Adding Win server to Qnap

[Col_panic]

I've been managing the IT for my wife's small (but growing) architecture firm and am thinking of adding a domain server. Currently they are just in a workgroup, there are less than 20 users and all are on Win 7 or 8.1 and connected to a QNAP TS-469 which serves their file sharing needs just fine, but there is no domain or AD. Some of the features is WSE2012 R2 are compelling and as they grow I know adding a real server is inevitable and will only get more difficult as more PCs get added in.

The 3 main things I'd like to solve with this server are 1) the NAS is currently a single point of failure. All of their data is backed up in multiple ways, but if the physical NAS went down they would be dead in the water until it could be fixed. 2) they don't have single sign on. There's one password for their local machine, one for the NAS and one for their gmail accounts. I'd like to centralize that and AD looks to be the best way to do it. There are no server based applications so I think Server Essentials (or Standard with WSE Role) is a good choice and I can get a great deal on a Lenovo TS140 with 2012 R2, add RAM, a NIC, RAID card and drives.

So here are my questions:
What is the best way to add this to the network? Should I leave the NAS doing what it is and just connect everything to the domain? I can't find much info on adding a server into a workflow like this. Is there a way to set this up so that if either the NAS or the server failed, the network shares would remain active, or would that require 2 physical servers? And maybe the QNAP is no longer needed?

Everything I've read has one universal piece of advice: VIRTUALIZE!, but I'm unclear on the best way to do that here. Should I install ESXi on the box, then 2012R2, or is it better to install 2012R2 with the Hyper-V role, then install the actual domain controller as a VM there, or something else?
And lastly, in a simple environment such as this is there a real advantage to moving the router functions (DHCP, NAT, etc) to the server rather than just leaving the consumer grade router alone?

Thanks for any tips!

 

[AdvHomeServer]

I'm familiar with Windows Server from a hobby perspective, but can still answer some of your questions. Answers from someone with experience from having been in your position would add real value to your needs.

Win Server Essentials will support 25 users and 50 devices without client access licenses. Win Server standard requires client access licenses, which have a cost. Perhaps this will help with your startup questions.

Virtualization is pretty good. Don't put it on the QNAP for the purpose of running your business. The processor is only a J1900 on the smaller box and 4GB is your ram. My router has a J1900 and 8GB, although most is unused capacity at this time. Don't expect much performance. In a business setting, think of virtualization as compartmentalization. One server does this, another server does that.

Recovery strategies are essential, no matter what you do.

Running AD will coordinate a lot. Some devices won't be able to join, or at least join easily. The last time I looked (a couple of years ago) non windows devices could join but it seemed like a kludge. Some non windows devices are designed to join AD easily, however. QNAP is one.

Someone with experience on large storage servers could provide info on your needs, and possibilities, there.

 

[coxhaus]

You probably don't want your main domain in a virtual as it is controlling all security. If you know virtuals add your other servers as virtuals. Adding a domain is a big step over workgroup. I would learn it first. Then learn to virtualize. Domains work best if you run DHCP and DNS from your server. NAT and other router functions should stay in the router. I would run your existing workgroup until you have the domain up and running. Make sure you use a different name for your domain than what you used for your workgroup. I would think the first thing you need to do is convert your workgroup over to DHCP and DNS running off the new domain server. You can only have one DHCP server so it will need to be a quick switch done one evening without users. The Microsoft DNS server needs to forward to your outside DNS (ISP DNS). All workstations will point to your local Microsoft DNS server. The next step is to move all your NAS data over to your domain server. Create logon scripts for users to automatically map drives for the subdirectory the user needs access to. NTP for your domain and workstations needs to be your domain server so time will be synced. Active directory will work better. When you join workstations to the domain you will get a new profile so expect it. I would wait a while before wiping out your data on the old NAS. Eventually you will probably want to use the NAS as a backup for your domain sever.

Hope this helps. I tried to cover everything that came to mind

PS
Do not lock down DHCP and DNS to only domain users. Having all devices in your DNS will help even if they are not able to join the domain. Things can still be found.

PSS
Server Essentials is much easier to setup than full blown server. Essential sets up a lot of the server for you. Virtualization is probably out as I don't think you are allowed to run VMs. In a small shop like yours one server will be enough any way.

 

[Col_panic]

Thanks for the tips. I don't plan to try and run any VMs on the QNAP. It works great as a file server but the number of features they keep trying to add on to that thing is frightening! I'm planning on using a thinkserver ts140, which at $285 with a Xeon 1225 v3 & 4GB ECC RAM is a crazy good deal. Even adding a RAID card, another NIC, 8 GB RAM, 2xSSDs and WSE license its done for under $1,000 which is not that much more than I paid for the QNAP ts-569 pro (not including storage drives, which I can move from the NAS).

They have changed WSE licensing to allow for 2 VM instances per license. One as Hyper-V (only) and the 2nd as Server Essentials. You're right that there's probably not a lot to be gained but planning ahead, it'll be much easier to virtualize it now than later. http://blogs.technet.com/b/sbs/arch...indows-server-essentials-experience-role.aspx

I have it running under ESXi now with several other Windows VMs for testing and its very easy to set up. I hope that WSE does everything I need but I don't think DHCP is part of it. The connector app (which you use to connect client machines to the domain) doesn't change the gateway or DNS settings on the clients. 25 users will be plenty for a few years at least.

So you don't see the NAS as being part of this other than as a backup? I originally thought that the Windows server would just do the new stuff and I would join it to the domain. That way all of the existing drive shares can stay as-is. Then I could have the NAS backup to the server, but I suppose that's backwards.

 

[coxhaus]

If the NAS supports active directory I don't see why you can't join it to the system and map drives to it from your logon scripts. You will then need to buy a backup solution for both. Check the active directory logs carefully if you add the NAS to make sure you are not logging any errors.

I remember having a problem with Windows 2008 Server where I could not launch the VM under Hyper-V for my domain. I ended up reinstalling it cause I could not get access. The real problem is all the workstations needed to be re join to a domain after new install. It was a mess and I decided never to put my primary domain into a VM again. I run secondary VMs domains but not the primary. If the domain server had been local I may have been able to repair it.

I thought Microsoft added DHCP and DNS in Server 2012 Essentials. Maybe not. I know it is not in Server 2011 Essentials which I am now running. I do miss Microsoft DHCP. I am going to skip WSE 2012 and upgrade to the next version. There may be a limit on ram for WSE 2012 so the VM may be kind of slow.

 

[coxhaus]

What about Microsoft Storage Server 2012 Essentials? I have not loaded or used it but it looks interesting and a cheap way to put together a small server for a small user base. When I upgrade next I will consider it.

You might look at the price of a Thecus NAS. It might be cheaper than your solution. You will want to add ram to Thecus NAS from what I hear so plan on that.

 

[Col_panic]

I didn't even know that there was a Storage Server 2012 Essentials... But it looks like its only available pre-installed on hardware with not much available. Maybe that was Microsoft taking a swing at the NAS market? Based on the lack of availability, I'd say it was a swing and a miss.

 

[coxhaus]

I think you can setup a domain and NAS for $700. Thecus and Seagate are the 2 I know about. Might be an easy way to add storage to your network.