My company is considering implementing Active Directory and Windows Server to manage our local network and workstations. The main benefits sought are central management of machines, security policies, and roaming profiles.
When using Windows Server for these purposes, does it ever make sense to run Windows Server from the cloud (i.e. Rackspace), or must it always be run locally?
Best Answer
Roaming user profiles are going to be painful to use via the Internet. Any significant number of files in folders (which the AppData folder is notorious for having) is going to cause painful delays in profile synchronization during logon and logoff. Due to the way profiles are copied (file for file) latency will impact this, though as long as you're using SMBv2 the latency won't have as large an effect as it would on SMBv1 clients.
You're also going to see potentially long boot and logon times relating to the application of Group Policy if the latency between your computers and your domain controller is significant. There are a lot of round-trips during the Group Policy application process. Latency is going to be the killer on this, not bandwidth.
The last few users who logged-on recently will be able to logon to a client computer even w/o Internet connectivity (provided you leave the default cached credentials settings in clients alone). If you have users moving around between machines or attempting to logon to computers they've never used before (a "hot desk" environment, more users than computers, etc) then you might see problems with logon in times when the Domain Controller computer isn't reachable.
I've gotten a number of requests recently from people on the 'net to have me help them with this kind of thing and, frankly, I don't understand the payoff, considering that you already have PCs attached to a LAN. (I could, potentially, see a payoff in a company that is "born" in a totally geographically distributed fashion, but that's a whole different rant.)
The amortized cost of a small server computer and Windows licenses over, say, a 3 year lifetime should be vastly less than the sum of the aggregate expense for hosting a server in the "cloud" over the same time period. You'd either need to pay the "cloud" provider, a contractor, or an employee for Active Directory and server administration in any situation, so "the cloud" doesn't magically make that expense go away.
There's also backup and disaster recovery to worry about. Just because the server is in "the cloud" doesn't mean it's backed up and, if it is, that doesn't mean those backups are geographically distributed and stored offline. Finally, there's the whole security concern associated with having your Active Directory sitting outside your firewall where you may not have as granular control of network filtering policies, and certainly a much higher chance for denial of service attacks.
Personally, I'd rather have a low cost server computer sitting on my LAN and a VPN (DirectAccess, preferrably) for clients to use while off-site than having the server off-site. I'd feel a lot more comfortable storing a reasonable quantity of data locally than in "the cloud" (using "the cloud" for backup, versus primary storage, isn't what I'm talking about here).
For comparison's sake: I'd expect a low-end Dell 1U rack mountable server w/ a pair or small (250 - 500GB) SATA or nearline SAS drives in a RAID-1 configuration and with a 3 year next-business-day warranty, running Windows Small Business Server Essentials 2011, to cost somewhere in the vicinity of $2,250.00 to $2,500.00.
At $3,000.00 (building in a little "fudge factor") that gives a monthly amortized expense of $83.33 to purchase the machine and the software and run it for the life of its warranty.
Edit:
Using a simple word like "cloud" as a kind of "magic pixie dust" seems to make people forget the complexity associated with hosting server computers. When you outsource your reasonably simple small office server to a "cloud provider" you're causing your simple small office server to become a much more complex offering (assuming the hosting provider is taking advantage of an economy of scale and leveraging their hardware and network connectivity across their entire Customer base). Your needs stay the same when you outsource that server to "the cloud", but the provider shoulders the burden of making a much more complex system than a small office server work to keep your needs met. You get all the advantages of a small office server combined with all the risks of a large distributed system!
Whenever I read "the cloud" in marketing literature I substitute a phrase for those words. When I read "Hosting our email in the cloud", for example, I really see "Hosting our email in servers reachable over a network with unpredictable latency and bandwidth and no guarantee on connectivity, in a physical environment I don't control, on hardware of unknown quality or maintenance, that could potentially become inaccessible at any time based on the whims of others."