Planning Small Business Server "Software Infra" (actual and future)

Hello!

I just started working on a small IT business that take care of other small business IT. We implement basic versions of HP / Lenovo / Dell servers with windows server basically for some softwares and mostly for file sharing and management, so all the files are mapped (and users oriented of course) to be saved on the server shared folders with all the permissions configured, nothing new up to here, but he does get those servers and virtualize then using xen server (old version), and run the windows server virtualized, if he used it to make a snapshot of the whole image I guess it would be ok, so in case of failure could be easily deployed back, but he actually do a Windows VSS backup and saves it on a NAS on the network, I see this is a solution the owner of this business found some years ago and still repeats it, but it is not efficient.

I’m used to work with local network VM infrastructure management (using oVirt) and network infra, with beefier servers and multiple VMs (mostly linux) running databases and applications, but now I’m thinking on how to improve our solution of deploying servers on clients, so I have a few ideas and want to listen to some more opinions before rushing and trying configuring stuff.

Please feel free to give your opinion on what is good, bad, or could be done in another more efficient way, the only point that we can’t increase much the cost our server deployment strategy, remember, mostly of your clients are small business (5 to 20 “computers” on the network)

The most critical problems I see right now and that I think could have better ways of being implemented:

WTS - Uses windows remote desktop to access directly the client server, I don’t know if it is secure, I’m kind of “off” on windows servers for last few years (one a few clients he does have a jump box / bastion host, but still uses WTS to it, and then WTS again for the server).

Shared folder structure - right now he does install windows server (virtualized) and create the folders to be shared (like manager, financial, operational, and others) on the same partition and just share the folders (using AD on the 5+ employees business), then he uses cobian to backup the shared folders to a NAS, and do a VSS backup to the NAS as well, this VSS backup become “huge” (500 gb+ backup on HDD is a pain to restore) because it will backup all shared folders with it. Splitting windows and shared folders on two partitions would create a real benefit except from making the VSS backup smaller (I believe the main win here is fast system recovery)? We also have a cloud backup of the shared folders content to dropbox or onedrive or google drive (the clients used to choose it) but I’m already planning on migrating this to backblaze (becoming re-sellers).

Virtualization - right now this virtualization approach he created if not very useful (at least to my understanding), just one more layer of software, I’m thinking on ways to improve that, I don’t know if it is possible yet, but maybe creating an openstack private cloud and connecting all the VMs there (of course after migrating the clients hypervisor to Cent OS 8 + KVM), I would really enjoy a centralized way to “view” all the VMs status, and implement maybe a cloud backup of the whole VM to backblaze, like I said, it is just a idea, don’t know if it is actually doable and any good.

I’m all ears now.

Thanks.

One of the ways that would make data management better in the Windows environments is not to store all the data in VM system but instead store it on a NAS but still have Windows controlling the permissions. That would make snapshtotting the OS separate from the data. This could also be done my setting up an iSCSI on the NAS and presenting to Windows as a drive and then the NAS would handle the snapshots (assuming it has that ability like FreeNAS does)

Yes, that’s a good point, but right now the NAS is our backup solution (we have only simple home user NAS, from dlink and WD mostly, like I said, most of our clients are small business with no more than 1 Tb of data), we do have a cloud backup as well (ransonware protection), but the internet around here is not so fast at all clients, so downstream a bunch of data from the internet is more a extreme situation than copying from the NAS, and with cobian we can do incremental backup, so we can easy have 1 month old or more of file restoring.

Hello Takx

I had the same problem with a client a few year ago. He didn’t have money for a new nas or new server. I resolv in this way. With a very old computer, install Open Media Vault and create a share. I use for backup of windows server and folder to be share.
How ever my next step is convert Windows server in a virtual machine. And backup the vm on this nas.
This nas fix me tree problem
1 shared folder for departament
2 pendrive between emploees and virus
3 backups of windows server and other aplication in the server.

There is another option,The Open Media Vault you can built in a Raspberry Pi.

Good luck to you

Today the clients already have a NAS, of course it is a small branded one (Dlink, WD, most of them 2 HDs), with no real protection like raid or anything else, but for local backup purpouses they serve well (we usually recommend HD changing after 5 years), with 1 month of file backups for point in time restore, and once a month a full VSS backup (will all the files in), the solution is not bad, but it is slow restore (the real file protection is the backup on the cloud).

Maybe I will try at first just creating a second partition inside the VM for the files, so at least the VSS backup will not have all the files and can be recovered more quickly for system restore.

Besides that, I’m looking for a cloud monitoring tool to be able to view the clients servers in a centralized way, do you know a tool for that?

And I will lab a web based / cloud solution for monitoring all the hypervisors.

Takx build a FreeNAS for the data storage,

Yeah but for that will need more hardware, not always an option, build it with too old hardware can be a headache if the hardware fails, I mean, we are already having a hard time to implement Pfsense for security, and I wish we had a jump box / bastion host on the clients (we have on 2 for now), not a big fan of main server exposed on the internet (and for god’s sake, using windows remote desktop).

I’m thinking of what is good to virtualize together and what is not, would need at least 4 “servers” - application / domain controller, pfsense, NAS and jump box (only 1 with real power and others just desktops, and a nobreak with enough juice for it all).

Instead of using Windows Remote Desktop take a look at NoMachine it is cross platform. https://www.nomachine.com

Is it any different from team viewer and anydesk?

Much better than team viewer anydesk I do not know. NM supports SSH and you can also record your session. There are two versions on specifically for enterprise support.