Improve collaboration in small and midsize businesses
How can this guide help you? This solution guide describes how you can enable your employees and external partners to securely access secured data in your small or midsized business.
This guide describes a prescriptive, tested design and implementation solution that can help you enable collaboration between employees and external business partners and vendors in a more secured way by allowing them to securely access shared data.
In this solution guide:
The following diagram illustrates the problem and scenario that this solution guide addresses.
Problems associated with collaboration between employees and vendors or partners
Scenario, problem statement, and goals
This section describes the scenario, problem, and goals for an example organization.
An organization is a small to midsize business and the business administrator is looking for a way that employees can collaborate with partners and vendors. The employees currently use Microsoft Office applications—such as Word, Excel, and PowerPoint—on their local computers. The employees save documents on local computers and share them with business vendors and partners through print copies and emails, or by creating local shared resources.
Currently, the organization does not have a secure way of sharing documents with its vendors and partners. The overall problem to solve is:
As a small or midsize business administrator, how can the business administrator improve secure collaboration between employees and partners or vendors?
Some aspects of this problem are:
Documents are not shared between employees and vendors or partners in a secure manner.
The risk exists that business-critical data could be displayed inadvertently to users who should not be seeing the data.
It is difficult to track multiple file versions that result from employees and vendors saving company data on multiple devices (for example, on a user’s computer at work and a vendor’s computer offsite).
User management and file management are not centralized for documents.
The organization’s goals for improved collaboration are:
Store data in the cloud and/or on-premises so that employees and vendors can easily access the data for collaboration when they want and from where they want.
Provide specific employees, partners, and vendors access to documents to prevent losing control of the information.
Eliminate version conflicts that arise because multiple file versions are created when employees and vendors work on local copies.
Integrate and centralize the administration of collaboration-related cloud services and on-premises applications, such as Microsoft Outlook, Word, Excel, and PowerPoint.
Increase productivity by enabling employees to collaborate with vendors and partners by using a broad range of cloud-based services.
Centralize the management of permissions to documents stored on-premises and in the cloud.
What is the recommended planning and design approach for this solution?
The following diagram illustrates how to store, protect, and securely access data from a server running Windows Server 2012 R2 Essentials or Windows Server 2012 R2 with the Windows Server Essentials Experience role installed (referred to as Windows Server Essentials Experience in the rest of the document).
Solution design for collaboration between employees and vendors or partners
Windows Server 2012 R2 Essentials (appropriate for use for up to 25 users and 50 devices) and the Standard and Datacenter editions of Windows Server 2012 R2 with the Windows Server Essentials Experience role installed provide a solution for small to midsize business partners and owners that enables employees to easily collaborate with partners and vendors.
The following table lists the technologies that are included in Windows Server 2012 R2 Essentials and Windows Server Essentials Experience that are part of this solution design, and it describes the reason for the design choices.
Solution design element
Why is it included in this solution?
Windows Server Essentials Dashboard
Use the Dashboard to perform all administrative tasks in your network, such as creating user accounts, granting access permissions, setting up server and client backups, creating Storage Spaces and server folders, and integrating with Microsoft Azure Backup.
For more information, see Overview of the Dashboard in Windows Server Essentials [fwlink_SBS8_Admin].
Use Storage Spaces for storing your company’s data. With Storage Spaces, you can expand storage as your organization grows, ensure that you are providing high availability for your data, and provide a cost-effective solution. You do not need to spend upfront money on hardware, and you can scale up based on your business needs.
Store and share your organization’s files and folders in server folders that you create on your server rather than sharing them from individual user's PCs. This enables you to consolidate your data in one central location that all network users can access. When you store your data in server folders, you can protect it against total server failure by using Windows Server Backup and Azure Backup.
For more information, see Manage Server Folders in Windows Server Essentials [A_Web_Admin_H2].
Create user accounts for your employees and your vendors and partners who you collaborate with. Create a user group for each project that requires your employees to collaborate with external partners, and then add the appropriate employee and partner user accounts to the user group. When you create a user group, you can provide the same access level to network resources for all members.
For more information, see Manage User Accounts in Windows Server Essentials [H2].
Join client computers to the network so that you can easily manage all the computers in the network through the Windows Server Essentials Dashboard.
For information about all computer management-related tasks, see Manage Devices in Windows Server Essentials [H2].
Group Policy settings
Protect client computers from network attacks and keep the software and operating system on your computers up to date by implementing Windows Server Essentials Group Policy settings, which include settings for Windows Defender, Windows Firewall, and Windows Update.
Integrate your server running Windows Server Essentials with Microsoft Office 365 so that you can use the Dashboard to manage your Office 365 services and resources with your on-premises resources, instead of managing them in two places.
For more information, see Manage Office 365 in Windows Server Essentials [WSE_O365_Integrate].
You do not need to subscribe to Office 365 in advance. You will be able to buy a subscription or sign up for a free trial when you integrate Office 365.
If you would like to see plans and pricing for Office 365, see Compare Office 365 for business plans.
Microsoft online accounts management
Create online accounts for all the employees in the network who need to collaborate with vendors and partners. Employees can sign in to the Office 365 portal by using these online accounts. When you complete the integration of Windows Server Essentials with Office 365, employees will be able to sign in to the Office 365 portal by using their network credentials.
For more information, see Manage Online Accounts for Windows Server Essentials Users [WSE_O365_Integrate].
All Office 365 subscription plans for businesses let you create team sites and libraries in SharePoint Online. SharePoint Online enables you to collaborate with your partners and vendors. With SharePoint Online, you can access documents and other information from anywhere, such as at the office, from home, or from a mobile device. After you integrate your server running Windows Server 2012 R2 Essentials or Windows Server Essentials Experience with Microsoft Office 365, you can manage SharePoint libraries and set up access permissions from the Dashboard, without visiting the Office 365 portal.
For more information about managing SharePoint Online in Windows Server Essentials, see Manage Devices in Windows Server Essentials [H2].
For an overview of SharePoint Online, see SharePoint Online.
Windows Server 2012 R2 Essentials and Windows Server Essentials Experience include the following features and technologies that can help a small or midsize Microsoft business partner or an administrator achieve the business goals that are listed earlier in this solution guide.
Consider the following features and technologies when you are planning for this solution. We have included design recommendations for you for each feature or technology.
Why are we recommending this design?
This section explains the details of the design considerations and the decisions that were made that led to the final solution design. This section also provides the recommended configuration or usage of each feature that is used in this solution.
Windows Server Essentials Dashboard
The Windows Server Essentials Dashboard in Windows Server 2012 R2 Essentials and Windows Server Essentials Experience helps you quickly access key information and the management features on your server. By using the Dashboard, you can create and manage user accounts, manage devices and backups, manage access and settings for server folders and hard drives, view server alerts and take action on them, integrate with Microsoft Online Services, and install non-Microsoft add-ins that integrate with online services.
Recommendation: Use the Windows Server Essentials Dashboard to perform a majority of administrative tasks for your network. You can run tasks and wizards from the Dashboard to optimally configure the features that are included in your server. By using the Dashboard, you can also configure remote access permissions to network resources, such as shared folders, client computers, or a virtual private network (VPN), on a per-user basis.
You can use the Storage Spaces feature to create flexible, low-cost, resilient, and dynamically expandable data volumes. With Storage Spaces, you can virtualize your server’s storage by grouping industry standard hard disks into storage pools, and then create virtual disks (called storage spaces) from the available capacity in the storage pools. You can use these storage spaces to store your company data in one central location.
Recommendation: For small businesses with fewer than 10 employees, use at least three SAS or SATA hard disks—one hard disk to be used for the operating system, and other two to be used for storage spaces. We recommend that you create a storage space by using at least two hard drives with mirrored resiliency.
For small businesses with more than 10 employees, or midsize businesses with up to 100 employees, configure at least three SAS hard disks with Storage Spaces—one hard disk to be used for the operating system, and other two to be used for storage spaces. We also recommend providing a server chassis that supports adding more drives for expansion.
By using the Server Folders feature, you can store files that are located on client computers at a central location. Storing files in server folders ensures that files are always accessible from every client in a secure manner by using authenticated network credentials.
Recommendation: Create server folders on a storage space drive and create separate server folders for departments or projects. For example, if you have an accounting department, you can create a server folder called “Accounting.” Creating the server folder on a storage space disk increases data availability (because of mirroring).
We also recommend that you set a quota for your server folders so that you are alerted when a server folder is about to reach its capacity. When you are alerted, you can delete files in the server folder to increase available space for storage, or you can add more space to the server folder and adjust its quota settings. You can also configure which server folders are available remotely, and you can assign remote access permissions to user accounts that can access server folders from off-premises.
User and group management
You can easily manage access to your network resources by creating user accounts for all your employees from the Users tab of the Windows Server Essentials Dashboard. In addition, you can create user group accounts, and then add the user accounts as members. All members of a user group account share the same security access level to server resources.
Recommendation: Create user accounts for all the employees in the network, and for all the vendors and partners who you want to collaborate with by using Office 365. Next, create user groups based on the projects that require collaboration or need access to Server Folders. For example, for all employees working in the Accounting department, you can create a user group named “Accounting,” and then add all relevant user accounts to the user group. For a collaboration project that requires vendors and employees to work together, create a user group named “Vendor A.” Next, add the user accounts of the employees and vendors who will be collaborating on this project to the user group called “Project A.” You can later assign access permissions to the Vendor A group for SharePoint libraries.
You can manage all the devices in your network from the Devices tab of the Windows Server Essentials Dashboard after you connect all the computers in your network to a server running Windows Server 2012 R2 Essentials or Windows Server Essentials Experience. To enable employees to access server folders from computers in the network, you must connect the employees’ computers to the server.
To do so, run the Connect Computer to the Server Wizard on all the computers that need to access files and folders that are located on the server running Windows Server 2012 R2 Essentials or Windows Server Essentials Experience. When you run the wizard on a computer, it installs the Connector software and joins the computer to the server. This provides the following advantages:
Enables employees to securely access data that is stored on the server by using their user accounts.
Enables you to manage client computers from the Dashboard.
Protects client computers in the network by using Group Policy settings.
Backs up data on client computers regularly.
Monitors the health of the client computers.
Recommendation: Run the Connect Computer to the Server Wizard on all client computers in the network, whether a computer is used remotely or locally.
Group Policy settings in Windows Server Essentials
When implemented, Windows Server Essentials Group Policy in Windows Server 2012 R2 Essentials and Windows Server Essentials Experience helps keep your network secure by enforcing that Windows Update, Windows Defender, and the network firewall remain turned on for all client computers in the network.
Recommendation: Turn on Windows Update, Windows Defender, and Windows Firewall settings in Windows Server Essentials Group Policy.
Office 365 integration is only supported in a single domain controller environment. In addition, the Integrate with Microsoft Office 365 Wizard must run on a domain controller.
After you run the Integrate with Microsoft Office 365 Wizard, you can accomplish the following tasks from the Dashboard:
Manage your Office 365 services and resources.
Manage the online accounts that give your employees access to Office 365 and your user accounts.
Manage your subscription and Office 365 integration from the Dashboard.
Create and manage your SharePoint Online libraries.
Change permissions for a SharePoint Online team site.
If you subscribe to Exchange Online, you can manage the mobile devices that your employees use to connect to your company email server.
For more information about Office 365 integration, see Manage Office 365 in Windows Server Essentials [WSE_O365_Integrate].
With any Office 365 business plan, you can create team sites and libraries in SharePoint Online. Office 365 integration adds a SharePoint Libraries tab for managing your SharePoint Online resources to the Storage tab on the Dashboard. Run the Integrate with Microsoft Office 365 Wizard to manage your SharePoint Online libraries and team site permissions from the Dashboard. For more information, see Manage SharePoint Online in Windows Server Essentials [WSE_O365_Integrate].
After Office 365 is integrated with a server running Windows Server 2012 R2 Essentials or Windows Server Essentials Experience, employees and vendors can also access the team’s SharePoint Online libraries from their mobile devices or Windows phones by using the My Server 2012 R2 app. For more information, see Use the My Server App to Connect to Windows Server Essentials [SBS8].
Microsoft online accounts
After you complete the Office 365 integration, you can create Microsoft online accounts for any of your employees by using the Dashboard. When you use the Dashboard to assign a Microsoft online account to a user account, the user account password is automatically synchronized with the employees’ online account. This means that a user only needs a single password to access resources on the server and resources in Office 365.
Furthermore, you can use the same name for the user account and the user’s online ID. Password synchronization occurs immediately and automatically when a user changes the password for their user account from a domain-joined computer or by using Remote Web Access.
Recommendation Create Microsoft online accounts for all the employees who need to work on collaboration projects with the partners and vendors.
What are the high-level steps to implement this solution?
You can use the steps in this section to implement the solutions. Make sure to verify the correct deployment of each step before proceeding to the next step.
To follow these steps, it is assumed that there is already a server in the network that is running Windows Server 2012 R2 Essentials or Windows Server Essentials Experience. For information about installing Windows Server 2012 R2 Essentials or the Windows Server Essentials Experience role, see Install and Configure Windows Server 2012 R2 Essentials or Windows Server Essentials Experience [WSE_Blue].
Set up a domain name from Anywhere Access.
To set up a domain name, follow instructions in Manage Remote Web Access. If you do not have an existing domain name, get a professional domain name (for example, contoso.com) by using the Set Up Your Domain Name Wizard.
Turn on Anywhere Access.
To turn on Remote Web Access and a VPN, run the Set Up Anywhere Access Wizard from the Anywhere Access tab on the Settings page of the Dashboard. To turn on Remote Web Access, follow instructions in Manage Remote Web Access. To turn on a VPN, follow instructions in Manage VPN in Windows Server Essentials [blue].
Create a storage space on the server.
To create a storage space, follow the instructions in Create a storage space.
After you create the storage space, verify that it is listed on the Hard Drives tab of the Dashboard.
Create server folders for documents that are sensitive and need to be stored on-premises.
To create server folders, follow the instructions in Add or move a server folder. For example, to store your company’s accounting files, you can create a server folder named “Accounting.”
If your organization has shared folders that are already being used, also move the data that is stored on various devices to the server folders that you create in this step.
After you create Storage Spaces, the default location of the server folder is on a hard drive. Verify that all the server folders that you have created are listed on the Server Folders tab of the Dashboard. We recommend that you always add server folders to a Storage Spaces hard drive.
Create user accounts and user groups, and assign access permissions to network resources.
For step-by-step instructions to create user accounts, see Add a user account. For more information about user groups, see Manage User Accounts in Windows Server Essentials [H2].
Verify that all the user accounts and user groups that you have created are listed on the Users and the User Groups tab respectively on the Dashboard.
Assign user access permissions to server folders.
To assign permissions to user accounts so that employees can access the server folders, follow the instructions in Manage access to server folders.
After you have granted user access permissions, you can view or modify permissions to network resources for any user account by viewing the user account properties from the Dashboard. For more information, see Manage User Accounts in Windows Server Essentials [H2].
Connect all client computers in the network to the server that is running Windows Server 2012 R2 Essentials or Windows Server 2012 R2 with the Windows Server Essentials Experience role installed.
Before you connect a client computer to the server that is running Windows Server Essentials, review the following topics:
Next, run the Connect Computer to the Server Wizard on all the computers in your network, whether they are local or remote. For step-by-step instructions to connect client computers to a server running Windows Server Essentials Experience, see Connect computers to the server.
After you have connected a client computer to the server, verify that the computer’s name is listed on the Devices tab of the Dashboard. You can manage all computers that are connected to the server through the administrative tasks that are listed in the task pane of the Dashboard. For more information about using the Dashboard to manage computers, see Manage devices by using the Dashboard.
Implement Windows Server Essentials Group Policy.
To implement Windows Server Essentials Group Policy, turn on Group Policy settings for Folder Redirection, Windows Defender, Windows Firewall, and Windows Update as discussed in Configure Group Policy settings for folder redirection and security.
Integrate Windows Server Essentials with Office 365.
To integrate Windows Server Essentials with Office 365, see the “Set up Office 365 integration” section in Manage Office 365 in Windows Server Essentials [WSE_O365_Integrate].
During the Integrate with Microsoft Office 365 Wizard, you are given the option to create a new Microsoft online account (if you do not have one) or use an existing online account. In addition, if you don’t have a subscription to Office 365, the wizard allows you to subscribe to Office 365 or sign up for a trial subscription.
Link your organization’s Internet domain name to Office 365.
To use your own Internet domain in email addressed to your organization and the URLs for your SharePoint Online resources, follow the steps in the “Link your organization’s Internet domain name to Office 365” section of Manage Office 365 in Windows Server Essentials [WSE_O365_Integrate].
Create Microsoft online accounts for your employees.
To create Microsoft online accounts, see the “Create online accounts” section in Manage Online Accounts for Windows Server Essentials Users [WSE_O365_Integrate].
Notify employees that they need to sign in to the server and change their password.
For the Office 365 user account passwords and the network user passwords to be synchronized, you must notify your employees to change their passwords when they log on to their network computer. After the password is changed, employees can use the same credentials to sign in to the Windows Server Essentials network or the Office 365 portal.
Create SharePoint Online libraries and set access permissions from dashboard.
To create SharePoint Online libraries and set their access permissions using the Windows Server Essentials dashboard, see Manage SharePoint Online.
Product evaluation/Get started