ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Do I need to run AD if I install Server 2019?

    Scheduled Pinned Locked Moved IT Discussion
    73 Posts 10 Posters 4.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @biggen
      last edited by

      @biggen said in Do I need to run AD if I install Server 2019?:

      I don’t host anything inside my business other than camera stuff. We are a retail gift shop and use a cloud based POS system so I don’t have to keep up with any of that.

      Definitely, so taking on all the cost and problems of a Windows licensing infrastructure for some cameras seems like it should be an instant non-starter.

      1 Reply Last reply Reply Quote 2
      • scottalanmillerS
        scottalanmiller @biggen
        last edited by

        @biggen said in Do I need to run AD if I install Server 2019?:

        So my needs are pretty simple. I’m just wondering if I go the Server 2019 route, do I need to set up an AD?

        From the description, it sounds like something that shouldn't even be considered, even if you do decide to install Server 2019. Even by Microsoft's own guidelines at the peak of AD (something that waned long ago), you only really consider it when you are using it to manage a minimum of ten users, and generally a few more. Today the rule of thumb is not well known, but certainly higher than ten. More like twelve or higher. And there is never a number where you just choose it, it's just that under that number you rule it out. Above the threshold number you consider its benefits and caveats to see if the benefits are enough to make it worth it.

        AD works best when you have a large number of users in a single site (or a large number at multiple single sites). Once you have many sites with small numbers, mobile users, or a LANless architecture, it's effectively worthless.

        Caveats are many, it makes it hard to stop paying licensing fees, it makes it more important to constantly get the latest updates, it takes an isolated server and ties it to the machines, it creates an extremely likely path for ransomware (AD itself isn't the risk per se, it's how almost everyone uses it), it creates complexity that greatly increases the overhead of system management, it creates management risks, etc.

        As someone who runs a company that makes a load of money fixing AD from companies that deploy it when not needed and then get stuck bringing in people like us to fix it (literally have a team doing this right now on a Sunday for a nine person company), I can tell you that a small $800 decision today to buy Windows and then use the "free included" Active Directory because "you already paid for it" will easily cost you a few thousand dollars extra over the years in unneeded licensing, and will easily cost you five to ten thousand dollars someday in the future when you have to hire a team to come in and clean things up.

        AD is a great tool with loads of benefits for the right organization. But in the SMB, it doesn't make sense all that often and the risks are way higher than most people will tell you... because nearly everyone in IT from internal IT people to MSPs and VARs make huge loads of their revenue from managing or fixing unnecessary AD deployments.

        ObsolesceO 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @biggen
          last edited by

          @biggen said in Do I need to run AD if I install Server 2019?:

          mean, I could setup AD as a learning tool (almost like a lab).

          And learn why this was a bad idea 🙂

          35nksf.jpg

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller
            last edited by

            If you want to learn AD itself, and there are loads of reasons to want to, I would do it in a real lab where you can shut it off anytime you want and don't tie your running business to it. AD is great and I recommend knowing it. But I recommend extreme caution rolling it out without a very compelling reason.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              For companies like you describe, who want the majority of AD benefits, Microsoft has already moved you to AzureAD (AzureAD is wholly unrelated to AD, it's just a marketing thing in the name.) And there are lots of alternative options, from cloud hosted products to DevOps tools that are free like Ansible and SaltStack. And that's only if there are specific benefits that you are looking for (like central password management, automated printer deployment, etc.)

              1 Reply Last reply Reply Quote 0
              • ObsolesceO
                Obsolesce @scottalanmiller
                last edited by Obsolesce

                @scottalanmiller said in Do I need to run AD if I install Server 2019?:

                AD works best when you have a large number of users in a single site (or a large number at multiple single sites). Once you have many sites with small numbers, mobile users, or a LANless architecture, it's effectively worthless.

                Yes, then you are stuck with it (on-prem AD) only to keep supporting old bad choice software that requires it until you can replace it.

                scottalanmillerS 1 Reply Last reply Reply Quote 2
                • scottalanmillerS
                  scottalanmiller @Obsolesce
                  last edited by

                  @Obsolesce said in Do I need to run AD if I install Server 2019?:

                  @scottalanmiller said in Do I need to run AD if I install Server 2019?:

                  AD works best when you have a large number of users in a single site (or a large number at multiple single sites). Once you have many sites with small numbers, mobile users, or a LANless architecture, it's effectively worthless.

                  Yes, then you are stuck with it (on-prem AD) only to keep supporting old bad choice software that requires it until you can replace it.

                  That too. It's primary a legacy thing today. Still loads of good uses, but legacy is the primary use case. Technical debt.

                  1 Reply Last reply Reply Quote 0
                  • B
                    biggen
                    last edited by biggen

                    Ok wow. Well that clears up that I DONT WANT to run Win Server...

                    The issue is really Blue Iris. It decodes the H.264 byte stream. It doesn’t play well with Nvidia so it’s recommended to run it bare metal and let the Intel CPU and Quick Sync handle that. The folks that are running Win 10 or Server bare metal and then connected all their cameras to that I guess aren’t in proper licensing.

                    I guess I can look at some other VMS options. I know that NX Witness can run on Ubuntu so I could install Hyper-V core and run an Ubuntu VM for that. It’s just costly since NX Witness chargers per camera for licensing.

                    Having to think about it some more... Thanks for the suggestions guys. I knew I could count on advice here.

                    black3dynamiteB 1 Reply Last reply Reply Quote 1
                    • black3dynamiteB
                      black3dynamite @biggen
                      last edited by

                      @biggen said in Do I need to run AD if I install Server 2019?:

                      I guess I can look at some other VMS options.

                      Here's a couple of open source options.
                      https://zoneminder.com/
                      https://kerberos.io/

                      B 1 Reply Last reply Reply Quote 2
                      • B
                        biggen @black3dynamite
                        last edited by

                        @black3dynamite said in Do I need to run AD if I install Server 2019?:

                        @biggen said in Do I need to run AD if I install Server 2019?:

                        I guess I can look at some other VMS options.

                        Here's a couple of open source options.
                        https://zoneminder.com/
                        https://kerberos.io/

                        Zoneminder is pretty bad. It very antiquated. But I’ve never tried Kerbos. I’ll check it out. Thanks!

                        JaredBuschJ 1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender
                          last edited by

                          I’m guessing that cameras are like Unifi APs, they are the clients reaching out to the server software running in the closet. Therefore, I’m guessing that windows 10 would be legal to use.

                          Scott?

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • 1
                            1337 @1337
                            last edited by 1337

                            @Pete-S said in Do I need to run AD if I install Server 2019?:

                            That said, I don't understand why Blue Iris has to decode the h264 streams.

                            I'd like to get back to my earlier question. I think something is wrong with the Blue Iris setup.

                            Why does Blue Iris need to decode the H264 stream? Axis cameras already encode H264 and you save that to disk. The setting is called Direct-to-disc in Blue Iris.

                            According to B.I. website you won't get image overlay with camera name and time but who cares about that when the ip cam does that already by itself.

                            It's just not efficient to have the camera do h264, decode that with B.I into raw video and then have B.I reencode that into h264 again.

                            DashrenderD B 2 Replies Last reply Reply Quote 0
                            • DashrenderD
                              Dashrender @1337
                              last edited by

                              @Pete-S said in Do I need to run AD if I install Server 2019?:

                              @Pete-S said in Do I need to run AD if I install Server 2019?:

                              That said, I don't understand why Blue Iris has to decode the h264 streams.

                              I'd like to get back to my earlier question. I think something is wrong with the Blue Iris setup.

                              Why does Blue Iris need to decode the H264 stream? Axis cameras already encode H264 and you save that to disk. The setting is called Direct-to-disc in Blue Iris.

                              According to B.I. website you won't get image overlay with camera name and time but who cares about that when the ip cam does that already by itself.

                              Maybe you can’t view it in real-time with out the decoding?

                              1 1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender
                                last edited by

                                As far as your remote access, why not use a VPN from your firewall? A $60 ER-X can do that for you.

                                1 Reply Last reply Reply Quote 0
                                • 1
                                  1337 @Dashrender
                                  last edited by 1337

                                  @Dashrender said in Do I need to run AD if I install Server 2019?:

                                  @Pete-S said in Do I need to run AD if I install Server 2019?:

                                  @Pete-S said in Do I need to run AD if I install Server 2019?:

                                  That said, I don't understand why Blue Iris has to decode the h264 streams.

                                  I'd like to get back to my earlier question. I think something is wrong with the Blue Iris setup.

                                  Why does Blue Iris need to decode the H264 stream? Axis cameras already encode H264 and you save that to disk. The setting is called Direct-to-disc in Blue Iris.

                                  According to B.I. website you won't get image overlay with camera name and time but who cares about that when the ip cam does that already by itself.

                                  Maybe you can’t view it in real-time with out the decoding?

                                  All browsers can show h264 streams directly.

                                  DashrenderD 2 Replies Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender @1337
                                    last edited by

                                    @Pete-S said in Do I need to run AD if I install Server 2019?:

                                    @Dashrender said in Do I need to run AD if I install Server 2019?:

                                    @Pete-S said in Do I need to run AD if I install Server 2019?:

                                    @Pete-S said in Do I need to run AD if I install Server 2019?:

                                    That said, I don't understand why Blue Iris has to decode the h264 streams.

                                    I'd like to get back to my earlier question. I think something is wrong with the Blue Iris setup.

                                    Why does Blue Iris need to decode the H264 stream? Axis cameras already encode H264 and you save that to disk. The setting is called Direct-to-disc in Blue Iris.

                                    According to B.I. website you won't get image overlay with camera name and time but who cares about that when the ip cam does that already by itself.

                                    Maybe you can’t view it in real-time with out the decoding?

                                    All browsers can show h264 stream directly.

                                    I don’t know boo about BI, but assuming it’s a security camera type software that can show 12 (blah blah number) of cameras, I’m guessing the desire would be to have that multi camera view up at most times, so that’s not browser based, but again I don’t know boo about BI.

                                    1 1 Reply Last reply Reply Quote 0
                                    • 1
                                      1337 @Dashrender
                                      last edited by

                                      @Dashrender said in Do I need to run AD if I install Server 2019?:

                                      @Pete-S said in Do I need to run AD if I install Server 2019?:

                                      @Dashrender said in Do I need to run AD if I install Server 2019?:

                                      @Pete-S said in Do I need to run AD if I install Server 2019?:

                                      @Pete-S said in Do I need to run AD if I install Server 2019?:

                                      That said, I don't understand why Blue Iris has to decode the h264 streams.

                                      I'd like to get back to my earlier question. I think something is wrong with the Blue Iris setup.

                                      Why does Blue Iris need to decode the H264 stream? Axis cameras already encode H264 and you save that to disk. The setting is called Direct-to-disc in Blue Iris.

                                      According to B.I. website you won't get image overlay with camera name and time but who cares about that when the ip cam does that already by itself.

                                      Maybe you can’t view it in real-time with out the decoding?

                                      All browsers can show h264 stream directly.

                                      I don’t know boo about BI, but assuming it’s a security camera type software that can show 12 (blah blah number) of cameras, I’m guessing the desire would be to have that multi camera view up at most times, so that’s not browser based, but again I don’t know boo about BI.

                                      You mean it reencodes all cameras into one big stream? It's possible but I doubt it. I don't know anything about it but have worked with ip cams and Axis in the past. If you have for instance 4 ip cams on the screen there will be 4 streams.

                                      Most ip cams can send several streams so you could have a low bandwidth and a high bandwidth stream from the camera at the same time. So you can use one for viewing and the other for storage.

                                      1 Reply Last reply Reply Quote 0
                                      • DustinB3403D
                                        DustinB3403
                                        last edited by

                                        Why not just use Ubiquiti cameras and nvr?.

                                        Professional equipment and software to back it up with a server backend you're already familiar with.

                                        1 Reply Last reply Reply Quote 1
                                        • DashrenderD
                                          Dashrender @1337
                                          last edited by

                                          @Pete-S said in Do I need to run AD if I install Server 2019?:

                                          @Dashrender said in Do I need to run AD if I install Server 2019?:

                                          @Pete-S said in Do I need to run AD if I install Server 2019?:

                                          @Pete-S said in Do I need to run AD if I install Server 2019?:

                                          That said, I don't understand why Blue Iris has to decode the h264 streams.

                                          I'd like to get back to my earlier question. I think something is wrong with the Blue Iris setup.

                                          Why does Blue Iris need to decode the H264 stream? Axis cameras already encode H264 and you save that to disk. The setting is called Direct-to-disc in Blue Iris.

                                          According to B.I. website you won't get image overlay with camera name and time but who cares about that when the ip cam does that already by itself.

                                          Maybe you can’t view it in real-time with out the decoding?

                                          All browsers can show h264 streams directly.

                                          This brings another question.... the OPsaid BI require direct hardware access and sync something ( on my phone, hard to lookup when posting) , if that’s true and running that inside a VM kills the CPU, why would decoding in a browser not also kill the CPU in that same VM?

                                          1 1 Reply Last reply Reply Quote 0
                                          • B
                                            biggen @1337
                                            last edited by biggen

                                            @Pete-S said in Do I need to run AD if I install Server 2019?:

                                            @Pete-S said in Do I need to run AD if I install Server 2019?:

                                            That said, I don't understand why Blue Iris has to decode the h264 streams.

                                            I'd like to get back to my earlier question. I think something is wrong with the Blue Iris setup.

                                            Why does Blue Iris need to decode the H264 stream? Axis cameras already encode H264 and you save that to disk. The setting is called Direct-to-disc in Blue Iris.

                                            According to B.I. website you won't get image overlay with camera name and time but who cares about that when the ip cam does that already by itself.

                                            It's just not efficient to have the camera do h264, decode that with B.I into raw video and then have B.I reencode that into h264 again.

                                            So CPU usage isn’t bad when no one is viewing via the Web GUI. On my test VM (gave it 2 cores) two cams with direct to disk recording were using about 50% of one core on an i3 Ivy Bridge (2C/4T). I was simply going to head to eBay and pickup an i7 4c/8t Ivy Bridge, drop it in, and off I go. But viewing the cams kills the CPU without Quick Sync being used. I opened two Web GUI streams of Blue Iris on two different computer and all of a sudden both cores of the VM were pegged at 100% and it became unresponsive. It’s the viewing the cams using the Blue Iris web GUI that kills it. The recording isn’t too bad.

                                            1 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 3 / 4
                                            • First post
                                              Last post