How do you setup Windows and Linux servers in enterprise?

Posted by sec_admin@reddit | sysadmin | View on Reddit | 6 comments

From a networking perspective, you have a pretty intuitive architecture - putting it simply, you start with the core switch, branch of to WAN, DMZ with firewalls, LAN etc. Of course complexity increases as you move forward. You can look at network diagrams to make sense of stuff.

What is the equivalent for server architecture? For Windows you start with a DC/AD and then build from there while separating Prod/Dev? How about for Linux? How do you plan/design storage?

I'm trying to look at an overall picture of how servers are arranged and planned in an MNC enterprise sysadmin point of view. I tried looking at system designs but these are more involved about application architecture.

[-]

Kuipyr@reddit

GPO for Windows, Ansible for Linux. Honestly not a fan of joining Linux to AD. I use local accounts with ssh keys stored on Yubikeys that are pushed out with kickstart

[-]

Original-Reaction40@reddit

Why not use ansible for both linux and windows?

[-]

pdp10@reddit

It's simple; you may be overthinking it, especially if you're looking at things from an academic point of view.

Servers may have a dedicated interface to a dedicated storage LAN/VLAN.
Our servers go in physically-secure rooms where most outside access is through reverse-proxies for incoming traffic and a forward proxy like Squid for outgoing traffic. Under these conditions, encryption on internal traffic isn't mandatory, and in fact unencrypted outbound connections may be favored for ease of whitelisting.
At a rack level, typical servers' Ethernet is connected to a couple of redundant "Top of Rack" switches, which are often in the middle of the rack to keep cable length short and more manageable.

[-]

screampuff@reddit

Linux is more commonly ansible and IaC. You 'deploy' servers by spinning up a fresh and base image, then start loading your configuration. Apps install with things like apt-get or yum, then you push configuration files which is usually text, unlike say Windows where it's a mix of registry, app data, gpo, program files, environment variables, services, etc....

When something goes wrong, you just push the button and it redeploys from scratch. You back up your data that houses documents, your configs, databases and that sort of thing.

[-]

Specialist_Cow6468@reddit

Please, tell me more about how simple and intuitive you find modern datacenter network architecture. Do you prefer to run your VTEPs on your switches or directly on the hypervisors?

[-]

enterprisedatalead@reddit

depends on the environment, but in most cases it ends up being a hybrid setup

windows servers usually handle things like AD, identity, and anything that depends on microsoft stack, while linux runs apps, databases, web services etc. trying to force everything into one side usually causes more pain than it solves

we’ve done this by keeping identity centralized in AD and integrating linux where it actually makes sense. joining linux to AD (via sssd/realmd) worked well for shared access and reduced account sprawl, but we didn’t do it for every box, only where needed

automation matters a lot more than the OS choice. once you start using something like ansible, managing both becomes way easier

also worth deciding early which systems actually need to talk to each other vs stay isolated, otherwise it gets messy fast

how big is the setup you’re planning, more lab or something production-like?