Trench Tales: Remote office server replacement project

Trench Tales is one of our most popular series of articles here on TechGenix because it allows readers who are IT professionals to get down into the mud where they spend most of their time wrestling with hardware and software. Marc Van der Sypt, an IT pro in Ghent, Belgium, knows all about this kind of thing from his own hard-earned experience. March has worked as an independent IT consultant for over 25 years, listening to the IT needs of customers, and he recommends, architects, and implement solutions for them. Recently, he was tasked with finding a solution for replacing some servers at a company’s remote office locations. For the benefit of our readers, I asked Marc a series of questions about his project. He graciously replied with tons of gory detail — which is just what IT pros like us love to read about, right? Let’s get started.

MITCH: Marc, let’s begin by having you describe the infrastructure at your company’s remote offices prior to doing your project.

MARC: We have one HQ office and 20 remote offices. We have about 70 employees in HQ, and depending on the city the remote office is in, there are between 5-30 employees per remote office. Some remote offices also have satellites.

Since the early 1990s, a full-stack deployment was rolled out in each remote office consisting of a high-end hardware server, Windows NT, Exchange 5.5, and SQL server. With Exchange 2003, we started to remove the Exchange servers in remote offices, and in 2008 we deployed a high-end server with Hyper-V and two VMs, one domain controller, and one file/print/SQL server. We replaced the hardware in 2013 and upgraded the OS and SQL server, but the logical setup remained the same.

MITCH: In what way was the previous infrastructure inadequate? What changes were needed and envisioned, and why?

MARC: Running SQL server for a limited number of users in each remote office was just too expensive in hardware, license, and operational cost. Also, some data was replicated from a master database in HQ, and it was a pain to do this replication over WAN links. Another thing was backup of the databases — because we don’t have any IT staff in the remote offices, we centralized backup. This went well for backup since only the changed data had to travel the link, but when doing a restore, the complete database had to be transferred of the WAN link, and that was slow.

Another thing we wanted to get rid of was the domain controllers. With so many domain controllers often sitting in an improvised location in the building without proper physical security was just too high of a risk, so it was better to decommission them all together.

And last but not least, we want our users to be able to sync their data on any device, being it a desktop or phone, tablet, Mac. Therefore, we rolled out Synology Drive, but that functionality is currently not completed.

MITCH: Did you follow a staged approach or replace everything at once?

MARC: We used a phased approach because we first wanted to remove all roles that we couldn’t run on the Synology NASes.

So we started by centralizing the databases to HQ. Because SQL server was used to host the database for an in-house developed application that is still maintained by our own dev department, we could do minor adjustments if needed to centralize the databases to HQ. I started to build a Windows RDS farm and did a proof-of-concept to run our in-house app via RemoteApp with two of our remote offices that were going to merge. It was a success, and over the timeframe of about a year, we moved every database to HQ and ran the app solely with RemoteApp.

Once the databases were out of the way, we could bring in the Synologys, migrate the data, and decommission the old hardware.

remote office

MITCH: Which Synology NAS appliances were selected for replacing your fileservers? Why did you choose Synology over other NAS vendors?

MARC: We used Synology RS1619xs+ servers with 4 x 8TB drives and 2 x 512GB NVMe for read/write cache, which is plenty of storage for what we needed because the old servers had only 1.5TB of available disk space. The RS1619xs+ has dual power supplies and multiple NICs for redundancy as well.

We didn’t do a study on which NAS to buy. I learned to know Synology because I needed to do a small office setup for the manager of one of my customer’s home office. Because I wasn’t familiar with smaller office setups, I asked a friend who did a lot of these installs what he was using. And so, I started to dive in to the specs and learned to know Synology and saw its potential.

MITCH: How did you previously back up your fileservers? And how will you now backup your Synology NAS boxes?

MARC: We used MS System Center Data Protection Manager to back up the files and databases on our remote servers. Unfortunately, MSDPM is suffering a lot of performance and stability issues since the release of DPM 2016.

Now we use a combination of local snapshots on the Synology to provide short-term backup and access to “previous versions.” I was actually surprised that this worked.

For long-term backup, we use the built-in “hyper backup” application. I’ve set up an S3 compatible storage server in the datacenter using MinIO, and all Synology servers do a backup to that central S3 server.

remote-office
Shutterstock

MITCH: What other changes did you make to your remote office infrastructures? (e.g., removing DCs, centralizing DHCPs, etc.) Why did you make these changes, and how were they implemented?

MARC: We did do a centralization of the DHCP servers and printing. Although we could have opted for running DHCP on the Synology, we wanted to run as many services in the datacenter at HQ as possible.

For printing, we migrated all print queues to a print server in the datacenter and used BranchOffice Direct Printing.

For security reasons, we also decommissioned all remote DCs, and we found out that there was little to no impact on our users during a test. Since we have now drastically lowered our total number of domain controllers, it is easier to implement protective measures such as specialized software to protect DCs.

As some remote offices were up to replacing their phone system, we offered to use Synologys to run FreePBX VMs on it to provide our remote offices with a free VOIP system. We now have five sites that went into production with FreePBX, and more requests are coming in. This is especially handy with all the teleworking due to the COVID pandemic.

MITCH: Did you encounter any difficulties or challenges during your project?

MARC: Yes. One of our remote offices had an extra Windows Server VM running their accounting software. Our first thought was to also centralize it, but it was politically sensitive to do so, and we ultimately decided to create a Windows VM and run it on the Synology.

The Branch Office Direct Printing technology is somewhat limited, especially with advanced functions of printing such as printing with per department ID.

But apart from those, it went smooth. I used Synology CMS to manage all Synologys and put group policies in place to centrally manage some security settings for the Synologys.

MITCH: What advice would you give to other IT professionals who are faced with similar projects?

MARC: When replacing a Windows Server with a Synology, understand what functionality can be performed by the Synology and which things are better kept on Windows.

You also have to take into account that when you run a VM on Synology that Hyper Backup cannot natively back up the VM, so you have to either do VM snapshot replication to another Synology, which requires a VMM pro license or either use another Synology that runs Active Backup and back up your VM with Active Backup or any other tool.

If you plan to use Synology Drive, it’s worth considering creating some form of education or instruction video as currently there is no automation available to configure the client.

A Synology server is definitely a worthy replacement for a Windows file server. It offers at least the same functionality and is easy to use, back up, and maintain. And you can extend the functionality with Synology Drive to give your users an experience similar to Dropbox or other sync tools.

Featured image: Pixabay

2 thoughts on “Trench Tales: Remote office server replacement project”

  1. – What speed are the WAN links for the remote offices?
    – What’s the latency for DHCP in this environment?
    – Is wireless being used in the remote sites, and is WPA Enterprise (802.1x) authentication used? With or without certificates? If WPA Enterprise is in use, what is RADIUS in use locally or in the central office, and what is the latency for it if centralized, and overall?
    – How much traffic comes back to the centralized DCs for DNS/DHCP/Group Policies/Auth/etc., and how what percentage of WAN traffic does that consume?

    Kurt

    1. Hi Kurt,
      Thank you for you interest.
      – Most of the remote offices have VDSL links, the speed varies between 20/10 and 90/30 MBps (download/upload). The largest offices have a fiber connection of 20/20Mbps
      – I haven’t measured latency for dhcp but so far there hasn’t been a difference in operation
      – Wireless is used in the remote sites and is WPA Enterprise with computer certificate authentication. The radius server is a Windows NPS server in the central office. We do use Cisco Flexconnect to make sure traffic aimed at the local Synology doesn’t have to travel the wan link to the central wireless controller.
      – I don’t have exact measurements for traffic and latency, I mostly validated against user feedback and feedback from our helpdesk and from the monitoring system.
      because latency and bandwidth varies a lot and it is difficult to establish baselines with so many variables.
      Hope this gives you a bit more insight.

      Marc

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top