Win 11 v Server
Executive Summary: Remote Access and Multi-User Software Deployment
As our business grows and adopts more remote and collaborative work practices, we are evaluating two options for providing secure, shared access to our business software.
Option 1: Windows 11 + Per-Seat Licences + File Server
- Each user runs the software locally on their own PC
- A shared file server holds the centralised data
- Licensing is per user (“per seat”), simple and cost-effective
- Works well if:
- The application supports multi-user access to shared data
- Each user has their own capable PC
- Low IT overhead, but harder to control updates, security, and data consistency
- Remote access is possible using Tailscale, but the app must run locally
Option 2: Windows Server 2025 + RDS (Remote Desktop Services)
- Software is installed once on the server, and all users access it via remote desktop
- Fully centralised environment: easy to manage, secure, and update
- Requires Windows Server licence + RDS CALs (one per user)
- Designed for true multi-user concurrent access, even from remote locations
- Best choice for:
- Tight version control
- Shared processing power
- Simplified support and backups
Comparison Summary
| Licensing |
Per-user, simple |
Requires server + RDS CALs |
| Simultaneous access |
Limited by app |
Fully supported |
| Security |
Decentralised |
Centralised and strong |
| Remote access |
Tailscale + local app |
Tailscale + full desktop |
| Cost |
Lower upfront |
Higher upfront, better scalability |
| Management |
User PCs must be maintained |
Single point of administration |
Recommendation
If each user has a strong PC and the application supports file-based multi-user access, continue with Windows 11 + file server.
If you need central control, simplified support, secure access from anywhere, or guaranteed multi-user concurrency, invest in Windows Server 2025 with RDS.
August 25, 2025
Win 11 Seats x 5
Comparison: Windows 11 Per-Seat + File Server vs. Windows Server 2025 with RDS
System Comparison Table
| Licensing |
✅ Simple and legal with per-seat licences |
✅ Legal if RDS CALs are purchased for each user |
| Installation |
Installed locally on each user’s PC |
Installed once on server, accessed by all users |
| User Experience |
Software runs natively, fast |
Users work via RDP — minor lag possible |
| Simultaneous use |
Depends on app’s support for shared data |
Full, concurrent use — each user has isolated session |
| Remote access (e.g. Tailscale) |
Only file server is shared; app must be local |
Entire system accessible remotely with one login |
| IT Complexity |
Lower — simpler setup, less to maintain |
Higher — server must be maintained, secured, backed up |
| Security |
Medium — relies on each PC’s patch level |
Higher — single point to secure and audit |
| Hardware cost |
Multiple powerful PCs needed |
One powerful server can reduce endpoint hardware needs |
| Backup management |
Shared files must be backed up; users responsible for app |
Server backups protect all data and app state together |
| Multi-user file access |
Risk of conflict if app isn’t designed for concurrent access |
No risk — app runs separately per user session |
| Software updates |
Each PC must be updated separately |
Update once, everyone benefits |
| Support burden |
Distributed — users may break things individually |
Centralised — easier to support a single environment |
| Audit trail & access logs |
Hard to track across devices |
Central logging of sessions, activities, login times |
| Scaling |
Easy to add users, but app install needed each time |
Easy to scale if server is powerful enough |
| Single point of failure |
Less risk — failure of one PC affects only one user |
More risk — server failure affects all users |
Risk Assessment Summary
| Licensing risk |
✅ Low |
✅ Low if licensed properly |
| Data loss risk |
⚠️ Medium (local PCs may not be backed up) |
✅ Low (centralised backups possible) |
| User error risk |
⚠️ Higher (5 separate environments to maintain) |
✅ Lower (admin controls full system) |
| Security risk |
⚠️ Medium (5 devices to secure) |
✅ Lower (single hardened environment) |
| Update drift |
⚠️ Likely (PCs updated at different times) |
✅ Consistent |
| Remote access reliability |
⚠️ App must support remote file access |
✅ Full RDP access anywhere |
| Scaling/expansion risk |
✅ Easy (if app supports it) |
⚠️ Depends on server capacity |
Summary Recommendations
| You need 5 independent users, each on their own PC, and the app works well over a file server |
Stick with Windows 11 + per-seat licences |
| You want to centralise control, simplify support, improve audit/security, or support larger teams |
Move to Windows Server 2025 + RDS |
| You want seamless remote access for everyone |
Windows Server 2025 + Tailscale |
| Your app struggles with file conflicts or shared file access |
Windows Server 2025 (single install) |
August 25, 2025
Win 11 Pro file limits
Why a Supplier Using Windows 11 as a File Server Might Recommend 4 Users Instead of 5
If a supplier is using Windows 11 as a file server and limits usage to 4 users, the reason is likely due to built-in Microsoft limitations and practical experience with performance and licensing. Here’s a breakdown.
Windows 11 File Sharing Limits
Microsoft imposes limits on how many users can access shared files on desktop editions of Windows.
| Windows 11 Home |
1–2 users |
Not designed for sharing |
| Windows 11 Pro |
3–5 users max (often 4 recommended) |
~20 inbound SMB sessions |
| Windows Server |
50+ users |
Scalable via licensing |
Why 4 Might Be the Suggested Limit
- While 5+ users may technically connect, performance degrades.
- Desktop editions are not optimised for concurrent file server operations.
2. File Locking and Conflict Risk
- Shared access to the same files can cause conflicts or corruption.
- Limiting to 4 users reduces concurrent access pressure.
3. Microsoft Licensing
- Windows 11 is licensed for individual use, not heavy multi-user file serving.
- Keeping users below 5 aligns better with Microsoft’s intent for “small workgroup use.”
4. Support Simplicity
- More users = more chances for access errors, lockouts, or system instability.
- 4-user setups are easier to support and more predictable.
If You Need 5+ Users Accessing Shared Files Reliably
To support more users with high availability:
- Use Windows Server (2022/2025)
- Designed for file sharing
- Supports dozens or hundreds of concurrent users
- Includes robust sharing, locking, and access control tools
- Use a NAS (e.g. Synology, QNAP)
- Purpose-built for file sharing
- Affordable and scalable
- Supports Windows/Mac/Linux clients
Summary Table
| Microsoft’s OS Design |
Desktop Windows is not meant for multiple concurrent file users |
| Session Limits |
Windows 11 Pro has a ~20 session cap, but fewer reliable file sessions |
| File Conflict Risk |
More users increase file lock and corruption risk |
| Performance |
Degrades when multiple users access simultaneously |
| Licensing Caution |
Keeping below 5 users aligns with personal/workgroup EULA intent |
Recommendation
If your business requires 5 or more users accessing shared data reliably and simultaneously:
- Do not rely on Windows 11 as a file server
- Instead, use Windows Server or a dedicated NAS appliance for stability, scalability, and compliance
August 25, 2025
Why Proxmox
✅ Proxmox vs Windows Host — Headless Operation & Crash Resilience
Running Proxmox as host (with Windows in a VM) gives major benefits over running Windows directly on the hardware — especially for headless remote access and crash recovery.
🧠 Headless and Remote Access Comparison
| Headless operation |
✅ Full CLI + web GUI over network — no monitor/keyboard needed |
❌ Often needs GUI or local access for setup/troubleshooting |
| Remote recovery after crash |
✅ Always accessible via web interface or SSH (unless entire host crashes) |
❌ If Windows crashes, you lose all access remotely |
| VM crash isolation |
✅ Only the VM goes down — Proxmox stays stable |
❌ Entire system crashes if Windows fails |
| VM power/reset controls |
✅ Can reset or restart a VM even if Windows inside is frozen |
❌ Not possible unless you reboot the entire PC |
| Backup & snapshots |
✅ Can snapshot or restore a VM, even headless |
❌ Needs full system tools or imaging |
| Host OS corruption risk |
✅ Lower — Linux base is stable and update-resistant |
❌ Higher — Windows updates or drivers can break system |
🧩 In Practice for a Sage 50 Server
- Windows Server runs as a VM on Proxmox
- If the Windows VM crashes, you can still:
- Access the Proxmox web GUI via
https://your-ip:8006
- SSH into the host
- Reboot, restore, or snapshot the VM
- You retain full control of the system without a screen or keyboard
🛠️ Real-World Scenarios
| Windows update gets stuck |
Force reboot the VM from Proxmox web interface |
| Windows login is broken |
Restore a prior VM snapshot in seconds |
| Power failure |
Auto-resume VMs on boot (if enabled) |
| Need to access files in a broken VM |
Mount the VM disk in another VM or recover via CLI |
✅ Conclusion
Proxmox gives you true server-grade remote access and VM control, even if your Windows environment fails.
It’s far more resilient and maintainable than running Windows directly on bare metal.
August 25, 2025
Which CPU
Decision matrix in Markdown format to clearly evaluate the trade-off between the GMKtec K8 Plus and the custom Ryzen 9 9950X server for a Sage 50 Proxmox-based deployment:
⸻
✅ Sage 50 Server Decision Matrix — Compact vs Long-Life Build
| Processor |
Ryzen 7 8845HS (8C/16T, mobile) |
Ryzen 9 9950X (16C/32T, desktop) |
| RAM Capacity |
Max 64 GB DDR5 (non-ECC) |
Up to 192 GB DDR5 ECC (server-grade) |
| Storage Expandability |
2× NVMe slots |
2× NVMe + SATA + PCIe RAID support |
| Thermal Management |
Good, but limited headroom |
Excellent, oversized cooler and airflow |
| Power Supply |
External 120W adapter |
High-end 850W PSU + UPS for resilience |
| Networking |
Dual 2.5GbE |
Dual 10GbE + onboard 2.5GbE |
| Repairability |
Poor — single-board system |
Excellent — all components swappable |
| Form Factor |
Ultra compact, silent |
Full tower workstation/server |
| Expected Lifetime |
~5–6 years |
8–10+ years |
| Future-Proofing |
Low — capped RAM/CPU |
High — scalable RAM, PCIe, storage |
| ECC Memory |
❌ Not supported |
✅ Fully supported |
| RAID / ZFS Mirror |
❌ Not practical |
✅ Fully supported |
| UPS / Power Redundancy |
❌ Optional only |
✅ Built-in UPS protection |
| Cost |
✅ Affordable |
❌ 5× higher upfront cost |
✅ Choose the GMKtec K8 Plus if you:
- Need a compact, quiet, energy-efficient server
- Will only run 1–2 VMs for the next ~5 years
- Can accept limited expandability and moderate long-term risk
✅ Choose the Ryzen 9 9950X build if you:
- Want a long-term infrastructure with minimal future replacement
- Need more VMs, heavier loads, or rapid growth capacity
- Prioritise ECC RAM, RAID/ZFS, UPS, and repairable components
August 25, 2025
Unify routers compared
Detailed comparison between the Ubiquiti UniFi Cloud Gateway Ultra and the Cloud Gateway Max.
🔍 UniFi Cloud Gateway Ultra vs. Cloud Gateway Max
| Ideal Use Case |
Small offices, home networks |
Medium-sized businesses |
| UniFi Applications Supported |
UniFi Network only |
Full UniFi OS suite (Network, Protect, Access, Talk, UID) |
| CPU |
Quad-core ARM® Cortex®-A53 @ 1.5 GHz |
Quad-core ARM® Cortex®-A53 @ 1.5 GHz |
| Memory |
3 GB DDR4 |
3 GB DDR4 |
| Storage |
16 GB eMMC |
NVMe SSD slot (0 GB — 2 TB options) |
| WAN Ports |
1 × 2.5 GbE RJ45 |
1 × 2.5 GbE RJ45 |
| LAN Ports |
4 × 1 GbE RJ45 |
4 × 2.5 GbE RJ45 |
| IDS/IPS Throughput |
1 Gbps |
1.5 Gbps |
| Max Routing Throughput |
1 Gbps |
2.5 Gbps |
| VPN Throughput (WireGuard/Site Magic) |
~500 Mbps |
~500 Mbps |
| UniFi Device Support |
30+ devices |
30+ devices |
| Client Device Support |
300+ clients |
300+ clients |
| Display |
0.96″ LCM status display |
0.96″ LCM status display |
| Power Input |
USB-C (5V / 3A) |
USB-C (5V / 5A) |
| Max Power Consumption |
6.2 W |
16.1 W |
| Dimensions (W × D × H) |
142 × 127 × 30 mm |
142 × 127 × 30 mm |
| Mounting Options |
Desktop, optional wall mount |
Desktop, optional wall mount |
| Price (Approximate) |
$129 |
$199–$479 (depending on storage) |
🧠 Key Differences • Application Support: The Ultra runs only the UniFi Network application, while the Max supports the full UniFi OS suite, including applications like Protect, Access, Talk, and UID. • Storage: The Ultra has fixed 16 GB eMMC storage, suitable for basic configurations. The Max offers an NVMe SSD slot with options up to 2 TB, ideal for applications requiring significant storage like UniFi Protect. • Port Speeds: The Ultra provides 1 GbE LAN ports, whereas the Max offers 2.5 GbE LAN ports, catering to higher-speed LAN requirements. • Throughput: The Max delivers higher IDS/IPS and routing throughput, making it suitable for environments with greater performance demands. • Power Consumption: The Max consumes more power due to its enhanced capabilities and storage options.
✅ Recommendations • Choose Cloud Gateway Ultra if: • You’re setting up a small office or home network. • Your primary need is managing the UniFi Network application. • Budget constraints are a consideration. • Choose Cloud Gateway Max if: • You require support for additional UniFi applications like Protect or Access. • Your network demands higher throughput and faster LAN speeds. • You need scalable storage options for applications like UniFi Protect.
| UniFi Network |
Centralized management for Ubiquiti networking hardware (routers, switches, APs) |
- Device provisioning
- VLANs
- Firewall rules
- Site Magic VPN
- Traffic stats & DPI |
Any organization using UniFi gear to build a LAN/WAN |
| UniFi Protect |
Surveillance system manager for UniFi cameras and NVRs |
- Live video monitoring
- Motion detection & alerts
- Smart detections (people/vehicles)
- Mobile access |
Homes, offices, retail needing a self-managed CCTV system |
| UniFi Access |
Door access control using UniFi door readers and badges |
- Door unlock rules
- NFC card/badge/user control
- Logs and schedules |
Offices, co-working spaces, schools needing smart entry |
| UniFi Talk |
VoIP phone system built around UniFi desk phones |
- Cloud-managed VoIP
- Extension dialing
- Call routing, voicemail, mobile app |
Small businesses replacing a traditional office PBX |
| UniFi UID |
Identity & access management platform with SSO and WiFi captive portals |
- SSO login
- Visitor WiFi onboarding
- Access control sync with UID accounts |
Larger businesses or campuses needing federated access control and user provisioning |
Certainly — let’s compare and comment on the two key performance metrics you provided for the Cloud Gateway Ultra and Cloud Gateway Max:
| IDS/IPS Throughput |
1 Gbps |
1.5 Gbps |
| Max Routing Throughput |
1 Gbps |
2.5 Gbps |
⸻
🔍 What These Mean
- IDS/IPS Throughput • IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) scan your network traffic in real time for threats, signatures, and suspicious patterns. • This metric shows how much bandwidth the device can inspect with IDS/IPS enabled.
| Ultra |
1 Gbps — Can inspect full gigabit connection without bottlenecks |
| Max |
1.5 Gbps — Supports faster WAN (e.g., multi-Gigabit fiber) with IDS/IPS still active |
🧠 If you’re on a 1 Gbps or slower connection, the Ultra is sufficient for security. If you’re on a 2 Gbps or faster connection, or future-proofing, the Max is a better fit.
- Max Routing Throughput • This is the raw speed the router can push traffic through — without IDS/IPS or other packet inspection overhead.
Ultra 1 Gbps — Tops out at standard gigabit routing performance Max 2.5 Gbps — Handles higher LAN-to-LAN or faster WAN traffic
This matters for internal LAN performance and multi-Gigabit WAN, e.g., 2.5 Gbps fibre or high-speed file transfers between VLANs or subnets.
🧠 Commentary
| Home or small office with ≤ 1 Gbps WAN |
✅ Ultra is fully capable |
| Office or lab with 2+ Gbps WAN or internal VLAN-heavy traffic |
🔼 Max is better suited |
| Future-proofing for 2.5 Gbps+ ISP |
✅ Max is ideal |
| On a budget, < 1 Gbps internet, and simple needs |
✅ Ultra is cost-efficient |
If you’re using a Starlink internet system, here’s how that impacts the choice between the UniFi Cloud Gateway Ultra and the Cloud Gateway Max, with all your prior data integrated and summarised in Markdown:
⸻
🚀 UniFi Cloud Gateway Ultra vs Max for Starlink Internet
Starlink typically provides: • ~100–250 Mbps download • ~10–20 Mbps upload • 1 Gbps ceiling on enterprise plans (rare for most users) • NAT and dynamic IPs (not ideal for on-prem VPN termination) • High jitter and latency spikes vs fibre
⸻
✅ Which Gateway is More Appropriate for Starlink?
| Starlink < 1 Gbps typical throughput |
✅ Cloud Gateway Ultra |
Starlink speeds fall well within Ultra’s routing and IDS/IPS limits |
| No use of UniFi Protect / Access |
✅ Ultra |
Max’s storage and app support is unnecessary if not used |
| Needs UniFi Talk or Protect |
🔼 Max |
Only the Max supports full UniFi OS suite |
| Using Starlink Business / 1 Gbps+ |
✅ Max |
Max handles faster routing and IDS/IPS better |
| Budget-conscious setup |
✅ Ultra |
More cost-effective with no wasted overhead |
🔍 Summary Table: IDS/IPS and Routing Comparison
| IDS/IPS Throughput |
1 Gbps |
1.5 Gbps |
| Max Routing Throughput |
1 Gbps |
2.5 Gbps |
Starlink rarely exceeds 1 Gbps — so the Ultra is already well-matched to the bottleneck imposed by your satellite connection.
🧠 Verdict for Starlink Use • Go with Cloud Gateway Ultra if: • You’re using Starlink Residential or Roaming • You want UniFi Network management only • You don’t need camera recording or access control • You’re not running high-throughput site-to-site VPNs
• Go with Cloud Gateway Max if:
• You’re planning to host UniFi Protect, UID, Talk, or Access NOT INTENDED
• You want extra headroom for internal routing or future ISP upgrades UNLIKELY
• You’ll be terminating VPN tunnels on the gateway with high traffic volumes LOW TRAFFIC ONLY
August 25, 2025