Do I need to run AD if I install Server 2019?
-
@biggen said in Do I need to run AD if I install Server 2019?:
So my needs are pretty simple. I’m just wondering if I go the Server 2019 route, do I need to set up an AD?
From the description, it sounds like something that shouldn't even be considered, even if you do decide to install Server 2019. Even by Microsoft's own guidelines at the peak of AD (something that waned long ago), you only really consider it when you are using it to manage a minimum of ten users, and generally a few more. Today the rule of thumb is not well known, but certainly higher than ten. More like twelve or higher. And there is never a number where you just choose it, it's just that under that number you rule it out. Above the threshold number you consider its benefits and caveats to see if the benefits are enough to make it worth it.
AD works best when you have a large number of users in a single site (or a large number at multiple single sites). Once you have many sites with small numbers, mobile users, or a LANless architecture, it's effectively worthless.
Caveats are many, it makes it hard to stop paying licensing fees, it makes it more important to constantly get the latest updates, it takes an isolated server and ties it to the machines, it creates an extremely likely path for ransomware (AD itself isn't the risk per se, it's how almost everyone uses it), it creates complexity that greatly increases the overhead of system management, it creates management risks, etc.
As someone who runs a company that makes a load of money fixing AD from companies that deploy it when not needed and then get stuck bringing in people like us to fix it (literally have a team doing this right now on a Sunday for a nine person company), I can tell you that a small $800 decision today to buy Windows and then use the "free included" Active Directory because "you already paid for it" will easily cost you a few thousand dollars extra over the years in unneeded licensing, and will easily cost you five to ten thousand dollars someday in the future when you have to hire a team to come in and clean things up.
AD is a great tool with loads of benefits for the right organization. But in the SMB, it doesn't make sense all that often and the risks are way higher than most people will tell you... because nearly everyone in IT from internal IT people to MSPs and VARs make huge loads of their revenue from managing or fixing unnecessary AD deployments.
-
@biggen said in Do I need to run AD if I install Server 2019?:
mean, I could setup AD as a learning tool (almost like a lab).
And learn why this was a bad idea
https://i.kym-cdn.com/entries/icons/original/000/011/767/35nksf.jpg
-
If you want to learn AD itself, and there are loads of reasons to want to, I would do it in a real lab where you can shut it off anytime you want and don't tie your running business to it. AD is great and I recommend knowing it. But I recommend extreme caution rolling it out without a very compelling reason.
-
For companies like you describe, who want the majority of AD benefits, Microsoft has already moved you to AzureAD (AzureAD is wholly unrelated to AD, it's just a marketing thing in the name.) And there are lots of alternative options, from cloud hosted products to DevOps tools that are free like Ansible and SaltStack. And that's only if there are specific benefits that you are looking for (like central password management, automated printer deployment, etc.)
-
@scottalanmiller said in Do I need to run AD if I install Server 2019?:
AD works best when you have a large number of users in a single site (or a large number at multiple single sites). Once you have many sites with small numbers, mobile users, or a LANless architecture, it's effectively worthless.
Yes, then you are stuck with it (on-prem AD) only to keep supporting old bad choice software that requires it until you can replace it.
-
@Obsolesce said in Do I need to run AD if I install Server 2019?:
@scottalanmiller said in Do I need to run AD if I install Server 2019?:
AD works best when you have a large number of users in a single site (or a large number at multiple single sites). Once you have many sites with small numbers, mobile users, or a LANless architecture, it's effectively worthless.
Yes, then you are stuck with it (on-prem AD) only to keep supporting old bad choice software that requires it until you can replace it.
That too. It's primary a legacy thing today. Still loads of good uses, but legacy is the primary use case. Technical debt.
-
Ok wow. Well that clears up that I DONT WANT to run Win Server...
The issue is really Blue Iris. It decodes the H.264 byte stream. It doesn’t play well with Nvidia so it’s recommended to run it bare metal and let the Intel CPU and Quick Sync handle that. The folks that are running Win 10 or Server bare metal and then connected all their cameras to that I guess aren’t in proper licensing.
I guess I can look at some other VMS options. I know that NX Witness can run on Ubuntu so I could install Hyper-V core and run an Ubuntu VM for that. It’s just costly since NX Witness chargers per camera for licensing.
Having to think about it some more... Thanks for the suggestions guys. I knew I could count on advice here.
-
@biggen said in Do I need to run AD if I install Server 2019?:
I guess I can look at some other VMS options.
Here's a couple of open source options.
https://zoneminder.com/
https://kerberos.io/ -
@black3dynamite said in Do I need to run AD if I install Server 2019?:
@biggen said in Do I need to run AD if I install Server 2019?:
I guess I can look at some other VMS options.
Here's a couple of open source options.
https://zoneminder.com/
https://kerberos.io/Zoneminder is pretty bad. It very antiquated. But I’ve never tried Kerbos. I’ll check it out. Thanks!
-
I’m guessing that cameras are like Unifi APs, they are the clients reaching out to the server software running in the closet. Therefore, I’m guessing that windows 10 would be legal to use.
Scott?
-
@Pete-S said in Do I need to run AD if I install Server 2019?:
That said, I don't understand why Blue Iris has to decode the h264 streams.
I'd like to get back to my earlier question. I think something is wrong with the Blue Iris setup.
Why does Blue Iris need to decode the H264 stream? Axis cameras already encode H264 and you save that to disk. The setting is called Direct-to-disc in Blue Iris.
According to B.I. website you won't get image overlay with camera name and time but who cares about that when the ip cam does that already by itself.
It's just not efficient to have the camera do h264, decode that with B.I into raw video and then have B.I reencode that into h264 again.
-
@Pete-S said in Do I need to run AD if I install Server 2019?:
@Pete-S said in Do I need to run AD if I install Server 2019?:
That said, I don't understand why Blue Iris has to decode the h264 streams.
I'd like to get back to my earlier question. I think something is wrong with the Blue Iris setup.
Why does Blue Iris need to decode the H264 stream? Axis cameras already encode H264 and you save that to disk. The setting is called Direct-to-disc in Blue Iris.
According to B.I. website you won't get image overlay with camera name and time but who cares about that when the ip cam does that already by itself.
Maybe you can’t view it in real-time with out the decoding?
-
As far as your remote access, why not use a VPN from your firewall? A $60 ER-X can do that for you.
-
@Dashrender said in Do I need to run AD if I install Server 2019?:
@Pete-S said in Do I need to run AD if I install Server 2019?:
@Pete-S said in Do I need to run AD if I install Server 2019?:
That said, I don't understand why Blue Iris has to decode the h264 streams.
I'd like to get back to my earlier question. I think something is wrong with the Blue Iris setup.
Why does Blue Iris need to decode the H264 stream? Axis cameras already encode H264 and you save that to disk. The setting is called Direct-to-disc in Blue Iris.
According to B.I. website you won't get image overlay with camera name and time but who cares about that when the ip cam does that already by itself.
Maybe you can’t view it in real-time with out the decoding?
All browsers can show h264 streams directly.
-
@Pete-S said in Do I need to run AD if I install Server 2019?:
@Dashrender said in Do I need to run AD if I install Server 2019?:
@Pete-S said in Do I need to run AD if I install Server 2019?:
@Pete-S said in Do I need to run AD if I install Server 2019?:
That said, I don't understand why Blue Iris has to decode the h264 streams.
I'd like to get back to my earlier question. I think something is wrong with the Blue Iris setup.
Why does Blue Iris need to decode the H264 stream? Axis cameras already encode H264 and you save that to disk. The setting is called Direct-to-disc in Blue Iris.
According to B.I. website you won't get image overlay with camera name and time but who cares about that when the ip cam does that already by itself.
Maybe you can’t view it in real-time with out the decoding?
All browsers can show h264 stream directly.
I don’t know boo about BI, but assuming it’s a security camera type software that can show 12 (blah blah number) of cameras, I’m guessing the desire would be to have that multi camera view up at most times, so that’s not browser based, but again I don’t know boo about BI.
-
@Dashrender said in Do I need to run AD if I install Server 2019?:
@Pete-S said in Do I need to run AD if I install Server 2019?:
@Dashrender said in Do I need to run AD if I install Server 2019?:
@Pete-S said in Do I need to run AD if I install Server 2019?:
@Pete-S said in Do I need to run AD if I install Server 2019?:
That said, I don't understand why Blue Iris has to decode the h264 streams.
I'd like to get back to my earlier question. I think something is wrong with the Blue Iris setup.
Why does Blue Iris need to decode the H264 stream? Axis cameras already encode H264 and you save that to disk. The setting is called Direct-to-disc in Blue Iris.
According to B.I. website you won't get image overlay with camera name and time but who cares about that when the ip cam does that already by itself.
Maybe you can’t view it in real-time with out the decoding?
All browsers can show h264 stream directly.
I don’t know boo about BI, but assuming it’s a security camera type software that can show 12 (blah blah number) of cameras, I’m guessing the desire would be to have that multi camera view up at most times, so that’s not browser based, but again I don’t know boo about BI.
You mean it reencodes all cameras into one big stream? It's possible but I doubt it. I don't know anything about it but have worked with ip cams and Axis in the past. If you have for instance 4 ip cams on the screen there will be 4 streams.
Most ip cams can send several streams so you could have a low bandwidth and a high bandwidth stream from the camera at the same time. So you can use one for viewing and the other for storage.
-
Why not just use Ubiquiti cameras and nvr?.
Professional equipment and software to back it up with a server backend you're already familiar with.
-
@Pete-S said in Do I need to run AD if I install Server 2019?:
@Dashrender said in Do I need to run AD if I install Server 2019?:
@Pete-S said in Do I need to run AD if I install Server 2019?:
@Pete-S said in Do I need to run AD if I install Server 2019?:
That said, I don't understand why Blue Iris has to decode the h264 streams.
I'd like to get back to my earlier question. I think something is wrong with the Blue Iris setup.
Why does Blue Iris need to decode the H264 stream? Axis cameras already encode H264 and you save that to disk. The setting is called Direct-to-disc in Blue Iris.
According to B.I. website you won't get image overlay with camera name and time but who cares about that when the ip cam does that already by itself.
Maybe you can’t view it in real-time with out the decoding?
All browsers can show h264 streams directly.
This brings another question.... the OPsaid BI require direct hardware access and sync something ( on my phone, hard to lookup when posting) , if that’s true and running that inside a VM kills the CPU, why would decoding in a browser not also kill the CPU in that same VM?
-
@Pete-S said in Do I need to run AD if I install Server 2019?:
@Pete-S said in Do I need to run AD if I install Server 2019?:
That said, I don't understand why Blue Iris has to decode the h264 streams.
I'd like to get back to my earlier question. I think something is wrong with the Blue Iris setup.
Why does Blue Iris need to decode the H264 stream? Axis cameras already encode H264 and you save that to disk. The setting is called Direct-to-disc in Blue Iris.
According to B.I. website you won't get image overlay with camera name and time but who cares about that when the ip cam does that already by itself.
It's just not efficient to have the camera do h264, decode that with B.I into raw video and then have B.I reencode that into h264 again.
So CPU usage isn’t bad when no one is viewing via the Web GUI. On my test VM (gave it 2 cores) two cams with direct to disk recording were using about 50% of one core on an i3 Ivy Bridge (2C/4T). I was simply going to head to eBay and pickup an i7 4c/8t Ivy Bridge, drop it in, and off I go. But viewing the cams kills the CPU without Quick Sync being used. I opened two Web GUI streams of Blue Iris on two different computer and all of a sudden both cores of the VM were pegged at 100% and it became unresponsive. It’s the viewing the cams using the Blue Iris web GUI that kills it. The recording isn’t too bad.
-
@Dashrender said in Do I need to run AD if I install Server 2019?:
@Pete-S said in Do I need to run AD if I install Server 2019?:
@Dashrender said in Do I need to run AD if I install Server 2019?:
@Pete-S said in Do I need to run AD if I install Server 2019?:
@Pete-S said in Do I need to run AD if I install Server 2019?:
That said, I don't understand why Blue Iris has to decode the h264 streams.
I'd like to get back to my earlier question. I think something is wrong with the Blue Iris setup.
Why does Blue Iris need to decode the H264 stream? Axis cameras already encode H264 and you save that to disk. The setting is called Direct-to-disc in Blue Iris.
According to B.I. website you won't get image overlay with camera name and time but who cares about that when the ip cam does that already by itself.
Maybe you can’t view it in real-time with out the decoding?
All browsers can show h264 streams directly.
This brings another question.... the OPsaid BI require direct hardware access and sync something ( on my phone, hard to lookup when posting) , if that’s true and running that inside a VM kills the CPU, why would decoding in a browser not also kill the CPU in that same VM?
Because all low powered clients decode h264 in hardware and decoding is cheap. However B.I. both decodes and reencodes which is much more expensive in CPU power.