The next evolution of SBSAlex Fields
In a previous article, I compared two alternative deployments for a new kind of “Small Business Server” (being defined in this case as a network of 25 users or less). Microsoft used to have a widely adopted product for this market called Small Business Server, but since it has been discontinued after SBS 2011, and that version is already in extended support, most of these customers are in the process of switching over to something else right now. As there is no “SBS 2016” or similar, the solution landscape has fractured.
Some people are remaining on-premises with Windows Server 2016 Essentials or Standard, and are usually still migrating mailboxes to Office 365. Others are going to lean into the cloud a little more heavily still, with the Azure solution I described in the last article, which is also a bit more expensive to do. Still others have split off and gone toward a “hosted” desktop experience with some third party provider, for instance, or abandoned the Microsoft market altogether in favor of other technologies like GoogleApps and Chromebooks (puke).
But there is one other “all-cloud” alternative that I can see, which would be available to some (but not all–depending on line of business application requirements, usually).
Building blocks of an “all cloud” solution might already be here…
Microsoft is headed in the right direction. In some cases, Microsoft’s Office 365 as it exists today might be all that some organizations ever need–but you can also pair that up with some other popular LOB apps that are available in cloudy varieties–and many of those can be setup for SSO with Azure AD.
- Identity / Single-Sign-On: Azure AD
- Email: Exchange Online
- Communications: Skype for Business Online
- Personal File Sharing: OneDrive for Business
- Team or Company-based file sharing: SharePoint Online, Microsoft Teams, etc. (or maybe a third party SaaS provider such as Box or Dropbox for Business)
- Other Line of Business Apps: e.g. QuickBooks Online, Salesforce, Adobe Creative Cloud, etc.–configured for use with Azure AD SSO
And that is almost everything… Except:
Group Policy – Today, if you set this one time using a local group policy on each computer (e.g. in a Workgroup), then there is no way of knowing that the settings “stay put” after you’ve left. Nor can you enforce new updates to the policy quickly. So we still need an alternative if there is going to be no local or cloud-hosted domain controller. There are hints that more and more of this “policy control” will be coming available through Azure AD and Intune, meaning that Azure AD could soon replace more traditional on-premises Active Directory functionality. This can’t happen fast enough, in my opinion. But, MSP providers might start leaning more heavily on their own management tools to provide something like this functionality, too.
Endpoint management, updates & security – For other endpoint management concerns, most small businesses would still employ a Managed Services Provider, who would be able to do remote support and provide tools that manage assets, track tickets/help requests, provide monitoring & security, patching/updates/software deployment, etc. Whether they use a tool such as Intune (which today is lacking in my opinion) for these purposes, or their own branded tool of similar capacity–doesn’t really matter. It just needs to be there (in fact it should be present even in a server-based environment–on-prem or cloud-based).
Network & perimeter security – You can’t ignore this just because you’re in the cloud. When users are on your local network, you have a responsibility to provide every level of protection you can, and the perimeter is still a good tool for doing that. Get this nailed down tight with a good firewall and solid policies, and up-to-date security subscriptions. Advanced offerings will even include some internal network vulnerability detection & response tools on top of that (but of course, this usually requires at least some on-premises “server” or appliance footprint).
Shared Printers/MFP devices – I want an easy way to deploy shared printers to the organization (otherwise, no server means installing the printer driver and connecting to each network printer on every individual machine). This isn’t so bad in very small offices of less than 10 users, but it gets tedious quickly as an org gets bigger. Without a local print server to auto-magically deploy printers to the workstations, we have to get more creative–like a startup script that you can deploy via your endpoint management tool.
Backup – Your cloud provider may or may not provide for backup of your data. Chances are, it is at least very highly available. But that isn’t the same thing as a backup. Office 365 stores your data in triplicate in each data center (and data is replicated between at least two regional data centers), but no other backup exists. There is however a default retention period where deleted data will be recoverable up to a certain point. Again, not the same as a backup. So you may want to account for this in your solution also.
Optional (but recommended)
At least today, I would still suggest keeping, if not a full-blown server, at least a small “appliance” or “super-desktop” computer that could run Windows Server Essentials–only if you have a centralized office infrastructure that requires it. For the reasons stated above, I just feel that it helps with some of the day-to-day management and security features in an environment like this, even if 100% of your data can otherwise live in the cloud (plus it is pretty cheap/inexpensive).
If the management box went down, I don’t think it would even matter or be noticed by users right away, necessarily, and could be replaced pretty easily. For example:
- Users could sign-in with cached credentials to their local computer in the event of an outage
- DHCP (the service responsible for handing out IP addresses) could be handled by the firewall, switch or other network device
- DNS (name lookups) could be configured to use a combination of the local server as primary, and a cloud-based alternative, like OpenDNS as secondary
Perhaps MSP’s can find new opportunities here using their own tools, to remove the other needs for on-premises servers in other ways. Or maybe a “management appliance” is just part of their service offering, for example, and makes it easier to share printers and other local resources, etc. This might be a Windows-based device, but it might not be. Comments? Questions? Concerns? What other solutions are out there that you have seen or have implemented?