There are many benefits to having a virtual server collection on two servers with shared storage. We prefer to use Lenovo servers with IBM storage. With XCP-ng you can view both servers and storage as a single unified resource. This allows for VM (virtual machine) deployment based on resource needs as well as priority within the business. A collection of servers within this configuration is referred to as a pool. One server within the pool is then designated as the pool coordinator. This acts as a single point of contact for all of the pool members, routing communication as required. In the case of a coordinator failure, all members have the requisite information to take over the role as needed.

This configuration within XCP-ng allows for live VM migration between hosts for instances where the hosts need to be rebooted for maintenance without any downtime. This in turn allows for a form of redundancy over the network in case of a server outage. Another benefit is the capability to set up high availability (HA) with rules. HA is a set of rules which use what is defined as a ‘heartbeat’ to determine server availability. In the case of a failed heartbeat to a server or VM, the server can be booted automatically on a different host in order to get the server operational again with minimal time. In the case of a HA-enabled pool, a new pool coordinator will be automatically nominated if the current coordinator is lost or shut down.

Shared storage setup is often also coupled with multi-pathing, a solution that utilises multiple paths when accessing a storage unit for VM data. This improves performance, while also allowing redundancy whereby a failure over a single path does not stop data from transferring due to multiple paths allocated for data access.

The RAID (redundant array of independent disks) level we recommend is Distributed RAID-6 (or D-RAID 6). This level of RAID holds an advantage over other RAID levels which utilise a ‘hot spare’ disk. In a hot spare set up (such as RAID-5 + Hot Spare), hidden recovery data is stored on all disks bar the hot spare. When a disk fails, the recovery data is pulled from the remaining operating disks and set up on the hot spare, which then automatically re-takes the place of the failed disk.

The issue with this technique is that hot spares are sat in an ‘idle’ state until such a time comes that a disk fails. This means that the hot spare could be degraded or fail before the time comes for its activation, at which point you are left with an unprotected RAID array.
D-RAID6 mitigates this issue by storing the recovery data across all disks and allows for two failures. This removes the  requirement for a spare idle disk, providing a notification prior to any  degradation of a disk before any failure occurs. It also means that a ‘rebuild’ can occur faster as the disks already hold the data required as opposed to a hot spare which will require all data to be transferred afresh.

There are a number of different virtualization platforms to consider when setting up or upgrading IT infrastructure. At Exchequer Dynamics we have maintained a number of different virtualisation platforms in the past, including Microsoft Hyper-V and VMware vSphere/ESXi. It’s with this experience in hand that we have implemented XCP-ng for price/performance.

In typical setups a Windows domain utilises using Windows Server licensing. The advantage of Windows licensing for virtual servers is that within a core pack, two virtual servers are allowed when licensing for physical CPU core on the virtualization host. It is easy to fall into the trap of over-allocating/under-allocating server licenses for Microsoft, but with the right purchase you can achieve greater cost-saving.

With a Microsoft domain, the servers are then split into the various functions required. For example, a Domain Controller is initially setup, and then following this an application server which may also function as a printer server for the network. With some customers an on-premise Microsoft Exchange server is required and can also be maintained by Exchequer Dynamics with in-house knowledge spanning decades. Current service providers tend to advise that cloud based mail is the only way forward for the management of mail, but we appreciate that this solution does not fit the requirements of all customers.

One of the benefits and considerations of setting up a virtualization environment is the memory and CPU assigned to the servers. This is particularly important when setting up Remote Desktop/ _Terminal Servers, and sizing can be important. XCP-ng allows for the increase and decrease in the allocation of the virtual hardware, as well as provide statistics to produce the metrics. While there are some recommended specifications required for Remote servers based on users and their type of daily usage, this solution also allows the customer to fine-tune this for optimum use.

Firewall

The next step in implementing this IT infrastructure is securing the network. The best way to do this is to have a dedicated firewall in place (either hardware appliance, software based appliance running on the virtual host itself or cloud based firewall as a service). This system allows for spyware prevention, virus attacks, data privacy and traffic monitoring. This means that the network is protected from malicious incoming traffic online before the traffic even reaches an endpoint. It also allows for the capability of virtual private networks (VPN’s) to give users access to resources remotely in a locked down environment, for example access to a Remote Desktop server without it being publicly available online.
We use Sophos UTM’s (Unified Threat Management) and Barracuda.

Antivirus

Underneath the outside security layer of the firewall, security needs to also be maintained on endpoints using anti-virus protection. Off-the-shelf solutions often offer no management of rules and so an enterprise solution is required to be able to modify security policies and prevent disablement by end users. The anti-virus set up should also allow for server protection, which is often different from standard desktop anti-virus, and also mobile protection where required. When using a network managed anti-virus solution, there should be the option for a single relay for all virus updates to prevent saturation of the network with downloads. For this we have a number of recommendations which can be found on our dedicated Antivirus page.

Email security

Further security products can also be implemented for tightening of security on the network. With Sophos UTM’s there is the option of spam security through the mail protection module. Similar protection can also be provided through the use of SpamTitan provided by TitanHQ. We are also able to provide website application protection through a Web Application Firewall. This can be useful for websites but also the Outlook Web Access and ActiveSync functionality in Microsoft Exchange, as well as provide Denial of Service attack prevention for public facing services.

A good backup policy is essential part of IT infrastructure for all businesses. Not only are files required to be kept backed up in case of accidental removal, servers should be backed up in the case of catastrophic failure and requirements to rebuild to new/dissimilar hardware. We recommend Acronis Cloud for this as it is not only capable of cloud backups off-site, but will also backup to on-site storage. It includes multiple application enhanced backups such as SQL Server and Microsoft Exchange.

We have restored virtual servers in the cloud to brand new installations of XCP-ng Hypervisor without issue many times and can attest to its capabilities. When backing up with Acronis to the cloud, we usually ensure that the following backup scheme is kept:

• Monthly Backup: 6 months stored
• Weekly Backup: 4 weeks stored
• Daily Backup: 7 days stored

This means that in the case of an emergency you would be able to retrieve data up to 6 months in the past. Acronis Cloud Storage will encrypt your data at-source with government-approved AES-256 encryption and uses a software based backup method, whereby a Client is installed within the operating system which manages the backup.

To perform a backup at the hypervisor level we can recommend XenOrchestra. This product provides a turnkey experience that not only provides a backup solution, but also provides an additional layer to allow the management of the hypervisor itself, with features such as:

• VM creation & management
• Statistics & metrics
• ACLs & self service
• Pro support available

The XenOrchestra solution sits as a virtual appliance on the hypervisor and is capable of taking full backups as well as providing file level restoration. XenOrchestra can also provide backup types which co-align with disaster recovery. We have used XenOrchestra for both disaster recovery of virtual servers as well as continuous replication based backups to another server. The XenOrchestra backup method is agentless, and there is no extra-hardware or vendor lock-in, the only thing required is another storage medium. This can be set up in the form of replication to different sites with a number of incremental backups done during the day.

Comprehensive information for both of these can be found in the links below:

Link to – Backup

Link to – Disaster-recovery

This example does not include any Local Area Network hardware or considerations, these can also be specified and configured if required.
If you are planning to rebuild or revamp your small business IT infrastructure come and talk to us and we can help you work out the best way forward.

Software

• Windows Server Licensing – £ Varies due to price fluctuations and version
• Remote Desktop Session (RDS) Client Access License (CAL) – £ Varies due to price fluctuations, version and number of users
• Windows Exchange Server – £ Varies due to price fluctuations and version
• Client Access License (CAL) for Exchange – £ Varies due to price fluctuations, version and number of users
• Application licenses – £ Varies on what applications are required
• SpamTitan – £ Varies on number of users
• Barracuda Web Application Firewall (WAF) – £ Varies on number of users
• Antivirus – £ Varies on number of devices
• Daily Server Backups – £ Varies on the amount, in GB, that is backed up and stored

Hardware

• 2x Lenovo Servers (to be specified depending on your requirements) – £ Varies due to price fluctuations and requirements
• 1x IBM Storage (to be specified depending on your requirements) – £ Varies due to price fluctuations and requirements
• 2x Barracuda firewall, in a master/slave failover configuration – £ Varies dependent on requirements

Total cost

As you can see, there are many variables to consider and everyone’s requirements are different. Accurate pricing needs a greater understanding of your current setup and future requirements. This is why we can provide initial consultation free of charge, along with an onsite visit.