There is still a lot of confusion about what a network should look like when there is no longer a need for a server. Historically, businesses bought a server when they found themselves with the need to share and standardize. But if you’ve upgraded to an Office / Microsoft 365 suite and have Windows 10 PCs, what should the new network look like? It’s time to rethink the design of the network.
The network today
For the purposes of this article, let’s say you run a business that uses an Office 365 Business or Enterprise plan, all of your core apps are in the cloud, and now it’s just Active Directory, files, printers, and policies. occupy the server. The companies that have achieved this state are likely small and use QuickBooks or other popular accounting software. Since over 90% of businesses in the world are small, this scenario is the most common.
In the image above, we see a standard network where the firewall separates the outside from the inside. This is how most well-managed networks are designed.
We used to joke about businesses that are set up as giant home networks for their lack of organization, planning, functionality, and security. Obviously, the IT department (if they had one) did not understand basic networking standards. But now those standards have changed. We are not moving towards home networking, but rather towards a new concept of cloud-based business infrastructure.
Changing your mind about network design
We are creatures of habit and comfort. So the inclination is to just look at what you have and assume you need it. But the world of IT infrastructure is still new. We need to look at this with our eyes wide open to new concepts about how the cloud works and what it means for managed networks. Microsoft built Azure from the ground up and didn’t try to build on-premises networks in the cloud like a simple hosting solution would. Therefore, what you’re going to find out is that there isn’t a straightforward one-to-one feature set when you look at how you’re going to move things to the cloud. I have seen people try and they end up with a forced costly situation. The cloud was not designed for individual companies to run servers on it. Your best bet is to embrace what it is and modernize your approach to infrastructure. When you signed up for the Office / Microsoft 365 suite, you agreed, perhaps unwittingly, but agreed to chart a very special new path.
Our new networks are more like the image below where everything is connected directly to the internet and the security and management is done in the cloud.
Follow the course that has been set
In our example, let’s say we moved our email to the first part of the migration. This means we have a changed DNS, Outlook uses Autodiscover to configure itself, we have a lot of new apps available for our users, and Azure AD is actively authenticating our users at least for Outlook.
The next steps in the plan will then be to migrate those files and that’s usually when IT staff wakes up realizing that there is no Group Policy, no mapped drives, and that they stumble or shut down because a managed network cannot exist without these things.
But it is possible.
Mapping old ways with new ones
Keeping in mind that we are not recreating the on-premises network in the cloud, but adopting the cloud methods instead. Let’s see where our tools are.
Join domain = Connect to Azure AD. Only Windows 10 devices can connect to Azure. Since Azure AD is all about authentication, this allows Azure to authenticate that your devices are who they say they are.
Mobile devices are phones and tablets = Everything is mobile. Most small businesses have historically ignored mobile devices, so managing them is a new concept. It can be hard to figure out, but Microsoft sees Windows 10 as a mobile platform. Everything is therefore considered mobile and is managed as such. Once you can internalize that, the decentralization of management starts to make a lot more sense.
Updates are managed = updates occur. This naturally follows once you embrace the concept that all Windows 10 devices are mobile devices. With your applications in the cloud, incompatibilities should be rare. Microsoft does offer a few update frequencies, but with the pace that malware authors evolve these days, you better get into the fastest possible frame rate.
Printers are mapped = printers are discovered. Windows 10 will automatically discover printers on the network it’s connected to, install the drivers, and don’t forget to set the default printer you last used on that network as default.
Group Policy = Intune. Using Intune, you can push software (including MSI, EXE, Apple, and Android), set basic security and configuration policies. You can use their strategy wizards or make your own registry edits, push scripts, or a mix of all of the above.
Mapped drives = Sync or Connect. Mapped drives give users that warm haze that they know everything is kept in drive M (for example), but starting with Windows 7 and the introduction of libraries, users didn’t have to worry about where something was, they just needed to access it. So they no longer needed a drive letter or multiple drive letters to access something. Today, SharePoint document libraries are connected, OneDrive folders are synced from their own collection or others.
Redirected folders = Synchronization of known folders. Many companies have redirected folders to make sure they capture data that users might leave on the desktop or save in their documents folder. OneDrive for Business now captures this data through Known Folder Sync.
My network is secure at the edge = My network is secured by authentication. Windows has its own firewall which is very effective at preventing the outside from entering for many years. But now that your data is not on site, where is the limit? These are your users. The very people that we have long considered to be the weak link. Fortunately, Azure has new tips that have made authentication stronger to mean not only username and password, but also device, location, and other metrics that match the normal activity pattern. of a user. And it has new tricks that prevent the password from being transmitted between the phonebook and the devices.
Which brings me to safety
Anyone worried about cloud security hasn’t taken a good look around. The cloud has brought so many additional security features that figuring out which ones to implement is more of the problem than deciding how you’re going to protect individual items. Between encrypted files, emails, authentication enhancements, file protections, and malware detection layers, our new networks are much more secure than they’ve ever been on-premises.
Network design: the biggest hurdle yet
The biggest obstacle I see in redesigning these networks is to awaken business owners, managers and staff to the need for training. It’s not just IT staff who need to rethink the way they work, learn new tools and change their behavior. The staff must do the same. This new world places them at the forefront of corporate intellectual property protection. It’s a role they haven’t had to think about before. The job has been done for them, but now they need to understand the difference in security between different types of network connection, how to separate personal and work data in the BYOD age, how to encrypt the concept and put it in the right context. .
There is a lot of work to be done on all fronts. Migrating to the cloud isn’t as straightforward as it might seem at first glance, but it’s not intimidating either. With the right leadership coming from IT, organizations will be ready to reap the benefits the cloud promises.
Featured Image: Shutterstock