Seems odd you'd have the least secure systems on the domain, the client computers... and not have the most secure systems on the domain, the servers. With your DC and hypervisor being on the domain, how many times have those been compromised? Do you not update your servers? Do they all have internet access
To my knowledge they haven't been.
No. All servers receive Windows updates.
And I agree, this is odd. This, and so many other things, are being fixed one bite at a time.
Set your firewall to drop outbound traffic from servers that don't need Internet access. Point those servers to a local WSUS server for updates. Allow the WSUS server to get out to Internet. You can set local policy and point servers to WSUS, if they aren't domain joined. That way, servers can be updated but lower attack vector as they cannot get online.
We have an old hospital that they converted the ER and emergency operating rooms into a data center. Redundant power feeds and generator were already on site so all they did was upgrade to latest code and add UPS system. The old ER ambulance entrance is now the shipping/staging area. http://victorytechcenter.org/
My company is colocating some of our equipment in here come next month.
We looked at Victory didn't go for it but it was a really cool datacenter.
The last line in the above really speaks to what many MSPs fail to understand. In an SMB, adding a extremely complex solution such as an IPOD is not a great solution for the business (or the MSP).
As the saying goes "Fool me once, shame on you, fool my twice shame on me."
If an SMB purchases something that is so extremely complicated, and fragile and then the business wants to dump the MSP, they have to find another MSP (or Meta-MSP @Minion-Queen) to pick up the knowledge and maintain or fix the existing system.
Because the local on-staff IT likely doesn't have the time / ability to learn how to maintain the solution.
Isn't it an iron clad rule that there are no heros in IT?
There was that great thread on SW years ago, I wish that I had the link, where there were hundreds of responses to "who is your IT hero" and not one, literally, not a single one, mentioned someone who worked in IT except for one...and the thing that made him their hero wasn't his IT work but his writing and not his writing about IT but his writing about time management. Zero IT people made the list. All marketing, sales or software people... and one writer.