There’s still a lot of confusion about what a network should look like when there’s no longer a need for a server. Historically, businesses bought a server when they found themselves with the need to share and standardize. But if you’ve moved to an Office/Microsoft 365 suite and you’ve got Windows 10 computers what should the new network look like? It’s time for a rethink on network design.
The network today
For the sake of this article, let’s say you manage a business that is using an Office 365 Business or Enterprise plan, all of your major applications are in the cloud, and it’s now just Active Directory, files, printers, and policies that occupy the server. Businesses that have reached this state are probably small and are using QuickBooks or another common accounting package. As more than 90 percent of businesses around the world are small, this scenario is the most common one out there.
In the picture above, we see a standard network where the firewall separates the outside from the inside. It’s how most well-managed networks are designed.
We used to joke about businesses that are set up like giant home networks for their lack of organization, planning, features, and security. Obviously, the IT department (if they had one) didn’t understand basic networking standards. But now those standards have changed. We’re not headed into home networking but instead toward a new concept of cloud-enabled business infrastructure.
Changing our minds on network design
We are creatures of habit and comfort. So the inclination is to simply look at what you’ve got and assume that you need it. But the world of IT infrastructure is new again. We must look at this with eyes wide open to new concepts of how the cloud works and what it means for managed networks. Microsoft has built Azure from the ground up and not tried to build on-premises networks in the cloud like a simple hosting solution might. Therefore, what you’re going to find is that there is not a direct one-to-one feature set when you take a look at how you’re going to move things to the cloud. I’ve seen people try and they end up with a forced expensive situation. The cloud was not built for individual businesses to run servers in. The better course is to adopt what it is and modernize your approach to infrastructure. When you signed on for the Office/Microsoft 365 suite you agreed, perhaps unintentionally, but you agreed to chart a new very particular course.
Our new networks look more like the image below where everything is connected directly to the Internet and the security and management happen in the cloud.
Following the course that’s been set
In our example, let’s say that we’ve moved our email up as the first part of the migration. This means that we’re modified DNS, Outlook is using Autodiscover to configure itself, we have a lot of new applications available to our users, and Azure AD is actively authenticating our users at least for Outlook.
The next steps in the plan then will be to get those files migrated and this is usually when the IT staff has that awakening moment of realizing that there’s no group policy, no mapped drives and they stumble or stop because a managed network can’t possibly exist without those things.
But it can.
Mapping the old ways to the new
Keeping in mind that we aren’t re-creating the on-premises network in the cloud but are instead adopting the ways of the cloud. Let’s map out where our tools are.
Join domain = Connect to Azure AD. Only Windows 10 devices can connect to Azure. Since Azure AD is all about authentication, this allows Azure to authenticate that your devices are who they say they are.
Mobile devices are phones and tablets = Everything is mobile. Most small businesses have historically ignored mobile devices so managing them is a new concept. This may be hard to fathom but Microsoft considers Windows 10 to be a mobile platform. So everything is considered mobile and is managed as such. Once you can internalize this the decentralization of management begins to make a lot more sense.
Updates are managed = updates happen. This naturally follows once you adopt the concept that all Windows 10 devices are mobile devices. With your applications in the cloud, incompatibilities should be rare. Microsoft does offer a couple of update frequencies but with the rate that malware writers are going these days, you’ll do best to adopt the fastest cadence possible.
Printers are Mapped = Printers are discovered. Windows 10 will automatically discover printers on the network it is attached to, install the drivers and remember to set as default the printer you last used on that network.
Group Policy = Intune. Using Intune, you can push software (including MSI, EXE, Apple, and Android), set baseline security and configuration policies. You can use their policy wizards or make your own registry changes, push scripts or a mix of all of the above.
Mapped Drives = Sync or Connect. Mapped drives give users that warm fuzzy that they know everything is kept in the M drive (for example) but starting with Windows 7 and the introduction of libraries, users no longer had to be concerned with where something was they just needed access to it. So they no longer needed a drive letter or several drive letters to get to something. Today it’s SharePoint document libraries are connected, OneDrive folders are synced from their own collection or others.
Redirected Folders = Known Folder Sync. Many businesses redirected folders to be sure to capture data that users might leave on the desktop or save to their documents folder. OneDrive for Business now captures that data through Known Folder Sync.
My network is secured at the edge = My network is secured by authentication. Windows has had its own firewall that is very good at keeping the outside out for many years. But now that your data isn’t on premises where is the edge? It’s your users. The very people that we’ve long considered to be the weakest link. Luckily, Azure has some new tricks that have pumped up authentication to mean not only the username and password, but also the device, the location, and other indicators that match a user’s normal pattern of activity. And it has new tricks that keep the password from being passed between the directory and the devices.
Which brings me to security
Anyone who is worried about security in the cloud hasn’t taken a good look around. The cloud has brought so many additional security features that figuring out which ones to implement is more the problem that deciding how you are going to protect individual items. Between encrypted files, email, authentication enhancements, file protections, and layers of malware detections our new networks are many layers more secure than they ever were on-premises.
Network design: The biggest hurdle yet
The biggest hurdle that I see in the redesign of these networks is awakening business owners, managers, and staff to the necessity of training. It’s not just IT staff that needs to rethink how they go about their work, learn new tools and change their behavior. The staff needs to do the same. This new world puts them at the forefront of protecting the intellectual property of the business. It’s a role that they haven’t had to put much thought into previously. The work was done for them but now they need to understand the difference in the safety of different network connection types, how to keep personal and business data separate in an era of BYOD, how to encrypt concept and place it in the correct context.
There’s a lot of work to be done on all fronts. Migrating to the cloud isn’t as simple as it first seems but neither is it daunting. With the right leadership coming from IT, businesses will be set to reap the benefits that the cloud promises.
Featured image: Shutterstock
I stumbled over your article and i am confronted with a heavy burden hence my Managers have seen that cloud services could just be cancelled for no – or just political reasons as we have seen with for example parler.
We have immediately stoped the efforts of moving the organisation into the cloud and i am confronted with a rollback into the past.
I have been instructed to completely clip Microsoft Azure or Amazon related Services off, and also have been ordered to block microsoft one drive on firewall and IDS.
We are now looking on having a persoal cloud on premise with Windows desktops who are heavyly downsized in their cloud abilities and it seems we are forced to migrate to open office, because one drive and cloud is woven into the DNA of Office 365.
Do you have any ideas on how i find the best way in between no cloud and personal cloud, in terms of identity management – managing the user desktops? I am looking at VMWARE Horizon and decided to make every desktop a virtual desktop so workers with physical mashines need to start a client software.
Would be fun to exchange.