Moving All On Premise Infrastructure (Windows AD based) to Cloud with Google Apps

Posted by JLehrhoff

on 26 Dec 2018 4:43 PM

Have some virtual servers, but for the most part I'm looking to decomm all on-prem to the cloud. Some of the bigger ticket items (along with their directory/password sync tool) such as File Sharing/Email have been moved to Google Apps. The real challenge are going to be what to do with the authoritative source of users/groups is going to be in the cloud, how to retain (or cut over to SAML-based SSO) some of the finer details like internal DNS, WSUS Group Policy, DHCP (can easily move to router) etc. Up in the air is also an IIS/.net based app with SQL backend, which then I believe gets into the Azure virtual server. Trying to do this as much as possible with solutions available via Techsoup, or otherwise have steep discounts for NPOs. Has anyone accomplished a similar project? Just really trying to end up with a switch, a firewall and a UPS.

You have posted to a forum that requires a moderator to approve posts before they are publicly available.

Posted by Christian_SEO

on 26 Dec 2018 5:30 PM

If you are looking for feedback and suggestions I think you will get more replies if you can break down the questions into several posts.

I think I understand what you are trying to do, but I have not heard about anyone doing that before.

It would not be something I would recommend, mostly because while you simplify your inhouse IT infrastructure, you also give up most of your control.

The core of my concern is that when/if your network is slow or goes down, all work also slows or stops.

You have posted to a forum that requires a moderator to approve posts before they are publicly available.

Posted by JLehrhoff

on 26 Dec 2018 6:14 PM

Just to break down some of the AD components:

Users/Groups/Contacts: Currently synced with an app (google) that has to run on a Domain Controller. If I moved to Azure AD; can't run the GADS tool or password sync from a server as Azure AD is just a web based app within the O365 portal. I believe there is a method to do it via SAML based SSO, but it is a significant change..then begs the question, should we just cut off the sync and use Google Apps as the authoritative source for the user/group/contacts?
That's when the questions arise of how the machines are managed if not by some sort of group policy? Windows Updates if I don't have a WSUS server? The client has downsized considerably so it is really only a handful of machines which is more manageable, but still prefer t deploy applications by applying a GPO than to do manual machine-by-machine. JumpCloud comes up on searches and looks like they are trying to bridge some of these gaps (will require some research)

The whole "losing control" and "network slowdown" aspects are by no reason without merit, but sort of getting to be an old fashioned outlook on it. I used to think the same way; but I don't really want control nor does it make sense for an organization that is a certain size to maintain servers on-prem. As for slowdown, it is easy to load balance a redundant circuit on a firewall these days.. alternatively and/or additionally can provide one or more hotspots, as the focus really goes on having reliable internet access at all times.

Anway I don't have all the answers; I am curious how other NPOs that may have downsized or just trying to move away from maintaining physical servers have approached this.

You have posted to a forum that requires a moderator to approve posts before they are publicly available.

Join TechSoup

Moving All On Premise Infrastructure (Windows AD based) to Cloud with Google Apps

Moving All On Premise Infrastructure (Windows AD based) to Cloud with Google Apps

New here?