I could train my 2 year old to make a site that looks like this, really ugly low tech website similar to designs back in 1993)

I would be more concerned with the equipment vs the quality of the line. A vpn is supposted to re establish once there is traffic going across. Also static addressing is recommended when using a VPN, if the address gets released and renewed (DHCP) at any point this could create a break in service.

[StrikedOut]

Which Drayteks? We used to use 2800 for the VPN link before we went to MPLS and they were very stable.

[Adam1V]

Yes FTTC is being trialled as mentioned below, I think I just beat you to it.

SC,

Whilst I can appreciate Draytek isnt a top end business product, I dont think it deserves the comments mentioned above.

In the UK I was under the impression its an ideal product for our size business.

Can I ask where you've derived your comments from?

Which Drayteks? We used to use 2800 for the VPN link before we went to MPLS and they were very stable.

We have the 2800 at head office and 2710VDN at the remote office.

[Japlabot]

Switch Exchange to Google Apps

Buy Drobo FS with Drobo Sync x2

Job done.

[sc302 Veteran]

Yes FTTC is being trialled as mentioned below, I think I just beat you to it.

SC,

Whilst I can appreciate Draytek isnt a top end business product, I dont think it deserves the comments mentioned above.

In the UK I was under the impression its an ideal product for our size business.

Can I ask where you've derived your comments from?

Well first, I have been here for a long time. I have never seen mention or use of a Draytek in any site. Cisco, Juniper, Nortel, Bay, sonicwall, 3com, hell even Dlink, Linksys and Netgear....never a Draytek. The Linksys and Netgear were flakey (havent used a dlink in vpn mode), the others were pretty solid.

Second, technology can be judged by other technology that the company uses. Their website is very much like a default frontpage template which takes little design knowledge to put together (run frontpage, select template, put in your information). While this maybe ok for the dog groomer down the street a technology company should look to stand out and not be part of a common default template design which would represent the technology that they can offer (uncommon, high end equipment, will always work vs low budget, common and it may work or it may not work equipment). I look at it as getting a Dr that did OK in his class doing brain surgery on you, or a Dr in his class that got top honors doing brain surgery....The OK dr will get the job done but you may not be able to speak or miss which will kill you vs the Dr that got top honors is more detail oriented and will successfully perform the surgery. If the little things that don't mean anything look spectacular, you would expect what you are buying into to be spectacular...if the little things that don't mean anything are a bit off, chances are what you are buying into is going to be a bit off.

[majortom1981]

Its definitely the Upload of your connection that is causing the slowness . NOT 2003 . You need to work on a better connection.

[Adam1V]

Well first, I have been here for a long time. I have never seen mention or use of a Draytek in any site. Cisco, Juniper, Nortel, Bay, sonicwall, 3com, hell even Dlink, Linksys and Netgear....never a Draytek. The Linksys and Netgear were flakey (havent used a dlink in vpn mode), the others were pretty solid.

I have a friend who manages tens of Draytek VPN tunnels and says he never comes accross dropped connections or any problems with the Drayteks (Which is makign me consider opening a new VPN tunnel)

Second, technology can be judged by other technology that the company uses. Their website is very much like a default frontpage template which takes little design knowledge to put together (run frontpage, select template, put in your informamtion). While this maybe ok for the dog groomer down the street a technology company should look to stand out and not be part of a common default template design which would represent the technology that they can offer (uncommon, high end equipment, will always work vs low budget, common and it may work or it may not work equipment).

I completely agree with most of that, the websites (inc UK) are awful and very outdated (by 20 years!), but that being said, I dont think it bares any impact on their product.

As far as im aware, the Drayteks are decent, solid modem routers.

Im hoping someone who is familiar with them could comment, perhaps im mis-informed.

Well first, I have been here for a long time. I have never seen mention or use of a Draytek in any site. Cisco, Juniper, Nortel, Bay, sonicwall, 3com, hell even Dlink, Linksys and Netgear....never a Draytek.

I think you must have missed alot of posts, there appears to not only be alot of discussions on Drayteks, but good reviews, search the board for 'Draytek'.

Search any of the posts, but alot of people appear to be using them for business purposes and have great comments to make :)

[sc302 Veteran]

I have a friend who manages tens of Draytek VPN tunnels and says he never comes accross dropped connections or any problems with the Drayteks (Which is makign me consider opening a new VPN tunnel)

I completely agree with most of that, the websites (inc UK) are awful and very outdated (by 20 years!), but that being said, I dont think it bares any impact on their product.

As far as im aware, the Drayteks are decent, solid modem routers.

Im hoping someone who is familiar with them could comment, perhaps im mis-informed.

I think you must have missed alot of posts, there appears to not only be alot of discussions on Drayteks, but good reviews, search the board for 'Draytek'.

Search any of the posts, but alot of people appear to be using them for business purposes and have great comments to make :)

Perhaps it is just a UK thing. Which is why I haven't seen them in production here in the US, which is my comment where I have been around for a while derived from vs being here on the boards. Worldwide vs regional also plays into the mix...If they are a quality product, why aren't they used more commonly over here (US)? Is it marketing, is it too much competition? Really if a POS company like belkin can make a router, surely dratek can't be any worse.

[Adam1V]

Going back to the OP, this has now been confirmed and we're to have 6-8 people working remotely.

I've requested a VPN tunnel be created between the routers as a test, but I understand a static route can also be created to allow internet traffic out through the remote router and file transfer between the VPN tunnel?

[cybertimber2008]

My 2c (MS Server 2008 certified)...

You have 25 users, ~27 computers, and now 2 remote users (expanding upwards to 8). IT is going to be a growing need to support your users.

Upgrade your Server1 as you said to a new device with Server 2008. Also purchase a NAS(1) device, and use this to replace Server2 at HQ. This would be a better use (lower power, reliability, etc) than using a full blown server for file shares... and here's why I suggest that: Move Server 2 to your remote location. Set up server replication in off-hours. This copies active directory, deltas of file-share changes, etc. This puts the data they need at their location, but the server can pull any data they need (if not replicated) on the fly, and quickly.

(1) You *could* move your old Server1 to that location... but consider an upgrade to 2008. Replication works much better in 2008, since it was completley overhauled. That would save on the purchase of a NAS device, though I've seen them be fairly reasonably prices (and I'm talking about the rack mounted ones, not SOHO ones).

[Adam1V]

Thanks for the info above CT.

Im really new to this sort of upgrade/change, but would the following be another option; purchase a new decent sever (which'll act as a PDC) to replace server1, leave files and SQL databases on server2 and eventually move the old server1 to the remote office?

My thoughts behind it are;

1, the current server1 is nearing its end of life cycle, id rather not leave it in as a main compoent (as you've described in (1)),

2, server2 is a great spec server, which is currently handling multiple SQL instances, sharepoint server (not massively used) and acts as a file server, as well as having all the sage accounts/files on there. it would be a massive overhaul to cycle this out.

[cybertimber2008]

I meant (1) as like a little footnote (referenced after NAS), but what you said is what I meant.

Purchase Server1(new), Replace Server1(old) with Server1(new). Leave Server2, move Server1(old) to Remote Location. If possible, upgrade Server1(old) to Server 2008 for the compatible file replication services, and you're in good shape IMO.

So your last post was right on, except, upgrade 2003 to 2008 (if possible).

Now as far as network goes:

Yes! Do the static route method (not sure that's the right term though). There is no need for facebook/yahoo/general traffic to be VPNed to your HQ, just to go back out to internet. This is a waste of VPN throughput, when you have a limited amount. Send only private-network information (exchange, etc) across VPN. Anything that is publically accessible (yahoo, facebook, etc), send out of remote router. Would recommend maybe seeing if VPN traffic could be given priority though.

Also, in the short term, or until you get the upload speed upgraded, see if you can implement compression on your upload end. This will shrink the data a bit, allowing you to transmit more data in the same time.

[sc302 Veteran]

Now as far as network goes:

Yes! Do the static route method (not sure that's the right term though). There is no need for facebook/yahoo/general traffic to be VPNed to your HQ, just to go back out to internet. This is a waste of VPN throughput, when you have a limited amount. Send only private-network information (exchange, etc) across VPN. Anything that is publically accessible (yahoo, facebook, etc), send out of remote router. Would recommend maybe seeing if VPN traffic could be given priority though.

Also, in the short term, or until you get the upload speed upgraded, see if you can implement compression on your upload end. This will shrink the data a bit, allowing you to transmit more data in the same time.

the proper term is split-tunnel. Traffic to HQ through VPN for internal info, Traffic direct to internet for surfing. IE if you need 192.168.1.x go through the tunnel, else go through the internet gateway.

[Adam1V]

Thanks for the replies guys.

There is a formal meeting today, where the IT will be discussed, the proposed plan to move forward is as follows:

*Purchase new server with latest Windows OS + latest Exchange server licences + cals

*setup this machine, create all the new accounts (assuming there is no way to import SBS 2003 AD into 2008 AD?). Get this machine running as the PDC over a weekend which replaces our current server1, then spend some time resting and taking a breath :)

*After a short period of time (to ensure theres no issues with new server), purchase latest windows os + Exchange server + cals. Install this on our Old Server1.

*move old server 1 to remote office location. New users will collect emails from their own exchange (emaisl pushed down from our exchange server) and login to their own server at the remote location.

<Now for the bit im unsure about>

By this time, we will have FTTC available 40mb downstream / 20mb up, and hope to be on board.

*setup a hardware VPN connection between the two Draytek Routers.

Initially, we discussed about leaving ALL Files on server2 at the HQ. From what I can see, the remote office would need a minimum access of 50GB+ of data.

If it could be stored locally on their server, that would be great, but im worried to death about errors in replication/synchnorisation etc.

Contract folders are updated very frequently, id have concerns about someone updating a document one end, someone updating the same document the other end and the files not matching correctly.

How efficient is the data replication?

If the 20mb upload speed proves to be quick and the VPN reliable, then we may not need to replicate?

Further comments/suggestions greatly welcome.

[sc302 Veteran]

Replication is fast, but not instaneous fast....a few seconds to a few minutes fast. you only need 1 exchange server in your scenerio, I can promise that. Using the outlook client in exchange cached mode is your best bet esp if you have laptop users that will be traveling. Backups will be a mess, restoring will not be easy if you have to unless you have a decentralized backup that you will rely on the remote site to monitor.

500-1000 user base, 2 exchange servers replicating off site, every user has exchange cached mode enabled. Emails open instantaneously on each workstation, attachments open instantaneously, with outlook anywhere it doesn't matter where the user is at as long as they have a connection to the internet (regardless of how slow it is) they are able to open attachements as fast as they were here. You don't need 2 exchange servers, you need to understand the technology that you have.

I have 2 replicating exchange servers for a 0 down time situation. I have a multiple mx records for the same host so if 1 site goes dark, the other site has a complete replica and to the client all they have to do is close and reopen and all of their mail is there. I also have mutiple internet pipes coming into the business and different locations. Near 0 down time.

[Adam1V]

Thanks for your info SC.

Im not the one implimenting it, but have been tasked with trying to organise it.

The senario I posted above is whats been passed to me.

By having an exchange server at the remote office, would that not save some bandwidth/traffic of the Outlook users constantly talking accross the internet?

Im just trying to think of the benefits of spending the additional $1300 (roughly converted from ??).

I guess if our server/internet went down, we rebooted the server, they wouldnt be affected remotely at all, they'd see no error messages and still send to/from their own server which would temporarily store the emails until the link is reestablished?

I think we currently have exchange server in cached mode anyway, which users have found slow over the manual VPN (i.e emails are still available to read when the server is offline, but the client remains disconnected or "work offline" mode).

I didnt realise the replication was that fast, thats better than I thought.

I was expecting it to be the end of the day type thing.

WRT outlook anywhere, Is this Outlook Web Access? We currently have that, but the old 2003 web access looks very dated! I think the new exchange server is much nicer to work with?

[sc302 Veteran]

Thanks for your info SC.

Im not the one implimenting it, but have been tasked with trying to organise it.

The senario I posted above is whats been passed to me.

By having an exchange server at the remote office, would that not save some bandwidth/traffic of the Outlook users constantly talking accross the internet?

Im just trying to think of the benefits of spending the additional $1300 (roughly converted from ??).

I guess if our server/internet went down, we rebooted the server, they wouldnt be affected remotely at all, they'd see no error messages and still send to/from their own server which would temporarily store the emails until the link is reestablished?

I think we currently have exchange server in cached mode anyway, which users have found slow over the manual VPN (i.e emails are still available to read when the server is offline, but the client remains disconnected or "work offline" mode).

I didnt realise the replication was that fast, thats better than I thought.

I was expecting it to be the end of the day type thing.

Here is the thing, regardless of how it is getting pulled, it will still get pulled. Whether it be to one server or to the individual clients, there is little to no bandwidth savings by having a server on site. If your server at the main site went down they would loose connection to the server but could still work offline with their local cache, they would just see a message at the bottom disconnecting them and reconnect when it became available.

Here is the thing, sending and receiving is going to be slow over that vpn line, reading and opening attachments is not. Do you think for a second that sending and receiving isn't going to be slow with a exchange server on site...all you are doing is masking the send and receive by putting it on the server (it is actually sending and receiving vs the individual clients and depending on how it is going out (for instance multiple recipeints to multiple sites) can bog down the connection being that the server is now a bridgehead able to send mail out.

When you send a mail message out to multiple recipients, the mail server sends everyone a message. In a exchange environment you send 1 message to the exchange server and that exchange server hands out the copies. When your exchange server is local it sends many copies across the pipe out to the internet.

[Adam1V]

*edit* is this a feature of the current windows software, Remote Web Access:

http://blog.mpecsinc.ca/2011/01/video-introduction-to-sbs-2011-remote.html

Looks very good for roaming/laptop users.

*edit*, just realised this is equilivant to windows 8 release. bah.

[Adam1V]

Here is the thing, sending and receiving is going to be slow over that vpn line, reading and opening attachments is not. Do you think for a second that sending and receiving isn't going to be slow with a exchange server on site...all you are doing is masking the send and receive by putting it on the server (it is actually sending and receiving vs the individual clients and depending on how it is going out (for instance multiple recipeints to multiple sites) can bog down the connection being that the server is now a bridgehead able to send mail out.

I can apprecaite the actual sending/recieving will be slow, but hopefully 10x faster than our current 512kb connection, once we're upgraded.

Surely its better for the server to deal with the slow speed and let the end users send/recieve fast between their local exchange server? Yes it will be masked, but after spending alot of money, questions will be asked (by non technical people) as to why its taking them ages to send a 10mb file via outlook to our exchange server at HQ?

If the above senario happened with a local server, the email would be sent to the server quickly and the end user is none the wiser?

Thanks again :)

[sc302 Veteran]

Well with a 20 meg connection you would hope it would be faster. It is up to you, having the server there could actually slow down your uplink.

You could try it as it sits prior to loading the server to see if it functions within acceptable limits to the end user.