How much does a cloud office cost
A series of articles on the transfer of infrastructure to the cloud once again confirms the general trend that has emerged over the past few years. Unfortunately, if you solve the problem in the forehead, the cost of hosting is very high, here is one example . Recently, a client came to us who, in our opinion, is most suitable for the role of an average company interested in this service. We decided to show the description of this project with all prices to the respected Habrasoobshchestvo. Some privacy data has been changed, but this does not affect the final picture.
Initial data:
The company has 35 people, one main office and two additional, several people working from home.
What do you need:
')
- transfer to the cloud the existing application server (1C) with terminal access for 15 people;
- transfer mail from a paid hosting and 30-40 mailboxes from public mail services;
- environment for collaboration of calls and videoconferences instead of skype 30-40 users;
- telephony with connection to an existing operator and the ability to connect new ones. Preferably with the possibility of holding telephone conferences by phone number and PIN;
- Mobile VoIP client with voice traffic encryption;
- The storage of common documents 60-100GB.
Security requirements are fairly standard: location in Western Europe, encryption of all traffic, data encryption. As if the client had read the article , stopped fearing for his data abroad.
As a solution, it is proposed to use a 1c bundle on Terminal Server + RDG, MS Exchange, MS SfB + FreePBX and MS SharePoint with Office Online Server.
MS SharePoint controversial decision
Share Point is a controversial decision; many companies, even when building the rest of the infrastructure on Microsoft products, prefer to use other solutions (File Cloud, OwnCloud).
But given the geographical diversity of the company's offices, the urgent need to improve communication between employees, and when integrated with Skype for Business and Exchange, SharePoint is in our opinion the most logical choice. This solution covers all modern “must have” document storage requirements - versioning, accessibility from everywhere, connection security, the ability to work with documents offline, the ability to search, sort, and structure document storage, flexible access settings, and pleasant additions - the ability to call or write to the author of the document without leaving the browser window.
Office Online Server (OOS) will allow you to edit documents through the browser without having to download the document and without installing the MS Office software on the device. This is one of the main components of security, since the presence of offline copies of important documents on the user's local computer is a potential threat, and working with Word, Excell through the terminal is much less convenient than through OOS.
And, of course, the possibilities of collaboration - when you can observe the process of creating or editing a document in real time, the work becomes: clearer, faster, more interesting (review of the possibilities of collaboration - habrahabr.ru/post/310396/ ).
But given the geographical diversity of the company's offices, the urgent need to improve communication between employees, and when integrated with Skype for Business and Exchange, SharePoint is in our opinion the most logical choice. This solution covers all modern “must have” document storage requirements - versioning, accessibility from everywhere, connection security, the ability to work with documents offline, the ability to search, sort, and structure document storage, flexible access settings, and pleasant additions - the ability to call or write to the author of the document without leaving the browser window.
Office Online Server (OOS) will allow you to edit documents through the browser without having to download the document and without installing the MS Office software on the device. This is one of the main components of security, since the presence of offline copies of important documents on the user's local computer is a potential threat, and working with Word, Excell through the terminal is much less convenient than through OOS.
And, of course, the possibilities of collaboration - when you can observe the process of creating or editing a document in real time, the work becomes: clearer, faster, more interesting (review of the possibilities of collaboration - habrahabr.ru/post/310396/ ).
Based on the requirements, the following VM configuration was obtained:
Host HV1
| Server | RAM, Gb | HDD, Gb | Server roles |
| Exch1 | 14-20 | 450 | Exchange server, Data availability group with Exch2 |
| RP | 2-4 | 60 | Reverse proxy |
| DC1 | 2-4 | 60 | Domain Controller |
| Mkt1 | one | 20 | MikroTik Cloud Hosted Router |
| RDSHost1 | 40-60 | 300 | Terminal server balancing with RDSHost2 |
| RDSBroker | 4-6 | 60 | RD Connection Broker, RD Gateway, RD Web Access |
| FS1 | 2-4 | 300 | File server integrated into DFS with FS2 |
| SQL | 16-24 | 300 | MS SQL for 1C |
| 1C | 8-12 | 80 | 1C server |
| Sb-fe | 8-12 | 60 | Skype for Business Front-End |
| Sb-edge | 2-4 | 60 | Skype for Business edge |
| SP | 12-24 | 300 | Sharepoint |
| Oos | 12 | 80 | Office Online Server |
| Frpbx | one | 40 | FreePBX as SIP Gateway |
| Total | 124-188 | 2170 |
HV2 Host
| Server | RAM, Gb | HDD, Gb | Server roles |
| Exch2 | 14-20 | 450 | Exchange server, Data availability group with Exch1 |
| RP | 60 | VM replica | |
| DC2 | 2-4 | 60 | Domain Controller |
| Mkt2 | one | 20 | MikroTik Cloud Hosted Router, Failover IP with Mkt1 |
| RDSHost2 | 40-60 | 100 | RD Session Host balancing with RDSHost1 |
| Fs2 | 2-4 | 300 | File server integrated into DFS with FS1 |
| RDSBroker | 60 | VM replica | |
| SQL | 300 | VM replica | |
| 1C | 80 | VM replica | |
| Sb-fe | 60 | VM replica | |
| Sb-edge | 60 | VM replica | |
| SP | 300 | VM replica | |
| Oos | 80 | VM replica | |
| Frpbx | 40 | VM replica | |
| Bckp | 2-4 | 2000 | Backup server |
| Total | 59-89 | 3970 |
So where to post
We made a small comparison of the prices of different hosters with approximately the same configuration suitable for this task (sorting by price)
| Hotster | Type of | Configuration name | Configuration Parameters | Price per month | URL |
| Azure + Office 365 Enterprise E5 | Cloud | Virtual machines | $ 1,649.41 + $ 35 (per user) | https://azure.microsoft.com/en-us/pricing/calculator/ | |
| AWS | Cloud | r4.4xlarge | 16 Core, 122Gb RAM 2000Gb HDD | $ 1296 + EBS $ 90 | https://aws.amazon.com/ec2/pricing/on-demand/ |
| Rackspace | Dedicated server | Dual processor | Intel Xeon E5-2640 2.5GHz, 128GB, 5x300GB 15K SAS | 2x $ 649 + Storage | https://www.rackspace.com/dedicated-servers |
| Digitalocean | Cloud | 16 Core, 128Gb RAM 2000 GB SSD | $ 960 + Storage $ 200 | https://www.digitalocean.com/pricing/ | |
| ProfitBricks | Cloud | 12 Core, 108GB RAM, 2000Gb HDD | $ 866 | https://www.profitbricks.com/pricing#section=details-price-performance-guarantee | |
| Ovh | Dedicated server | SP-128 | Intel Xeon E5 1650v3, 128, 2 x 2 TB | 2x $ 179 | https://www.ovh.com/us/dedicated-servers/ |
| Hetzner | Dedicated server | PX121 | E5-1650 v3 256Gb RAM 2x4Tb HDD | 2x € 116.81 | https://ru.hetzner.com/hosting/produktmatrix/rootserver-produktmatrix-px |
Choice of hosting or discourse on availability and SLA
The simplest calculation with a calculator shows that SLA, in which the reduction of subscriber payments is indicated is proportional to the unavailability time, is a profanity. For example, in a year of 8,764 hours, for two years the service was not available for 12 consecutive hours, it turns out that apart from the indirect loss of business only for a mere 30 employees, at 80,000 rubles a month of expenses per person, you suffered 109,090 rubles loss, and compensation from data center will be 0.07% of the payment for two years, or even taking a hypothetical $ 5000 a month, we get $ 82, which is not serious for your business or for the service provider.
And there are spots in the sun, everyone remembers the failures of Gmail, Facebook, Azure, power-off in the main European Communicator Telecity2, when half of England was left without the Internet and even Moscow cell subscribers had problems. http://arstechnica.co.uk/business/2016/07/bt-isps-telehouse-north-major-outage/
For a company with 20-50 people, using HP 3PAR with replication of storage between two data centers is most likely redundant, and does not provide a 100% guarantee against configuration errors - an example of the recent failure due to human factors in AWS https : //aws.amazon.com/ru/message/41926/ . The most acceptable two options are to build a software cluster (all Microsoft servers have an opportunity), and if a simple 2-3 hours for a business is not critical, then online backup to the second data center and manual switching on of virtual machines is an acceptable and budget solution.
In order to insure 100% not only from equipment failures, but also from data center problems, it’s better to take one server from one operator and the other from another (for example, hetzner and OVH), but to simplify the administration of payment control, you can take both physical server from one operator, and in the future to make the second to another. Moving backup virtual machines on fast, intra-European channels is a simple task and does not require stopping maintenance.
And there are spots in the sun, everyone remembers the failures of Gmail, Facebook, Azure, power-off in the main European Communicator Telecity2, when half of England was left without the Internet and even Moscow cell subscribers had problems. http://arstechnica.co.uk/business/2016/07/bt-isps-telehouse-north-major-outage/
For a company with 20-50 people, using HP 3PAR with replication of storage between two data centers is most likely redundant, and does not provide a 100% guarantee against configuration errors - an example of the recent failure due to human factors in AWS https : //aws.amazon.com/ru/message/41926/ . The most acceptable two options are to build a software cluster (all Microsoft servers have an opportunity), and if a simple 2-3 hours for a business is not critical, then online backup to the second data center and manual switching on of virtual machines is an acceptable and budget solution.
In order to insure 100% not only from equipment failures, but also from data center problems, it’s better to take one server from one operator and the other from another (for example, hetzner and OVH), but to simplify the administration of payment control, you can take both physical server from one operator, and in the future to make the second to another. Moving backup virtual machines on fast, intra-European channels is a simple task and does not require stopping maintenance.
So, the hosting provider is selected, what happened. How it all works:
Iron: for our case, we choose to rent two servers in Hrtzner with a very convenient failover IP service. Two servers https://ru.hetzner.com/hosting/produktmatrix/rootserver-produktmatrix-px E5-1650 v3 256Gb RAM 2x4Tb HDD, € 116 each. As hypervisors MS Hyper-V, on which virtual machines will be placed in accordance with the above table. On the first server will be located the main VM and on the second backup.
Internal network between servers: The network is built between two MikroTik Cloud Hosted Router (Mkt1 and Mkt2) installed on each host through which a tunnel is configured. Heztner has ordered a fail-safe IP ( Failover IP ), which is assigned to the Mkt1 and Mkt2 routers to organize the publication of external services.
Terminal servers are pooled and will be simultaneously active on both hypervisors to conserve resources. In case of failure of one of the nodes, the users of the terminal server will switch to the second with some performance degradation, but they will be able to continue working, because user profiles are on a network resource replicated by DFS technology.
Replication: Continuous replication of virtual machines will be configured between the two hosts. In the event of a host failure or maintenance, a replica will be included.
Mail: organized on two Exchange servers united in DAG, instead of replicating virtual machines, user access using Active Sync, OWA and Outlook
Telephony, video conferencing, IM on Skype for Business. Like Exchange for mail, this is today the best collaboration tool. Since telephony providers connecting sip trunks according to the SfB standard are not many, as the gateway, they installed FreePBX, to which trunks with SIP registration are connected.
File Storage: MS SharePoint with OOS discussed previously.
Application server: here everything is prosaic 1C with MS SQL database.
Remote access: to all applications via HTTPS. Published - terminal server via RDG, Active Sync, OWA, Outlook, SharePoint with OOS, Skype for Business.
Security: encrypting data on a VM based on Shielded VM . Access to all resources over SSL. Encryption of voice traffic over TLS + SRTP. To access the terminal server, Azure MFA two-factor authentication is used. It is still possible to connect two-factor authentication for access to OWA and SharePoint, but for the time being limited to monitoring the IP from which users connect to these resources, the newer version of Skypetime allows it.
How much does this solution cost:
Iron - € 238 including additional IP and failover per month. If there is a significant load on the terminal server or SQL, you need another 28 € on an SSD drive.
Licenses for the time of implementation and test operation are recommended to take such a license https://www.visualstudio.com/msdn-platforms/ (3VU-00016 MSDNPltfrms ALNG LicSAPk OLV NL 1Y AP) 67 123rub on msbuy. This license contains all Microsoft products with the right of testing and development. After the test operation is completed and it will be clear how much and which licenses are needed, then buy. We recommend to pay attention to the prices of the program OVS.
Certificate - SSL, you can take a free 10 SAN from StarCom or more reliable, for example, from Godaddy $ 249.99 per year.
Azure MFA - 1.04 € per month per user
Work - we will not call specific numbers, so as not to make advertising out of the article, we will only estimate the amount of work in hours.
Installation of this configuration, including all administrative work with providers, from 90 to 120 hours without migrating user data, where everything is individual.
Monthly server support: 8-15 hours depending on the volume of changes and the reliability of the sip providers. User support varies greatly from the average user qualification, but on average it is taken at the rate of 0.8-1.2 hours per month per user.
Source: https://habr.com/ru/post/323994/
All Articles