Budget option of transition from the working group to the domain
This article will be of interest to novice system administrators, as well as managers of small but growing companies who find themselves in a transitional situation, when working in a working group is still possible, but already threatening to turn into a problem in the foreseeable future.
But written is unlikely to seem interesting and relevant to experienced sysadmins, as it involves a fairly simple task. However, the problems raised in it may be relevant for professionals as well, and comments on the recipes voiced in this article from experts with experience will be very valuable.
')
After a certain “critical mass” has been recruited (usually 15-20 users), the development of a network within the framework of a working group increases the cost of human resources for infrastructure management. At the same time, as the number of users grows and the number of applications they use, administration difficulties increase, the need for security, software standardization, and centralized management of policies that only a serious private infrastructure and its own domain controller can increase.
And here, due to the sudden need for capital expenditures, it is time to clutch at the head: after all, one domain controller will not be enough, its fall will mean that all users stop working. Therefore, to ensure the resiliency of the entire system will need another one. Well, the third server, mail, file or for applications, most likely you will have even without that.
Thus, at a certain point in the development of a company, it becomes necessary to build a serious private infrastructure - and not from one, but rather from three servers at once. It can be ignored when working in working groups, but the longer this continues, the harder it will be to switch to the domain infrastructure.
Is it really impossible to smooth this jerk somehow? Can! But for this you have to resort to a few tricks.
The cost of three servers (meaning also the cost of software licenses for them - but more on that below) can be greatly reduced by using virtualization to combine the mail, file, or application server server roles with the second domain of the controller.
That is, you will not need three servers, but one full-fledged domain controller on a physical server and another server with virtualization of a domain controller plus the functions that the third server should have fixed.
It is worth keeping in mind the replication between the two controllers. DNS and DHCP will need to be installed on both domain controllers, with DNS running in duplicate mode, and DHCP can be divided: some addresses can be leased from one server, the other from another. Periodically there will be replication, which will generate traffic and load the network - but this is the cost of saving.
This scheme is theoretically capable of withstanding 100-200 users on the network - everything will, of course, depend on the load of everyone, but sooner or later it will be necessary to expand this infrastructure, so this is a good solution to the problem.
As for the hardware suitable for the task, a server with a weak processor will be enough for a domain controller (in the case of paranoid reinsurance, you can take two, but in our practice there was only one case when Intel failed), 4 GB of memory, two disks 500 GB each in RAID 1 for the operating system, another hot-swap disk and a terabyte for backups. For fault tolerance, two network cards are required!
But on the second server, which will implement virtualization, it is better not to save! The same configuration will not work for sure; a stronger and more serious machine is needed: two good processors, a solid RAM volume - at least 32GB; two 500 GB disks in RAID1 for the operating system, three terabytes, one of which is backups, as well as two network cards. Capital costs are inevitable in this case, but overpayments can be avoided.
There are enough offers of new servers on the market that are suitable for such a task: the domain server RH1288 / 8-2 V3 1X2609V4 / 16GB / 2x500 & 1x1TB HUAWEI HU will cost 172,400 rubles, and the application server 2XE5-2620V4 64GB 2x500GB 2x1TB 240,000 rubles.
You can, however, take our second-hand servers : ASUS RS500-E6 / PS4 2xXeon E5530 16GB RAM, 2x500Gb & 1x1TB HDDs for 34,890 rubles will work for the domain, and for SUPERMICRO SYS-6017R-NTF 2xXeon E5-2665, 64Gb RAM applications , 2x500Gb & 2x1TB HDDs for 124,800 rubles.
The amount differs, as you can see, significantly: 159,690 for second-hand against 412,400 for new ones. Obviously, three new servers would be even more expensive.
Another headache for a small enterprise that is just starting to build its own infrastructure is the software licenses for servers. Microsoft Windows Server 2016 Essentials Open License (supports up to 25 users), the program designed for the first servers of a small enterprise costs about 25 thousand rubles. But even here there is an opportunity, if not to get rid of spending at all, then at least to postpone them for half a year - if you use the trial version, which works for 180 days.
Only "Trial Use" does not imply the use of software in a production environment. No work tasks! Well, at least formally. But it’s clear that in no other way how to run such software is impossible.
And, of course, it is clear that the user who built the infrastructure on some kind of software for six months will be much more attached to the vendor and simply forced to buy a license from her. And Microsoft just thought about this opportunity when they were given “to try” not three days, not a week or two, but six months! )
The first steps and decisions taken during the construction of infrastructure are very important and can seriously affect the further functioning of the enterprise, so you need to do them consciously. But at the same time, if you do not solve the problem head-on, but approach the solution creatively, then you can seriously save.
Here's how to optimize spending:
Thus, the costs are reduced several times, and the saved resources are better not to transfer to other needs, and think about how to prepare only the emerging IT infrastructure for further growth and expansion.
And how did you start building your infrastructure? What are your recipes?
But written is unlikely to seem interesting and relevant to experienced sysadmins, as it involves a fairly simple task. However, the problems raised in it may be relevant for professionals as well, and comments on the recipes voiced in this article from experts with experience will be very valuable.
')
After a certain “critical mass” has been recruited (usually 15-20 users), the development of a network within the framework of a working group increases the cost of human resources for infrastructure management. At the same time, as the number of users grows and the number of applications they use, administration difficulties increase, the need for security, software standardization, and centralized management of policies that only a serious private infrastructure and its own domain controller can increase.
And here, due to the sudden need for capital expenditures, it is time to clutch at the head: after all, one domain controller will not be enough, its fall will mean that all users stop working. Therefore, to ensure the resiliency of the entire system will need another one. Well, the third server, mail, file or for applications, most likely you will have even without that.
Thus, at a certain point in the development of a company, it becomes necessary to build a serious private infrastructure - and not from one, but rather from three servers at once. It can be ignored when working in working groups, but the longer this continues, the harder it will be to switch to the domain infrastructure.
Is it really impossible to smooth this jerk somehow? Can! But for this you have to resort to a few tricks.
Trick one: virtualization
The cost of three servers (meaning also the cost of software licenses for them - but more on that below) can be greatly reduced by using virtualization to combine the mail, file, or application server server roles with the second domain of the controller.
That is, you will not need three servers, but one full-fledged domain controller on a physical server and another server with virtualization of a domain controller plus the functions that the third server should have fixed.
It is worth keeping in mind the replication between the two controllers. DNS and DHCP will need to be installed on both domain controllers, with DNS running in duplicate mode, and DHCP can be divided: some addresses can be leased from one server, the other from another. Periodically there will be replication, which will generate traffic and load the network - but this is the cost of saving.
This scheme is theoretically capable of withstanding 100-200 users on the network - everything will, of course, depend on the load of everyone, but sooner or later it will be necessary to expand this infrastructure, so this is a good solution to the problem.
Optimal configuration
As for the hardware suitable for the task, a server with a weak processor will be enough for a domain controller (in the case of paranoid reinsurance, you can take two, but in our practice there was only one case when Intel failed), 4 GB of memory, two disks 500 GB each in RAID 1 for the operating system, another hot-swap disk and a terabyte for backups. For fault tolerance, two network cards are required!
But on the second server, which will implement virtualization, it is better not to save! The same configuration will not work for sure; a stronger and more serious machine is needed: two good processors, a solid RAM volume - at least 32GB; two 500 GB disks in RAID1 for the operating system, three terabytes, one of which is backups, as well as two network cards. Capital costs are inevitable in this case, but overpayments can be avoided.
There are enough offers of new servers on the market that are suitable for such a task: the domain server RH1288 / 8-2 V3 1X2609V4 / 16GB / 2x500 & 1x1TB HUAWEI HU will cost 172,400 rubles, and the application server 2XE5-2620V4 64GB 2x500GB 2x1TB 240,000 rubles.
You can, however, take our second-hand servers : ASUS RS500-E6 / PS4 2xXeon E5530 16GB RAM, 2x500Gb & 1x1TB HDDs for 34,890 rubles will work for the domain, and for SUPERMICRO SYS-6017R-NTF 2xXeon E5-2665, 64Gb RAM applications , 2x500Gb & 2x1TB HDDs for 124,800 rubles.
The amount differs, as you can see, significantly: 159,690 for second-hand against 412,400 for new ones. Obviously, three new servers would be even more expensive.
The second trick: licenses
Another headache for a small enterprise that is just starting to build its own infrastructure is the software licenses for servers. Microsoft Windows Server 2016 Essentials Open License (supports up to 25 users), the program designed for the first servers of a small enterprise costs about 25 thousand rubles. But even here there is an opportunity, if not to get rid of spending at all, then at least to postpone them for half a year - if you use the trial version, which works for 180 days.
Only "Trial Use" does not imply the use of software in a production environment. No work tasks! Well, at least formally. But it’s clear that in no other way how to run such software is impossible.
And, of course, it is clear that the user who built the infrastructure on some kind of software for six months will be much more attached to the vendor and simply forced to buy a license from her. And Microsoft just thought about this opportunity when they were given “to try” not three days, not a week or two, but six months! )
findings
The first steps and decisions taken during the construction of infrastructure are very important and can seriously affect the further functioning of the enterprise, so you need to do them consciously. But at the same time, if you do not solve the problem head-on, but approach the solution creatively, then you can seriously save.
Here's how to optimize spending:
Thus, the costs are reduced several times, and the saved resources are better not to transfer to other needs, and think about how to prepare only the emerging IT infrastructure for further growth and expansion.
And how did you start building your infrastructure? What are your recipes?
Source: https://habr.com/ru/post/321832/
All Articles