Discussions

We are at a crossroads, and I'm hoping to get input on how to set up our network for best security and simplicity. Our Windows server is outdated and file services are rarely used. We are going to put the shares that are being used onto Google Shared Drives and archive the rest. Going forward, is it advantageous to continue to log into the domain using AD? I will outsource the set up of the servers to make sure it is done correctly, but want to understand what it is we need. DNS, DHCP, DC? 

We are a small private school with about 60 windows computers. Our staff uses mostly windows laptops with a few personal Macs thrown in. The students all use Chromebooks (about 150 devices 1:1).  We use Google for email and file services and we are working on a very simple printing arrangement so not sure if we even need a print server. We do have a fairly new Palo Alto firewall and good switches. Should we set up a new server with just enough services to ensure a stable and safe environment. Should the staff continue to use AD? Does AD provide a layer of security or is it just the opposite? 

Thank you for any and all suggestions!



#ITSystemsandSupport

------------------------------
Jan Tullis
Rockwern Academy
------------------------------

Hi Jan - give the size of your organization and I'm assuming resources for IT support - I'd recommend moving all of your network and systems into the cloud. Based on the brief overview provided, I can't see any reason you would need on-premise servers without looking deeper into your infrastructure. This will provide you more security and less requirements for managing on campus servers. Feel free to reach out privately if you want to discuss further.

------------------------------
Allyn Wenzel
Director of Technology
Stevenson School
------------------------------

Original Message:
Sent: 02-10-2022 08:49 AM
From: Jan Tullis
Subject: Upgrading Network Environment and Looking for Input

We are at a crossroads, and I'm hoping to get input on how to set up our network for best security and simplicity. Our Windows server is outdated and file services are rarely used. We are going to put the shares that are being used onto Google Shared Drives and archive the rest. Going forward, is it advantageous to continue to log into the domain using AD? I will outsource the set up of the servers to make sure it is done correctly, but want to understand what it is we need. DNS, DHCP, DC? 

We are a small private school with about 60 windows computers. Our staff uses mostly windows laptops with a few personal Macs thrown in. The students all use Chromebooks (about 150 devices 1:1).  We use Google for email and file services and we are working on a very simple printing arrangement so not sure if we even need a print server. We do have a fairly new Palo Alto firewall and good switches. Should we set up a new server with just enough services to ensure a stable and safe environment. Should the staff continue to use AD? Does AD provide a layer of security or is it just the opposite? 

Thank you for any and all suggestions!



#ITSystemsandSupport

------------------------------
Jan Tullis
Rockwern Academy
------------------------------

Thank you so much for your response and recommendations. I'm still on the fence whether or not we need the domain, possibly for group policy. I am like a Jr. IT Director, meaning I can't really do the higher level set up (or lets say I like to leave that to the pros!). I teach also, so definitely need things running without me watching it all the time.  Just connected with a local IT guy and I think he's going to help me with whatever we decide, so feeling a lot better about this! Thanks again!

------------------------------
Jan Tullis
Rockwern Academy
------------------------------

Original Message:
Sent: 02-11-2022 09:14 AM
From: Allyn Wenzel
Subject: Upgrading Network Environment and Looking for Input

Hi Jan - give the size of your organization and I'm assuming resources for IT support - I'd recommend moving all of your network and systems into the cloud. Based on the brief overview provided, I can't see any reason you would need on-premise servers without looking deeper into your infrastructure. This will provide you more security and less requirements for managing on campus servers. Feel free to reach out privately if you want to discuss further.

------------------------------
Allyn Wenzel
Director of Technology
Stevenson School

Original Message:
Sent: 02-10-2022 08:49 AM
From: Jan Tullis
Subject: Upgrading Network Environment and Looking for Input

We are at a crossroads, and I'm hoping to get input on how to set up our network for best security and simplicity. Our Windows server is outdated and file services are rarely used. We are going to put the shares that are being used onto Google Shared Drives and archive the rest. Going forward, is it advantageous to continue to log into the domain using AD? I will outsource the set up of the servers to make sure it is done correctly, but want to understand what it is we need. DNS, DHCP, DC? 

We are a small private school with about 60 windows computers. Our staff uses mostly windows laptops with a few personal Macs thrown in. The students all use Chromebooks (about 150 devices 1:1).  We use Google for email and file services and we are working on a very simple printing arrangement so not sure if we even need a print server. We do have a fairly new Palo Alto firewall and good switches. Should we set up a new server with just enough services to ensure a stable and safe environment. Should the staff continue to use AD? Does AD provide a layer of security or is it just the opposite? 

Thank you for any and all suggestions!



#ITSystemsandSupport

------------------------------
Jan Tullis
Rockwern Academy
------------------------------

Hi Jan,

Depending on your operational needs I would consider keeping a file server on-prem. for sensitive documents (e.g., HIPPA, Bus. Ops. Records etc..) and have back-up solution.  I would also consider a cloud LDAP service if you do not want to maintain AD.

Marc

------------------------------
Marc Carter
CTO
Episcopal High School
------------------------------

Original Message:
Sent: 02-10-2022 08:49 AM
From: Jan Tullis
Subject: Upgrading Network Environment and Looking for Input

We are at a crossroads, and I'm hoping to get input on how to set up our network for best security and simplicity. Our Windows server is outdated and file services are rarely used. We are going to put the shares that are being used onto Google Shared Drives and archive the rest. Going forward, is it advantageous to continue to log into the domain using AD? I will outsource the set up of the servers to make sure it is done correctly, but want to understand what it is we need. DNS, DHCP, DC? 

We are a small private school with about 60 windows computers. Our staff uses mostly windows laptops with a few personal Macs thrown in. The students all use Chromebooks (about 150 devices 1:1).  We use Google for email and file services and we are working on a very simple printing arrangement so not sure if we even need a print server. We do have a fairly new Palo Alto firewall and good switches. Should we set up a new server with just enough services to ensure a stable and safe environment. Should the staff continue to use AD? Does AD provide a layer of security or is it just the opposite? 

Thank you for any and all suggestions!



#ITSystemsandSupport

------------------------------
Jan Tullis
Rockwern Academy
------------------------------

Thanks Marc, 

I don't mind taking care of the AD server once it is set up properly and I understand the policies. I like the idea of maybe having some sensitive files on site, and just leaving the door open for more services if needed. I like owning the server rather than paying licenses in the cloud per user. But having most of us on Google makes good sense right now. Thanks!

------------------------------
Jan Tullis
Rockwern Academy
------------------------------

Original Message:
Sent: 02-11-2022 10:16 AM
From: Marc Carter
Subject: Upgrading Network Environment and Looking for Input

Hi Jan,

Depending on your operational needs I would consider keeping a file server on-prem. for sensitive documents (e.g., HIPPA, Bus. Ops. Records etc..) and have back-up solution.  I would also consider a cloud LDAP service if you do not want to maintain AD.

Marc

------------------------------
Marc Carter
CTO
Episcopal High School

Original Message:
Sent: 02-10-2022 08:49 AM
From: Jan Tullis
Subject: Upgrading Network Environment and Looking for Input

We are at a crossroads, and I'm hoping to get input on how to set up our network for best security and simplicity. Our Windows server is outdated and file services are rarely used. We are going to put the shares that are being used onto Google Shared Drives and archive the rest. Going forward, is it advantageous to continue to log into the domain using AD? I will outsource the set up of the servers to make sure it is done correctly, but want to understand what it is we need. DNS, DHCP, DC? 

We are a small private school with about 60 windows computers. Our staff uses mostly windows laptops with a few personal Macs thrown in. The students all use Chromebooks (about 150 devices 1:1).  We use Google for email and file services and we are working on a very simple printing arrangement so not sure if we even need a print server. We do have a fairly new Palo Alto firewall and good switches. Should we set up a new server with just enough services to ensure a stable and safe environment. Should the staff continue to use AD? Does AD provide a layer of security or is it just the opposite? 

Thank you for any and all suggestions!



#ITSystemsandSupport

------------------------------
Jan Tullis
Rockwern Academy
------------------------------

For a school that size, I would have everything stored with Google Drive. There are products available to do a cloud backup of Google Drive data and you may consider that for finance/development/admissions data. Your Google Drive data is already backed up, but it's nice to have an extra layer of protection for the most important/sensitive data. Having a file server on campus and an additional backup solution adds costs for support/backup and is also another network security piece to consider.  For printing, I would just have everyone print to the IP address of the printer and not worry about a print server. I'm not sure what your role is but a lot of schools that size don't have full time IT support in the budget. The more you can utilize hosted services and simplify, it will be easier to manage and save your school money on outsourcing.

As far as AD, it depends on your usage. If you are only using it for permissions to file shares, it may not be necessary if you move everything to the cloud. If you are using it for pushing out group policy and updates, it may be still be useful.  Hope that helps!

------------------------------
Scott Davis
Director of Technology
Delaware Valley Friends School
------------------------------

Original Message:
Sent: 02-10-2022 08:49 AM
From: Jan Tullis
Subject: Upgrading Network Environment and Looking for Input

We are at a crossroads, and I'm hoping to get input on how to set up our network for best security and simplicity. Our Windows server is outdated and file services are rarely used. We are going to put the shares that are being used onto Google Shared Drives and archive the rest. Going forward, is it advantageous to continue to log into the domain using AD? I will outsource the set up of the servers to make sure it is done correctly, but want to understand what it is we need. DNS, DHCP, DC? 

We are a small private school with about 60 windows computers. Our staff uses mostly windows laptops with a few personal Macs thrown in. The students all use Chromebooks (about 150 devices 1:1).  We use Google for email and file services and we are working on a very simple printing arrangement so not sure if we even need a print server. We do have a fairly new Palo Alto firewall and good switches. Should we set up a new server with just enough services to ensure a stable and safe environment. Should the staff continue to use AD? Does AD provide a layer of security or is it just the opposite? 

Thank you for any and all suggestions!



#ITSystemsandSupport

------------------------------
Jan Tullis
Rockwern Academy
------------------------------

Good to know about the google backup - I was wondering about that! Also, yes, we are getting a new printer service where they can print to one printer (via IP) and pick up the prints at any of the printers around the building. It's pretty cool. 

I have decided that I do like the group policies, I just need someone to go over them with me so I understand it better. I think I found someone local so excited about that!

Thanks!

------------------------------
Jan Tullis
Rockwern Academy
------------------------------

Original Message:
Sent: 02-11-2022 01:30 PM
From: Scott Davis
Subject: Upgrading Network Environment and Looking for Input

For a school that size, I would have everything stored with Google Drive. There are products available to do a cloud backup of Google Drive data and you may consider that for finance/development/admissions data. Your Google Drive data is already backed up, but it's nice to have an extra layer of protection for the most important/sensitive data. Having a file server on campus and an additional backup solution adds costs for support/backup and is also another network security piece to consider.  For printing, I would just have everyone print to the IP address of the printer and not worry about a print server. I'm not sure what your role is but a lot of schools that size don't have full time IT support in the budget. The more you can utilize hosted services and simplify, it will be easier to manage and save your school money on outsourcing.

As far as AD, it depends on your usage. If you are only using it for permissions to file shares, it may not be necessary if you move everything to the cloud. If you are using it for pushing out group policy and updates, it may be still be useful.  Hope that helps!

------------------------------
Scott Davis
Director of Technology
Delaware Valley Friends School

Original Message:
Sent: 02-10-2022 08:49 AM
From: Jan Tullis
Subject: Upgrading Network Environment and Looking for Input

We are at a crossroads, and I'm hoping to get input on how to set up our network for best security and simplicity. Our Windows server is outdated and file services are rarely used. We are going to put the shares that are being used onto Google Shared Drives and archive the rest. Going forward, is it advantageous to continue to log into the domain using AD? I will outsource the set up of the servers to make sure it is done correctly, but want to understand what it is we need. DNS, DHCP, DC? 

We are a small private school with about 60 windows computers. Our staff uses mostly windows laptops with a few personal Macs thrown in. The students all use Chromebooks (about 150 devices 1:1).  We use Google for email and file services and we are working on a very simple printing arrangement so not sure if we even need a print server. We do have a fairly new Palo Alto firewall and good switches. Should we set up a new server with just enough services to ensure a stable and safe environment. Should the staff continue to use AD? Does AD provide a layer of security or is it just the opposite? 

Thank you for any and all suggestions!



#ITSystemsandSupport

------------------------------
Jan Tullis
Rockwern Academy
------------------------------

Jan, you may want to look into Azure AD, with InTune.  MS is pushing Azure/InTune heavily anyway, and your use case actually sounds very good for it.  Azure allows you to have AD fully in the cloud, including cloud-hosted GPOs, and InTune is an MDM in the vein of Apple that can push items you'd normally use a GPO for, such as scripts and even app installs.  Leveraging InTune also allows you to use AutoPilot as an out-of-box setup solution instead of traditional imaging (not sure if you are doing that now).  You can also use OneDrive for personal storage/sync and backup (you can easily push OneDrive settings via GPO -- doing that with the Google Drive client has been a bit spotty).

MS offers some pretty good educational pricing for Azure/InTune services, so it's likely going to be cheaper to go that route than a traditional on-prem AD server.

If you do want some onsite storage for sensitive files, a basic 4-bay NAS with some SATA SSDs may meet your needs.  Just make sure it's not at all exposed outside your firewall -- there have been lots of incidents recently with ransomware that is tailored to NAS OS vulnerabilities, although this type of malware is likely not a risk if you don't poke a hole through the firewall for any NAS features.

------------------------------
David Fulton-Howard
Technical Service Specialist
McDonogh School
------------------------------

Original Message:
Sent: 02-11-2022 01:51 PM
From: Jan Tullis
Subject: Upgrading Network Environment and Looking for Input

Good to know about the google backup - I was wondering about that! Also, yes, we are getting a new printer service where they can print to one printer (via IP) and pick up the prints at any of the printers around the building. It's pretty cool. 

I have decided that I do like the group policies, I just need someone to go over them with me so I understand it better. I think I found someone local so excited about that!

Thanks!

------------------------------
Jan Tullis
Rockwern Academy

Original Message:
Sent: 02-11-2022 01:30 PM
From: Scott Davis
Subject: Upgrading Network Environment and Looking for Input

For a school that size, I would have everything stored with Google Drive. There are products available to do a cloud backup of Google Drive data and you may consider that for finance/development/admissions data. Your Google Drive data is already backed up, but it's nice to have an extra layer of protection for the most important/sensitive data. Having a file server on campus and an additional backup solution adds costs for support/backup and is also another network security piece to consider.  For printing, I would just have everyone print to the IP address of the printer and not worry about a print server. I'm not sure what your role is but a lot of schools that size don't have full time IT support in the budget. The more you can utilize hosted services and simplify, it will be easier to manage and save your school money on outsourcing.

As far as AD, it depends on your usage. If you are only using it for permissions to file shares, it may not be necessary if you move everything to the cloud. If you are using it for pushing out group policy and updates, it may be still be useful.  Hope that helps!

------------------------------
Scott Davis
Director of Technology
Delaware Valley Friends School

Original Message:
Sent: 02-10-2022 08:49 AM
From: Jan Tullis
Subject: Upgrading Network Environment and Looking for Input

We are at a crossroads, and I'm hoping to get input on how to set up our network for best security and simplicity. Our Windows server is outdated and file services are rarely used. We are going to put the shares that are being used onto Google Shared Drives and archive the rest. Going forward, is it advantageous to continue to log into the domain using AD? I will outsource the set up of the servers to make sure it is done correctly, but want to understand what it is we need. DNS, DHCP, DC? 

We are a small private school with about 60 windows computers. Our staff uses mostly windows laptops with a few personal Macs thrown in. The students all use Chromebooks (about 150 devices 1:1).  We use Google for email and file services and we are working on a very simple printing arrangement so not sure if we even need a print server. We do have a fairly new Palo Alto firewall and good switches. Should we set up a new server with just enough services to ensure a stable and safe environment. Should the staff continue to use AD? Does AD provide a layer of security or is it just the opposite? 

Thank you for any and all suggestions!



#ITSystemsandSupport

------------------------------
Jan Tullis
Rockwern Academy
------------------------------

With a school of your size and the scope of your needs you could easily move the DHCP / DNS to your firewall and stop worrying about that being on a Windows server. I say that with the belief of removing your local Windows server. If you have a local AD server then just leave the DHCP / DNS on it for simplicity's sake.

As far as getting rid of the local server, you could move to Azure AD for your Windows devices. Your users would login to that on their Windows machines and you could manage them with an MDM. Intune is an option but currently won't help with your Chromebooks. An MDM that can handle both Chromebooks and Windows would likely be ideal. I don't have any experience with Chromebook MDM beyond Google Workspace so maybe someone else can make a recommendation there. The MDM will be able to likely do everything you do with group policy, and it is the way things are moving. No need to build of old ideas.

The challenge with this recommendation is you will be managing two identity cloud providers of Google and Microsoft Azure AD. Ideally you can link the two and make one the primary. If you have a good service provider, they can hopefully help you set this up and make managing it fairly straightforward. You can likely do all you need with the free tiers of Microsoft 365 and Google Workspace for Edu as a school. Be sure to investigate those before paying. Some providers will try to sell you on those as they often get a commission on sales.

------------------------------
Brian Hoyt
French American School of Puget Sound
------------------------------

Original Message:
Sent: 02-10-2022 08:49 AM
From: Jan Tullis
Subject: Upgrading Network Environment and Looking for Input

We are at a crossroads, and I'm hoping to get input on how to set up our network for best security and simplicity. Our Windows server is outdated and file services are rarely used. We are going to put the shares that are being used onto Google Shared Drives and archive the rest. Going forward, is it advantageous to continue to log into the domain using AD? I will outsource the set up of the servers to make sure it is done correctly, but want to understand what it is we need. DNS, DHCP, DC? 

We are a small private school with about 60 windows computers. Our staff uses mostly windows laptops with a few personal Macs thrown in. The students all use Chromebooks (about 150 devices 1:1).  We use Google for email and file services and we are working on a very simple printing arrangement so not sure if we even need a print server. We do have a fairly new Palo Alto firewall and good switches. Should we set up a new server with just enough services to ensure a stable and safe environment. Should the staff continue to use AD? Does AD provide a layer of security or is it just the opposite? 

Thank you for any and all suggestions!



#ITSystemsandSupport

------------------------------
Jan Tullis
Rockwern Academy
------------------------------