Need help/opinions/ideas for a small business network upgrade (~25 computers)

[ROcHE]

I have been taking care of a small business network as a side work. The company is a mold maker and has CAD workstations and some CNC machines running Windows.

Current setup is :

- 2 computers running Windows 2000 pro acting as "servers", mostly to share files.
- 8 computers in the office, used by accountants, boss, salesmen, etc.
- 10 computers used by CAD workers and CNC programmers
- 4 CNC machines running Windows (NT4, 98 and 2000)
- 2-3 various computers used for others tasks

It's a basic workgroup as you can see.

Now here is the problem. Managing security is becoming (expected) a nightmare because there is almost no centralized management. Also, the W2K 10 users limit (on the "servers") is kicking in a couple times a day.

Basically, I think it is time for a major overhaul and a real client-server network.

Some things to consider :

- CAD workers are sharing files right from their computers (every CAD computer has a simple file share folder). This needs to stay because files are big and storing them on a server ain't exactly fast enough when the user wants to open a 500mb file.

- CNC machines are running Windows but I don't want to modify them for obvious reasons. They need to access a simple folder share on one of the CAD computer to grab files. No password, no nothing to keep it simple for machinists.

I think need some kind of workgroup/domain hybrid. Maybe a Windows 2003 Server to store files (accounting, management, public folder) and also keep the "peer to peer" aspect for easy sharing of big files.

Any idea/opinions? My last full network setup was with NT4 so I'm rusty with these things.

 

[cleverhandle]

Originally posted by: ROcHE
Now here is the problem. Managing security is becoming (expected) a nightmare because there is almost no centralized management.

I'm not sure what this means. Are you talking about managing user account information (which I can see being a pain if people are constantly using different machines) or about patch/update management or what?

I think need some kind of workgroup/domain hybrid. Maybe a Windows 2003 Server to store files (accounting, management, public folder) and also keep the "peer to peer" aspect for easy sharing of big files.

There's no reason that individual machines can't host shares in a domain. It's not like the domain controller has to be the uber-master file server. In fact, it's better if it's not. All the domain controller does is keep track of account information.

It's a business, so presumably they're willing to pay for software. The most direct route IMO would be to get two copies of 2003 Server for the file servers (for which you'll need to purchase an adequate number of CAL's). Make those two machines domain controllers and join everything up. While you're at it, make sure that any Win98 machines get updated to 2000 - that will make your life easier.

The cost-saving route would be to get a single new 2003 server to be a domain controller and turn the file server into Linux samba servers. Since it doesn't sound like there's any really complicated sharing going on, that would be pretty easy and it would save you the cost of both the extra 2003 license as well as the extra CAL's. However, you would need an extra machine (for the 2003 server) in this scenario. Since it would only be doing authentication, it wouldn't need to be very powerful. But you would then have a single point of failure, which isn't too hot. Maybe new versions of Samba may be able to replicate with 2003, but I don't know about that.

I would recommend the simple, 2x2003 option.

 

[RebateMonger]

Windows Small Business Server 2003 would, no doubt, handle their needs. Join the Windows XP Pro and Windows 2000 clients to the Domain so that you can easily manage them with Group Policies.

With a Gigabit network and reasonably fast hard drives, you ought to be able to put CAD files on the Server, where they are safe. Ideally, you put all the important data on the Server, use a redundant disk array, and perform automated backups of the Server. Swap out your backup media (disk drives or tapes) periodically and keep a set offsite.

But do yourself and the company a favor and read a book about SBS 2003 and do a couple of practice installs BEFORE working on their network. The world is littered with poor and incomplete installs of SBS by people who learn SBS at the company's time and expense.

 

[OvErHeAtInG]

About the only advantage of SBS, IMO, is the license is cheaper. It doesn't support adding additional servers, so the downside is pretty steep

But I generally second cleverhandle's opinion.... install some kind of 2k3 server (SBS or not) and have everyone logging onto the domain. that way the CAD machines can share their files from their desktop, and those shares can be managed through AD.

 

[ROcHE]

Originally posted by: RebateMonger


But do yourself and the company a favor and read a book about SBS 2003 and do a couple of practice installs BEFORE working on their network. The world is littered with poor and incomplete installs of SBS by people who learn SBS at the company's time and expense.

Yeah I'm trying to catch up reading some books.

Thanks to others for opinions. They use 2 "servers" just to shortcut the 10 users limit in 2000. The actual need for servers is just one.


Let's suppose I install a Windows 2003 Server. I can manage shares access on client computers right from the AD? Looks like it is time for me to fire up Wmware and create a small network to get back into this.

 

[ROcHE]

Originally posted by: cleverhandle
I'm not sure what this means. Are you talking about managing user account information (which I can see being a pain if people are constantly using different machines) or about patch/update management or what?

[

Pretty much all of this. The workgroup has become too big and we need to centralize these stuffs.

 

[Tsaico]

I would also vote for SBS. And I just finished a similar project for a local SB. But the statement that you cannot join other servers is incorrect. The rule is that you cannot join any other SBS servers. You can join as many 2003 r2 or whatever flavor of windows as long as they do not exeed 75 total machines in the domain.

For 500 bucks, plus another 1200-ish for and additional 20 cals is a great deal.

 

[ktwebb]

But do yourself and the company a favor and read a book about SBS 2003 and do a couple of practice installs BEFORE working on their network. The world is littered with poor and incomplete installs of SBS by people who learn SBS at the company's time and expense.

Truth is, that isn't enough. OP, this is not intended to be dismissive of your abilities but if your in here looking for this kind of advice then you shouldn't be responsible for someone's windows network when 2003 server and a domain are part of the equation.

Simple as that. It's one thing to ask for specific advice about a particular problem. Something else entirely when asking these basic and fundamental questions. So grain of salt it, or disregard it completely but at least from what I've read so far, you are doing them a dis-service if you move forward without engaging a capable person to lead the migration and setup/config of a windows domain.

 

[RebateMonger]

Originally posted by: ROcHE
Yeah I'm trying to catch up reading some books.

That'd be great if you do some reading and some lab work. You can install Virtual PC 2004 or Virtual Server 2005 and install 180-day trial copies of various MS Server software to play.

I'm not sure if an evaluation version of SBS 2003 is currently available. I've heard that MS may have run out and is waiting for Release 2 to make new copies.

As noted by ktwebb, the fastest and surest way to do all this would be to engage a local MS Small Business Specialist to help plan the network and the install. He/she could demo the software, make sure you have the correct equipment and software, help with a painless install and transition, show you how all the features work, and train you to manage SBS after the install.

If you make a living managing networks, you can join MS's Partner Program and buy their Action Pack Subscription. This gives you copies of all of MS's operating systems and office applications. It's NOT for installation at a client, but you can play with it and use it in YOUR IT business.

Let's suppose I install a Windows 2003 Server. I can manage shares access on client computers right from the AD?

Well, most people put the bulk of their shares ON their server(s). What AD allows you is to manage your access (security) groups without going from PC to PC setting up accounts. And, yeah, with SBS you can instantly remote into any XP Professional PC in the network to work on it or provide remote assistance.

 

[ROcHE]

Originally posted by: ktwebb

But do yourself and the company a favor and read a book about SBS 2003 and do a couple of practice installs BEFORE working on their network. The world is littered with poor and incomplete installs of SBS by people who learn SBS at the company's time and expense.

Truth is, that isn't enough. OP, this is not intended to be dismissive of your abilities but if your in here looking for this kind of advice then you shouldn't be responsible for someone's windows network when 2003 server and a domain are part of the equation.

Simple as that. It's one thing to ask for specific advice about a particular problem. Something else entirely when asking these basic and fundamental questions. So grain of salt it, or disregard it completely but at least from what I've read so far, you are doing them a dis-service if you move forward without engaging a capable person to lead the migration and setup/config of a windows domain.

You are right. I might sound unqualified. I used to work in the network field. Even did my MCSE on NT4. But I went back to school in management and kept doing some (very) simple workgroup task as a side student job.

However, I have no experience with AD and 2000/2003 MS Server. I still think I can do this because it's a pretty simple network. I just need to make sure I will still be able to have simple shares between CAD computers when in a domain (which looks like to be the case). Someone mentionned a gigabit network and files on the server but this is still too slow. Anyone working with Solidworks knows that you try to get speed from anywhere you can. Opening files locally is a great start when working with huge assemblies.

Also, there is no way in hell I will install all of this before setting up some kind of test network on Vmware to test out the features and to get back into this more seriously. I am just trying to catch up with 2003 here. It's not like I am upgrading the network tomorrow morning.


Thanks for opinions.

 

[kevnich2]

Are these CAD files that your using very important? The reason businesses have a central file server is so that important files are backed up on a regular basis. Having computers sharing files is never a good idea because your relying on another person to try and do the backups. If the files aren't that important then it's fine. But if they are mission critical, I wouldn't dare share them on a non backed up server.

 

[ROcHE]

Originally posted by: kevnich2
Are these CAD files that your using very important? The reason businesses have a central file server is so that important files are backed up on a regular basis. Having computers sharing files is never a good idea because your relying on another person to try and do the backups. If the files aren't that important then it's fine. But if they are mission critical, I wouldn't dare share them on a non backed up server.

I use Syncback to backup the CAD files to the server every night. It has a RAID1 setup and an external, weekly backup.

 

[blemoine]

weekly backup?

they must not do much work if you are only backing up once a week. if they are doing a lot of work during the week please backup nightly.

It has a RAID1 setup and an external, weekly backup

Repeat after me Raid 1 is not a backup.

 

[kstornado]

Originally posted by: OvErHeAtInG
About the only advantage of SBS, IMO, is the license is cheaper. It doesn't support adding additional servers, so the downside is pretty steep

The only two caveats of SBS2003 is that it does not support trusts between domains, and the SBS server must retain the FSMO roles. You can join additional domain controllers and member servers to a SBS domain.

 

[OvErHeAtInG]

Wow, they've really improved it since SBS 2000... 😛

 

[ROcHE]

Originally posted by: blemoine
weekly backup?

they must not do much work if you are only backing up once a week. if they are doing a lot of work during the week please backup nightly.

Well every CAD computer stores its files locally. Then their data folder is duplicated to the server every night and the whole server's content gets out of the building every week. Ain't that enough?

Repeat after me Raid 1 is not a backup.

I know that thanks.