The next evolution of SBS

Back to Blog
31Aug2017

The next evolution of SBS

In a previous article, I compared two alternative deployments for a new kind of “Small Business Server” (being defined in this case as a network of 25 users or less). Microsoft used to have a widely adopted product for this market called Small Business Server, but since it has been discontinued after SBS 2011, and that version is already in extended support, most of these customers are in the process of switching over to something else right now.  As there is no “SBS 2016” or similar, the solution landscape has fractured.

Some people are remaining on-premises with Windows Server 2016 Essentials or Standard, and are usually still migrating mailboxes to Office 365.  Others are going to lean into the cloud a little more heavily still, with the Azure solution I described in the last article, which is also a bit more expensive to do.  Still others have split off and gone toward a “hosted” desktop experience with some third party provider, for instance, or abandoned the Microsoft market altogether in favor of other technologies like GoogleApps and Chromebooks (puke).

But there is one other “all-cloud” alternative that I can see, which would be available to some (but not all–depending on line of business application requirements, usually).

Building blocks of an “all cloud” solution might already be here…

Microsoft is headed in the right direction. In some cases, Microsoft’s Office 365 as it exists today might be all that some organizations ever need–but you can also pair that up with some other popular LOB apps that are available in cloudy varieties–and many of those can be setup for SSO with Azure AD.

  • Identity / Single-Sign-On: Azure AD
  • Email:  Exchange Online
  • Communications: Skype for Business Online
  • Personal File Sharing: OneDrive for Business
  • Team or Company-based file sharing: SharePoint Online, Microsoft Teams, etc. (or maybe a third party SaaS provider such as Box or Dropbox for Business)
  • Other Line of Business Apps: e.g. QuickBooks Online, Salesforce, Adobe Creative Cloud, etc.–configured for use with Azure AD SSO

And that is almost everything… Except:

Group Policy – Today, if you set this one time using a local group policy on each computer (e.g. in a Workgroup), then there is no way of knowing that the settings “stay put” after you’ve left. Nor can you enforce new updates to the policy quickly. So we still need an alternative if there is going to be no local or cloud-hosted domain controller. There are hints that more and more of this “policy control” will be coming available through Azure AD and Intune, meaning that Azure AD could soon replace more traditional on-premises Active Directory functionality. This can’t happen fast enough, in my opinion. But, MSP providers might start leaning more heavily on their own management tools to provide something like this functionality, too.

Endpoint management, updates & security –  For other endpoint management concerns, most small businesses would still employ a Managed Services Provider, who would be able to do remote support and provide tools that manage assets, track tickets/help requests, provide monitoring & security, patching/updates/software deployment, etc. Whether they use a tool such as Intune (which today is lacking in my opinion) for these purposes, or their own branded tool of similar capacity–doesn’t really matter. It just needs to be there (in fact it should be present even in a server-based environment–on-prem or cloud-based).

Network & perimeter security – You can’t ignore this just because you’re in the cloud. When users are on your local network, you have a responsibility to provide every level of protection you can, and the perimeter is still a good tool for doing that. Get this nailed down tight with a good firewall and solid policies, and up-to-date security subscriptions. Advanced offerings will even include some internal network vulnerability detection & response tools on top of that (but of course, this usually requires at least some on-premises “server” or appliance footprint).

Shared Printers/MFP devices – I want an easy way to deploy shared printers to the organization (otherwise, no server means installing the printer driver and connecting to each network printer on every individual machine). This isn’t so bad in very small offices of less than 10 users, but it gets tedious quickly as an org gets bigger. Without a local print server to auto-magically deploy printers to the workstations, we have to get more creative–like a startup script that you can deploy via your endpoint management tool.

Backup – Your cloud provider may or may not provide for backup of your data. Chances are, it is at least very highly available. But that isn’t the same thing as a backup. Office 365 stores your data in triplicate in each data center (and data is replicated between at least two regional data centers), but no other backup exists. There is however a default retention period where deleted data will be recoverable up to a certain point. Again, not the same as a backup. So you may want to account for this in your solution also.

Optional (but recommended)

At least today, I would still suggest keeping, if not a full-blown server, at least a small “appliance” or “super-desktop” computer that could run Windows Server Essentials–only if you have a centralized office infrastructure that requires it. For the reasons stated above, I just feel that it helps with some of the day-to-day management and security features in an environment like this, even if 100% of your data can otherwise live in the cloud (plus it is pretty cheap/inexpensive).

If the management box went down, I don’t think it would even matter or be noticed by users right away, necessarily, and could be replaced pretty easily. For example:

  • Users could sign-in with cached credentials to their local computer in the event of an outage
  • DHCP (the service responsible for handing out IP addresses) could be handled by the firewall, switch or other network device
  • DNS (name lookups) could be configured to use a combination of the local server as primary, and a cloud-based alternative, like OpenDNS as secondary

Perhaps MSP’s can find new opportunities here using their own tools, to remove the other needs for on-premises servers in other ways. Or maybe a “management appliance” is just part of their service offering, for example, and makes it easier to share printers and other local resources, etc.  This might be a Windows-based device, but it might not be. Comments?  Questions? Concerns? What other solutions are out there that you have seen or have implemented?

Business, Opinion, Technical , , , , 2 Comments
Share:

Comments (2)

  • Ivan de Sousa Reply

    Great article, it helps a lot in getting the big picture of the current options and solutions for this segment, as well as what to expect in the near future from MS. Thanks, much appreciated.

    August 31, 2017 at 11:11 am
  • Mario Reply

    Awesome article. Much appreciated.
    Thank you!

    September 1, 2017 at 4:52 pm

Leave a Reply

Back to Blog

Related Posts

25Oct

12 Steps you can take to up your Office 365 Security & Compliance game

I don't mean to oversimplify things here. This is not a comprehensive guide or anything like that. Every organization has different goals and business objectives, and depending on your industry, etc., you could have very different compliance regulations or whatever, that you need to consider.... read more
21Mar

How to not be an idiot on the Internet

There was a really funny security article circulated a few years ago after the crypto-variant viruses first started becoming a widespread problem; I wish I could remember who had written it, and if I could find it again I would link to it here and give them due... read more
21Feb

What are the benefits of using Autopilot in Microsoft 365? And, how to configure it.

Autopilot is a "low touch" or "no touch" deployment method that can be leveraged by IT departments to enable self-service computer deployments. Users can basically pick up a new Windows 10 device, sign in, and have all of their applications and data come to them... read more
Hybrid Azure AD Join or not?
08Jul

Should I use Hybrid Azure AD Join or not?

I consulted with an MSP recently about one of their larger customers, and whether or not to implement Hybrid Azure AD Join for existing Windows workstations (joined to traditional Active Directory). The classic consultant answer of course is, "It depends." In certain cases, perhaps. But... read more
27Apr

How to enable 2-factor or multi-factor authentication (2FA or MFA)

Enabling a second factor for authentication is an important (and often very easy) thing to do.  Usually this can be accomplished in just a few clicks for most websites and cloud services. It is highly recommended that you take the time to do this, especially for... read more
Updated Migration Advice
11Jul

Updated Migration Advice: Remove the last Exchange Server?

The last time I published articles on the topic of email migration was in the long, long ago: in the before time. Yes, before pandemics and novel coronaviruses, but also before we had the option to remove the last Exchange server. Some have asked me... read more
07Nov

Configure alerts for your 365 Tenant from the Security & Compliance Center

If you have an Office 365 or Microsoft 365 subscription, then you should check out the Security & Compliance Center--there are plenty of tools in here to help you step up your game. Generally speaking, nothing is really configured by default, so if you want... read more
25Nov

Unpopular opinion: Do not restrict users from creating Teams (Office 365 Groups)

I realize that advocating for no (or very limited) boundaries on who can create Teams puts me in the minority. When I look out across the community, I mostly see consultants in this space suggesting the opposite is a superior approach for various reasons--that the... read more
03Oct

How to secure your BYOD Windows 10 Device

I do not want to confuse anyone too much with this post. So let me begin with a clear disclaimer: I am not suggesting that we abolish Active Directory and encourage open BYOD across our small and mid-sized enterprises. Active Directory and Group Policy still provides the... read more
25Aug

2016 Essentials Integration: Manage SharePoint Libraries

Once you have Office 365 Integration working with Windows Server Essentials 2016, you can also manage SharePoint libraries from the Dashboard. The process is very similar to adding and managing local Server Folders. To get started, go to Storage and then SharePoint Libraries. Select Add a library... read more

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.

Contact Me