Just asking for some advice from SDMB members who have Windows Server, network, and VOIP experience for the best way to handle a downsizing project that I’ve been wrestling with.
A little background first: This is for a family-owned company where I worked for 26 years in the IT department. In 2021 they sold off their retail units and reduced their corporate staff from fifteen people down to five. I was not one of the lucky survivors, but I agreed to help them with IT-related tasks on an as-needed basis. It should be noted that of the five people still employed there, none of them work full-time and none are working remotely.
Fast forward about 18 months later, I’m still doing the occasional odd jobs for the company. The task before me now is to retire the Windows servers that are on-premises since they’re overkill for the current needs of the company. In addition I am going to replace the old PBX phone system with a VOIP solution and replace the obsolete Cisco ASA that’s currently safeguarding our network from the outside world. I’ve already had to do some repairs of failing equipment, so I’m aware that this is a ticking time bomb I’m sitting on.
I’ve reached out to a local IT support company to help me to break free from my old company and give them a much simpler IT environment that can meet their needs with minimal or no involvement from me. I’ve already begun the process of archiving and deleting seldom-used files and folders from our servers to reduce the amount of data that will be moved to the cloud. The company currently has their email hosted using Office 365 Exchange services and Azure Active Directory to sync up with our domain accounts.
My thinking is that I can probably get most of the way to my goal by simply converting our existing hybrid Exchange accounts and Office 2013 Standard users over to Microsoft 365 Business Standard or Premium and move the remaining files from our servers over to SharePoint libraries and OneNote folders. I would then shut down AD synchronization and take down our Windows servers and have the users set up on local accounts on their Windows PC and laptops. I would then look for a cloud backup solution to protect everything that has been moved to Microsoft 365.
Our local phone company offers VOIP services and support, so I would farm that out to them, and local hardware and network support would be done through the IT support company mentioned above. I know that I’ve hand waved a lot of details, but I just wanted to give a broad view of how I see things happening.
I’ve been tempted to just move the remaining user and shared data from the servers onto a NAS that’s on the company LAN and use Veeam NAS Backup to perform regular offsite backups to the cloud, but that almost seems too simplistic and prone to eventual failure. Am I wrong about this, or is this maybe the right way to go? I agonize over this a lot lately. My wife says that I shouldn’t since the company did end my employment there, albeit with 6-month’s severance pay.
Just looking for some outside opinions or suggestions about what you would do. Thanks in advance for any tips or suggestions.
I went through a migration a bit like that in my last IT job - I inherited an on premises server room with a bunch of VMWare servers hosting an assortment of rather unsupported guest servers - all with insufficient support escalation routes and generally set up on the assumption ‘we bought it, why can’t that be enough?’
We migrated onsite exchange to O365 Business Premium. We commissioned a few servers in Azure for domain services; files went from a collection of onsite file servers into SharePoint (getting users to decide what was no longer required was damn near impossible).
That part sounds a bit Wild West to me. I feel like there needs to be some sort of top-down control of accounts and privileges and security. I don’t know how it could be properly done without AD in an otherwise-Microsoft environment (but that could be my lack of knowledge - maybe there’s a good way to do it that doesn’t need AD).
PBX to VOIP. I have no idea; when I took the job, there was an aging, out-of-support PBX that they bought second hand from a company going out of business. Every time I asked to change it to cloud based VOIP, they said “Why change it? It works doesn’t it?”; every time it broke down (which was about once a month), they asked “Why haven’t you done anything about this?!”. When I left the job after 6 years, it was still there - nobody was happy with it, but nobody wanted to allow it to be changed. In theory, this switch should be simple if you just delegate it to a small telecoms company.
I dunno, this is only 5 people and nobody is working remotely. I would think that AD is a bit overkill for that situation. Running a domain controller for 5 computers? I guess it depends on how much you trust the employees and how much you can or are willing to micromanage.
You might continue to use AD if you have readily available IT help to manage it. Otherwise that might be more trouble than it’s worth. How responsive is the “local IT support company”? Is it one of those “put in a request and within a week you’ll get help” places? Or are they on call and responsive? If the latter, then it might be worth it to manage security even if you have a small group of employees.
I think that would be an awesome idea. Teams has VOIP features so it gives you that option and works well for other kinds of communication. And if you already have O365 it will work well with your other systems in place.
Yeah, I think it also depends on how much you will be responsible for support in general and fixing things when people break them; if you let end users manage their own machines; they will install software, then ask for help on using software that you’ve never even seen; they will also eventually install malware and ask for help recovering from it. Without AD and GPO, I would still say there might be a need for some other means of keeping things in order.
Just wanted to say “thanks” for the replies so far! I’m going to reply back to all of the responses that you’ve given, but I’d rather do this from my home PC rather than using my phone since it’s a bit tedious to do it that way.
Just to touch on a few things you all brought up:
Yep, this is sort of a “Wild West” scenario here, no doubt.
We currently use Trend Micro Worry-Free Business for endpoint protection of our client PCs. While not a direct substitute for the controls and group policies you can use apply to domain-joined computers, it might offer enough protection to suit the company’s ongoing needs with a few tweaks here and there.
I might take a look at porting a couple of the current phone numbers over to Teams as was suggested. Still tempting to work out something with our telecom / ISP provider so that support calls go to them rather than me.
I’m not overly concerned with the response times for the IT support company that I mentioned earlier. As it is, I’m not exactly Johnny on-the-spot either what with having a full-time job and a personal life and all.
Finally, I’m definitely not getting paid enough to make it worth my while. I think I’m doing this out of loyalty more than anything, but that’s just a “me” thing.
I’ll be replying back to everybody soon — promise!
I very much doubt that. I think that I grossly underestimated how much time and effort would go into winding everything down under the best of conditions – which I most definitely did not have in 2021. (Won’t go into all that…)
I agree with you on that point. The thing is that I’m certain they won’t want to spin up even a simple Windows server or two in Azure to more or less continue to operate as they’re doing now, and I don’t want to manage or be responsible for anybody else’s data anymore. I feel bad reading that now that I’ve written it.
Anyway, I’ve set up a global admin account in Azure for managing the Exchange mail accounts, and eventually my goal is to use that to set up shared folders in OneDrive once migration to Microsoft 365 is complete. Users can still store personal data in their own OneDrive folders, so that’ll keep things segregated a bit. Backups will have to be factored into this, of course, but I think I’ll leave that up to the IT support company to get that worked out.
That really does sound tempting, and that may be what ends up being used. It’s still very likely that our local fiber ISP and telecom provider may be able to meet the company’s VOIP needs without too much involvement from me. Plus, they’ve got good response times when it comes to support.
I think that I’ve finally concluded that my responsibilities need to be centered around myself and my current job. The time I’ve spent and the sleep that I’ve lost over the past year and a half has had a negative impact on me personally. I just don’t want to throw my hands up in there and say “no more” and walk away.
Yeah, ‘how will this be supported?’ is one of the most important questions in small business IT. There is a tendency for the company just to assume the IT guy will take it on, whatever it is, and sometimes that’s OK; other times it’s not - either because you spread yourself too thinly across a very wide spectrum of tech support themes (and don’t have the resources to be an expert on every one of them), or just because there could be an expectation of 24x7x365 support for something that people use whenever they feel like it (including out of hours), and you get phone calls in the middle of the night or when you are in the bath or when you are away on leave, on Christmas day, etc (been there - not fun).