Slashdot Mirror
Best IT-infrastructure For a Small Company?
DiniZuli writes "I've been employed by a small NGO to remake their entire IT-infrastructure from scratch. It's a small company with 20 employees.
I would like to ask the /.-crowd what worked out best for you and why? I came up with a small list:
Are there any must have books on building the IT infrastructure?
New desktops: should it be laptops (with dockingstations), regular desktop machines or thin clients? A special brand?
Servers: We need a server for authentication and user management. We also need an internal media server (we have thousands of big image and video files, and the archive grows bigger every year). Finally we would like to have our web server in house. Which hardware is good? Which setup, software and OS'es have worked the best for you?
Since we are remaking everything, this list is not exhaustive, so feel free to comment on anything important not on the list."
Can someone else please make the first post for me?
Media server? How about S3. Web server? How about EC2. Seriously, why spend time and $ on procuring, powering, cooling, backing up, and upgrading all that gear? Give everyone a laptop and a gmail account. Put the rest in a public cloud.
Just remember the golden rule, and you'll be fine. "K.I.S.S Keep it simple stupid"
What hardware is in place now?
big image and video files = a poor thin client setup.
I dont understand why do you want to keep the webserver inhouse? Why not rent a cage in a service provider's place?
Ask Slashdot: Why do your job when you can ask others to do it for you?
Maybe that's indeed what he should do since he already doesn't know enough to do it himself, have other people do everything.
Do my job for me?
"I've been hired by a small NGO. They have about 20 employees. I do not yet know enough about what I have been hired to do, so I am turning to Slashdot. Please, do my job for me and help me look good."
Well, first you should ask the people who employed you what they actually want to DO, i.e. what they will use their brand new computers for. Since we here do not know that, it is hard to give any recommendations. For example, if those 20 employees plan on taking their computers to customers and show stuff / do some work there, they will not be very impressed if you hand them thin clients. And it is hard to recommend anything for the servers without knowing what they want to put there (i.e. are we talking about 100GB of data and 10GB more every year, or 20TB data and 10 TB more every year? Do they need immediate access to everything within seconds?)
Why did they hire you when you don't know what you're doing?
Get a stable release of FreeNAS on commodity hardware. It will fit the bill for all of the features you are looking for. SMB for Windows clients, NFS for Linux/Unix/BSD, iSCSI targets and initiators, support for several raid cards and drive types, software raid control, several other features. http://freenas.org/
If you want to completely abdicate responsability for it all than that's the way to go.
Then you can concentrate full time on keeping your internet connection working because you'll be screwed without it
I tend to shy away from using laptops (even with docking stations and such) for primary machines. I'd go with regular desktops. The costs of upkeep and such will be more predictable that way. I don't prefer any one brand over another, but I typically tell my clients to stay away from Dells (because of all the issues with capacitors on motherboards over the last several years). My clients tend to go local, even if it costs a tad more, and those that do tend to be happier with their purchases.
Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
Not that hard to keep an Internet connection working...
Go Cloud. All other options is so nineties.
Do you have any clue what you're doing?
Media server? How about S3. Web server? How about EC2. Seriously, why spend time and $ on procuring, powering, cooling, backing up, and upgrading all that gear? Give everyone a laptop and a gmail account. Put the rest in a public cloud.
Kinda like instead of hiring an IT guy to redesign the infrastructure, you can just post the question to /.
What needs you have to serve.
Without more specific details, I would say you need to use whatever software you're comfortable with. But wait, you're asking for answers on Slashdot, so why on earth would we expect you to be comfortable with anything?
Linux, Windows, MacOS, you can succeed or fail with any of them, but qualifications matter, and we can tell you have hardly any.
If you have to ask, they've obviously hired the wrong person. You're talking about a very small network with very basic needs.. If you can't do that without having someone hold your hand, you're most definitely in the wrong field.
And when Joe Farmer runs his backhoe through your Fiber line? Send everyone home for the day? Tell your clients that their media is stuck on Amazon?
like took some with a BA over some with 2-4+ years in the field with out one.
I mean seriously. Have you considered resigning? You don't know what you're doing and asking slashdot for instructions?
Try this for inspiration: Epic Bill Gates Rage Guy
Mike @ The Geek Pub. Let's Make Stuff!
And the CLOUD is so in right now. Everyone is using the CLOUD. Just say "CLOUD" and you'll be swamped with job offers. Women will be... ok never mind.
Is it a mobile population? What applications are they running? What propitiatory software are you running (or will you be running)? What is the budget?
The list goes on. For the client end looking at what the users are doing will give you the answer. If they are running million plus record pivot tables or doing 3d graphic design... thin clients are probably out of the question. What would be interesting is possibly looking at software as a service solutions for the "business applications" and you mentioned media applications. Reducing the IT support by focusing on that/those application(s).
As for the backend server if you are just going for a file/web server, go with Apache, linux, I am assuming there is a database somewhere in there (hopefully it is MySQL or Postgres or something cross platform). If it is high I/O plan for that. There really isn't any mystery to this.
Bottom line - pay attention to the business requirements. If you don't then, frankly your an idiot.
They hired someone who has absolutely no idea what to do.
How did you get that job? Why did you get that job?
I'd understand if you didn't know ONE thing, but ALL OF THEM? Seriously?!
P.S. You didn't ask for advice on which mice to buy - laser or IR, and if they need to be a special brand, and USB/PS2, and if the mouse cable needs to be braided, and how many buttons it should have.
Keep the whole thing simple, the next person who comes in will thank you for it. Don't introduce any weird convoluted things into the system and make sure to make it so that the whole system is modular, easily upgradeable, and when the time comes and they need to expand that it's expansion friendly.
The way most people work today, that's the case whether the server is in your building or not.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
You've given us very limited to work with. But making a couple of assumptions, you're all on the same site. Here's what I would do, buy a Dell or HP server running Windows SMB 2008 for all your clients, file server and user authentication; I'd get two servers, one a PDC and one as a BDC. I'd go laptop on the Thinkpad end with Windows 7. In house wireless would be easy vs networks and switches, get a couple of Apple BaseStations or go Ruckus Wireless access points (which totally ROCK btw). As far as backups go, clients sync files to PDC, the BDC acts as a backup for files, archives and domain. A couple of local HDD's and maybe one or two stored at a bank for backups, then using something like Mozy pro for offsite file backups. That way you have onsite, near site and offsite-- lots of redundancy. Web hosting, unless you need something fancy like posting something into some local database, be cheap ass and pay the $5 a month for Godaddy. Phones: Go with Phonebooth or use cell phones. Email: Google Apps for your domain. If you're starting from the beginning: Laptops $15,000 - $20,000 Servers and network gear: $10,000 Software: $10,000-$50,000 depending on what you need.
For servers: Use Supermicro-based servers with LSI hardware RAID cards. Run CentOS with SMB so that you can get domain support in place for the Windows workstations, but avoid having to pay obnoxious per-seat/per-connection licensing ON TOP OF server licensing as you would have to do with Microsoft's solutions. If you need a full feature alternative to Exchange, check out Scalix or Zimbra (both are very inexpensive compared to Exchange) and run either one on CentOS. For backups, I've become partial to just writing bash scripts to back up to external drives. Get three or more external hard drives and rotate through them day by day. If Windows is required for your server, I would recommend the same hardware, but be aware that the total costs are much, much higher when you factor in Server+client access licensing + groupware solution + realtime antivirus (annual subscription) + email gateway antivirus (annual subscription unless you want to wrestle with perl to get ASSP running on 64-bit Windows) = your new server is incredibly expensive. Another problem with Windows licensing is eventually Microsoft will pull the plug on client access licenses for your installed version, which means that you will be forced into an OS upgrade if the current OS would otherwise be perfectly adequate for your purposes.
For workstations: to decrease total cost of ownership (the pain of maintenance. If you are not married to Windows, consider using Macintoshes instead. Mac Minis offer pretty decent performance and take up a lot desk estate than PCs of comparable quality, plus you can also run Windows and Linux on Mac hardware if you need to. Why OS X? You can escape the insanity of malware/virus/trojan horse breakouts, maintenance is a heck of a lot easier, and backup and restore is far easier on a Mac than it is on Windows.
For laptops if maximum reliability and desktop-like performance are the priority: I would recommend Macbook Pro, or if you want real mobile workstations and if the budget allows it, Dell Precision M6500. I have a Dell Precision M6400 and it's great- they cram a desktop chipset into the laptop form factor and performance is excellent, plus if I enable all the power saving features I can still manage to get 3-4 hours of use on a charge (about an hour if I turn off power management for max performance). The M6500 is far better than my M6400 performance-wise as it uses Core i5/i7 processors and a newer generation nVidia chipset. If portability is a concern I would still go with the Dell Precision line, but the M4500. If budget is a concern and rules out the precisions, some of the Latitudes are pretty good as well, but I would stay far away from any of Dell's other laptop lines as the other lines are not built nearly as well (their netbooks are okay though).
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Let the new desktops vary according to what needs to be done; the needs of someone who's going to be editing a ton of video files are very different from someone who's going to be writing text in Word. There's only twenty employes, I don't think it's an onerous task for you to sit down with each new person who needs a new machine and talk about what they're going to be doing and how they'll be doing it; what's the setup of their dreams for doing their job if money's no limit, what can you get together that's actually within the budget?
egypt urnash minimal art.
Remember, your job is to make sure everything works smoothly for them, and if that means more work for you, well, that's what they pay you for. There's no one-size-fits-all solution. By asking them what they want and expect, you'll get something to start from.
Jesus had a UNIX beard.
Just remember that right now it be a small company but it could always grow. Keep the technology flexible enough so that the you won't be stuck without some way to move out of whatever you set up. Plan on when the system will be decommissioned as well so you have a full picture of what kind of support you'll be looking at. Laptops are great for keeping people mobile but they break more often and increase the chances that you'll lose sensitive data due to a stolen laptop. Also terminated employees sometimes take a while to return the laptop to you. Don't be skimpy on hard disk space. Buy plenty of room to spare so you do not have to go back to your manager in the future because you planned on what your current needs were.
New desktops
Get 20 desktop machines. For those employees who sometimes work remotely buy a laptop with docking station instead.
We need a server for authentication and user management.
Buy one server for authentication and user management.
We also need an internal media server
Buy one media server with lots of hard disk space.
and the archive grows bigger every year).
Make sure you will be able to add hard drives (possibly external) to the media server in the future.
OS: get what the IT admin (you?) are able to administer. A 20-employee company might not have a dedicated network administrator, so setting up a Linux environment in a MS-centric company could end up badly.
Seriously. It's 20 people. You can't really screw this up unless make their media server world-writable to the internet.
It's said when people like this get jobs over people who know what they are doing.
What did you do to get the job? Took alot of cert tests and passed with no idea on how to do the real work? 4 year degree? took CS classes and not tech school classes?
Worked best buy for years not doing real IT work?
I'm guessing English wasn't your major.
I think Microsoft still gives a bunch of free licenses for NGOs for Windows and maybe Office. Consider looking into it, as it will help you avoid a training budget.
In a BI-project I now assess the maturity of the organisation before I implement anything. I've had bad experiences with implementing advanced solutions in non-technical environments: they just don't get used.
So:
- Who will be maintaining the IT-infrastructure after the project is done, and is that full time or parttime?
- What are the skills of said person(s)? Windows, Linux, or non-existent?
- Is it the intention or even a possibility to outsource the maintenance?
- Is it the intention or desire to have the option to hire additional help on demand?
- Are the people in the NGO dependent on applications or software that needs to be ported to the new environment?
- Do they have specific hardware requirements for specific parts of their work, that necessitates ruggedized or other non-standard equipment?
The first 4 questions determine how much leeway you have in speccing exotic software. If you have to outsource or hire, get whatever the rest of the market is getting. Otherwise you have *some* leeway there. But not much. IMO, NGO's and other non-hightech organisations just can't deal with fancy stuff, even if it is much better than the non-fancy standard stuff. It's like selling cars in Africa: yes, the latest Mercedes M-class is a beautiful car, but if I bring one to the village smith, he won't be able to repair it. Get an old Toyota Landcruiser and more often than not they have the parts lying around and can just weld something together that will get you home. Which beats dying in a remote village in an airconditioned but very comfy Mercedes.
Also, you need to know which legacy apps to maintain: if they run on Windows and you're going for Linux, good luck with that.
Finally: a web server in-house? Why? You're asking us for advise on the OS etc: the onliest reason I can think of for getting a webserver in-house these days is if you have very special requirements for the stuff you want to run on it. And since you're asking *us*, that doesn't seem to be the case. So don't do it. I've dropped our webserver like a hot potato and never regretted it, even if the hardware was free. Just securing the thing, running a firewall, configuring the firewall, maintaining the webserver, backups, etc. are very expensive compared to outsourcing it.
As for clients: I have a client (a person, not a computer) who standardizes on Apples. Cost a bit more to purchase, costs MUCH less to maintain. But here as well: you need to deal with legacy applications, training and other issues.
So without more background, any advice is meaningless. It will be great for someone, but possibly disastrous for you in your situation.
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
Given the questions being asked, I think your first step should be to turn down the job and take some courses at your local college. Then go about setting up a network. If you had one or two specific questions that would be fine, but if you're at the point where you're asking about recommended books and hardware, you're really in the wrong job.
First off is keep it simple. The simpler the better. This is not an enterprise, they don't have a lot of people to call on for support. So don't build anything complex.
I probably wouldn't bother with central authentication unless there's a reason, just do it per computer. Ask yourself what it gains you to have. If the answer is just "simpler administration" then don't use it. 20 computers is not a problem to administer without it, particularly since not everyone logs in to all computers. However the central servers are a point of failure, a place for problems.
Also have someone else host all your servers unless a file server is needed. There are plenty of good server hosts out there. For the web, depends on what you want. Pair is a top notch web host I used for many years. Top flight quality in every regard. Hostgator is who I use now to save some money and I'm perfectly satisfied. It works well, is reasonably fast, and they don't bitch that I do like 100GB of traffic a month.
For an internal file server, something simple and reliable. A computer with RAID-5 or RAID-10. Make sure to do offsite backups. An easy option for that is Acronis Trueimage. Great backup program and they will do network backups for a fee. It can encrypt the backup so no security issues. If their service is too expensive, use the software to backup to external HDDs and lock them in a safe or something.
Thin clients: You must be joking. Don't do thin clients unless you understand it well and are willing out lay out a lot of cash to make it reliable. Remember that if a desktop crashes, gets corrupted, whatever one person can't work. If the tin client server goes down EVERYONE can't work. There are some situation where they make sense. If you aren't experienced enough to know when don't use them (yours isn't one BTW).
As for computers, get something from a major supplier. Dell or Lenovo are my recommendations. They don't have an in house IT department they can't really be faffing about with repairs. Get them from someone that'll do onsite service and get a nice long warranty (unless you are sure they'll be replaced sooner). Make sure that there is a company out there that backs up the hardware that people can just call to have shit fixed.
Desktops vs laptops depends on the usage. If the intent is that these are used in the office, then desktops. They are cheaper to purchase, cheaper to find repairs for out of warranty, and harder for someone to walk off with. Don't get a laptop unless there's a real need to get a laptop. If people are going to be walking around with them for work reasons then fine, though it still might be good to have a desktops as well in case they forget their laptops at home or lose them or something.
For OSes, depends on your needs. I'd say Windows unless you have a reason not to. Yes, yes I know MS evil and MS tax and all that jazz. Forget all that. These computers are tools to get a job done, the users don't care past that. Get them the best tools for the job. That will probably mean Windows for running MS Office, and for working with media since Linux tends to fall down in that department. Only do Linux if you are sure it will meet their needs (and by sure I mean you've tested it) and they can get the support they need.
In general I'd stay away from Macs. They cost more per unit, and they are not good with business support. Their idea of support is generally "Take the system to a store, we'll look at it and get it back to you." Fine for a consumer, not for a business. For a business you want "I call you and a tech shows up tomorrow with all the parts to fix it." Only go with Macs if you have a real reason and if you can't think of one, then you don't have one.
Remember to keep pragmatism in mind above all else. Get people the tools that do the job they need. That is all computers are to non computer people is tools. You are just being asked about expensive hammers or saws or the like. Your job is to figure out what they need, what will do the job the best, what can be th
I say use Google Apps for email and Dropbox for Teams for file sharing Everyone can use their own clients and platforms (Mac, Linux, Windows) and can access their email and files whenever and wherever there is internet Google Apps: http://google.com/a/ Dropbox for Teams: https://dropbox.com/team_create Plus, a lot of people probably are familiar with GMail and they can use Outlook, and Dropbox is just easy to use Also, for a website, just use a host like GoDaddy or something, the cloud is the way to go (IMHO)
Check you techsoup.org. Cheap and free software for 501.c3 organizations.
Use the technology YOU are most comfortable with, YOU need to support, configure and understand exactly what each piece of hardware and software is doing. Just because it is a small job, in terms of numbers, it should be treated with the same degree of professionalism and expertise as any other job.
The easiest thing to do is to set up an insecure and flaky system, it takes true experience and expertise to set up and maintain a secure and reliable system.
You can build a stable and scalable infrastructure with any of the major OSes out there, so I would no be afraid to choose. The catch is: you have to know what you are doing. If it is just going to be you designing and supporting the infrastructure, pick whatever technology you are most competent with. Same for video servers and web server technology... but in this case, try and use server software that does not lock your content to that particular software, so you can change later. Standards help... though be careful: using an open standard like ODF seems nice, but you will find the rest of the business world pretty much 100% on MS Office.
If you plan to use technology or software with which you are not too familiar, I would seriously consider hiring a competent contractor to help, even if it's just for a few weeks of design work.
I can't say much about hardware. Whatever brand you pick, some people will praise it while others will have their horror stories about that brand. Desktops or laptops? That depends a lot on who will be using them. Why not let the users choose?
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
I work for a large non-profit, though we have offices all over the world with a pretty wide range of technology and budgets among them. One of our biggest drivers is cost and what a lot of people forget is that people are more expensive than just about anything else.
Everything you decide to do for yourselves means that you'll need more people who know what they are doing and that's expensive. If someone else can provide the level of expertise you need as part of a service, that can be huge.
Software definitely shouldn't be your highest cost. FOSS is usually free or close to it. But commercial software should also be inexpensive. Microsoft for example gives crazy discounts to non-profits.
What type of machines are best for people to work, depends a lot on what they do and how they do it. We have very few people in our offices that use desk top machines. Mostly graphic arts/video editing folks. Almost everyone else is using laptops.
Our area offices are close to what you describe in size people wise. We recommend that they have as fat a pipe as possible ( not much in some parts of the world ) and that's the most important piece. We encourage them to buy a good switch, good wireless access point and some printers that can connect to the network without requiring a print server.
Our financial/donation/HR apps are hosted remotely and accessed via Citrix. They all have batch modes for those areas with intermittent connections to the web. This alleviates the need to find people for every office that can take care of all the technical needs a local network and software generate.
This isn't exactly the same as you describe - but I'd recommend looking at the full cost of ownership of any option - not forgetting what competent people will cost.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
What's typically used in this sort of organization? What types of collaboration have to be done with folks on the outside?
Really, that defines the desktop choices. If, for example, a lot of publication or graphics work is going to be done - you'll want a Mac for those people because that's what the outsiders they'll coordinate with will be using (believe me - we didn't do this and it's been one annoyance after another over the years, thanks to my PHB!). If the support staff will have to work with folks on the outside at all - you'll almost certainly want to give them Windows and the latest version of Microsoft Office.
Servers... hard to think of a reason not to run Linux. Well, actually, again - who's going to be maintaining the boxes (is it you)? What's your comfort level with Linux or Windows servers?
Has anyone associated with this organization actually asked these questions?
This is not a good time to experiment, or to push your own agenda regarding how the world should be versus how it currently is. You're obviously young, and new to all this - if you're hoping to make this a career, you want to make sure the client ends up happy with your work.
#DeleteChrome
Your TCO having the users on Macs will be lower, as explained in prior post. Less help desk issues, almost no viruses, better backup, higher user satisfaction, and 3-year h/w service from Apple. Have your employees sign up for swimming or cooking at the local CC for one quarter and get 10% educational discount on the hardware. Run VMware Fusion on select machines that HAVE to have Windows. 20 employees? Put what you can in the cloud.
I will create a sig when innovation restarts in the U.S.
I did exactly this when building out my recent company. Google mail service is fairly good, but hosted exchange is far better in terms of operating like a normal company with blackberries, etc. We outsource our web serving also. We basically have a fileserver and a pair of ADS boxes for inside services, and a redundant Internet connection.
A year spent in artificial intelligence is enough to make one believe in God.
Correct. But it's trendy to try to get the first post whining about lost connections and the cloud. Of course those are the unemployed /.ers snacking on Cheetos in their mom's basement.
The rest of us professionals know how to make "the cloud" work, and get paid well for doing so.
They hired this guy based on, let's say, "stylish" reasons and not by his qualifications. Because if he were a real geek, he'd know exactly what, how, and how much off the top of his head. So, let's fuck with him:
"Dude. You need a Mac Pro server and a 12-Core Mac Pro on every desk AND every one absolutely needs a 64GB WiFi 3GS iPad AND an iPhone. Otherwise, you will FAIL and children will starve!!!"
RIP America
July 4, 1776 - September 11, 2001
What do your users need to run? Is it basic Web/Email/word processing, or is there something else thrown in? If it's something like that you could probably get away with a bunch of thin clients and a big central server. Check out LTSP.
As for servers, from the information you gave it seems like a basic file server would work as your media server. Make sure you have enough RAM, and take a look at something like Ubuntu server, should be pretty straightforward to get going for 20 people. For your Web server, how much traffic? The same thing applies, RAM is good, and Ubuntu will work for you there too. Also, how much traffic are you looking at? You should also look at tuning Apache (or whatever server you end up using) for best performance.
And of course, if a GNU/Linux solution isn't your thing or Ubuntu isn't your thing, adjust accordingly.
Saying "I'll probably get modded down for this" in a post is the best way to get it modded up.
... if you need to ask slashdot how you should do your job... ???
If you aren't able to figure out the question at hand yourself I doubt your expertise for actually doing the job. Even if you get it running I suspect something will fail along the way. Unless I am wrong I urge you to look in the mirror and be true to yourself, your boss and the employees that count on you.
Before you follow *any* advise on here, you need to be clear on what the company requirements are? This could influence both the hardware and software that you choose.
Also, as much as I'd like to suggest you go down the open source route, be careful. If they are expecting to open MS Office documents and you choose Open Office, it will be your fault when they discover open office isn't quite 100% compatible.
Choose carefully, it's your neck on the block, not the /. community's.
The first question is, who will be supporting these servers and what kind of expertise do they have? Second question: what are your needs? What kind of software will you be running? Third question: what does your budget look like? Answering these questions may answer your questions.
If your users are comfortable with Windows and you only know how to admin Windows servers and your business needs MS Office and Exchange, then you'll be buying a bunch of Windows machines. You won't find a manufacturer that people don't complain about, but Dell and HP are generally fine.
If you're a real Linux whiz and you want to save money on licensing costs, then Linux is certainly worth considering. Assuming you want an office suite, web browser, and email, it should be fine. Watch out, though-- if someone absolutely needs Adobe CS or MS Office (or other Windows specific software), you'll probably want to use Windows or Mac clients.
Macs: I like them. Imaging is easy. Administration is easy. They run Unix tools. Users like them. You can get major commercial software like MS Office and Adobe CS. I actually like iWork quite a lot. If you want to, you can run Window or Linux on them. On the down side, they're expensive and there are limited configurations. Most configurations are not upgradable. Also, it's worth noting that Apple is stopping production on their only rack-mount server.
Where does all this leave you? I don't know. I'm sad to say that if you're running a small business with limited tech capabilities, Windows SBS with Windows clients is a pretty safe bet. People are familiar with Windows, it's well supported, Windows domains provide an easy single-sign-on, and Exchange works well. I stay away from Windows, though, because I refuse to buy software which requires activation. Also, windows licensing can get expensive (don't forget about the CALs!).
And when Joe Farmer runs his backhoe through your Fiber line? Send everyone home for the day? Tell your clients that their media is stuck on Amazon?
And how often does that happen? Often enough to pay for server hardware, power, cooling, upgrades every 18 months, backups, and sysadmins to run it all?
And when Joe Farmer runs his backhoe through your Fiber line? Send everyone home for the day?
That's pretty much my experience with SMB. Especially with multiple locations or a datacenter elsewhere. The local staff just go home because they cannot fathom working without access to the Internet, even if local services are still working.
I am responsible for IT decision making for a similar-sized startup. I have around 15-years of IT-like activities behind me. At my current job, I keep costs low and the organization agile with a few simple rules.
Everyone gets a refurbished MacBook Pro with AppleCare. If it breaks (pretty much never), the user takes it to the Apple Genius Bar. Once the warranties run out, there's an Apple-certified support center near by. We replace computers every 2-3 years and keep a spare around just in case. Everyone gets a $100 USB drive for TimeMachine backups, so a damaged or lost laptop is at worst a few hours of lost productivity. If a user wants to run something other than MacOS X they're welcome to do so on their own.
We have no servers in-house other than a small Linux box which serves as a router. The network is managed with the goal that it be no more complicated than anyone's home network. "Network is down? Reboot the router." Granted, we have a symmetrical 10mbps RF link via TowerStream so it's pretty fast, but still, K.I.S.S.
All email, calendaring, etc are handled by Google Apps. $50 per person per year is ridiculously cheap for what it gets us. Most file server type needs are met by either Google Docs or DropBox.
For phones, we have an old PC running an Asterisk derivative and some VOIP desk phones from craigslist. We also have a GSM booster on the roof, and most people who need phones to work have company-funded iPhones. We're also looking at moving to Google Voice now that it's included in Google Apps.
Seriously reconsider the wisdom in running an authentication server for 20 users. You will spend more time configuring, patching, backing up and fixing that directory server than you would managing a spreadsheet of 20 local admin account passwords.
Run your corporate web server in-house? No effin' way. EC2 or a co-lo, never in house. You cannot cost-effectively match what a decent colocation provider can give you with regard to cooling, power, network capacity, redundancy or room for growth. They's what they do and they almost certainly do it better than you.
Wow,this is what happens when someone asks for help from an open source crowd! The ones who are all for sharing and showing love to one another so as to make software better and work relations better as well.Open source and Freedom seem to have got lost in the frenzy.Makes me sad to be on Slashdot and see this.
You might be able to do the job, but you lack confidence...
We might be able to do the job, but we lack details and motivation.
So, hire a more experienced consultant to help you out.
Or just think some more about it, and enjoy learning by doing.
Great idea, except:
1) S3 performance is poor. You've got to pay a LOT for performance.
2) Non-hardware (administration) costs are still going to be the same.
3) Cloud services are dependent upon connectivity. Which do you trust more: no link failure in thousands of miles of cables, fiber, and networking equipment, -or- the volatility of your local network and attached storage systems? You will need at least 2Mbit of low-latency throughput for something like this.
4) You will need redundant outside-network links. This may not even be possible in his locale, and if it is, there's no guarantee something upstream won't die (and in many places, the certainty of something failing upstream is fairly high due to shared carrier).
5) Are connections of sufficient throughput and latency even locally available? There's no mention of things like: mail use, type of work performed, etc. What if they do CAD work? What if they do a lot of email with attached documents? Graphic or sound work? These are use cases which are horrible for cloud computing.
That's just a starter list. It's suitable for some purposes, but for most day-in and day-out stuff, it is not good as a primary source of IT infrastructure.
For general purpose daily cloud computing, S3 isn't even a good/best option.
As for the OP... this guy should obviously not be in IT. The most notable thing missing from his list is: competent and experienced IT personnel. Obviously this was not considered as a requirement by those paying the bills, but it is important.
Hint: use requirements are the first thing to consider. Everything is based off of that. The vendors picked depend on experience and available purchase agreements. What I do for 90% of my customers will likely be a poor fit for many of your customers. And so on.
Fucking amateurs. They make us MSPs look bad.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Agreed. Laptops only when needed. Do people need to be mobile during the day, moving from place to place taking their computer with them? At a 20 person company having one person visit the office of the person with the computer in question does not seem prohibitive. Taking your computer to meetings and such, vastly overrated and usually a distraction.
...
If you like the idea of people taking their work home do you accept the increased costs of lost and stolen laptops and the decreased lifespan that frequent travel brings? Is your data secured on an encrypted volume? Even if IT creates an encrypted volume are users actually using it rather than saving files to the unencrypted desktop? Have you planned training to address this sort of issue?
When traveling overseas these lost/stolen concerns magnify. Furthermore is there anything on the laptop that your country does not allow to be exported or anything that the visited country does not allow to be imported? Perhaps even that state-of-the-art encryption software you normally use has export/import issues. Not to mention the "personal" folders where porn was downloaded. Have you planned training to address these issues? Even when a laptop is clean customs may hang on to it for some reason, its fully within their power to do so. Will having a person lose their day-to-day computer be an issue?
When a person takes work home are they on the clock? Do you live in a jurisdiction where unpaid overtime is becoming more and more of an issue even with salaried people? You may be setting your company up for an unpaid overtime lawsuit once someone becomes unhappy and quits. I've seen it happen. I've seen companies in California switch all their engineers and lower level of management from salary to hourly due to this sort of thing.
The list goes on
Laptops can be great and they can be required while traveling. Perhaps have a few than can be checked out on rare occasions when people *must* work at home or travel. Have them copy only what they need for that day or trip, and wipe the laptop when returned.
make it supereasy, SunRays for everyone.
You never mentioned a platform, so I'll assume you will use the same infrastructure as 95% of the world, Windows.
Windows offers many useful tools and functions (group policy, WDS, etc), and in it's small business server form gives you an extremely robust solution for a good price, up to about 50-75 (75 hard limit). It includes Exchange, Sharepoint, and internal media serving via Streaming Media Services should suffice. It also includes wizards for nearly all it functions.
The pain is the need to re-buy software if you grow above 75 users...
Ken
The only element of this which really needs any non-standard thought is the media server, and that depends. If you're just archiving stuff, even that isn't a problem, but if you have multiple people doing video editing, for instance, you will need some serious power
in the server and it's network connection. You also need to assess what level of reliability you need in that media server -- for instance can you afford to lose a few hours updates if something bad happens. If so, a standard server plus (say) mightly backups to another machine with a big RAID will do fine, if not, you need mirrored servers, and other complications.
As for someone with a BS, I'd never hire someone with a BA in IT related fields unless it were (maybe) a project manager, their knowledge was commensurate with a BS, and they had work experience.
And "2-4+" years of experience is inferior in your mind to some schmuck with a 4-year IT-centric arts degree? I will take someone with 3 years of solid IT experience over someone with a BA, any day of the week. Experience, with demonstrated competence, trumps formal schooling unless additional demonstrated competence is provided by said degree holder.
Conceptual stuff is important, but if they can't get the job done, they're useless (and cost more).
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
With very few specific exceptions, I would never put my business "on the cloud".
GMail? Nothing wrong with that... as long as you don't mind all your internal memos being examined by data-mining software.
S3? Cool. Let's just put the video about our upcoming IPO on somebody else's servers, where others can have access to it.
EC2? Yep. All of your financial reports and graphs will look just great coming from somebody else's data store.
Okay, so I'm being a bit sarcastic. But not much. I wouldn't care much if it weren't for the fact that we know they actually do mine data.
Go with dell for the server, get a poweredge, 20 users? get something with at least 8 GB of ram and a raid 10 array with at least 1 TB on it, or 500 GB at the least. also invest in dell powerconnect switches.
Why dell? Warranty, that's why. Dell has a damn good warranty, and is the only reason I suggest it, shit breaks? you can have them ship the part or ship the part with a tech (great if you're on vacation and the system goes down during your vacation and it's a hardware failure, dell has a great turnaround time)
Next, windows small business server 2008, I know, this is sacrilege around these parts, but ideally, you want to have something up quickly. Though I would recommend something like VMware ESX server below that so you can virtualize your services out (have a SQL server, linux if you want to reduce cost on licensing, same with quickbooks, no need to run it on the DC. or windows for that matter..) But SBS is great if you need to have activedirectory up and running quickly, have an e-mail server up, and connect new computers easily.
Next either get dell precision desktops or, optiplexes if on the cheap end, again, make sure to get the 3 year onsite warranty with these. If you dont go dell, go with HP workstations, make sure they come with windows 7 pro. Home editions dont cut it with AD.
Next, if you have people working from home only or out of state, get a terminal server as well, which can be virtualized with vmware ESX. I'd recommend server 2003 for this, it's not as resource heavy as server 2008, and you can find copies fairly cheap these days if you know where to look.
The other good thing about dell is you can put it all on a business credit as well.
for 20 users, a bonded T1 with a DSL line as a backup would be ideal. I ran a setup like this at one location at one of my previous jobs, and it worked well, in fact what I did too was all the little things like online radio streaming and other things users will invariably do during the day, even if you dont want them to, can be directed over the DSL, leaving the T1 free for business purposes (VPN, E-mail, remote access, and other activities, a T1 can do it, but you want to consider growth here, and 20 users can clog things up quickly)
Invest in printers as well, you can lease huge all in one multifunctions from Ricoh, Oce, Panasonic, and a few others, these can do scan to file (you can say, send a scanned file directly to a user's redirected my documents folder on the server) and have everyone use that as their primary.
For personal printers, invest in brother printers, cheap, ink's cheap, they're great quality, and they also have opensource drivers for their equipment in case you have any linux systems for any reason. I *always* leave this option open. Also why I suggest the big leased printers as well.
Now for the router, I'd suggest something based off of pfsense of m0n0wall, and as an appliance, I'm looking at building a small one myself, or for the sake of being cheap, you can buy a small used computer (slimlines with PCI slots are ideal) and load it up, save some costs, you can get cisco-like functionality out of something with a linksys-like interface. though I recommend getting an appliance with chipsets that allow you everything you will need (vlans, etc)
Also, when running cable/having cable run, make sure to run extra cable, even if it goes unused, cat5e/cat6 cable can be used for fax lines, phone lines, etc.
for phones, used nortel systems, SAAS phone systems using VOIP, or even a PBX appliance would be ideal. if you go the VOIP route, you can probably go the business dsl or business FTTP route instead of using a T1. just get a static IP.
that should get you started.
We have several customers on various versions of the above configuration. I hate SBS for the little issues, but it makes the customer happy, they dont want to deal with ANY issues in regards of random windows hacks not working to make things work with samba, and you sure as hell dont want to have to recreate
http://www.offiserv.com for tickets handling like service desk, and for resources management including reserving conf rooms, and for address book
OK, seriously, I've done a couple dozen of these 10 to 50 user installations. Half the time is spent at the beginning to determine what the customer needs and wants, and what the budgeting will be. Things invariably cost a lot more than the customer anticipated so your goal is to manage expectations. If you don't do that, your life will either become a living hell (if you will be providing long-term support) or you will leave behind an unhappy customer.
Some of the basic things that were not considered when customers brought me on:
Are there remote employees? Will they need VPN access? What platforms are they using to connect? Can you verify that the endpoints are secure?
What is the anticipated volume of mail? In this day, it's often much cheaper to outsource to Google for smaller installations, but in some cases it makes a lot of sense to keep in-house.
When hosting your own web server how much downtime is acceptable? Do you need 24/7 uptime or will you have maintenance windows? What if your primary site burns to the ground? Do you have the floor space and adequate cooling? How much traffic is anticipated at the beginning of the project? How much do you expect to grow?
What applications do you need in-house? Accounting packages? Company intranet? Database? How will you separate your LAN for security purposes? Do you take credit cards as part of business?
What infrastructure applications do you need? Can you afford downtime on these? How many ports/switches do you need? Wireless? Separate backup LAN? OOB management for your servers?
Before you even start pricing hardware, find out what your customer needs and wants and willing to pay for.
What software do you currently use?
This decides a thin-clients vs. fat-client approach.
I'd second giving MacMini's a thought, while outsourcing as much as possible.
Windows 2000 - from the guys who brought us edlin
Probably a lot more detail is needed to give a useful answer to your question. However, there are some issues not mentioned yet. First, what is the budget for system administration and maintenance? Is there a budget for that at all? I do (volunteer) system administration for a couple of small human rights organisation (about the same size as yours). They are cash strapped and don't have the money to pay for a system administrator, or to contract for the work as needed. The rely on volunteers, and these are really hard to find. So, ask yourself what kind of expertise is available before you decide on a system. makes no sense to design a superb system when you have no one to keep it running. Hardware is generally kind of uninteresting. I would go for wireless (RADIUS) for as many clients as possible, and don't buy unnecessary powerful PC's. Waste of money. One system I build was based on Google Apps (Education license available for non-profits) for mail and remote access and a local NAS with LDAP that synchronises with Google. Create an account locally, a Google Apps account will be created automatically. Clients Windows XP / Windows 7. What makes this a good system is very low maintenance, easy deployment (everybody knows Gmail, etc) and good support for remote users. Office staff can deal with almost anything needed to keep the system running. For the NAS I used a Intel SS4200 NAS with 4Tb raw storage and installed a core version of Ebox (zentyal) on it for filesharing. LDAP and RADIUS. Web interface, office staff can deal with that. The second system is a MS Small Business Server 2003 with about 12 clients. That works well, problem is you need someone who knows SBS, and can handle sysadmin tasks. (And no, in my experience most people working for non-profits can't handle that). Licenses for SBS (and Windows) can be purchased through the Microsoft program for non-profits. it's cheap, and the money should be no problem. Mail runs on the SBS server, remote acces to the office PC's too. be ware that security is a bitch in this setup. Much harder to keep it safe that the first system. You say you want to run the website from the office. I have no idea why you would want to do that. It's a headache. If you go the Googel Apps way, use Blogger for a website (if simple is good enough) or create your own website with Joomla (host it somewhere) and handle authentication for your website through Google Apps.
File server: ubuntu 8.04 or 10.04 with samba network shares. Get two of them (basic reliable hardware ~$600-800 each) and put one in a local colocation host. Run rsync (or unison) over ssh nightly to sync. We do this, syncing a media library that is updated at the office to remote, and syncing the web server/mysql database in the reverse direction. Maintenance-free for over two years. RAID mirror those drives, obviously. Add additional servers at the colocation host for web and/or database if you need the performance.
There are MANY reputable consulting firms that can work with you to understand your needs, then recommend appropriate design considerations. The biggest constraints to the perfect environment are cost and the needs of your organization. Professional consultants can work with your needs and budget to recommend the best plan of action. Since you clearly don't know what you're doing, I think professional help is best.
What happens when the "cloud" company goes belly up without notice and takes your data with it?
Start with he network; Cisco ASA5505, Cat 3750-24, UC520 + 1 6965 phone per desktop. Servers and Desktops Buy a dell power edge 905 server. Toss Small Business server on it, setup roaming profiles, wsus, and windows deployment services. Buy dell optiplex 980 desktops, build windows 7 deployment image, sysprep and upload to server. Deploy image to all the desktops at once, lock down admin privileges, setup deep freeze and with a nightly or weekly maintenance mode. But then again, they should have hired someone who already knew this.
Should a company really put proprietary or sensitive information in the "cloud"? Is trusting your data to a remote location with a 3rd party, and thus constantly transmitting and retransmitting the data, really the best solution rather than maintaining your own infrastructure?
For a company that has no such data, the "cloud" may be a viable solution. However, when I routed my university email to gmail for my smartphone (since it did push, rather than pull every 15 minutes), I remember my bosses musing. He said he wondered how the university would feel if all their sensitive research (research = $$$ through grants and IP rights, and thus means new data is as vital as those bits representing your bank account balance) was placed on a service that scanned them for ad words - especially those departments involved with research with Microsoft or other rival companies. Although I do no research at my university, his point came across loud and clear. Its all about how much do you and should you trust the 3rd party "cloud" services.
Very interesting subject to me, because I've done this. I built the IT infrastructure for the company I now own and operate, but at the time, I was building it for some one else. It now just became mine through some sick twist of fate. Anyways, that said, ANY ONE WHO HELPS THIS DOUCHE BAG IS ALSO A DOUCHE BAG. OP; you should have never taken this job. You don't have the experience and know how to do this right. You should now go and an hero.
::i visited slashdot and all i got was this lousy sig::
Buy an off-the-self NAS device with support. Some companies can monitor the box' performance and send you new HDs to pluck in when old ones are starting to show errors. You could also solve backup and sharing at the same time by using something like Egnyte's Office Local Cloud and NAS bundled into one: http://www.egnyte.com/netgear/
The only answer i can give you is: 42!
The problem is, that you don't understand your own question.
E.g. Thin Client vs. Desktop vs. Notebook is not a universal truth. Nearly everything on the IT market exists for a reason. If you are mostly working on large images, thin clients would usually not be the very first choice. A desktop PC may not be well fitting for your much traveling CEO. Laptops in call centers have a tendency to disappear.
I can counter every question you ask with a dozend questions you have to answer first.
You are asking "Do i need a Porsche or a Scania flatnose truck?" What answer would you give on such a question (beyond ROTFL)?
Any answer you get at such a question now is an ideological answer or based on incomplete data.
People answering are replacing (in their own minds) your unknown needs with their well-known needs and answer accordingly. If you happen to take an answer from someone who has a similar usage-profile as you do, you get lucky. If not, your f*cked.
CU, Martin
As your a non-profit, Google Apps is free.
http://www.google.com/apps/intl/en/nonprofit/index.html
So forget about running your own server and use the cloud. Gmail is the best mail client out there. If you work in teams, then the sharing in Google docs means it beats any desktop office software. If you have any one who needs to anything more complex buy them a copy of Office or iWork.
Hardware wise, make your life easier and buy yourself all Macs, will be much less hassle to look after and although they cost a bit more, then last a lot longer and have a higher resale value than a standard PC.
Laptops or desktops depends on use needs, if there in the office all the time, buy iMacs, otherwise Macbooks for anyone who is really mobile.
And when Joe Farmer runs his backhoe through your Fiber line? Send everyone home for the day? Tell your clients that their media is stuck on Amazon?
Easy! Just fall back on your emergency operations procedure (likely involving paper) until service is restored.
You do have an emergency ops procedure, right? /., at least? :-p )
(Or you will after another next ask
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
Yeah, NGO = NON Governmental Organization = tree hugging PC hippies who have no clue. They'd only hire people based on their ability to fit some diversity requirement because no honest government would ever hire them... governments hire only the most competent and skilled people, which is why all US citizens are so happy with every government agent they ever encountered and why they support the government taking over all sectors where private businesses operate.
Yeah, I took your trolling and jumped full force into the flames. My point is this: with so little information on the original poster you shouldn't assume anything about their qualifications. After all, you wouldn't want me to profile you as a racist due to a single post that seems to indicate you believe that certain people can only be hired for their "stylish" qualities and those "stylish" attributes mean they are not qualified or skilled to perform a job.
The current Gmail administration seems to be OK, but what if it changes and what if they do by this time the same business?
It would be difficult to compete with guys who host your e-mail accounts and documents.
GMail? Nothing wrong with that... as long as you don't mind all your internal memos being examined by data-mining software.
Not to mention state and federal laws (SOX, HIPAA) that require controlled access to certain information.
Do you even lift?
These aren't the 'roids you're looking for.
This is a public forum, we're all volunteers here.
Personally, I'm okay with the occasional "Help me with best practices" post. I wouldn't want to read that stuff all the time, but it adds to the mix, when taken in small measures. Keeps me in touch with developments outside my immediate interests. Sometimes generates lively debate. Maybe helps other readers in the process, benefits the general welfare.
If you want to blame anyone, blame Slashdot editors for publishing this kind of thing.
-kgj
Amazon S3's website has a nice spiel on how to make HIPAA complaint web apps accessing it. Encrypting your data before putting it in the cloud isn't exactly rocket science.
If you don't completely describe what the clients do today, what they need to do tomorrow, then any responses here are worthless.
For all laptops, WHOLE DISK ENCRYPTION - PERIOD. No other choice these days. No other option allowed.
Here are some things that you can look into:
- redundant ISP connectivity - a real ISP plus a low end Cable Modem for failover
- physical security for all IT server and network assets. I was able to hack into a so-called "server" last week because physical access was available.
- deploy a SAN - iSCSI or ATAoE for small clients like you.
- use server virtualization as much as possible to reduce hardware needs - the type of virtualization is dependent on the client OS and workload. It also reduces the size of the UPS and cooling required in the server room. 10:1 server reductions are fairly easy to accomplish. Be certain you have at least 3 physical servers or you won't have enough redundancy.
- backups, backups, backups
- restores, restores, restores
- LDAP for authentication
- Zimbra for email, IM, but not for wiki or documents (which it also provides)
- Alfresco for shared file storage with versions. Don't even tell the end users their shared folders are in a real DMS. They don't need to know.
- vTiger for CRM
- Redmine for project management, issue tracking, features, project planning, etc.
- OpenVPN for remote access. We used Adito previously and recently switched.
- FreeSwitch for VoIP. You'll save $100K per year on phone service doing this.
- Be certain to setup your internal network with network zones - internal desktops, internal servers, DMZ servers, VoIP equipment, all need to be on different networks. Don't use 192.168.x.x, please. Use uncommon network addresses to help the VPN be easier to use and manage.
- Build a management/backup network that is cut off from all other networks without 2-factor auth through a specific internal server.
- use LDAP for all authentication from all applications - - - EXCEPT VPN.
- Mandate SSL connections for all internal use. FTP and telnet are broken by design. Just use SSL encryption for everything - life is easier.
- Use webapps, not thick client apps, as much as possible. Maintenance updates are not client dependent beyond a web browser. No OCX or java applets on any client machines.
For my clients, we run 99% Linux infrastructure - basically, 1 Windows server is for QuickBooks and the rest are Linux.
For desktops, if you force Linux you'll still need to setup remote connections to Windows desktops/servers so those few apps that can't run on non-MS platforms can be run over RDP. The sales and marketing teams will revolt if there isn't' any ms-outlook. Accounting will revolt over missing MS-Excel. Are those fights worth your time? Seriously?
Client backups ... er ... or just make it so easy for them to keep all the data on servers that they don't bother.
For the number of users that you have, MS-SMS is very attractive. When there are 50+ users, the costs start to increase and you'll wish that you'd deployed Zimbra instead. If you only allow the web interface to Zimbra, then you've just solved a bunch of security issues too. You only need the commercial version of Zimbra for MS-Outlook clients. Enterprise calendaring is the critical app that Zimbra effectively competes with MS-Exchange on. All the other "communications servers" fail on this feature, IMHO.
Running web servers internal is fine, but probably not the best idea for the bandwidth that you have.
Seriously. What did you put on your resume?
>> And when Joe Farmer runs his backhoe through your Fiber line? Send everyone home for the day? Tell your clients that their media is stuck on Amazon?
Dual connections with different topologies and hardware fail over. It isn't that expensive.
Having said that, I still would hesitate to put core assets (or even email) in the cloud.
I know it's Slashdot, and everyone here gets a rush from insulting people who they think know less, but really?
IT for an NGO with 20 people is a pretty entry-level position for setting up infrastructure. Even with experience it's useful to know what current thoughts are. Slashdot has a huge concentration of experienced people who can give good advice (and plenty more who can't.) You'd be a pretty poor infrastructure engineer if you didn't do some research before building things up for a new company. I think they made a great decision, the poster is being proactive in asking a big group of knowledgeable people for their current advice, internet searches alone can yield outdated advice. Sounds like someone I'd like to hire.
Plus it gives us all a great chance to update long-standing arguments about custom vs. generic, cloud vs. internal, mac vs. linux vs. windows, etc... And don't even try to say you don't like arguing about these things.
"Until the become conscious they will never rebel, and until after they have rebelled they cannot become conscious"
Host your internal media in the cloud? Are you crazy? Would you really prefer to have your large media files, gigabytes in size, at the other end of a 1-10MB/sec Internet connection, or hanging somewhere locally at the other end of a gigabit Ethernet connection?
Specialist Mac support for creative pros, Melbourne
My firm is a pretty small shop, with everything running off ClearOS. It's a really fantastic server/middleware package with a great configuration, plus domain services, etc. Honestly, it can do everything you need, and you even have options (can use local clients, etc, or the well-configured horde/kerberos install). It's running CentOS so if you want to branch into more advanced stuff, then it's all there and relative simple (as simple as anything is with SELinux). They also offer a $1000 box with certified hardware in a blade profile which seems nice, but since we have an actual server I have no actual experience with it. As for the software, however, I recommend it highly.
As for what machines for your clients, it really depends on what they need. If you're small-scale, then thin clients aren't going to save you any money. My advice is to talk to your users/their managers and figure out how they work. Do they do work from home? Are they on-site at all? Do they have a lot of working meetings? In those cases, laptops would make sense. If not, desktops would be cheaper.
I agree with you totally.
A lot of us have privacy concerns also. I guess for some, it's ok for all of your data, databases, accounting information, internal emails, etc, to be hosted on someone else's hardware. Lots of "managed hosting" providers have physical and root/administrator access. Great. What's a database of industry specific customers worth on the black market? Way more than the technicians on site will make in a month (or possibly a year).
Depending on the data, they may be contractually obliged to maintain their data in a secure location, where no one but a limited list of vetted employees can possibly have access to it. Google, Amazon, or even folks like Rackspace, won't give up their employee list with names, SSN's, home addresses, etc, for background verification. You'd be lucky to get the first and last name from the guy who you're talking to on the phone, much less a clue of who just logged onto the console to do a repair.
Serious? Seriousness is well above my pay grade.
Each business will have so many different things going on that it is unpossible to answer the question.
I would ask THEM as much what they would expect. Even get one or two key users involved, so they can sell your idea to the rest, because people do not like change. An internal person will be of big value, especially if that is not one of the managers.
And if you have many images and video, I assume also they will love desktop estate, so two screens or even three. Hardware? If we have no idea what it is used for, how can we answer? Setting up the system is the easy part. Who is going to maintain and upgrade it and how? What if that person doesn't do it anymore?
What is the software they are going to use and what does that software need? Does every person in that company has the same need. What will be the needs in three years?
There are so many unanswered questions that answering them is impossible.
Don't fight for your country, if your country does not fight for you.
5) Are connections of sufficient throughput and latency even locally available? There's no mention of things like: mail use, type of work performed, etc. What if they do CAD work? What if they do a lot of email with attached documents? Graphic or sound work? These are use cases which are horrible for cloud computing.
YOu have just explained why I'm not likely to ever see my data in the "cloud", hell, our own server across the room is too slow for a lot of CAD models, even a 5400RPM harddrive is sometimes. Load a 600MB part into an assembly of 10 of them, or even just the one 600MB on into a 200MB assembly, now multiply that by 5, and all of a sudden you just about cannot get enough bandwidth on your server. Same goes for those people in video or audio production.
All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
...any of the cynical bastards on slashdot are ever thrust into a situation where you might have to ask for help. For instance, spending a time with a woman who isn't your mother could present a challenge.
Is to fire the OP and get someone who knows what they are doing before they waste money on whatever the OP decides to do.
Seriously, Dell and microsoft will get you the best bang for buck. Forget linux, I know the crowd on here will suggesst all these open source projects that may be great, but unless you have alot of IT skills in the company, stick with microsft.
And Seriously, for the SMB, Microsoft is the best Product. The integration you get with Windows 7, Server 2008, Office 2010, Exchange 2010, Sharepoint ETC, is just better than what you will get from any other company. Sure there is probably a Google cloud solution that works aswell, but i'm not sure were the company is, so Ill just assume that fast reliable broadband isnt available, or you dont want to rely on it for the entire business.
I'd stick with mainkly desktops, unless any of the workers need to travel/ do work remotely, then get laptops for them. Remember that Windows Server 2008 has remote access built in and they just need any random PC to connect.
Windows Server 2008 has backup software built in that is pretty good, get an external HDD and set it up for windows backups, its realy easy with the small business software.
Depending on how much storage you need, just get big internal drives for the server, make sure you get the Raid card option and Raid 5 all your drives. Just get Sata drives, they will be fast enough in Raid for 20 users.
If you need more storage, get some sort of SAN, not sure if dell do one, they probably do but it would be a rebadged something, Just get a thecus or a QNAP.
Get a dual CPU server with 12gb ram.
Get Server 2008 premium, that way you get an additional Server 2008 licence that you can run on another physical server if you want to buy another server, or you can run it in a VM. If you know enough about VMware, load ESXi 4 on the server and run 2 servers off 1 hig spec server.
Servers: PowerEdge R905 x2
Workstations: Dell OptiPlex 980 Desktops, 4GB Memory, Win 7, Dual 21" monitors
OS and Apps: Google Apps, Intermedia (Hosted Exchange) and the rest on Amazon
Are there any must have books on building the IT infrastructure?
books are notoriously 3 years behind. internet is your best friend
New desktops: should it be laptops (with dockingstations), regular desktop machines or thin clients?
Use SFF desktops if laptops are not required. I would recommend purchasing barebone system and add lots of ram and SSD drive.
A special brand? Servers: We need a server for authentication and user management.
ClearOS, MS Windows. Choose one that is the easiest to work with for particular task, MS products come with higher upfront cost though and try to lock you in MS world.
We also need an internal media server (we have thousands of big image and video files, and the archive grows bigger every year). Finally we would like to have our web server in house. Which hardware is good?
Build a storage server based on iSCSI. I've had good luck with number of raid sata enclosures, just be sure to keep everything redundant at storage and controlle level. If you have so many media files you probably already have indexing software.
Which setup, software and OS'es have worked the best for you?
Windows is the easiest to setup and configure for small deployments. It is expensive though so people tend to stuff everything on one server so security and management suffer.
I would recommend two high end servers running VMware and whatever OS is best for the job to run email, file sharing, authentication, proxy, anti-virus/anti-spam and honey pot services. Virtualization offers room for growth, easy backup and restore.
Be sure to partition your services, assign different access levels according to people's responsibilities and keep and review logs. Do not skimp on your firewall/IDS.
Before you spend a bunch of time putting in a bunch of open source desktop clients that wont be able to run any software that you will most likely need in order to run the organization, consider that Microsoft provides very inexpensive licensing to NGOs and Non-Profits.
However, I am in this camp concerning this issue:
There are a couple things I can say. When I was going to build a practice domain at home with windows server (to centralize authentication and creating roaming profiles like at our university), I asked my boss the best way to incorporate laptops into such a model. His reaction was "Why?" A domain with central authentication for small groups (to him under 30-50, depending on the needs of the organization) creates more management work to be worth it. He took down his domain at his house and went to a media server since it was easier to manage - and laptops are just way too problematic to deal with in his view.
That is just one view. As yourself these questions: how will I install base images to the computers? If a new employee replaces an old one, will the system be re-imaged or will they use the existing set-up with all the legacy files? What software do I need? How will software be distributed (for example, locally installed or pushed out with SCCM or using virtualization like whatever SVS is called now or Microsoft Application Virtualization)? Will employees be assigned a specific computer or will they need to be able to use any workstation like it was their own system (the latter is our university's computer lab setup... and a lot goes into setting it up/maintaining it)? How sensitive is the data? What type of data needs to be stored? What level of scalability is predicted to be needed (or, will this NGO of 20 have a chance of becoming an NGO of 100 or an NGO of ten locations with 20 under central IT management)? What skill level/competencies will the NGO employees have? (Many times there are volunteers, which means you are dealing with the typical and often retired home-user *shudder* - like my mother, who managed to crash her PC regularly and even crashed the Mac I replaced that with!)
So, post a new thread with some details if you really want a serious answer to your problem. The questions I put above with the other various responses to your posts should give you a good start to all the questions you have to ask. Once you have a well defined problem to give us (not in the mathematical sense, but in the sense that people can conjecture about a solution due to specifics being provided), then I think you will see many more potential suggested solutions. Also, don't forget to respond to posters when they offer responses. :)
what is your organisation doing? it is an ngo, so it is not the government. i got that part. but do the people actually do something? what is it?
For such a small organization you might want to keep things as simple as possible given you're not going to have many staff to support 20 employees. Probably "one guy". To that end:
* Branded Gmail for email and calendar. You can use the branded google accounts for IM as well. The spam filtering and uptime are very good. Also you don't have to manage any of it. Your employees can automatically check their work email from anywhere w/o having to get on a VPN or use a particular email client.
* Macs. Makes you functionally immune to malware. Repairs/replacement are pretty speedy, esp. if you have a Mac store in your area. If you absolutely positively must have MS Office then you can get it as a native app. If you must run Windows then there's a free virtualization option (Virtual Box). It's not as good as Parallels, but it gets the job done.
* If you expect your employees to occasionally work from home (or on the road) or if you want to at least give them that option, then get everyone laptops. Providing external monitors, keyboard, mouse is fairly cheap. MacBooks (not MacBook Pro) are in the same ballpark cost-wise as similarly spec'd name-brand PC laptops.
* Hosting your own web server sounds like an unnecessary pain in the butt. If you absolutely must, then Linux/Apache is probably the way to go. I'd recommend the latest LTS version of Ubuntu (10.04). Going with an esoteric distribution just makes finding documentation and fixing problems that much more time-consuming.
You make some good points, but you assume that when people ask for opinions they don't know themselves.
Also everyone who is suggesting cloud services are missing the fact that the company has a large media storage needs.
and might have even done this before!! Holy hell!!
We want to host everything on-site because our webserver needs to get to our fileserver. And this is a printing company FFS we can't have everyone's crap in the cloud. Plus S3 is a bit pricey when you need a terabyte of storage.
Anyways, to the point:
Our PC's run Windows (mine dual boots) so we can run Adobe CS5. The mac version is stinky and my workstation is a quadcore i7. Mac can't touch that. I can crank through 16mbit pictures like nobody's business. Your users might be upset if they have server crashes, etc but they will be extremely pissed if they have to wait 38 seconds every time they want to do a gaussian blur (I'm guessing we're talking about a company that does that type of thing?). The software to manipulate vids/pics is exceptionally expensive, so they probably won't mind paying for nice servers.
We have Comcast Business Services with 5 static IP addresses and we're getting about 30mbps down and, on a good day, 8 up. Since we don't have 1000 simultaneous connections, this works fine.
We have a fileserver. An old mobo in a regular case with regular hardware (except SATA2 RAID1). My backup works like this: /var/backup /var/stuff/ /var/backup /var/backup
#!/bin/bash
mount -tnfs xxx
cp -rfu
umount
0 0 4 * * * run my bash script
works great.
We also have a web + database server, as well as one other server that I use to offload CPU time when I need it - we use unoconv to convert unfriendly files like .doc to .pdf, plus I have it run GS to do things to PDF's like check for color profiles. These are all crappy old computers - one might even have a E6600 in it. This all works fantastically. They are all running slackware because I know slackware. If I knew Cent or Fedora or RHEL better, I'd run that!
My file server also acts as a domain controller for samba so if an unauthorized computer (we may go 802.11n someday) were on the network, it couldn't f*** with things.
The only tricky part is this: my "other" server runs vpn so people can work on files from home. As a result of that, we had to move our entire network to something other than 192.168, so I chose to use a 255.255.252.0 subnet on 10.whatever and have computers, printers, and servers all on a different /24 so to speak.
Is it perfect? As perfect as I'll ever be. Does it crash? No. Does it do all the crap people want it to do? Yes. Has it been in place for years? Yes. Do we have an uptime SLA? Negative. Do we still have 99.9% uptime? Yes.
If you are unclear about anything that I wrote in this post, you probably shouldn't be sysadminning alone. It's a lot easier to have some humility and ask for help (even if the customer doesn't know you're doing it) than to have to try to fix something later.
I find it humorous that you assume people still work a world where you can operate when disconnected from the Internet. Even if everything's hosted locally you can't use the web or send e-mail. So yeah, you just go home for the day, I don't care if your servers are down the hall or the other side of the country.
But the obvious answer is redundancy with physical diversity, of course -- regardless of where your IT infrastructure is hosted.
I suggest build your own for all. If you have a small company, you may be able to get a bulk purchase saving. Build your own server and use Ubuntu Server. Use Ubuntu Desktop for the terminals. You will save money and be able to customize everything the way you want. Look in to it and you will see what I am talking about.
First Get the Zwicky book and follow the pretty pictures that do NOT have the universal no symbol next to them.
http://oreilly.com/catalog/9781565928718
This will mean that the person that has to clean up after you, does not have to start with ripping out all the wiring.
Second, set up a wiki for documentation so the person that comes in after you doesn't have to rip and replace because it is cheaper and quicker than figuring out what you have done.
Third, install network monitoring software such as opennms. (if you have a choice between one $1,500 server and two $500 servers go with the two $500 servers)
Fourth, do a netwok audit of all hardware and what software is on that hardware.
Fifth, price out what it will cost to bring your organization into compliance, if you are in the US and not a 501(c)3 this will probably be expensive.
Sixth, install project management issue tracking software, I use recommend redmine.
Now you are ready to start doing your job. (or at least you have not made the situation worse, and could possibly contract out your job.)
Work bio at MMWD
We use gmail for our company as well, and I have only recently hit the wall with it. I get a mew hundred MB of messages, and there is no method of deleting (or archiving) attachments off the system.
I am still surprised that there is no popular "appliance" type server for this purpose: something that supports file, print, authentication, accounting, and phone system out of the box. Go extra fancy and allow for painless mirroring and snapshot backups with a second (and third) unit if desired. It seems like at this point in time it shouldn't be that hard to do...
Having a Windows domain controller with centralized authentication is YES going to save your sanity, and your security.
1. Centralized authentication, so you as the IT guy can get on any machine no problem.
2. WSUS -- so you can actually get all your systems updated with MS updates, and keep them updated.
3. Login scripts and Group Policy -- so you can keep your other software updated. (And standardize settings. And make rolling out new computers MUCH faster.)
4. You'll then be able to get centralized/enterprise antivirus as well to keep your system properly safe.
If you have to update your software manually, and have more than 5 or so systems, you will NOT be keeping them up to date.
Yes, this costs more. Yes, this requires more upfront costs, time, effort, and learning.
This will also save your ass if you grow, as workgroups don't scale unless you have lots of cheap IT labor.
And it will save your ass from viruses/malware infecting your network.
In the long run, you'll spend a LOT less time maintaining a network of interconnected machines vs. "island" systems.
And don't host your web server locally unless you have a REALLY good reason. Hosted web sites are cheap commodities. Even if you need specialized software, you're probably better off with a hosted (maybe virtual) server. You're unlikely to have the huge and redundant bandwidth of a hosting provider.
And unless you need Exchange, Google Apps standard is an amazing bargain (free!).
And don't use laptops for users unless they're really needed. Laptops are much more likely to break or get stolen. Users do evil things to laptops. And they're slower and more expensive.
And avoid wireless keyboards/mice... Wired ones just work. Boring, but they work. Wireless ones quit, have dead batteries, and users can never figure out how to reconnect/pair them.
I find it humorous that you assume people still work a world where you can operate when disconnected from the Internet. Even if everything's hosted locally you can't use the web or send e-mail. So yeah, you just go home for the day, I don't care if your servers are down the hall or the other side of the country.
The other 90s era idea is that you can only have internet access from work.... What would you do if the building lost power or burned down? Well, work at home / coffee house / somebodies house, of course. Been there done that...
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
In short:
Desktops, not laptops. More reliable, cheaper, faster. Only get laptops if there is not enough desk space in the office. Avoid thin clients.
Brand: Do not build them yourselves. Get something from a big supplier. Get the business line, Dell or Lenovo.
Authentication and user managment: Do not bother below 30 persons. Above: Active Directory, LDAP, ...
Internal media server: If your users are competent a simple file server will be enough. Dell or Lenovo. Lots of SATA disks. More disks for onsite backup. Get offsite backup, too.
Web server: Do not inhouse your webserver. It provides you with no real advantages. You cannot compete on connection, reliability, UPS, etc with a big hoster. Get a development web server for testing inhouse
OS and software: Stick with what your users are competent with. Ubuntu is really nice, get it with enough Linux experience. Mac if you have enough money. Windows 7 is good and works.
General: Avoid "big" solutions. Do not blow money on anything were a salesmen visits your NGO. Learn from other NGOs.
Start with one healthy server, well configured for memory and disk, and put VMWare ESX on top of it. Acquire appliances (self-contained virtual environments -- there was a listing of them on the VMWare site iirc) for most of your basic needs - CRM, Portal, etc.
Build virtual servers for what you need and run on that one piece of hardware. Then it's pretty painless to grow -- as you add hardware, you just boot up the virtual machine on the new box. By virtualising everything from the start, you miss a lot of aggro.
Do not mock my vision of impractical footwear
With very few specific exceptions, I would never put my business "on the cloud".
[snip]
EC2? Yep. All of your financial reports and graphs will look just great coming from somebody else's data store.
Way to demonstrate that you have NO FUCKING IDEA what the submitter is talking about. Why should data served by EC2 be any different than any other data hosted in a data center? FFS, you can even set up RDNS for EC2 now...
It was just a suggestion. No one is holding him at gun point marching his data into the "cloud". They're just responding based on the tiny amount of information they were given.
I agree - S3 really isn't a good option most likely. You really want something like Amazon Elastic Block Storage.
And finally, calling people "fucking amateurs" not only makes you look bad, but all MSPs. I'd rather not be associated with you.
Since your looking for a generic one size fits all kind of solution based on some sort of statistical analysis of slashdot posts, without any real knowledge of what the users requirements are... you should go with a mac pro server with attached raid. Use raid 1 on the server, use raid 6 on the external device and put your data on that. I might catch flame for suggesting this, but if you have no idea what platforms to put where, then your not going to be able to decide how to choose scheduling packages or much of anything else. Going with MAC OS Server allows the choices to have been made for you and you wont be exposed as a fraud.
Its always bad when someones kid can out admin you.
As far as the client machines, you really need to talk to the users and find out what they need to use to get the job done. One single misstep here can really ruin your year. If they seem to use windows, then go windows. You don't have the background needed to keep users happy on a platform they are not used to.
Speaking of data, you need to come up with a local and remote backup plan. Offsite backup is critical, dont skip it. Just stick with the server and explain anything not stored on the server will not be backed up remotely. Put external drives on all your client machines and use some full backup software. This is mainly for you to replace the machine when it fails. Also keep a spare client machine in the box for when this happens. With 20 users it will happen probably >1.5 times a year if your using something like Dell.
If you end up using windows on the clients, make sure to install some name brand anti-virus on everything, but turn off the local firewall options as long as they are on your local LAN so that you don't have to diagnose network issues all the time. It wont help much, but at least when they install a trojan you will have been perceived as doing your job and the anti-virus package will be to blame.
Never let anyone run an external service exposed to the internet. Keep the clients firmly behind the firewall or bad things will happen, and you probably won't be able to decide whats safe and what isn't.
Once everything is running, dont play around with it or you will trigger disruptions. Remember, as long as the users are happy and you don't lose data, you wont get fired. Not getting fired is your first priority until you get the hang of it. Basically, try to keep things running smooth and have a plan for when things break. In your spare time, test your recovery procedures on test machines.
That should get you through the first few years.
And dont ask crowds like slashdot how to do your job. Your not going to be able to sort through the opinions in a way thats going to help you. We each have a different perspective and a different style and we are all very opinionated for no important reason.
I think you underestimate just how much I just dont care.
How many IT employees do you suppose a 20 person company really needs? Personally, after about the 4th week, I think I would be about out of things to do in a company that size.
You haven't mentioned your budget. If it is small, you want to go with Linux and LTSP. Get 3 servers, 2 of which have sufficient disk space for your media. Setup LTSP on server A, your media stuff on server B, everything backs up to server C, which is a warm spare in case A or B dies.
The desktops would be Fit PC2 or equiv with LCDs and USB keyboards and mice.
What you gain : only admining 3 computers, desktops are interchangable. If something breaks, you just swap parts. Security is centeralized and simplified.
You may want to look at http://www.resara.org/ It's a new server for small organizations built on top of samba4. It is AD compatible, and can be set up very quickly. Here is a quick demo video http://www.youtube.com/watch?v=KeuMxaYfNFU
If it is that critical, then you should have a redundant network connection. Preferably one that eliminates last mile issues, whether it be 3G or a fiber pull that is completely separate from the primary all the way out to a different CO and provider. A 3G connection will only run you roughly $100 a month and while it isn't ideal, especially with the usage caps, it will hold you over until your primary line comes back up. Keeping a small office connected is not that difficult.
And when Joe Farmer runs his backhoe through your Fiber line? Send everyone home for the day? Tell your clients that their media is stuck on Amazon?
Nah, host it yourself. That way, when Joe Farmer runs over the fiber line, your entire site drops off the internet. That's WAAAAAY better than having to send employees home, amirite?
Servers;
You say the media server will have a shed load of files in an archive. Does this mean it won't be regularly accessed? In which case, just get a bare-bones box and shove a million hard drives in it. You don't need extreme CPUs to just store stuff.
In house webserver. Development or production? How much traffic? Do you have client's work hosted on the webserver? IMO, internal's fine for development or even staging environments - but production is best handled by a company who know what they're doing - so use one of the million reputable hosting providers out there.
Do you actually need a server for user management? One company I worked for had a brilliant, simple solution. Everyone had their own seat in the office, so their PC was 'theirs' and they had an account for that PC. They also had a folder on the in-house webserver (development only) that they could call their own and were advised to save all their work there because only the server was regularly backed up, the individual PCs weren't.
Clients;
Ask the work force. Ask the managers. Don't think that "Oh yay! Laptops mean people can do work outside the office" - if those machines are contain sensitive material, the management probably don't want people to do work outside the office. Some people also just don't like working on laptops. I for one would hate to use a laptop for a long period of time (ie, 9-5). If there's not [i]need[/i] for laptops/thin-clients, save the company a buck & get what they actually need.
Like reverse DNS is some modern technological miracle?
If it is, then I will be happy to give you some advise. As a number of people have already mentioned, keep it simple. With that keep it so it is easy for you to manage as well as easy for you to get support for. Sure you can save a ton of upfront cost putting some linux based solution in but I am a big fan of "you get what you pay for." So go with a supported solution.
Start with the back end and work your way forward. People knock Microsoft, but Windows SMB is pretty affordable. Just don't skimp on the hardware, get something scalable. Either way having centralized management of users and resources is key! It is much easier to build it now than to have to migrate to it later. I had a client that was running in full workgroup but had a server. The previous consultants never set them up on a domain, hell they didn't even have the OS they paid for installed on the server. So if you have the opportunity to build from the ground up, build it right!
As for the network, if it is not already wired, well you may want to consider running hard Cat 6 cabling. Hire someone to do it since they will do it properly. Also remember it costs the same in labor to run multiple runs to a location as it does a single run. So plan for expansion. Same goes for the network hardware. Do max a single switch with just what you need, make sure you have room to add more connections.
For the storage server, well where is this data stored now? Are we talking GBs of current data or TBs? Also you mentioned Archving, well how often will this archived material be needed? Will it be accessed frequently or maybe once a year? You can always move it to optical disc and store in a secure location. You could also store it on the web as well.
As for moving everything to "THE CLOUD" well sure, you can host your entire server infrastructure there. There are decent companies out there like Rackspace for hosting services. But if you are working with large media files then you may want to keep some things in-house. To back all this up, well you can go with online backup solutions. Check out reviews, but keep in mind that the initial upload could take days to almost weeks depending on your bandwidth and the size of your data. So you may want to look at some form of backup-to-disk and then run your online backup of those files.
But before you begin ordering and what not, work with the staff and figure out what your budget is. That will help you decided what you can build.
If you are not fresh out of school and this isn't your first job, well then I am with the rest of the guys, quit and let them hire someone who can do the job and please go back to Geek Squad!
Dewser - all around techy "In the immortal words of Socrates - 'I drank what?'"
If you want to completely abdicate responsability for it all than that's the way to go.
Then you can concentrate full time on keeping your internet connection working because you'll be screwed without it
You still have the same responsibility, whether the server is inhouse or hosted by Amazon. If misconfigured, and backups are not working properly, it's much easier to loose everything if hosted by Amazon, so don't think that nothing can go wrong. But if configured properly, it can work very nice. We use it at our office. We have four servers for database and webservers, plus ECB volumes for data. We backup everything every hour, each instance, keep daily backups for a month, keep montly backups for half a year, all backups on a server on a different continent. Because it's incremental it doesn't use much space. We download those backups to a local Centos server via rsync. So yes, we have a local server, but it's a $400 desktop running Linux with a terabyte disk.
If you need advice on how to setup an "infrastructure" for 20 users, perhaps you're not the right person for the job..
I'd say the easiest thing would be for the company to replace you with a kid fresh out of school. He'll have more experience.
S3 isnt the only option, and you dont need to have everything in the cloud to benefit from the lower costs and overhead... and there are options that will reduce your admin costs as well. The most important thing is to understand how people will use the solution... for an NGO you're probably relying on a lot of communication outside the firewall and would benefit from a SaaS model for storing documents and collaborating within the team and with other associations and stakeholders.
I'd point you to some of the more document-heavy enterprise social software suites... a lot of them can handle your public website and intranet as one solution. Sharepoint is overkill for 20 people, but there are some smaller options out there. I personally work for IGLOO Software (www.igloosoftware.com), which is definitely worth a look.
We use gmail for our company as well, and I have only recently hit the wall with it. I get a mew hundred MB of messages, and there is no method of deleting (or archiving) attachments off the system.
That's what IMAP is for.
Send me your contact information, and I'll work up a plan for you. I charge around $200.00 per hour, plus travel, meals, and housing if on-site work is required.
Your summary doesn't give us anywhere near enough information to plan. ...
Some additional information that would help
1) what is the estimated budget?
2) what sort of 'net connection do you have?
3) how much travel do your folks do?
4) what sort of tech-savvy do your folks have?
5) what is the building like?
6) any planned expansion?
7) what skillets do the it people have?
You're looking at a complete overhaul, expect to pay a lot to do it right.
If I were doing this, for a company of 20 people, i would expect to spend at least a week in place interviewing everybody to get a feel for what needs are before I even started to create a plan.
Seriously, send me your info, and all the info, I'll write up a proposal and price it out
I will not give in to the terrorists. I will not become fearful.
Wait for the follow up post in 6 months time - "I've inherited a IT mess from this college kid who was given a carte blanch to set it up and just screwed around on slashdot - what should I do? dump it all and start from scratch? the company is in Chapter 11"
That's why everyone on this ARPANET is raving crazy about its routing algorithm.
It's not actually complicated until you start deciding what you really need in an authentication system. The setup I eventually settled on with the group was not quite traditional, but does everything we need it to do. In addition, local nodes will cache all the credentials in the event of a network failure. This was the alternate to just building system accounts locally or just pushing a password file around. (Which doesn't meet contractual obligations).
In retrospect, none of it is entirely complex, but there was some effort into researching and putting the pieces together. The same goes for an asterix box to host telephony. It's not overly complex, but it does take some effort.
Now, it's not an awful idea and I have some grid based appliances in the field. I actually hate them with a passion because they break mysteriously. It might be fine for an organization who employees someone to sit on the phone with support all day, but I could literally replace it with a few certs for synchronization and vanilla applications.
Essentially, if you want someone to build an appliance that can be easily replaced with standard services then go for it. It wouldn't be a bad project and it might make a few dollars in support fees. However, be prepared to create stable and tested releases because the individuals who really need the appliance won't be able to fix it.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
Does this mash of symbols scare you?
root@tycho:~#
If it does, ask for boss for about $50k and start building a Windows infrastructure.
If those symbols don't scare you, you already know what you have to do...
In all seriousness though, the more you can integrate open source into your outfit, the better off you'll be. We use Linux in quite a few places, like:
OpenFiler for our NAS
Proxmox VE for most of our virtualization. When combined with OpenFiler on our NAS, we can instantly move VMs back and forth between VM hosts.
Ubuntu, Postfix, Spamassassin, and a few milters create a decent spam filtering gateway. It beats the crap out of anything we did in Exchange.
Another install of Ubuntu along with Shorewall makes for a great router/firewall. We used to use SonicWALL and were constantly telling customers "We have to buy a license for that" or even more frequently "It can't do that". In my opinion, Shorewall is a great balance between directly writing iptables rules and ease of configuration. Most people in IT can figure out how to open WinSCP, connect to the firewall, and then edit a text file whlie looking at the manual. If you need VPN access, just install OpenVPN, pptp, etc... Installing pptp is a bit of a pain, but it's much easier for the clients if they are running Windows at home. If all of that seems a bit daunting, try pfSense. They provide a great web interface and are pretty damn flexible. The only reason we don't use them is because we have some linux-specific management tools that don't work with the pfSense configuration system.
Yet another install of Ubuntu and Icinga let us monitor infrastructure for our larger 'small business' customers when they need it.
Most of our installs consist of a Windows Small Business Server or a Windows Standard server so we can join the workstations, create user accounts, and provide group policy for security and software installation. The rest is Linux.
There's no place like
Try to get this thought out of your mind. Place your web site with a reliable hosting company and free yourself of 99.999 percent uptime worries.
Other commenters have suggested you move everything to the cloud. This is a bad idea. But your web site? Should be a no brainer. Hosting it some place else is cheaper, more reliable and a whole lot faster.
I can't understand how one of the largest publicly owned companies like Google can trust all their data to the cloud. With all those farmers killing backbone cables daily, it's a miracle that their so-called "homepage" is even available for five minutes per week.
Why do you have to upgrade server hardware every year and a half? What about the expense of having enough bandwidth to handle that every growing media library he is talking about? That may take a lot of expensive upstream bandwidth which isn't exactly cheap.
This:
"thousands of big image and video files" + inhouse web server + local ISP (telco / cableco) slow uplink speed = flaky or failure-prone performance
Shared Hosting / VDS / CoLo (in increasing desirability) with fat pipes to a backbone segment is what you need for this.
GMail? Nothing wrong with that... as long as you don't mind all your internal memos being examined by data-mining software. [...]we know they actually do mine data.
How do we know this?...and which data?...and why does it matter? Obviously, Google tracks web search queries and monitors ad performance, but you seem to suggest that they are engaging in corporate espionage. Note that, even if they were doing this, it could not be considered data mining since data mining, by definition, is about the discovery patterns and trends, not specific facts.
Are you perhaps concerned about Google's AdSense reading your email in order to display relevant ads? You know, you can turn off all ads with a paid Apps account.
S3? Cool. Let's just put the video about our upcoming IPO on somebody else's servers, where others can have access to it.
First of all, corporate executives often pay a lot of money to make sure that their IPO publicity materials are seen by as many people as possible, so this was a horrible example.
More to the point, your argument seems to invalidate all forms of shared hosting by labelling them as unsecure, which is obviously absurd. No rational security policy in the world (except maybe military) requires you to actually own the hardware your data rests on. Nor do they require that your employees have direct access to said hardware. Most of them rightfully include language that restricts physical access by your employees.
While there may be some legitimate concerns about network connectivity, cost and data portability, everything that you're saying in this statement is just plain FUD.
I agree with much of what has already been stated here. You want to keep things as simple as possible while meeting the business needs of the customer.
The first step is to outline what those business needs are. What applications are they using? How much network traffic do they pass? What about their printing environment? Faxing? Are they using VOIP or video conferencing? What kind of downtime can they endure? If they want to keep all of this in house, are they prepared to build out a small data center type of area?
Then you need to understand their growth and their support capabilities. Can your solution scale to meet their needs in six months? Will they be able to cope if something goes south?
Also, what is your budget? They can ask for anything they want to, but if they don't give you the money to build it, you are done before you start.
Brand me a fanboy if you want, but Apple has a solution. Consider an OS X Server system (probably a Mac Pro) for your server. You gain:
- E-mail server, complete with good junk mail filtering.
- VPN server.
- Web Server, including really nice Wiki's.
- Calendar server.
- XMPP (Jabber) server.
- LDAP Address book server.
- The ability to manage OS X clients properly.
- File sharing
And more! Of course this likely means I'll recommend Apple desktops and laptops, there is a broad range to pick from and you should be able to find something for every price point and user.
Now, I'm sure people will jump all over me about the Apple tax and Linux can do it all better/cheaper whatever. Well, the fact of the matter is most of your end user machines will need to be Windows or Mac; linux on the desktop still isn't end user ready. Users will want their Microsoft office, and those are the two platforms on which you can get it. By going all Apple you get a supported solution, you get products tested to work together, and you get hardware you can take to your local Apple store when it breaks to get it fixed.
As far as laptops/desktops etc, I recommend talking to your users. Get people what they want/need, within reason. Generally folks who are at their desk all day vastly prefer a desktop, those who travel a lot a laptop. There are plenty of folks with a good enough mix where one of each can make sense. You're there to help them do their job, not pick some bit of hardware that makes their job harder.
S3... well no one is going to go looking through your data because no one cares about it. If it were actually important I would recommend encrypting before putting something in a public web store. In truth, you would likely be using EBS for data storage inside of Ec2 because S3 is ridiculously slow. Since EBS is a block device you just run it through a crypto loop when mounting.
Ec2 instances are accessible by the person who actually spins up the instance. It's built with a private key that no one has access too and again if the disks are a concern they should be encrypted as well. If a public instance is too much of a external risk there is a VPC environment which spins up instances that have only access to an an ipsec tunnel for network connectivity.
Gmail... well you are absolutely right.
Me, I wouldn't put most of my business in the cloud, but they are for real reasons. There are certainly types of processes that function perfectly in an elastic environment and can be profitable. However, none of the numbers have ever indicated it is cheaper then a traditional environment performing traditional work loads in high availability.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
Some elements I think might be worth looking at:
- Google Search Appliance can handle the multimedia and other file indexing.
- For desktops, unless you NEED laptops, the Mac Mini + a keyboard, mouse, and non-Apple monitor is a great choice. Runs OS X, Linux, or Windows.
- GMail for corporate email.
- For file, web, and database servers, Linux.
- Colocate your servers elsewhere and use VPN. No need to worry about scaling, fire suppression, security, etc.
- Possibly a local cache server, since you're doing multimedia.
- Buy servers, don't piece them together yourself. Get on-site support. Otherwise that's you.
- Tape backup sucks. Backup over the Internet to a backup server in a colo center somewhere else.
I know of several insurance companies across 5 counties that have been essentially using "the cloud" for a long time (before it ever was popular).
well, actually, they were using web based applications from either their parent offices or the actual provider to obtain rates and set up policies. It's the same thing as the cloud concept as all they needed to do it route to those select locations.
Anyways, I can count several times a year in which either their electricity, internet, or something along those lines upstream, has prevented the offices from doing anything productive for a day or more. And when speaking with one of the reps, this seems to be something of a common thing that they just accept.
The cloud doesn't make sense for small to medium businesses because the type of investment needed to ensure productivity and negate any of those issues is more then they would save (power generator, back up internet, and so on). When your business is placed in a situation where someone crashing into a telephone pole across town or some hilljack decided to dig a drainage ditch 10 miles away will shut down most all productivity, it's not a good thing. When your business is large enough that a work stoppage causes losses greater then the costs of maintaining a generator or having a separate and redundant internet routed differently then the other, then it makes sense.
You mean we should have equipment on site that the cloud was supposed to replace in order to have a backup business operation in case of emergency? Isn't that sort of redundantly redundant?
Dual topologies can be pretty hard an very expensive. I have been to sites in lots of little "industrial" parks around various cities and almost all the fiber an copper is run down one single conduit all the way down the street. These places also usually don't back up to anything but more empty land for future expansion so there is no other direction to bring in connectivity from. Yes you get multiple providers and such but if that one conduit gets taken out they are both gone.
Wireless is getting better these days. Cisco makes some routers that take cardbus cellular air cards. This is a good option in those situations. The monthly cost if you don't use it is affordable and its enough bandwidth to keep 20 people or so doing e-mail, and maybe very slow web browsing, if you traffic shape things carefully. Its not bad as the failover route.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
It's clear you don't know much so here's the easiest thing you can do:
Buy a NAS device with user authentication
Get a hosting account for $50 per year from any competitive hosting company
Buy Dell desktops with Home edition of windows
You've saved the company lots of money, made administration simple and users have what they asked for. However you've provided no backup, no core infrastructure, no real plan for handling growth. When they are ready to move onto a real network, call an IT Professional.
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
not sure if this is supposed to be funny.
in Google's case, they own the cloud they have all their data on.
the google homepage (gmail, etc) is replicated to several clusters for performance and protection from data loss.
this is the same for any large website
far better in terms of operating like a normal company with blackberries, etc.
How Smartphone Users See Each Other
His question begs more questions -- do his employees travel? Do they stream video? Do they do heavy processing? What OSes do their applications run best on? Can you virtualize OSes or will that overhead affect the heavy-duty nature of the applications? Do you have the know-how to build your own central authentication service using LDAP, Kerberos, etc? Or would you better served with an Active Directory? And would it make more sense to pay for Cloud-based AD from Microsoft rather than maintaining in-house servers? How much people-power do you have for IT?
You just have to know the right questions to ask, then your infrastructure defines itself.
+1 for sure. If you're in a 20 person shop, there's no reason to invest anything beyond the bare minimum into IT, particularly if you're a 501(c)(3)! Google Apps is free for non-profits. http://www.google.com/apps/intl/en/nonprofit/index.html You can even use Microsoft Outlook (via Google Apps Sync for MS Outlook) and BlackBerry devices (via Google Connector for BES) if so inclined. Google Video, part of the Google Apps suite, will take care of your video archives. Get a decent Active Directory or OpenLDAP server set up for authentication. Laptops are the way to go, especially if your folks need to be out in the field meeting with clients or donors. Desktops are irrelevant today except for hardware geeks and fixed function workstations. Don't run your own web server -- you can't scale anywhere as quickly as any hosting company can. Conclusion: building your own infrastructure makes no sense for your particular operation.
[...]
In general I'd stay away from Macs. They cost more per unit, and they are not good with business support. Their idea of support is generally "Take the system to a store, we'll look at it and get it back to you." Fine for a consumer, not for a business. For a business you want "I call you and a tech shows up tomorrow with all the parts to fix it." Only go with Macs if you have a real reason and if you can't think of one, then you don't have one.
[...]
Disclaimer: I have not worked with Macs since the days of MacOS 9.x, so take everything I say with a huge grain of salt, as what I know about Macs is seriously out of date.
It's true that Apple doesn't send techs out to your site to fix computers for you, but if you're at a smallish operation, there is going to be very little need for that kind of thing anyway (at least in my experience). Once that's out of the equation, the Macs may be more expensive up front, but fixing them is generally faster and easier than fixing Windows computers. (Mac aficionados insist that things go wrong less frequently on Macs, but at least during the 90s when I was supporting Macs, this was not the case for me, the advantage was that Macs took less time and effort to fix.)
The number one downside with Macs is that most organizations have legacy applications that won't run on anything other than Windows. If you are starting up an organization from scratch though, this is not a problem. If you need to develop any apps, you can choose to develop them for whatever platform you choose to buy.
On the plus side, Macs work great as computers for average cubicle monkeys: it runs Internet Explorer, and it runs Microsoft Office, which is all most cubicle monkeys need. Microsoft has done a really good job with making the Mac version of Office highly compatible with the Windows version. Even your macros will run just fine (provided none of them make OS-specific calls to external functions).
Another downside: in the 90s when I was supporting Macs, most office workers didn't know how to use any computer. Back then, Macs had an advantage as office computers, because it takes less time to train someone to use Macs than to train them to use Windows computers. Nowadays, however, most people already know how to use Windows, so Windows has the advantage in training costs.
Then there's the upside you already know about: malware. Despite the claims of Mac people, there is nothing about MacOS that is in any way inherently resistant to malware attacks. The main advantage is that very little malware is made to run on Macintoshes. "In the wild" outbreaks are so rare that you can get away with not installing any antivirus at all and install them only when you read about an actual outbreak on one of the tech blogs/news sites. Back in the 90s, this seemed to happen around once every 1.5 years.
From what I understand, modern Macs play much nicer on Windows networks, and vice versa, from when I was dealing with mixed Mac-Windows environments in the 90s.
I happen to think Macs are very competitive with Windows as office computers, but clearly inferior as home computers (since there are far fewer games and educational titles written for Macs), and I find the general perception of "Macs for home, Windows for the office" attitude to be perplexing.
Does this mean I think every IT department should go out and trade in their Windows computers for Macintoshes? Hell no. There's a reason I haven't used Macs in a very long time. However, if one were starting an office from scratch, I think it would be a mistake to dismiss Mac as a platform without thinking about it carefully first.
I'll make this as simple as possible. 1) Make sure you understand what exactly its is you need and how it relates to your core business. 2) Leased services and SaaS have their place but not for core business needs. Most commonly you are nothing more than a cash cow to a company that is now in control of your resources. 3) Build relationships. My best experiences have been with Dell, Time Warner Telecom, and Barracuda Networks. 4) If you have a mobile workforce then go laptops. 5) Sounds like 1 Server running ESXi and a NAS would suit you nicely.
The cloud makes sense when a small or medium sized business CAN'T afford the investment in top-notch reliability, availability, and security for their own in-house infrastructure. With the cloud, that RAS investment is spread across thousands of customers. The likelihood of a backhoe breaking a fiber optic line is lower than some malware or hardware failure deep sixing an in-house server in a typical SMB.
They can go to Starbucks for Wi-Fi. Or use their 3G cards. Or tether to their BlackBerry devices. Seriously, there's little excuse for keeping an SMB's stuff on-premise, least of all is the threat of some mythical backhoe.
Let's expand on this, what happens when they lose a lawsuit and all their assets are frozen and some judge thinks your data is part of their assets or order the servers to be shut down in order to prevent wear and tear and degradation of value? Or even worse yet, when the FBI (insert alternative evil government agency of any country) responds to someone's alleged wrong doings by busting into the server farm and taking the equipment for evidence?
Using someone else' equipment in a location not under your control does present a lot of potential problems with people not even connected to your establishment.
A 20 employee company ? They probably wont have anyone dedicated to do the administration/maintenance/repairs/upgrades/etc. ? Keep it simple: hire someone else to do it. Really. Too much hassle for such a small firm.
...a kiddie porn site?
- thousands of images and videos that need to be kept in-house (incriminating evidence?)
- they are starting from scratch(last site got shut down?)
- run by a small group of people who don't know what they are doing (convicts?)
- no existing hardware to work with (evidence seized in previous raid?)
Media server? How about S3. Web server? How about EC2. Seriously, why spend time and $ on procuring, powering, cooling, backing up, and upgrading all that gear? Give everyone a laptop and a gmail account. Put the rest in a public cloud.
If privacy is a concern, and cloud is no option I would Implement Ubuntu Enterprise Server File / Mail / Print Server. Extra Backup in form of Barracuda Backup service for more info you could check www.barracudanetworks.nl or www.barracuda.com
for a 20 person shop, a single or dual (redundant) virtualized system can certainly host any app your business needs, including e-mail, fileserver, databases, applications, web, whatever... You can buy a couple of nice servers with lots of memory, a nice Drobo box or similar NAS for storage and a couple basic licenses for VMWare vSphere (or even go with a free alternative). That would give you enough horsepower to run a business on and scale to meet any modest growth...
Buy a third box and setup a test/dev environment too. You can test patches and updates and roll out new technology without impacting production. You can get your hands dirty with the technology in the test environment and learn a few things while your at it..
"There *IS* no patch for stupidity" -www.sqlsecurity.com
Amen to that.
-kgj
For some people it is. Especially a small operation.
Since when is "farming shit out to some website" known as "the cloud"?
Talk about marketing bullshit.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Amazon and Google going "belly up". You REALLY have other things to worry about that have a much higher probability of actually happening.
Of course, a business would not use the free advertising supported GMail. Instead, you would use Google Apps for Business, which provides encrypted email with no advertising, lots of space, ability to cache email when off-line, 99.9% uptime guarantee, etc. I think it costs about $50/year per user, which is far less than the cost of staff time. Many small and large companies now do this. The major problem for an NGO might be that they have to work in some countries that don't allow certain types of data to be stored off-site in other countries, and I don't know if Google provides any way to handle this.
My only real problem with answering this post is that I generally charge $200 or so an hour for this sort of thing as well (not unlike spikevodka and others who responded). The problem is that if you don't already know the answers to the questions you post, you are (no offense intended) a poor choice for the person to put all of this together. I, like many others on the list, got the experience needed to answer it well and correctly and efficiently over 24 years of work as a sysadmin and general computer person. That means that I have enough experience to not to try to answer your questions based on the limited description you gave of the task. There are too many unanswered questions, and the answers to those questions make a huge difference to the best/cheapest most robust and scalable solution.
The biggest question isn't the services -- those are trivial to provide in many ways, most of them very inexpensively these days. It is the software. For starters is there any mission critical software package that only runs on architecture X that absolutely must be on everybody's desktop? For example, you mention many videos -- does this mean that you do things with graphical image editing and (perhaps) absolutely require some particular package that only runs on Windows clients or Mac clients? And so on.
As far as the services per se are concerned, my own inclination -- based on the limited description you've given -- would be to set up a small rackmount multiprocessor server stack -- probably (for only 20 employees) only two physical boxes. I would run Linux as the toplevel OS on those servers, and virtualize all other specific services both for failover and security reasons. If the software stack required for a typical desktop is just a browser, office suite, email client (that might also be the browser) and a few simple utilities I'd be very inclined to make the desktop clients boilerplate Linux boxes automagically installed via e.g. kickstart or any other automated tool, but once again one has decision forks when one considers the possibility that some people will want laptops (that have to be able to stand alone), other people will need desktops that are centrally managed and carefully defended, a few people may insist on Macs, others may whine if their system doesn't run Windoze of some sort..
Ultimately, as you can already see, working out the details of this sort of thing is where I very much earn at least midlevel consulting fees ($200/hour isn't really high end) when I do this professionally. I've got direct experience with all of this -- I've set up servers (virtualized and otherwise) since 1986, I've worked with many major architectures and made them play at least moderately happily together, I understand networking in quite a bit of detail and I understand network and computer security. How can I, how can anyone, tell you all of the questions to ask, all of the decision points you should consider? You'd have to become a chela and work under my supervision for a year or two before you even started to be competent to work through all of this on your own...
rgb
Even when the experts all agree, they may well be mistaken. --- Bertrand Russell.
Searching encrypted data, however, _is_ rocket science.
I don't think you understand what sarcasm is; it doesn't matter whether what you are implying is true, it's that you are doing the implying by claiming preference for the opposite of what you actually prefer.
"... it could not be considered data mining since data mining, by definition, is about the discovery patterns and trends, not specific facts."
That's a pretty recent version of the definition. If you prefer I use the term "snooping", fine. However, even given your definition of "mining", it is now known that significant personal and business information can be inferred from mining. It isn't as impersonal as just a few statistics might imply.
And how do we know this? From information leaks that have in fact happened, and from statements by Google themselves. They have made announcements about how people should not fear because they "impersonalize" the data, but as I have already mentioned we know this is not sufficient to actually safeguard personal information... or business secrets. There has been a great deal of writing about this in the last few years. Where have you been?
And if you want evidence that Google is not always 100% honest about what it does, look here. I admit that this is not directly applicable to the subject at hand, but if they are less than honest in one aspect of their business, it is reasonable to presume that they are less than honest in other areas as well.
"First of all, corporate executives often pay a lot of money to make sure that their IPO publicity materials are seen by as many people as possible, so this was a horrible example."
I was not referring to "publicity materials", so this was a horrible assumption.
"No rational security policy in the world (except maybe military) requires you to actually own the hardware your data rests on."
This is a completely ridiculous statement. I have not worked for a company in the last 20 years, large or small, that did not have such a policy. Where did you come up with this idea? To be more specific: company data could only be on "company computers", whether they were owned or leased. The exception being an employee's own computer, if it was being used for work.
I will agree with you about the physical access part. But that's a separate issue. Most companies I worked for have had strict policies about physical access.
"While there may be some legitimate concerns about network connectivity, cost and data portability, everything that you're saying in this statement is just plain FUD."
Evidence, please? When somebody calls "bullshit", it is traditional to present some kind of real basis for saying so.
Lol.. There is no technical difference between the two from a user perspective. It's essentially the same, hosted applications and data. The same pitfalls apply outside of the supposed redundancy of the images which seemed to fail miserably when Amazon had those issues a year or so ago.
The reasons are real enough. A small (non-tech) company is not likely to implement encryption on its storage. As far as S3 is concerned, I believe the consensus is that they are doing data mining. As mentioned in another post, it is now known that data mining, even when "personal information" is stripped out, still results in data from which personal and business details can be inferred. This is hardly imagination; it has been done. The famous AOL data dump is a case in point.
And what would you do if the same farmer plows through your phone line? It depends on your buissnes, but I bet most companys wouldn't be able to work without phone either.
OTOH, with all your stuff in the cloud, people could work from home for a few days and at least get 80% of the work done.
What would you do if your local server would crash?
you said your NGO is around 20 people..... thats about the number of people you need to guarantee IT maintenance, internal helpdesk, 24/7 support, emergency standby, virus scanner updates...
Yes, server downtime IS a external risk when you move IT to the cloud. But until you can throw as much people as Google or Amazon at server maintenance, server downtime is MUCH MORE likely to happen to your local servers.
bickerdyke
I would not recommend cloud as you have no guarantee or insurance for availability and safety of service and data. :-)
For authentication Win2008R2 is OK and you can put desktops on domain as well install Exchange with full outlooks on desktops. For network infrastructure like web, dns, dhcp, openvpn, svn, monitoring etc just use plain Centos with webmin.
For large files storage there is openfiler with xfs filesystem. On openfiler you can install apache, webdav etc to access those files.
Use xen if those servers won't have too much load.
Finally opmanager is free and easy monitoring.
Hp dl servers are okay, even supporting remote KVM, but laptops only from dell.
For network switches buy only those which are high performance and relatively cheap. Slow and expensive ciscos are the worst.
Wire everything up properly including ups, management ports etc and you are the master
Free or not, advertising or not, is not the point. Tell me this: regardless of encryption during transport (which is not terribly relevant to the issue), does Google Apps come with a guarantee that your data is 100% private and not being mined? If so, I will remove my objection.
+1 insightful
too bad this is posted as AC
bickerdyke
3) Cloud services are dependent upon connectivity. Which do you trust more: no link failure in thousands of miles of cables, fiber, and networking equipment, -or- the volatility of your local network and attached storage systems?
In general: the thousand miles of cables that are meshed up for redundancy.
bickerdyke
fixing them is generally faster and easier than fixing Windows computers.
Care to back this up with something more meaningful or is it just "In my experience..."? I call major bullshit on this one.
Well, let's not even worry about that...
We use notebooks and docks at work to facilitate business continuity; take your NB home each night. We have VPN access to the network, so if the building goes down (we had a power failure a month ago) you are either at home or at some other place, VPN'd in and getting some work done. Dragging them to meetings to show of your latest deck is also desirable. If you have a need for continuity, this might help a lot.
Before you think much about the cloud, get some legal advice on how you can use shared services and the legal implications of not actually having your data onsite. as an NGO, you may have data that doesn't actually belong to you, or other agencies that want a say in what your data security looks like.
And your web server is best off somewhere that can manage DDOS attacks, intrusion prevention and detection, resilient links, and backup/restore/recovery. Do you NEED to take on web services for a public site? Now if this is a service for your business needs, think over the data location needs again and all the access problems. You will be getting into the VPN/access/firewalling stuff also.
Otherwise, your best investment will be documentation. Document EVERYTHING! It sucks, and you won't like it until you need it. Then your boss will appreciate your thoroughness, and see a potential disaster as an example of the process working as intended. Bear in mind you will need to scratch out the time to document from the limited time you will have to do all that is needed. Good luck.
deleting the extra space after periods so i can stay relevant, yeah.
To clarify this point, re: company computers:
Virtually every company I have worked for since 1990 has had a policy stating that confidential company information (which includes memos, reports, emails, etc.) remain on in-house company computers, or employee-owned computers if they were used for work, and nowhere else. Email was invariably hosted on a company-owned (or leased, but in-house) server. If you want to call that "irrational" policy, then be my guest.
I've admined SuperMicro, Dell, and HP at this point and would strongly recommend a second hand HP. Lots of parts availability, *excellent* management software, while the servers themselves are practically ready to run with all kinds of redundancy. Cheap supermicro doesn't work out to be low-cost.
Serversupply.com has tons of second-hand Proliants. You'll pay more than Craigslist, but less than new. Unless you *really* need tons of cpu horsepower, make sure the server has gigabit ethernet and Bob's yer Uncle. Get an old HP ultra320 SCSI storage array and load it up with 75+ GB drives for your storage. Yer bottleneck is always the network. Dead simple, cheap and reliable.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Seconding this, just because it's an interesting take on managing a company's needs...it'd probably still be a good idea to have a local box for login/email [if not using gmail] so you don't have to worry about lag over the WAN.
The cost benefit of doing something like this could be pretty big, especially if the small company is looking for a highly redundant, highly available, highly scalable solution, and they don't have anything in place already. If you built something similar in-house, you'd need a dedicated room with proper cooling (and possibly need it to be secured), racks, a UPS system, at least three servers (login/email [again, if not using gmail] on one box, storage on the 2nd box, web on another [especially if it's externally facing]), and a tape backup. This isn't factoring in any of the software needed to run it, any off-site backups (always a good idea), or any WAN requirements of on-site servers versus running almost everything in the cloud. Skimping on anything here means that you're going to have a ghetto setup, which is bad for everyone.
I'm wondering if the person asking the question has any idea what the client wants, though....why would you even consider thin clients if you've already put forth desktops/laptops as an option? It just seems like there's not a firm grip on what the client applications are going to be (or, if they do know what apps will be ran, that they don't have a firm grip on building out IT infrastructure.) Are the users ever going to be working from home? Are they only going to be using the web/word processors/console apps all day long, which would mean thin clients could be an okay solution? Do they need a lot of cheap computing power at their desk, but no need for mobility?
If you're doing email in-house, and using voip...as terrible as I feel about suggesting it, Microsoft Exchange and OCS tie in together rather nicely, and could handle your VoIP needs. Unfortunately, I don't have experience setting these products up versus setting up a free OSS alternative (asterisk/jabber), so I can't say which would be easier to build/support.
Regardless, the first thing to do is find out what the heck your client will be doing with their hardware, if they ever want to expand, and what your budget is. Then you can choose the right hardware for the job. Otherwise, you're just asking a question that's way too generic, and could be solved in a myriad of ways.
More to the point, your argument seems to invalidate all forms of shared hosting by labelling them as unsecure, which is obviously absurd.
It's not absurd. Or exactly as absurs as labelling shared hosting as secure.
Contrary to owned infrastructure, you can't control the security of a shared hosting provider. It boils down to a matter of trust. And would you actually trust a guy who askes questions like this to create (and maintain!) better security than a shared hoster with a compoter security team twice the size of his complete company?
bickerdyke
C'm on, people, this cannot be a serious question!
Wow, the suggestions here are bad.
Call HP buy a Proliant DL350 G6 with a Xeon and 16Gb of memory/5x 146Gb 10K SAS drives @R5/Advanced iLO License.
Buy Windows 2008 SBS with 20 CAL's
Buy a UCC cert from Entrust for your exchange server
Buy a LTO-3 Tape drive with Backup Exec 2010 SBS
Buy a Cisco SOHO or Sonicwall SOHO firewall
A Switch that works for your needs, may just need a HP 48 Port 1Gb unmanaged
Don't listen to these guys, half of them have never managed a network and have no idea what they are doing. They are going to get your into trouble with building your own server and this open source BS that they are pushing.
I am still surprised that there is no popular "appliance" type server for this purpose: something that supports file, print, authentication, accounting, and phone system out of the box
There is (though popular is debatable), if you disregard your "phone system" requirement: IBM's Lotus Foundations. It's built with SuSE Studio, so you might be able to add install Asterisk on the same machine (depends on the support contract, I guess).
Go extra fancy and allow for painless mirroring and snapshot backups with a second (and third) unit if desired. It seems like at this point in time it shouldn't be that hard to do...
I suggest you look at Platespin Protect with Open Enterprise Server. For the hardware component, take a look at Platespin Forge.
Wait a minute. I'm a manager, and I've been reading a lot of case studies and watching a lot of webcasts about The Cloud. Based on all of this glorious marketing literature, I, as a manager, have absolutely no reason to doubt the safety of any data put in The Cloud.
The case studies all use words like "secure", "MD5", "RSS feeds" and "encryption" to describe the security of The Cloud. I don't know about you, but that sounds damn secure to me! Some Clouds even use SSL and HTTP. That's rock solid in my book.
And don't forget that you have to use Web Services to access The Cloud. Nothing is more secure than SOA and Web Services, with the exception of perhaps SaaS. But I think that Cloud Services 2.0 will combine the tiers into an MVC-compliant stack that uses SaaS to increase the security and partitioning of the data.
My main concern isn't with the security of The Cloud, but rather with getting my Indian team to learn all about it so we can deploy some first-generation The Cloud applications and Web Services to provide the ultimate platform upon which we can layer our business intelligence and reporting, because there are still a few verticals that we need to leverage before we can move to The Cloud 2.0.
http://www.google.com/nonprofits/
http://www.google.com/nonprofits/allproducts.html
From:
http://www.google.com/nonprofits/operations.html
"Using Google Apps saved us tens of thousands of dollars and enabled us to get off the ground really quickly at a time when it was difficult to start a nonprofit."
I have no personal experience with it myself (yet), but I've been looking into it for a small nonprofit.
A 501(c)3 organization gets various extra freebies as Google Apps:
http://en.wikipedia.org/wiki/Google_Apps
"Education Edition same as Premier Edition except for:
* Free for "accredited not-for-profit 501(c)(3) entities 3,000 users, K-12 schools, colleges, and universities""
It's also an ethical tradeoff between feeding the centralization beast (making privacy invasion easier) versus helping an organization have a stronger community and focus more on its mission which is good for society and democracy.
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Dear lord, I sure hope you don't work in any sort of a management position.
Even in just the computing sector, large and well-established companies have unexpectedly failed in the past. Hell, they don't even have to fail, or even declare bankruptcy. Often just a short bad spell will cause them to "restructure", and shut down large portions of their operations with little to no warning to their customers.
The most important lesson to learn from the rise of the Cloud is to virtualize. Even if they decide to keep their servers in house, they should virtualize to make full use of their hardware while providing some extra layers of security and ease of use. Of course, modern operating systems provide a time sharing model, but they are not so great with separation of concerns. Virtualization solves both issues at the same time, for a secure (assuming you don't leave any holes in the client operating system prototypes), modular, easy to test and deploy solution. Just make sure your prototype systems are closed up, up-to-date, etc.
For example, my "IT infrastructure" consists of a crappy little router, a desktop I built, and dozens of nearly identical virtual machines running the software I need. One is a mail server. Another is a DHCP server. Another is a software development machine. Another is an internal documentation/wiki server. I can migrate to better hardware when I need to. (I am taking care of backing up, just in case -- and I have made sure the backups work). I can clone machines by typing a "clone" command. I can script adding clones to my DHCP server by MAC address. And so on. The Cloud makes most of this easier, to be sure. But not all of it.
After all, I am strangely colored.
And don't trust those banks. They look at every transaction you make!
Hire outside accountants to do your taxes? Are you kidding me?
Seriously, if you are a small business, there is no need to do most of your own IT. Read over Google Apps (or Amazon or whoever's) service level agreement and privacy agreements. For most companies, the privacy and availability offered is okay. As for being dependent upon a network connection, you are in the 21st century and will be dependent on network connections. If you need it offline, use things like IMAP
I did exactly this when building out my recent company. Google mail service is fairly good, but hosted exchange is far better in terms of operating like a normal company with blackberries, etc. We outsource our web serving also. We basically have a fileserver and a pair of ADS boxes for inside services, and a redundant Internet connection.
Why can't you just use a Google apps connector to Blackberry enterprise server and save yourself some money (Assuming you only care about using blackberries for contact and calendar sync, because you can access email anyways). If it is a small company, you may just use Google Sync for Blackberry. Can't see the need for Exchange in either case
What's under yellowstone?
Zentyal is: Active directory Automatic failover Backup Centralized management Certification authority DHCP DNS Dashboard Filtering Firewall Groupware HTTP proxy IM Infrastructure Intrusion detection system LDAP replication Load balancing Mail server Monitoring Multi-gateway support NAT NTP Network Open Source Reporting Resource sharing Routing / Router Server Small business Traffic rate Traffic shaping Users and groups VLAN VPN VoIP Web server Workgroup
Zentyal (A.K.A. eBox)
Put identity in the browser.
What I've found the least hassle is to buy Dell hardware (I usually go for in-warranty used equipment from reputable eBays resellers), and run the latest LTS version of Ubuntu (currently 10.04). For instances when they need to run something that is windows only I first try the 'wine' emulator, and if that fails I resort to a licensed windows install on virtualbox running on an ubuntu server (this is usually to support some windows only hardware, like shared printers, etc.). Been working great so far with several small businesses now running on this setup.
You make a great point. If I am hiring someone to achieve a goal for me, the absolute last thing I want them to do is research the possibilities and find out what experiences and approaches others have taken in the past. I want someone like the people posting in this sub-thread. I want the kind of person who knows that research and due diligence are a complete waste of time. I mean what is there to know? Just do it, and worry about what "it" is, and whether the approach was a good idea later, after you've done the first 90% and it is time to do the other 90%.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Like you almost said in the end.. research some managed service providers (MSPs) and outsource your IT staffing/infrastructure/planning needs to them :)
Because you don't want to upgrade your entire infrastructure every 3 years - you do half now, the other half in 18 months, the first half in 36 months, and so on. Most servers are depreciated on a 3 year schedule, scheduling upgrades every ~18 months allows you to achieve some level of stability without tossing it all out the window at the end of your cycle.
As far as "having enough bandwidth", that's why you do analysis: compare costs of your current bandwidth needs & expected growth with the cost of buying, implementing, and supporting your own infrastructure. He does not say that they are constantly streaming this video library, just that they have a very large one. It's very possible that there is very little active, continuous streaming that would soak up huge amounts of bandwidth.
Get a nice i7 pc or server with a UPS, 12-16 gb RAM, a small hard disk for booting/OS and 4 hard disks for RAID 10 storage (or RAID 5 even), which the motherboard should provide directly. Put the free version of the XEN virtualizer on it. Install some VM's you can get preconfigured from Turnkey, Bitnami or Jumpbox or make yourself. Donwload an OpenFiler VM to use as a NAS for all your file needs, including storing the VM's. One VM could have a Liferay installation for a quick intranet. Another could have Postgress or MySQL, depending on your preferences, if you need a DB. For the employees, I agree that Macs are a good investment with low maintenance compared to Windows. Just not dealing with viruses or AV software will make your lives much easier! If you can get discounted second-hand Macs, they are a good setup. You COULD perhaps have a $1000 Mac Mini Server with all the sw you need, and use the Pages/Numbers software on the Macs instead of Office (no extra price). As an alternative, get semi-decent clones and use Ubuntu Linux on them, they are pretty close to Windows. Make sure eveyone knows how to print to PDF, send those files to clients instead of the original non-Word files and the formatting will go through ok. Configure the PC's to store the users documents in OpenFiler. If they don't have large files (or you pay for the additional storage, like $10/user/month) and wish to be able to work from home, rather than laptops get them DropBox accounts. By the time they get home, they can open the files on their home pc's AND have offsite backup. Don't bother with LDAP or AD. Host the company webserver at an ISP for a couple of bucks per month, as well as a mail server. The advantage of using XEN is that you can make any additional servers needed at the office easily without messing with existing servers or buying more hardware for a while. If the hardware died it's simple to put in a new server and run the images on it, without reinstalling or even restoring from backup. Ditto if you need to move to a larger server later on or want redundancy.
fixing them is generally faster and easier than fixing Windows computers. Care to back this up with something more meaningful or is it just "In my experience..."? I call major bullshit on this one.
Gonna take a stab at this one -- There's no registry :)
The malware thing is nice too, most of my calls are windows malware for the desktop, not so much dead PSU or dead hard drive. Sometimes the profiles drop out and people save stuff to the local temp profile. Most of my Mac calls are "How do I get on the network?" and not really anything broken. Of course my situation is like 100 Windows/75 linux/15 mac.
Imap in gmail makes things worse; 'deleted' is a label and not a folder. POP would actually work better if access from a single desktop was the only requirement. Every two weeks, I have to go into the web interface to try and find messages where I manually removed the attachments... The original message doesn't get deleted.
I am surprised Google got that thing so wrong. Fetchmail to the rescue?
In my experience, it's exponentially more likely for an internal network to be hacked than it is for Google/Amazon to have a major security breakdown or intrusion themselves (which has, as far as I know, never happened).
Google mines data so that they can display ads, not so they can learn your company's secrets. And, let's be honest. Unless you're sitting on the Cure For Cancer, Google or the Black Hat crowd probably don't care about your IPO.
-- If you try to fail and succeed, which have you done? - Uli's moose
Good recommendations, but what I am challenged by is the fact that every company starting out has the same needs. A single 'box' that you unpack and plug in is what you are looking for. Something that even breaks out security logic for various typical organization structures...
An install isn't the answer. I think the IBM package is flawed in that it has an antiquated collaboration model... But I haven't checked it out recently.
Small business owners want someone painless tomstart out with... That even gives them a directory structure for the file server. They are decisions that take time and add no value to their critical initial phase.
I don't think even has a solution tailored to start-ups..
What works:
Starting at the top, try Untangle as a Firewall, VPN and overall gatekeeper.
Then Alfresco ( free version ) for document management.
For Email try the QMail Toaster, but upgrade the Webmail client to Roundcube.
Set up a Linux server with Samba, LDAP, and whatever else you need for internal stuff.
Set up a Linux server with Apache, PHP and whatever DB; MySQL, Firebird, Postgresql.
Get 2 SuperMicro servers with 8 core and 16G RAM and Raid 1 - get as much HDD as you need,
and load a VM system such as VMware or Xen, and run all the above as separate images, and
use then in a redundant manner. eg 2 images per server and backup to the other.
All the above should cost you US6k or thereabouts.
Most important do the hard yards to learn about each package as you go along.
re laptops, yes. But make sure you get 3 year warranties, and staff have good connections at home. Or lease them.
Productivity will go through the roof.
Missing accounting, but if you install it on a box, you have something useful.
Fortunately, they're both publicly-traded companies who are required by law to disclose their financials. Google and Amazon are both doing fine, and wouldn't simply pull the plug on any of their managed services if they wanted to retain any of their customers in the future, no matter how bad their financial situation might get.
You'd be better off writing a contingency plan for what your business will do if a plague of locusts arrives, or if the US is invaded by Zimbabwe. The idea of Google or Amazon going belly-up with no warning is completely and totally outlandish. You cannot control for every variable -- you're best off focusing on your most likely, and most easily manageable sources of failure.
Managers need to let go of their "control freak" mentality. More often than not, it hurts the people that they are supposed to be managing, and does nothing to improve productivity. (See Also: Lotus Notes. It's infinitely customizable, so there's really no limit to how bad it can get.)
-- If you try to fail and succeed, which have you done? - Uli's moose
For most business scenarios, I would suggest that it is rarely a good idea to roll your own system.
It might work out if you are very savvy, have a local store for components or over-purchase for spares, are planning to stick around as a consistent technical resource rather than touch and go, and you don't anticipate a heavy workload precluding you from tedious debug efforts.
If you go out to newegg for your parts, then don't build your own. You'll either get unacceptable downtime waiting for replacement parts or have to buy replacement parts just in case. The big brands take advantage of economies of scale and have ample spare parts to dispatch relatively quickly at no extra charge. As a builder of systems for the home, I know the warranties on the parts are no where near acceptable for business continuity (always a huge effort to try to get warranty replacement).
Additionally, with an IBM, Dell, HP, or Lenovo system, you can generally get a field technician out to do tedious debug when the system fails in a non-obvious way.
It's not that much more to buy a total system, you have an extra amount of resource behind it, and if all else fails, you can generally still service them like a home-built system (at the cost of compromised warranty).
XML is like violence. If it doesn't solve the problem, use more.
If you have to ask it on /. then you're not qualified to handle it.....
Seriously, if you are asking these questions, you are not the man for the job.
Do the right thing for your client and yourself. Hire a professional who has done this sort of thing many, many times before. Most will not have a problem explaining why they recommend this or that. If this type of thing interests you, hire someone that will let you watch or even assist. You will learn a lot, and your client will get the systems they need.
PS - Forget about hosting the webserver locally. It is a dumb idea.
-Lod
Cheaper than Microsoft, Support from the vendor and it does everything you need, email, collaboration, messaging, security, and VPN. The latest running on Suse Linux called OES2 SP2 is amazing. AND it comes with free virtualization in the form of XEN. Not to forget the best Directory structure, eDirectory (8.8.6 is current)
~corporate tool, but employed~
MS Small Business Server, Dell servers & desktops with 3 year Pro support. Dell Openmanage software to look after. Trend Micro managed security. Look at MS new media server for all those videos. Storage, web, remote connection, email and backup - all together and manageable for a reasonable cost.
Use a professional to setup and configure from the start - if you don't have the skill, don't do it yourself! Just makes it harder for the pro to fix later. You do day to day admin from your desk or remotely.
i would wholeheartedly agree with this ... put as much as possible on the cloud. if you have to buy and place a server on your premises, there must be an iron-clad reason to do so, because the default should be the cloud. and dont be put off my reasons like data safety and data security -- data is more safe with a reputed cloud vendor jwith a professionally managed data centre than it is with a 20-employee NGO with a single ill-paid sysadm ( just as money is safer with a bank than under the mattress at home )
Insight into much, Influence over nothing !
My friend and I set up a small linux network with accounts and space on the server that lets anyone use any machine and have all data in one place for easy backups. I started writing up a guide for replicating the setup at www.benamy.info/guides/setting-up-a-small-linux-network. Even though it's incomplete and doesn't cover all of your requirements, it may be useful.
If you're buying Macs, buy refurb macs. They're just as reliable, and a lot cheaper, than new macs. Plus since they tend to be last-gen, all the kinks have been ironed out of them...or at least the workarounds are all known.
Where I work 90% of client machines are Macs, and support (when needed) only deals with the other 10% that's Windows (accounting, CEO). Internal IT doesn't do a lot with Macs, because the Macs don't have issues. Backend infrastructure is mainly Linux (Ubuntu on Dell).
Right. Tell us when someone succeeds like Google, while outsourcing all of their industrial data needs to some cloud vendor that isn't an internal department or subsidiary under full corporate control.
There's the cloud as in best practices for distributed systems and then there's the cloud as in be a good consumer and shut up.
Ticonderoga now has a cloud pencil service? Who knew?!
But seriously, part of any good security plan is business continuity in the event of disaster, such as a widespread multiday power outage. For a lot of places that means closing the doors for a while, but some industries (eg healthcare) can't count on that option. Paper recordkeeping is a very robust interim solution.
Assuming you remember to print out your emergency procedures and forms before the power goes out...
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
Virtualization has matured enough at this point to where it is feasible to consider making the user's primary user instance a virtual machine. The user's secondary instance is a conduit/interface to the user's primary instance. In effect, this is "back to the future" to the mainframe school of thinking. Ironically, the change in not because the user's local PCs are not capable of performing the necessary computations, but because the data is better managed in a controlled environment; in this case, a data center. The "high priesthood" of data management is set to make a comeback.
I'm in a similar position at an NGO, except that we have offices in 4 other countries with 20 or more people each.
Here's what worked for us, your results may vary:
New desktops: should it be laptops (with dockingstations), regular desktop machines or thin clients?
Laptops. We are frequently traveling, often to areas with little to no internet access, and being able to bring your data with you is a good thing. Mostly Macbooks, as they are reliable, easy to use, and integrate well with the rest of our systems.
Servers: We need a server for authentication and user management.
We use Zimbra for authentication and user management. It also serves our email - IMAP and SMTP, shared calendars and task lists - synchronized over calDAV, and a web-based interface to all of the above.
We also need an internal media server
Each office has an internal Linux server running Samba, authenticating over LDAP to Zimbra. Works equally well with Mac and Windows clients.
Finally we would like to have our web server in house.
Are you sure about that? Do you have the bandwidth and a reliable enough connection? We went with a dedicated server hosted somewhere with multiple redundant connections.
feel free to comment on anything important not on the list.
Email and collaboration software?
Again we use Zimbra, and it integrates remarkably well with iCal on Mail on the Macs. Windows users can use Thunderbird + Lightning or the Zimbra desktop client.
Printing?
We run CUPS on the Linux server, so the Macs pick up the shared printers automatically. Windows users can print over Samba with click to install drivers.
All that we see or seem is but a dream within a dream.
Go with a Hardware Firewall / VPN device from Cisco for the external connection If you web server is for the external world go with a Linux based system with Apache if its for a internal intranet setup go with IIS which is placed behind the External hardware firewall. A second internal hardware firewall to separate the internal network from the Web Server. While a Single server can handle almost everything your looking for with such a small company I would advise not putting all your eggs in one basket. Go with cheaper servers and multiple servers vs 1 or 2 large powerful servers. Server 1 a File and Print Server with a Raid 5 disk setup. Server 2 Antivirus Server / Deployment Service / Microsoft ISA Server / Certificate Server Server 3 DNS / Active Directory / DHCP / Exchange Server Primary Server 4 DNS / Active Directory / DHCP / Exchange Server Secondary Server 5 Door Access / Security Camera Control (if you have either) Otherwise skip this. Server 6 SQL Server, Application Server and BES if you use Blackberry's, You will want a DAT backup drive for the file server with daily backups. If its a public company you will need 8 weeks worth of daily backup tapes plus monthly backup tapes for 7 years and yearly tapes for 7 years worth of backups to meet SOX compliance. In Active directly do both a Global Group and domain local group for each shared resource. Put people into users in the Global group and attach the Global group to the domain local group which is applied to the actual resources in the file server. Make heavy use of groups to resources vs assigning people directly to folders. Hardware use Dell Desktops, not laptops for the office. Set internal resource asset numbers in the bios, lock out front USB ports and set the bios to only boot from hard drive. Use a good bios password. I prefer Windows XP to Windows Vista and 7 for a business setup. Unless your using any software that requires Windows 7 stick with XP and make sure all users are regular users with no admin privileges. Any programs that require admin users can usually be fixed with a registry change or a rights change on its folders. You will want to create a batch file to secure machines, set logging options to be longer then defaults and remove local admin accounts. I like Trend Office scan over SAV but both are good for central management. KIX is a good login script program with AD for setting up auto mounts of drives based on what groups the user belongs to in AD Force complex passwords and rotation. Make heavy use of Group Policies to secure machines. Use Cat 6 cables if your redoing all your cabling as well and put in at least 2 ports at each work station. Avoid wireless but if you want to use wireless use a internal office setup on radious authentication Use GB port layer 3 switches and activate 802.1x network authentication. Physical protection of servers and networking equipment important to make sure you pad lock all networking points and all hardware to prevent access to ports on back and internal guts. Use large multifunction copier vs personal printers, page per cost is way cheaper. It adds up quickly. Make sure it supports secure print so HR and other confidential users can print secure. Setup all devices with passwords to prevent users from messing things up. UPS battery backup for all the servers and network equipment. Keep a few laptops on hand with encryption as loaner machines so if users need to work from home they can VPN into there work station. Data should never leave the actual business. Never allow work on a laptop since data can get lost or stolen. Set the users home directory to be on the server as a shared drive and lock out there ability to write on any part of the local C drives to prevent users from saving important files on the desktop which wont be backed up unless you use roaming profiles. Using group policies users should be allowed to restart a machine but not shut it down. Virus scan should be nightly with a deep scan once a week. Use a off site company like Iron Mountain to do the offsite tape s
Use standards for everything you can. Don't use some product because some propreietry feature is a must-have, or you'll be locked in to that vendor for ever, and if they go away, then you're stuck. And dont just go with what one company calls their "standard", but something that is common and interoperates between vendors.
Design your corporate network with some level of security; know your risks, compromise to make things work smoothly for staff, but understand the compromise. Give people the "least surprise" when having to get on your WiFI, use your printers, etc.
I think a core is to get some central authentiation. Look at LDAP. Then look at using that LDAP data for building an authenticated Wiki. Consider using radius fed from LDAP to secure your ethernet ports (802.1x) - so get a managed switch that supprots that. Its a standard, so you dont HAVE to go for Cisco - I had a lot of joy with the now very old DLink business class gigabit swiches (GDS3224 I think they were) - but don't use propriatry stacking as you'd be stuck to always using that switch/firmware - use LACP and MSTP.
Encourage yourself to have an always-accurate LDAP. Make an internal directory that is auto populated with all relevent fields from LDAP. Extend your LDAP to contain everythign needed. If you find someone in some department is copying all the names to excel to make a phone directory, try and ind out what your current online phone directory doesnt give them, and fix it. Up to them if they want a printed hard copy - but that should be just a case of hitting print in a browser.
Put two Wireless networks in each office - one that uses certiicate based WPA as a secured network for staff, and one that is protected by a simple shared password for guests. Put up signs so that guests are welcomed to use your guest wifi, more than using a wireed ethernet port (which would also, as above be protected with 802.1x - except that's not always possible with ports for printers, etc - but even still you can MAC address lock those ports).
Design your VLANs into areas of shared security risk. Printers. Finance Staff workstations. Common File Servers. Tech Admins. HR. Bridge these staff VLANs to wireless using cert-WPA so that people aren't having to circumvent your security.
Put in a Jabber server, authenticated using LDAP. Let your Jabber server talk out to other networks. Encrypt your internal IMs via your Jabber server.
Put in a SIP server, and use softphones for most people.
The exception to using standards and doing it yourself: Offload email to GMail or similar. Use their calendaring. Get android phones and be done with it. Then use Thunderbid to work with your GMail accounts and calendars... using STANDARD protocols, such as ICAL, IMAPS, etc.
But, use Standards where you can.
Google -- according to their own public statements -- mines data so they can display ads, AND sell your data to other people. Whether THEY are interested in your company's secrets is irrelevant. We know today that even data with all "personalized" information stripped out can still be used to infer personal information and "confidential" business information. We know this. It was proven when AOL released all that "impersonal" data years ago, and it has been shown many times since. I'm not making this stuff up.
Whether they get hacked or not is completely irrelevant. THEY are marketing your data. They admit to doing it. So what's your point?
>
Ec2 instances are accessible by the person who actually spins up the instance. It's built with a private key that no one has access too
Go and re-learn what that key is for .. and what it actually does ..
nothing is "BUILT" with that key .. it is simply a value that can be used in the manifest.xml. What you do with it , is up to you ..While 'SOME' ( perhaps even most ) use it to secure access .. the person spining up the instance does not need to have the private part of the key to launch it .. in fact I have a few configurations that ignore the "launch key" totally ..
Also ... about the comment on the vpc product ..
the only difference between a vpc instance and 'public' instance is firewall rules .. That product was only added for people that did not want to roll there own. Proper manipulation of security groups and use of any flavor of ipsec gateway can duplicate it ... Its nothing special.
I think you dont "get" what ec2 is designed to do .. .. But then again , no one can define 'the cloud' anyway .. so its expected.
I love Linux/open source as much as the next guy, but c'mon: Small Business Server 2008 R2 on a Dell/IBM server with big SATA disks and hardware RAID1 and all the CALs you need would be about $5000 with tape backup.
Comes with Active Directory, Exchange, Sharepoint, Remote Web Workplace (Outlook Web Access and terminal services/RDP to the desktops), quotas, roaming profiles, group policy, you can throw Blackberry Enterprise Express on it if they require smartphones. Simple to manage, reliable.
It's pretty hard to beat for a ~75 user network; have dozens of clients running SBS 2003 and 2008 and it's a no-brainer.
I'd stay away from web hosting in-house though: unless you have some back office integration concerns, there's no value to having your website running off your office's Internet connection (think DoS or web vulnerability and the added complexity of another server configured in a DMZ) for the average brochure website, a $10-20 a month web hosting package is more than sufficient.
body massage!
China has hacked Google...
Don't read the papers/internet much, eh?
That's a pretty recent version of the definition. If you prefer I use the term "snooping", fine.
Actually, I prefer you use the terms "espionage" or "data theft" since that is what you are implying.
it is now known that significant personal and business information can be inferred from mining. It isn't as impersonal as just a few statistics might imply.
Indeed, it is possible to de-anonymize certain data, but for that to be of any consequence, the data must be *distributed* to another party who would do so. I'm not aware of any alleged cases of Google distributing Google Apps data to third-parties (except as ordered by subpoena). If you have evidence of this, please post it.
And how do we know this? From information leaks that have in fact happened, and from statements by Google themselves. [...] There has been a great deal of writing about this in the last few years.
Citation please...and remember, we are talking about data stored in paid, corporate Google Apps accounts, not issues with Google Buzz, StreetView or some experimental Google Labs project. Google has a policy of temporarily holding back experimental apps and features from their corporate customers so that they have time to evaluate them for stability and security.
I realize that there was reportedly an issue that would prevent some privileges from being fully revoked in Google Docs after certain documents had already been shared (kinda like how actual files work), but this security issue was resolved quickly and responsibly. IIRC, there was also some controversy over how Gmail used SSL. All sorts of apps suffer from bugs and security holes, but compared to the security track record of, say, Microsoft...theirs is pretty darn good.
And if you want evidence that Google is not always 100% honest about what it does, look here [bit.ly].
I have read this article, and I even agreed that this is a case of biasing search results. However, the contention being made there is that Google could use this result-biasing to engage in anti-competetive practices with other companies, not that they are doing anything to harm their own customers. To outright call them liars is not really fair since its debatable whether or not one would consider these enhanced search boxes to be "search results". In the context of Google's own definition of a "search result", they are telling the truth.
No rational security policy in the world (except maybe military) requires you to actually own the hardware your data rests on.
This is a completely ridiculous statement. I have not worked for a company in the last 20 years, large or small, that did not have such a policy. Where did you come up with this idea?
Well, I have not worked in IT for nearly that long, so maybe something has changed since then. Nevertheless, nowadays, companies outsource. My ideas about security policies come from reading them, and I have yet to see one that forbids outsourcing of hosting services. Also, I am intimately familiar with the PCI DSS, which permits outsourcing as long as the vendor in question is also PCI compliant. The general consensus is that if you can be PCI compliant, then you are already compliant with almost every other security standard there is...some notable exceptions being regulations that govern big telecom companies and military contractors.
In fact, there are some standards that a small business can't hope to be compliant with without sending their data off to a third-party! Consider services like Postini, which are used to enforce email retention and filtering policies. BTW, Postini is owned by Google and a lightweight subscription is included with your Google Apps purchase.
While there may be some legitimate concerns about network connectivity, cost and data portability, everything that you're saying in t
If you want to call that "irrational" policy, then be my guest.
I do, because it is. Your security policy that was written in 1990 needs to be updated for the 21st century.
My job had 2-3 hour down time sometime in the last two years. Two separate 1gb fiber connections to two diff ISPs, but it just so happened there was some construction going on just outside the building. The only point where the two fibers are next to each other is where they exit the building....Both got broke. I'm sure someone got in trouble for that.
We also had a small 15min of up and down i-net from both ISPs recently. What's the chance of both ISPs having i-net issues at the same time? Our back-up ISP is AT&T, our primary has it's own fiber network through-out the midwest and its own connection to Chicago. Kind of scary seeing the server load graph across nearly 260 web servers, 32 DB servers, and the SAN drop to idle.
App for that -- http://www.google.com/enterprise/marketplace/viewListing?productListingId=5282+1826658422239398150
Put identity in the browser.
Contrary to owned infrastructure, you can't control the security of a shared hosting provider.
That's usually a good thing. In-house IT staff sometimes cut corners on security either due to laziness, ignorance or some combination of both. IT services companies tend to be much more strict about information security since that's the core of their business.
It boils down to a matter of trust. And would you actually trust a guy who askes questions like this to create (and maintain!) better security than a shared hoster with a compoter security team twice the size of his complete company?
This statement contradicts your previous ones. I honestly can't tell if you are agreeing or disagreeing with me.
6.1 Obligations. Each party will: (a) protect the other party’s Confidential Information with the same standard of care it uses to protect its own Confidential Information; and (b) not disclose the Confidential Information, except to Affiliates, employees and agents who need to know it and who have agreed in writing to keep it confidential. Each party (and any Affiliates, employees and agents to whom it has disclosed Confidential Information) may use Confidential Information only to exercise rights and fulfill its obligations under this Agreement, while using reasonable care to protect it. Each party is responsible for any actions of its Affiliates, employees and agents in violation of this Section.
6.2 Exceptions. Confidential Information does not include information that: (a) the recipient of the Confidential Information already knew; (b) becomes public through no fault of the recipient; (c) was independently developed by the recipient; or (d) was rightfully given to the recipient by another party.
6.3 Required Disclosure. Each party may disclose the other party’s Confidential Information when required by law but only after it, if legally permissible: (a) uses commercially reasonable efforts to notify the other party; and (b) gives the other party the chance to challenge the disclosure.
7. Intellectual Property Rights; Brand Features.
7.1 Intellectual Property Rights. Except as expressly set forth herein, this Agreement does not grant either party any rights, implied or otherwise, to the other’s content or any of the other’s intellectual property. As between the parties, Customer owns all Intellectual Property Rights in Customer Data, and Google owns all Intellectual Property Rights in the Services.
Put identity in the browser.
I recommend that you resign and let someone who isn't totally incompetent "remake their entire IT-infrastructure from scratch"
Required reading for internet skeptics
And when Joe Farmer runs his backhoe through your Fiber line? Send everyone home for the day?
Yes, do exactly that. Since everything is on the cloud they can work from home just as easily as they do from the office!
I posted this once before and it mysteriously disappeared. Go figure.
You have a good point. I was not being sarcastic at all. I was exaggerating... slightly.
"... and (b) not disclose the Confidential Information, except to Affiliates, employees and agents"
You have proven my point for me. Do you know who "Affiliates" are? Look it up. In this case (yes, I am speaking of this particular Agreement), "affiliates" are those companies and advertisers to whom Google has agreed to sell information.
The rest of the language SOUNDS all nice and secure, but if you read it carefully, what it's really saying is "we won't give your information to anybody except those to whom we have agreed to sell it... but THEY must agree to also keep it confidential."
Which is basically is no assurance at all. Who are those affiliates? How reliably will they keep their word about keeping YOUR confidentiality? Etc.
Thanks very much. You go use Google Apps all you want. I'll keep my own data on my own computer.
This is a straw-man argument. It is illegal for banks to share such information. Google, on the other hand, routinely sells it, and publicly admits to doing so. You are comparing apples and oranges.
Someone just up above posted part of Google's agreement that applies to Google Apps. In it, they openly state that they will share your information with "affiliates". Affiliates, in their terminology, are people to whom they sell information.
Don't try to tell me about network security. I'm in the frigging business of shoving data around online. I think I know a little bit about it. And I'll be damned if I can figure out why some people think that "being in the 21st Century" is an excuse to ignore genuine privacy issues.
Your suggestion to use IMAP is ridiculous. Because it leaves your email on the server (precisely the kind of situation we were discussing), it is LESS secure than POP3. It might be more convenient in some cases, but that's all.
Microsoft SBS
I know, I know its not linux but its actually a very very good around package in a box and any monkey can do the basics on it. plus any qualified tech can work on it. Plus it will give you all you need for a MSE
Please explain to me why being in the "21st Century" is somehow an excuse to ignore legitimate privacy and security concerns. I admit that I have completely failed to follow your line of reasoning, if that is what it is.
Believe it or not, there are a lot of offices I know of which are entirely self-sufficient. When the internet (or email) goes down, things still continue on, people keep doing their job. Because their jobs don't necessairly rely on the need to use either of these resources 100% of the time.
== loss of productivity.
Whether you're on the cloud completely or just have a critical section of your business apps there, it's the same.
Kind of like electricity loss == productivity outage. If your office loses power, how much work can you do?
"EC2? Yep. All of your financial reports and graphs will look just great coming from somebody else's data store. "
Really? Who cares. There are very few CDN's in the world and unless you're Google, who cares if your financial reports are being hosted through, Google, Akamai, etc..
Bye!
The legal language sounds exactly like what it means. Need to know. You asked for privacy and assurance that data's not mined. Ignore the legal NTK verbage if you like. It's no skin off my back.
Put identity in the browser.
YOu have just explained why I'm not likely to ever see my data in the "cloud", hell, our own server across the room is too slow for a lot of CAD models, even a 5400RPM harddrive is sometimes. Load a 600MB part into an assembly of 10 of them, or even just the one 600MB on into a 200MB assembly, now multiply that by 5, and all of a sudden you just about cannot get enough bandwidth on your server. Same goes for those people in video or audio production.
Right, but do you do your own payroll?
Virtually all people who put stuff on the cloud have hybrid environments. You can be doing fluid dynamics down the haul and still have hosted Exchange or whatever.
Advice: on VPS providers
"The cloud": two syllables, nine characters.
"Farming shit out to some website": nine syllables, thirty-two characters.
Efficiency!
It bugs me when people on tech sites say that "the cloud" is a ridiculous new idea that won't work, given that it's an expression for a set of practices that have been in use in industry for over a decade.
GMail? Nothing wrong with that... as long as you don't mind all your internal memos being examined by data-mining software.
Not to mention state and federal laws (SOX, HIPAA) that require controlled access to certain information.
The word you're looking for is "SAS70".
Advice: on VPS providers
I've spent the last several years studying IT, and whatever I was studying, I'd imagine how I'd set up the systems and network for an NGO. I expect most IT professionals like to daydream about what they'd do, given the chance to set things up from scratch.
The questions the poster asked were so general, they suggest the poster was not a professional. Job #1: hire a professional. Then, do some homework, so you can work with the professional.
1. Establish a file server, mail server, domain server, etc. Start talking to vendors.
2. Establish backup servers for redundancy
3. Setup a team of 4 people with skills in networking, databases, mail exchanges app servers and web servers.
4. If you need 24x7 support or weekend support, hire 2 more people. Start talking to contract staffing companies. They might hire one of your friends who needs a job.
5. Ask for budgets for mail access clients, offsite backups, redundancies, etc.
6. Provide options for mobile access, home access, vpn, etc.
7. Ask for more budget to provide the same. Start talking to more vendors.
8. Talk to multiple vendors to hand out contracts so that you get invited to various breakfasts, dinners, events.
9. Ensure that the 20 person company has an IT team of 10 persons and you are telling them what they should do, when they should do it and how. If not, the servers will overload, all their IT systems will break and leave them bankrupt and open to serious litigations. Or something like that.
O this learning! What a thing it is - William Shakespeare
I've used SME Server with FreePBX in similar roles.
It's as close to appliance-level simplicity as you're likely to get.
"I've got more toys than Teruhisa Kitahara."
Please explain to me why being in the "21st Century" is somehow an excuse to ignore legitimate privacy and security concerns.
Your "concerns" are FUD. See my previous posts. If you're asking what's different now...well, there's this new-fangled thing called the world wide web, not to mention ubiquitous high-speed WAN connections. A great combo if I say so myself.
It's called Small Business Server 2008... and soon 2011. I hate it, but it works.
It's a 20 person company. Do you really think he's going to have the proper power conditioning, cooling, and remote-access setup for lots of live servers for basic stuff like e-mail and chat?
Keep it as simple as possible. Don't use docking stations, as they will be useless the moment laptops change. Just have people use laptops. Bog standard local NTFS file server with Raid1 for safety, and backed up offsite. Use hosted exchange if they must have meeting requests, or Gmail if not. Chat over skype.
IT is not about finding the quirky, brilliant solution that configures *just so*. It's about finding the robust solutions that will continue to work pretty well more or less indefinitely. Intra-company communication via skype means that Skype is responsible for making sure the IM server stays up, not you. Or substitute gChat / your medium of choice. Obviously, if they're legally required to log you should bring that in-house.
In two years, the hardware will be a mess of different configurations. New people will want to bring in their own laptop. That carefully constructed network map with everyone allocated a specific IP tied to their login will be useless bunk. You will be on your second wireless router. A new hire has to be able to walk in with a laptop off the street, connect to your network as painlessly as possible, and go. Login to the intranet, the intranet has links to all the software they'll need, go. The router configurations are all DHCP, and where they aren't every bloody port and plug is labeled.
If your replacement had to replace something, could they? Could a new, slightly technical user set themselves up without paging you? KISS.
The ______ Agenda
Google for business gmail, docs, calendar pretty neat solution
That is why you network with 2 providers and an emergency backup (such as satellite).
Note that if you are hosting your e-mail offsite, when the network well and truly goes down, everyone can whip out their phones and still work. But if your e-mail is local, nothing can get in or out. Similarly, if you have hosted services and your netlink goes down, wander over to Starbucks and keep going.
It really only makes sense to locally host high-bandwidth services, like file or version control servers. Anything else can be anywhere else.
The ______ Agenda
Allow me to disclose my bias: I hate MS products, especially Office after it went all Ribbon-y. I also have a moral objection to product activation. So, all I use on my primary computer is OOo 3.2.1, and the machine has been OOo-only since the day I bought it two years ago. I appreciate all the effort that the developers have put into it and that it is free.
That said, OOo is a pain to use. Document assembly just hurts. How often do you make tables in your word processing documents? MS Word is great about manipulating columns, rows, etc. Text wrapping is great. OOo... oh my god. It's nearly impossible to get the table the way you want it to be. Bullets and numbering in Writer is nowhere as flexible as in Word, and I have often switched back to manual numbering in exasperation. Autocorrect in OOo blows, it usually annoys more than it helps, so I have turned it off. Never had a problem with MS Office.
Doing scientific work? Want to embed sections of a spreadsheet in your Writer doc? Great, just don't expect the cells to look nicely. Border formatting in Calc sucks. Oh, and heaven forbid you find an error in your embedded spreadsheet cells; editing those in place is so problematic/laggy that it is just easier to delete the whole table and copy/paste from the (fixed) source spreadsheet. Text wrapping around these elements is abysmal... there's no option similar to Word's "in line with text", and so the thing stays as a floating table (no other option). OOo does offer some wrapping options that I don't think have parallels in MS Word: "background" and "through". These are excellent examples of a page wrap that I doubt anyone really wanted, because they allow text to wrap right through the table, becoming superimposed over or superimposing upon the table. Wow! Did I mention that the borders on the embedded tables will disappear on random sides when it comes time to print/export as PDF? WYSINWYG.
Charts in Calc suck. There is no analogue to Excel's "chart as a sheet" option. That means if you change your page layout, etc, you have to go manually try to resize the floating chart to the new desired size with your mouse. It is difficult to get it exactly to the print size limits, because the chart is a floating object that does not snap to cell borders and lags/jumps when you try to drag it for fine positioning. It is very easy to get it a few pixels off and then have your chart print out as multiple pages, yay! It should go without saying that printing charts is a pain unless you send them to another sheet (trying to print just the chart without the data that is otherwise on the sheet).
Which brings me to another point: there is no polynomial regression curve fitting for scatter plot charts in Calc, unlike Excel. This missing feature has driven me back to Excel for my reports more than once.
There are lots of little annoyances with Calc, like there being no quick way to perform a sum on all relevant rows in a column. In Excel, this would be "=SUM(B:B)". In Calc, you are forced to enter "=SUM(B1;B65536)". Annoying. Also, the use of semicolons to separate function arguments is an annoying difference from Excel. Why not just use the same format? Was it patented? Most of the rest of the UI tries to be Excel-like... so why this difference?
I could go on, but you get the picture. I believe the users who complain about OOo. Some just dislike having to learn anything new, but OOo does have serious limitations/annoyances for those who have scaled the learning curve. BTW, yes I did search for solutions to most of these issues/annoyances in OOo... they don't exist.
tl;dr: I use OOo because I hate MS, but it is very difficult to do so—sometimes it is impossible to get a final product polished the way you wanted. Using something this painful probably builds character.
If you want to completely abdicate responsability for it all than that's the way to go.
Then you can concentrate full time on keeping your internet connection working because you'll be screwed without it
One of the requirements is to host the website at their actual site instead of a remote host. So he's going to spend a lot of time and/or money on a fat internet connection anyhow. May as well have someone else handle all the rest of the infrastructure...
Google didn't get it "wrong"... they're data mining all YOUR email. Even if they're not showing it to the public they're still scanning it all for search engine, advertising, new product development data. THAT is why it is so very hard to DELETE anything from Gmail.
I read the description for this and I can't tell what it actually does. Smells like snakeoil to me, and the four "customer" reviews seem fake. They claim to make you "HIPAA, HITECH, GLBA, SOA compliant". HITECH is the same as HIPAA, and as for GLBA/SOX...anyone telling you that you need to specifically use technology "X" to be GLBA or SOX compliant is just blowing smoke up your ass since those are accounting regulations that only vaguely touch on IT requirements.
I'm guessing that this is just your run-of-the-mill encryption plugin that is being marketed toward hospitals and the like.
20 employees - this is fairly small, but not too simple depending on your daily usage. What are your users doing with the computers? Are you running and special software? Are there developers?
.
I agree with above as you should do better homework at identifying what the users do & need.
For example: whether your users should use laptop or desk computers - it mostly depends on costs and mobility needs, are your users working while traveling or are they only at the office?
Whether your server should be inhouse or external depends on costs vs. security needs as well as do flexibility and required access to the actual hardware.
Hardware also depends on cost vs. do you need something dedicated to graphic processing? heavy financial or statistical work?..
As for Media solution:
"We also need an internal media server (we have thousands of big image and video files, and the archive grows bigger every year)" -
For that there is a great open source solution called Kaltura - http://www.kaltura.org
Kaltura will allow you to syndicate, manage, transcode, integrate with other solutions, etc. at no costs and easily.
Version 3 also runs on the Amazon EC2 in case you decide to go cloud based, or you can just download the software and install on your Linux box inhouse.
1u dual core server with 1GB memory + some space for logging for firewall - pfsense has great support for vpn,proxy cache(filter if need to), antivirus via proxy, segregated network(dual pipe), QoS(must for VoIP)
two subnets - webserver, office
8 core server intel server + xen hypervisor for all the server needs
1 small backup server.
get two fibre channel controller and expansion fibre channel storage for the space, you can add more storage as the storage requirement grows.
tape backup as online backup can be very expensive $$wise or network resource wise unless you can build private online backup server at one of the emplyee's home.
UPS, AC & environment sensor required for any onsite servers.
How did you get hired?
Did they ask if you had experience setting up an entire IT infrastructure from scratch?
If they have hired you as a Chief Technical Officer, and you need to ask slashdot about this, then I suggest that they have hired the wrong person.
http://davesboat.blogspot.com/
I don't think anyone is saying it won't work, I think they are saying it won't work for everyone or even them.
They are expressing their concerns to why or why not.
Most important is who will manage the system. You talk about a NGO. It may base its existence on some set of ethical values. Find a person who developed sufficient net skills, and who shares the values behind the NGO.
I manage my own home site. Domain, mail server, web server. For presence online, one fixed IP address, plus some friend with a second fixed address somewhere else, is enough. No opaque clouds to block my view. A small PC which is always powered is enough.
If requests are kept reasonable - i.e., not pretending to be able to handle thousands of contacts per second, not pretending to maintain multi-million contact mailing lists, and especially not pretending to aspire to the useless utopia of assured 24/7 fault-free presence - half a day per week of paid maintenance plus the emergency intervention here and there should keep your ONG afloat.
You should be able to provide whatever PC-dependent functions you want the 20 people to make use of with Linux apps. Your in-house Linux expert, if adeguately motivated, will be eager to write small scripts (or even huge applications) to cater for your specific needs. Of course, workplace PC's should only be used for work-related activities...
This only works for ethically motivated entities. If you manage a purely for-profit concern, no matter how small, you can only motivate experts to manage your network and machines with money, and there will always be someone who can offer more money than you. For good experts who base their choices on money, it will be a no-brainer to abandon you. What you will be left with are unskilled people with some vague point-and-click experience. You can opt for the cloud, but remember that, whenever an even vaguely important concern is raised, the survival or even the well-being of the entity providing the cloud services will always come before yours. ALWAYS! They are big and you are less than small.
The solution: either become a huge money-printing concern and get the best people available on the market, or much better, BE ETHICAL.
This is something that really belongs in some clever Linux Distribution. The vast majority of companies are small businesses, meaning under 75 employees. At that scale nearly everything should be "canned" solutions by now.
What you really need is a system that builds in best practices right from the start. Something that MAKES you answer every question up front: Backups, disaster recovery, security, growth, directory services... all is more important that the desktops. In a proper IT structure "desktops" and mobile devices are "expendable" Local data goes back to the "mothership" as quickly as possible and the choice of desktop OS is whatever you need. Networking, apps, file layouts, are all at the bottom of the list as far as being important.
If I was setting up something truly from scratch, I would set up something that mimicked the "online" models people are getting used to. Don't even let users "choose" file systems, force them to do housekeeping and put data where it belongs. Sharepoint is on the right track, but it's hobbled more by the legacy of people and apps doing whatever they want than technical issues.
You do point out a key thing. What's really needed in the industry is a platform that meets HIPAA, SOX, ITIL, PEMBOK, etc standards right out-of-the-box. So much of this stuff is just knowing that it needs to be done. once you have to FIX 20 people to have backup, strong passwords, etc you lose control of your IT structure quickly. I'm most of the way through a CIS degree an have only had one class in management that even touched this stuff... in spite of the fact that the "IT" department at my company spends 60%+ of it's time managing the "big picture" things now. If you knew what was expected up front, you could save thousands of labor hours later.
IN terms of hardware pieces, buy the best you can afford. Always over estimate the number of employees and devices you'll need. Make sure everything has an upgrade path, from 100mb to 1000mb network switches, ect, etc. Go for virtualization wherever you can, backing up, disaster recovery, and upgrading become infinitely easier once you're working with images that can be backed up and restored at will.
The last thing would be to stick to a lease schedule rather than buying stuff. It forces you to buy better stuff and justify it. Second, it forces you to plan "the next" upgrade on a timetable. IT equipment still has a 3 year depreciation rate, so your company should use it if they have the cash flow. This also means you can fit neatly in the business "5-year" plan because you get a mid plan correction if you go over or under what your estimations for growth were. Most importantly, once you put something in place... you're not going to touch it for 3 years at all costs! And use that time to do interesting stuff for the business.
Wrong. There's nothing about Gmail that makes it incompatible with regulatory compliance. Furthermore, SOX and HIPAA regulations are not very specific about the technology solutions that need to be put in place. They just mandate that you have an effective infosec policy and (in the case of SOX) that you have a policy for retaining electronic correspondence. SOX doesn't even have a specific retention period...just that you include *all* correspondence and that your retention policy be reasonable. Google Apps + Postini gives you all the controls you need to achieve both the security and retention goals. So, Gmail?...Nope there's nothing wrong with that.
it's not "farming out to a website". Companies with lots of small offices, have been using this model for a long time. The parent company has all the big servers properly maintained and the branch offices are "expendable". They ship a box with 2 PCs, cash register, and a Cisco VPN router to the branch and call Geek Squad to plug it in. All the PC updates and business apps live on the server farm. The shift to web based apps made this even easier as the computer literally has no apps installed at all. Authentication is done completely thru the VPN router and something like Citrix. The PC never even stores the actual transaction or customer data.
When I worked for McDonald's in the 1990's they were using SCO Unix exactly like this. The computer would dial home for updates, orders, and system messages every night. It would tell the managers when they needed to swap the backup tapes and everything to take care of the local system. They could load all the cash register prices, and buy more food automatically. This was all "amber screen" stuff, it's funny how we've come full-circle with the internet putting everything back under centralized control.
OK, lemme get this straight...you want to take an accounting (i.e. not IT) standard that was written by accountants, for accountants, that pre-dates the web, is not actually codified into law, and invoke it as a reason for why gmail is inadequate for corporate correspondence? Let me know if I missed something here.
Keep it simple sometimes works best. Simply split the company IT infrastructure in two, for critical services, accounting, productivity etc. use thin clients and for email and the internet use netbooks on a wireless network. Two completely separate networks, so they can trash their portable computers with all the crap off the internet and it has zero impact on critical services.
The netbooks should have a unique recovery media to rebuild each one cutting the down time to say 10 to 20 minutes, generally speaking the only security affected will be the users own personal security as the netbooks should have no access to company critical services including banking and accounting.
Chaos - everything, everywhere, everywhen
Gee, I wonder how long your company's firewall would hold up if the nation of motherfucking China decided they wanted to take it down?
P.S. I know that's not actually how the attack went but I think you get the point
Windows SBS. Windows 7 on all the clients.
You can go down the linux road, but it won't last.
Nearly all new staff will need cross-training in your OS, Open Office, and whatever else is non-Windows. Remember, you can assume people will have Win7 at home, but you can't do that with linux and regular staff. And once that cost equals the money you 'saved' on MS licenses, you'll have to explain how this happened when the whole point was to 'save money'.
And that's before we
Hello,
Im running about 5 Offices
if there is a nice budget, I'll recommend to run VmWare cluster with 2-3 servers (HP servers) and 2 SoHo Iscsi nas,
as clients i recommend laptops lenovo/dell/hp
in the vmware you can run vyatta as router and firewall, im running a custom linux distribution as mail firewall, an some windows servers for apps,
i love to have citrix XenAPP but most time they won't spend that much money
Step one: Google for "IT infrastructure services in YOUR AREA"
Step two: read the first five pages and take notes
Step three: contact the companies for quotes
And that is you done!
It's not exactly a contradiction, but you have to choose the lesser of two evils. (And I just described both evils, thats why it seems like a contradiction)
A good, trustworthy hosting company is better than any in-house IT you could get for the same money.
But there is no guarantee that in either your or an outsourced company, the staff would cut the same corners you mentioned. Laziness, ignorance, incompetence or lack of funding can happen anywhere.
Your only option to get better security than a (trustworthy) server provider, is to hire a bigger and better security/IT-staff than said provider. But that won't be cheap.
As this depends on an unknown factor (the service quality of the hoster), you basically have to gamble on it. (or "factor it into your risk assesment" as they call it nowadays)
As a hint, compare, say, googles security breaches to the number of sql-injections on self-managed servers. Then have a look at googles security budget.
You know know your options:
a) Take the risk of a corrupt service hoster stealing your data (small risk, but huge potential damage)
b) Take the risk of a sloppy inhouse IT doing something stupid (huge risk if you have a single guy handling everything)
or c) throw an obscene amount of money on a top-notch inhouse IT
bickerdyke
You have no idea what you're doing as a system administrator if you can't solve and implement these questions yourself within a few days.
Use what works, and design around people.
If you really put your mind to it, most people could find something they should have done that doesn't require being online. Like say go through and update some documentation, I've rarely seen any place where everything is documented and the documentation is up to date. Instead it always end up that some people start goofing off and it's contagious, you aren't interested in doing boring stuff when you can be chit-chatting or leaving early.
Live today, because you never know what tomorrow brings
I would take 20 Xb0x360 devices and hook them up to some playstations which will have USB disks attached to them. Each and every one of the Xb0X 360 devices I would equip with a Kinect device (linux drives are there) and I would programm me a virtual keyboard. Missing USB ports can easily be soldered onto the motherboards of the Playstations Then I would change the office layout so everybody has their own cubical in which they can standup an do their minority report moves to handle their day to day tasks (You will have to write some software for that). Anything more, just ask. And now seriously Please approach this from a user/business perspective. What does the company need to do their business?. And then look at the support structure of each standard solution. If the support people know linux, then do linux. If the users know Windows, Then give them windows. If the companies customers and suppliers work with linux/osx/windows thats another pointer. There is shitload of standard stuff out there which will do the job just brilliantly. No need to bother /. with this!
Hi there,
here is my Setup for a small Company with low budget.
This is work in progress so please be gentle.
Serverbased on http://www.zentyal.org/. Comes with everything preconfigured. Uses ubuntu as OS.
Hardware depends on your budget. I used these services
- Mailserver
- Fileserver (Samba)
- E-Groupware as CMS and Resources/Projektmanagement (ZARAFA is the new default Groupware, but i haven't tried it yet)
- LDAP for usermanagement and adresses
- OpenRadius (Optional if you want authentification) - Disabled as we don't use wireless.
Website Outsourced to hoster. This ist simply too complex to handle ourselves.
Clientsside:
Used Laptops (IBM T42 or T60) for around 200-300€ each.
Software:
- Win XP preinstalled. Ubuntu might be an alternative.
- OOO for normal work.
- Firefox/Thunderbird for Mail/Web using LDAP for Contacts
- File-syncing with Toucan
- E-groupware on the server for Calendar/Mail/Ressourceplaning
For the Clients using cheap used laptops means, you can buy newer ones every year. Broken ones are just replaced.
I use Funambol to Sync mobile phones Contacts with the LDAP server. IMAP for Mail. If you want Push services you can look into Z-Push, wich is part of ZAFARA.
I just started, so some parts are still under testing.
Hope this gives you some Ideas.
Greets
Metasepp
I work for a school - it has 50+ employees, several computer rooms, a laptop / PC in every room and a requirement to be working all day long without fail. I've worked for dozens of schools, from 20 to a 100 employees, starting out from uni with zero experience in working in school IT or even Windows networking. It's not difficult. Even primary schools here demand two-three times more storage, clients and management than your stated project would require.
Before I was hired to run it all, the schools went to Dell, RM or similar and bought the cheapest office servers and got on with it. Usually it was whoever was most IT-literate that decided whether to buy salesman's offer A, B or C. It really is that simple. The kids store hundreds of Gigs of data but there are thousands of Gigs of space on even a basic system. The system is way over-specced for its task but that's because it has to take account of a lot of problems (for office work, moving to another machine is hardly a chore... for a room full of kids that now can't work on an individual computer, it means the lesson is over for them all, weeks of planning are out of the window, the inspector's / parents might well cause trouble, confidence in the system is shaken and the IT guy has a lot of explaining to do). The IT systems in a school RUN the damn school - from door entry, to telephony, to pupil databases, to medical information (necessary to administer vital injections), to class registers (necessary for fire evacuations), to the canteen, to all the invoicing, to paying salaries, to submitting to government-mandated requests, etc. If school IT goes down, the school is basically out of action. Most of them run it on a hidden office server that wouldn't look out of place in a solicitor's office with 3 people and it sits idle 99.9% of the time. There's nothing to scale at this point.
You're not talking Google here. You're talking a server, a set of clients and maybe some storage. The sort of thing that any idiot can set up with an order from a network server manufacturer in under a day even if they opt to install the damn OS on every machine themselves. Hell, the first time I did it, I'd had zero experience with networks outside of a 10BaseT ISA network card and setting IP's - I phoned up Viglen, gave them a minimum spec for machines, agreed the price and got about £100 off by offering to install Server 2003 myself. I set up an AD for a school from bare metal that was more secure, and more usable, than anything they had in their previous network from a big educational-IT supplier with support contract. It took eight hours to do the setup (more was spent on unboxing, waiting for installs, cloning disks from images, etc.) and convert 50+ client machines. It was built alongside their network until I was confident enough to flick the switch on their old server (which they had zero access to) and enable mine. It still runs the whole school - everything. The lessons can't even begin without it because they only have interactive whiteboards, projectors and laptops that are on the domain (so they don't even have a board to draw on if the domain is not operational). I'm still impressed at how well it operates despite being my "first" network for someone else. That was about 8 years ago now, and they normally replace everything after 4 years.
What you're asking isn't difficult. If you *can't* do it, then you shouldn't even be trying, especially if it's for a business. If you were hired to do that, but don't know how, you shouldn't have been. If you've just been nominated at random, then you're better off calling in a supplier to do a one-off build. £11,000 gets you a 16-client, 2-server setup last time I looked, with delivery, full installation, software licensing, hardware support, etc. for a multi-user office setup. They sell them as "insta-network" kits for schools that are new-build, re-build or just want to add another IT suite. I even think that's expensive, but that's only a fraction of the wages of someone for a
First you have to figure out how your business works - what is the needs of the business?
If "everyone" only works at the office you can stick with stationary computers since they are generally more reliable than laptops and less prone to get stolen.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Just do it, and worry about what "it" is, and whether the approach was a good idea later, after you've done the first 90% and it is time to do the other 90%.
What is in fact just another application of the well known 90/90 rule.
All hope abandon ye who enter here.
Hopefully you realized I was alluding to the rule myself ... and the reason for it being so apropos can be clearly seen by the fact the the GP's post has been moderated +5 Insightful while mine has only received a 1 point bump. It is unfortunate, but a large subset of the software creating populace simply don't belong there :-(
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
This is your answer. Well, it is if you're a company man and not trying to build an IT kingdom. A real IT man will make himself 'indispensable" within a few short months of taking that position. But then he wouldn't have posted here.
I guess I've got some ideas: Mainly, don't spend their money. Provide for the majority of their tech support needs with your salary. One thing I violated that rule on was a switch. When it came time to get one, and I admit I sped up that process a bit, I got a decent managed 3Com (Cisco is too expensive). You know, being alone, if we were to have real network problems, (I'm a general tech, not a networking expert, and they were having some undefined "flakiness") I could bring Intermapper or something up and figure it out. Of course I never really needed managed switch for 50 people (there were older unmanaged 24 and 10 ports also) so take from that what you will. When I did spend their money I tried to buy good stuff that would last.
Oh and about strangers and their laptops. You'll want a firewall too, and have a public open wifi outside of it. Unless you really have to worry about leechers don't password it or anything, and have the ssid be obvious to the name of your company. Honestly, the old WRT54G would do fine for that for 20. (I had a cisco 630 die once and I substituted the venerable linksys for 40 users for the few days it took to get a replacement. You could not tell the difference). The second one, if you have another one, can be on the internal network. And I'd have any hot network ports plugged outside the firewall too. People plug in without asking. Perhaps it shows that I'm not all that confident in my ability to secure the server against a real threat, so keeping the internal network minimal helps.
I just wanted to thank the poster for their question, I didn't even know Cloud-based AD was available from Microsoft.
Working for a large university, it probably doesn't make sense for us to utilize it and thus I never researched the options. Interesting idea though.
First of all , sarcasm aside, the original poster needs to do his job. Asking for advice from the slashdot crowd is , at best, like trying to get a sip of water from a fire hose. At worst, it is like trying to get a sip of water from a sewage pipe.
Which is exactly what he is doing, and he posted over the weekend no less.
You seem to be assuming that the only thing he is doing is asking Slashdot, but congrats on making sure he gets a sip from a sewer pipe rather than the sip from the firehose he was expecting and for which he was hoping.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
i'm a ditto head on this, worked for a school with about 35 employees that had a sysadmin that wanted server experience for her resume. What a horrible waste of time, money resources as well as a nasty mess at the end. Even the guy they hired to help her set it up recognized the idiocy and put in a sub-domain that hosted his on-line store and retired to the beach on the money from that until a friend and i tried to figure out where all the bandwidth was going. When we cracked the stinking pile open the so called sysadmin started to cry. we lost.
Now, my friend's in Beijing and I'm in Shanghai, the sysadmin is still there running that ridiculous mess.
there was no reason in the world to host all that stuff in house, case closed.
Subversion of spatial scale luxury decoration ideas.
[...] No rational security policy in the world (except maybe military) requires you to actually own the hardware your data rests on. Nor do they require that your employees have direct access to said hardware. [...]
Our legal department respectfully disagrees. We shell out quite some cash on top of our regular support contracts so that no outside technician touches any system with its hard-drive installed. They have to bring their own bootable disk. And we recently had to move our branch's mail server from the Austria head office to our location in Germany. We are not even in a sensitive industry. But between state regulation, data protection laws and insurance terms we have very little room for outsourcing anything. The only component hosted externally is our static website. Everything else is kept on premises.
Rudolf Hess edited Mein Kampf. He was the very first grammar nazi.
Google -- according to their own public statements -- mines data so they can display ads, AND sell your data to other people.
[citation-needed]
-- If you try to fail and succeed, which have you done? - Uli's moose
Give everyone a laptop and a gmail account.
A gmail account. Seems people on /. forget Google scans and keeps all email even after you delete it. For a company do you really want Google or anyone reading all you mail? The same with the CLOUD. Cloud computing has no real security. I live in the mountians and I see the security of clouds every day. You can just walk right through them and see everything inside. Best to keep things either in house or with a company that has a good security policy. Unlike Google the company I work for all your data IS YOURS! You leave we give you back you data and delete it from our servers. We are not allow to scan or even look at customers files.
In terms of backups, I'm starting to think that people would effectively benefit from something like an automatic remote revision control system (like Subversion, Git, Mercurial, etc...) and a background process on their laptop or PC that runs every few hours and just commits local changes to a local and remote repository. Then you get backups, historical backups with the ability to revert by date and time, and an efficient use of disk space (since only modified files are backed up).
But obviously for end users unfamiliar with revision control systems you would need a very user-friendly GUI to retrieve older copies of lost files.
I dunno, there's plenty I can do when I don't have internet access.. usually the priority is getting the internet access working again, but there's still programming that can be done, documents that can be tidied up, etc.
It all depends on what you actual job/company is.
----- The internet has given everyone the ability to have their voice heard equally as loud.. even if they shouldn't be
This used to be clarkconnect, now it is clear os.
Cheap storage VM.
This is for a small co. of about 12-15 engineers, (depending on how many part-timers your count). They do lots of computational modelling, so lots of storage space and CPU is needed. This sounds like it might be a bit similar to your needs (if you're going to do anything interesting with that large collection of videos & multimedia)
They have one "main" file server for project work. It's a white box PC from the local shop and has a couple of TB of hard drives in it. It runs ubuntu server with samba (like all the other servers in this co.). It has needed work about twice in the last 4 years.
They have a couple of old Dell workstations which are too slow to do engineering on now. One runs an external-facing FTP server (it could probably run a small website if needed, too) and one runs an internal wiki and a few other similar tools. I could probably move some of the internal stuff into the main file server, but we had the old machines kicking around, and it's useful to be able to fix stuff without breaking the whole network for the whole company at the same time.
We have a modelling file server, which is a big Supermicro rack server. It's a 4 or 5U box, because they have an open-plan office and nowhere to put the rack, so the rack-mount servers have to be very big (for what they are), so they can be quiet. This has space for 8 hard drives so you can pack it out with largish drives and there will be enough space for all but the most data-hungry organisations. It's expensive compared to the white-box PC, but if you really need the extra space, it can be difficult to find an off-the-shelf machine with space for more than 6 hard drives (and it's a lot easier to replace one if one fails, too).
We have a backup file server. This uses rsync to mirror the (newer) contents of the other two servers, so that if one of them falls over, we don't have a bunch of engineers sitting around while I get the train into the office, work out what's wrong, get the right part, fix it, etc. It also compresses the important (non-replacable) data every week so that someone can copy it to an external drive and take it off-site. Much cheaper than the internet connection that we would need to mirror a week's work in reasonable time over the internet.
All of the computers are cheap white-boxes from the local shop running windows XP or 7 with various versions of MS Office (whatever was current when the machine was bought). No-one seems to have any problem with the fact that the boss uses XP and office 97 while the new guy uses Win 7 and office 2010, and I have better things to do than make an issue out of it. We keep track of whose license is who's on the wiki. Most machines also have OpenOffice, but there is general user resistance to that concept.
We have a couple of PCs for doing number crunching. They sit in the corner and run VNC servers. If people need to crunch numbers they use them, otherwise they use their own cheap workstations.
In summary: buy off-the-shelf PCs for the users. So long as they have windows, office, anti-virus, etc. they'll get on with what they need by themselves. The hassle of getting people to use linux or OpenOffice is not worth the 250 pounds we pay to MS per computer. An off-the-shelf workstation or server with some extra HDs and some version of linux makes a perfectly adequate file server. Use sneakernet for backups.
As I say, your situation may be completely different, but I hope mine might give you some ideas.
Look down the page. It's in their TOS.
Nonsense. "Need to know" are weasel words. This exact kind of language has been used by people who sell to advertisers (and others) for years. If you are buying consumer information for the purpose of advertising (other other purpose), then pretty much by definition you "need to know" that information in order to advertise to those people. So while it sounds good, it really means NOTHING.
Repeat: what this says is that Google can sell your information to others (affiliates). It does ask those affiliates to keep the information confidential... but so what? In the same position, I could legally sell your info to 100,000 people and ask them ALL to keep it "confidential"! And just how confidential does that make it?
I am not "ignoring" the words need to know. I have seen them before -- many times -- and I know what they mean in this context: next to nothing.
I have seen your previous posts. You aren't making any real, logical arguments. You are simply making blanket statements and apparently assuming I should accept their validity.
I repeat (because you haven't given me an answer): what makes living in the 21st Century an excuse to ignore legitimate privacy and security concerns? And simply saying that my concerns are FUD is not an argument. Go ask Bruce Schneier if you like. He's a renowned expert. And he'll tell you the same things. I am not making this stuff up.
The final decision on this is probably above the OP's pay grade, but consider putting employees on the "Bring your Own Laptop" plan. One of your biggest expenses at a company this size (unless you have very expensive vertical market software) is desktop hardware. Company-owned machines take a lot of hard use, and somehow people's own property lasts longer.
Sir, you are everything wrong with the IT industry. Too many techs have taken the "Build first, ask questions later" approach and we end up with legacy systems that need to be completely replaced. I'm sure this is the approach the last guy did, and that's why the whole thing needs to be done from scratch.
At least, that's what I would say if I couldn't recognize sarcasm, like the clods who marked that "Insightful." And why can't we have <del> OR <strike> tags?
I sometimes ask revealing, often ignorant-seeming questions. Maybe they're harder to answer than you think.
The biggest issue with the request is that we don't really know what the customer really does. Sure, they're a small NGO, but do they do accounting, document storage, engineering, or classified work? All of these have specific requirements that change the loadout.
Second, how does the client interface with vendors and their clients? What data format do they need to output or accept? This, more than anything else, will determine software requirements. What proficiency are the users? If they are very skilled at a specific software title, your customer can spend money on that software to avoid retraining. If they are unskilled, a learning curve will occur regardless, so software selection can be made with capability and cost as primary factors.
From the answer to these and other questions, you can derive the desktop software loadout, data flow, and server requirements. From these in turn you can derive network architecture, desktop specifications, and server specifications. Note the process:
Regulations > Interface > Tasks > Users > Desktop OS and Software > Data Flow > Server OS and Software > Network > Server Spec. > Desktop Spec.
Now that we covered this, a little general info. To rack or not to rack. If you are installing new infrastructure and your budget allows, place all network and server infrastructure in a rack. Lay it out and lock it down. Track every wire, origin, destination, and termination. This will go a long way to saving time when you must look uber-proficient.
Desktop apps and operating system? Depends. If the client has never used a computer or is only marginally proficient, use Ubuntu 10.10 and save yourself an ungodly amount of labor. Just make sure that you nail down a service contract first. After training the users and some limited admin work, you will have little to do, if you rely on per hour support with a limited client base, you will go broke supporting Ubuntu, but your clients will be happy.
As far as the server goes, things are a little more flexible, unless there are some specific server side applications. Assuming there are not, I have has excellent results running Ubuntu Server. Even in a windows-centric organization using Exchange, I have run Ubuntu 10.10 server and Citadel Server replacing an aged exchange server, saved myself days and my client a truckload of money.
Network is fairly straightforward. For 20 users on a DSL backbone, a 10/100 switch is fine for office use unless there is heavy data access on the servers. If there is, or you are running VoIP, use gigabit. As a security solution, use Endian Community firewall on a dedicated machine, segmenting the system in a logical manner (guest access, trusted network, and VoIP for example).
The specifics of the server will depend on the client use. Some basics: I nearly always spec Dell or SuperMicro. Don't choose a 1U server unless you need the space. The vertical clearance is simply too tight, heat is an issue, and standard PC parts don't fit. This will increase the likelihood of a failure and increase the support costs. Exception to this is the Atom based servers from SuperMicro. If you don't need the processing horsepower of a Zeon (like a basic fileserver) and you are not running Windows Server, the Atom based 1U servers they make are an extremely cost effective solution.
Finally, what kind of desktop? User's choice. Whatever you do, do not deploy a laptop as a desktop and expect them to use the laptop keyboard. Between the ergonomics and construction, this will be a nightmare for all concerned. Use an external keyboard and mouse. The chief selling point of a laptop is the built in UPS you get for free (battery), but make sure the asset doesn't walk off. Another point, if you do deploy Linux on the desktop, use extreme caution and make sure the hardware is supported straight out of the box. I installed Ubuntu laptops as desktops at a client, using certified equipment (Dell Inspiron
Nice UID. :)
In general: the thousand miles of cables that are meshed up for redundancy.
But, specifically, there are many parts of the country where that's not tenable. Daily, weekly outages. And with a cloud, you still have the same IT software management issues.
(Some of our clients have daily upstream outages on DSL and cable, or periods when the network is saturated. This isn't all that uncommon, unfortunately.
Just by keeping your network and infrastructure completely free of any Microsoft products, you'll already be mostly there.
And if you have any further questions just call CAIMLAS at the help desk. I'm sure you will get kind, respectful, and non patronizing service. See... there's no need to fear the IT group. They are really quite nice.
Our office loses power about once a month. Call it ten times per year. I put UPSes literally everywhere. But we keep everything in-house.
My hesitation to using a cloud thing is that you are reliant on a third party for your most valuable asset. We have a new guy at work, he wants to use every weirdly-named online service for every issue that comes up. We don't need 39 external dependencies, thanks.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
I get that many NGOs are ignorant little cash cows with minimal oversight, but if you are dealing with only 20 users, you probably don't need that much infrastructure, unless the NGO is expecting ludicrous growth over the next 2-3 years. The issue with in-house servers is you need someone to manage them, and that is an ongoing expense that may be hard to justify when cloud services can do it better, faster and cheaper. The nice thing about hosted services is someone else has already figured out all the scaling issues, all you have to do is pay your small monthly dues and use the damned thing. That web server ? Forget it! For the cost of a fiber line to the office, you could lease five managed servers in a respectable datacenter. You only need one, or maybe even a VPS would suffice.
The best way to approach a small network is to treat it like a small network. You can probably get by with one modest server with a terabyte of mirrored storage, running your domain controller and file/print shares. If and when they outgrow this "SoHo server", meaning when it starts slowing down their work, then you'll know it's time to reevaluate their needs. Start small and try to keep the big picture in mind, the best way to plan these things is to look at how quickly an investment will pay for itself in increased productivity.
-Billco, Fnarg.com
Google's main business is IT, so it would be idiotic to outsource everything of their strategic advantage.
The NGO this article was about certainly isn't strategically selling IT services, on the contrary, they just need something to work with.
Companies that do something which isn't in their core interest are one of these cases:
- If they do it in full quality anyway, they're wasting money.
- If they don't reach a quality or flexibility level typical for commercial services, they're missing out on opportunities.
- If they do it perfect, for perfect budgets, they still squander funds, staff and management attention to something that is not providing enough profit (compared to their core product)
- And if they profit from it enough, do it perfect, for a perfect budget and it's not their core product, management has named the wrong product their "core".
Full control is needed for services that can bring you down the instant anything goes even slightly wrong or hamper you for years if it isn't flexible enough to change with your business. If the outside commercial market is better AND cheaper than you on these services, you better not buy any stock in the company. If that company still decides to do everything themselves, you should sell any and all shares immediately. And update your resume, if you happen to work there.
I don't know what kind of redneck mecca you live in, where farmers cut cables often enough to affect your bottom line. I can count exactly one backhoe incident in 6 years at my datacenter, and they routed around it within an hour - epic fail for the network admin who didn't test the failover, but I ain't cutting myself over one measly hour of downtime. Shit happens, and clients are usually quite understanding of such unforeseen events. If they're not, you either need to charge more for the liability, or just plain fire them and let them find some other sucker to put up with their whining.
-Billco, Fnarg.com
It was a response to the GP who warned everyone with outsourced data centers from farmers cutting their lines as the main danger to services in the cloud. And we all know how often Google - which is hosted in their own cloud - is going down, i.e. never.
This mentality is exemplar of former Exchange users.
The entire point of leaving the messages on the server (and by the way, you can permanently delete messages from Google Apps hosted email) is to enable complete search results. Removing the messages cripples the search history functionality which is the core of how Gmail works.
If you don't want a cluttered inbox, archive it! Learn to use the labels functions. Don't expect Google Apps to be a complete Exchange replacement -- it's not. It's superior to Exchange in so many ways it's not funny, even if it misses out on some specific functions people have grown used to.
I've done a few dozen of these so I'll give you my opinon on this: "Make your life as easy as possible". I'm a linux guy outside the office so it's very tempting to try to be benevolent and go with centOS, macbooks, etc, etc like some people have been suggesting. DONT LISTEN TO THEM. Microsoft has spent nearly 3 decades perfecting the small office and enterprise network. They will make your life so much easier. In this case youd need a decent server machine, somewhere in the 3-5 grand category. Install Server 2008 R2, configure Active Directory, DHCP, DNS, and Exchange on it. Get a small cisco firewall that can also take care of the routing. Set up GPO's as permitted by user software. Get a nice central managed antivirus solution like eScan or Comodo. Create login scripts for mapping shared drives and installing printers and make sure all people are working off the network drives at all times. If youre really ambitious you can also set up a network boot ghosting option for quick imaging rebuilds... although this may be a bit outside the scope of your company. Now sit back and relax. Most days you will be legitimately doing nothing. This is coming from a linux guy... go with Microsoft.. it makes your life easier and hey.. .its not your money anyways.
If it ain't broke, don't fix it.
Yep. And in case it hasn't been mentioned in this thread already, Microsoft Small Business Server is designed for this kind of scenario. Here, pricing to get you started (server + CAL packs). If it has the services you need then it's a great way to get started with user authentication, e-mail, web services, etc. And it's in line with the parent's recommendation of KISS.
There may be some Linux equivalent, which would be important depending on what your comfort zone is (do you come from a Linux or Windows background?), but that's not my forte, sorry.
That doesn't sound like a "cloud" to me. Sounds like thin client architecture.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
DiniZuli, without knowing more about any required applications such as Graphics, CAD or Accounting; it's going to be hard to decide what would be the best solution.
For instance, if you are a web development house that needs to do a lot of photoshop work, you might need or want to go with OSX boxes.
Too bad you're an AC. I could have told you that many universities are moving to Live@Edu which is the Microsoft offering of cloud-based authentication, email, calendaring, etc on par with Google. If the whole university takes it, MS usually offers it for free.
From the sounds of it something from QNAP can serve for most of the "servers" you will need.
Relatively easy to use and should save you allot of grief.
I'll leave you with the power / cooling / security aspects.
BTW, I love my laptop but I think you will be better with desktops. Thin clients would be nice but you don't seem to have a user base large enough to make it worthwhile.
Valid point. Are you talking about building a complete in-house cloud solution from the ground up, or are you talking about implementing a 3rd party proprietary API that may contain some "black boxes"?
I've never been one for buzz words or paradigms, as you can obviously tell. I know going to the cloud is all the rage - just look at the stupid "to the CLOUD!" commercial for photo editing because your family is too self-absorbed in their own thing to hold still for even a couple of seconds. (...and yes, the end result did look like a really bad cut-and-paste Photoshop job.)
Sorry, I did not realize we were letting banks define the term NGO. Of course, what other types of groups could I see claim that their purpose is to "relieve suffering, promote the interests of the poor, protect the environment, provide basic social services, OR undertake community development"? Being from the US, the first one that pops into my head is Christianity. Then again, I can even generalize - many major religions claim these as tenets. Therefore, Christians are Hippies... something the Conservative Christian movement would love to be characterized.
By the World Bank's definition, sure its "hippie bullshit". Should I equate that as trying to relieve suffering is bullshit, trying to promote the interest of the poor is bullshit, that protecting the environment is bullshit, that providing basic social services is bullshit, or that undertaking community development is bullshit?
Also, I'm sorry you don't think I understand what an NGO is because of your personal definition. I used the common definition vs the banker's practical definition, the one you could find in a dictionary or at dictionary.com: "noun an organization that is not part of the local or state or federal government". I could argue you don't even know how to decompose the english language and see there is a "non-" prefix attached to the adjective "governmental" which modifies the noun "organization".
Of course, I'll make your argument and state this is a bit of sophistry (a subtle, tricky, superficially plausible, but generally fallacious method of reasoning. - dictionary.com again) because there is a difference between the literal definition and the schema we have built for what an NGO is. We often use NGO to mean more than something like the KKK or a linux user's group (organization: a group of persons organized for some end or work; association - dictionary.com again). We have a schema that says they are usually some form of non-profit working to better society.
Where I think the real failure is the understanding of what a hippie is. Hippie: noun "a person, esp. of the late 1960s, who rejected established institutions and values and sought spontaneity, direct personal relations expressing love, and expanded consciousness, often expressed externally in the wearing of casual, folksy clothing and of beads, headbands, used garments, etc.", and I hardly think most NGOs could fall into this category. I mean, do you think the NGO African Gender Institute is trying to promote Gender Equality or the NGO Action Against Hunger is trying to promote development by rejecting the establishment, engaging in direct personal relations expressing love, and wearing beads & used clothing???
As I said originally, I know the original post was to inspire a flame-war of some sort. So, in the words of Johnny Storm... "Flame on!"
I know that I'm more productive when I can't read /.
ClearBOX - best Hybrid solution on the market, perfect for SMBs http://www.clearcenter.com/ClearBOX-Overview/clearbox-simplicity.html
is there really a difference?
Supermicro!
However, Windows comes with hidden costs in the form of viruses, botnets and EOL pressures.
Linux makes sense where "function" trumps "form"
I have seen your previous posts.
I suspect you missed this comment in which I elaborated greatly on my argument and asked you twice to provide examples to back up your claims, which you have not supplied.
I've been advocating use of Google Apps in the enterprise to various people for nearly three years, for no other reason than that I like the service and hate Outlook. Frankly, I'm getting pretty tired of dealing with the same closed-minded prejudices over and over again, so this will be my last post on the subject. Feel free to have the last word if you must and consider yourself the victor in this debate. Peace.
Well, what can I say?...Sometimes I forget that /. has a global audience. I guess I need a new acronym for this:
IANAAL (I Am Not An Austrian Lawyer)
By the way, IIRC, I read somewhere that information security policies in Palestine require a gunman armed with an AK-47 to stand outside the entrance to your data center. I'm sure they have their legitimate reasons too. :-}
Indeed, it is possible to de-anonymize certain data, but for that to be of any consequence, the data must be *distributed* to another party who would do so. I'm not aware of any alleged cases of Google distributing Google Apps data to third-parties (except as ordered by subpoena). If you have evidence of this, please post it.
YOU missed the part where I pointed out that their TOS says they can do so. I don't need evidence that they are actually doing so. Their insistence on including terms such that they CAN is enough for me. You can call that prejudice if you want, but that doesn't make it so. Once again, for example, AOL claimed to be doing the same thing (and with similar TOS, I might add). Yet their public release of data solidly confirmed that the "anonymized" data was not so anonymous after all. Other data releases have resulted in similar conclusions. This is recorded history. Why do you deny this?
"Citation please...and remember, we are talking about data stored in paid, corporate Google Apps accounts, ..."
Right. And as I have already mentioned, up above in this same thread is a copy of part of the Google Apps TOS, which includes wording stating that they can sell your data. Don't try to tell me I'm wrong about that; it's exactly the same language that data-miners have been using for years. Even Facebook tried to get away with it.
"To outright call them liars is not really fair since its debatable whether or not one would consider these enhanced search boxes to be "search results". In the context of Google's own definition of a "search result", they are telling the truth."
This is really laughable. So Google gets its own special definition of "search result", does it? And by that special definition of their own, they aren't quite lying? Are you paying attention to what you are writing here? I'm not trying to be derogatory, but that is a bit much to take.
"The general consensus is that if you can be PCI compliant, then you are already compliant with almost every other security standard there is...some notable exceptions being regulations that govern big telecom companies and military contractors."
Apparently you haven't heard about all the data "losses" and security breaches by those same contractors and government organizations. Standards are great. But in order for them to work, people have to comply with them. Here is the single biggest problem with most of these "standards": fallible PEOPLE, many of them low on the corporate totem pole, are assigned to oversee their compliance. Often it is those very people who are caught later for having "borrowed" some data.
Government agencies have been reported every couple of months for the last few years, for "losing" hard drives full of important, confidential data. So have large financial firms, and military intelligence. Corporations have "leaked" data. Employees have stolen "confidential" business data. The list goes on.
"Actually, I called it "FUD", and I think I backed up my case pretty well. When somebody tells me that flying spaghetti monsters are real, I ask *them* for evidence...not the other way around."
First off, don't hide behind exact wording when your meaning was perfectly clear. You might have been SLIGHTLY (and only slightly) more polite about it, but for all practical purposes you were saying I was full of bullshit. And you STILL haven't given me any real reason for thinking so, other than your flat claims that I am full of bullshit. I am serious. In a logical argument, you have to refute what the other person says. Simple claims that "I haven't seen it" and "I don't believe you" don't carry much weight.
I have in fact, pointed you at evidence, if nothing more than
"Actually, I called it "FUD", and I think I backed up my case pretty well. When somebody tells me that flying spaghetti monsters are real, I ask *them* for evidence...not the other way around."
And actually, I find this statement to be the most amusing of all. I will counter it with my own analogy: When you're checked into a room at the Bates Motel, and I tell you there is someone with a knife behind you... well, don't say you weren't warned.
Wow. I never thought of Google as a knife-weilding maniac before. But analogies don't lie so I've made up my mind...I'm switching to Hosted Exchange!!!
That is, unless you think that GoDaddy guy looks like Hannibal Lecter. No...wait...he doesn't wear glasses. OMG, its Benjamin Linus from Lost!!! No, wait...it's Agent Smith!
Shit, they cut the hard line! Get out...It's a trap!!!!
It\s a really nice post. I enjoy the reading of your article. Please don't mind i am sharing it with my friends.
Thanks,
Bus Rental
Hey, I just did this for an 8 person company.
1 8 port GB switch, a UPS, DSL modem, HP ML110 server with 4GB RAM and 3x320GB HDDs in a RAID 5 array, and a free copy of ESXi4 vSphere. On here run Ubuntu server as a VM Guest for OpenLDAP, SAMBA, and LAMP for their intranet (a media WIKI server) for storing manuals and other documentation.
For mail, I used the 10 person free verison of Zimbra as a VMWare appliance.
For their internet firewall, I used Astaro.
What they get: Directory services, File/Print, Intranet, full groupware mail services, mobile access to mail with any phone supporting iMap or Active sync, and webmail. Astaro provides a VPN, and virus scanning at the border.
When they grow past 10 users, They'll be big enough to pay for full versions of their suites, and easily expand onto a second ESXi4 server for more redundancy, and allow them to gracefully age out the old server.
Then we just sell them 4 hrs engineering time each month to do maintenance for all their desktops/laptops and server side updates. As they have a VPN, we just do it from our office, no travel required.
All up, NZ$8000 give or take, and most of that is just the one off services time to set everything up and move their data from their PCs to the network.
For their main desktops They are happy with their Dells, for roaming staff, I recommended 11" Macbook Airs, for battery life and ruggedness. Expensive at NZ$1600 a pop, but will last much longer than most other plastic fantastic ultraportables. Also being fairly small, and limited disk space, and no Windows OS for games, less likely for the staffs family to mess with them 8) I recommended no Flash either, to keep temptation away. Small drives also means a full disk image can be easily taken regularly, and restored if required. Timemachine for away from the network backups.
You want to host the web server for a 20 person NGO in house? What will the bandwidth cost? How will that handle high load because of a highly publicized event? Hosting the web sever in house is will be a catastrophic failure. Get a VPS, then you won't have to worry about bandwidth.
Email - there are tons of decent email hosting companies, GMail, Rackspace, LuxSci, etc, depending on your budget (Rackspace is the cheapest, LuxSci is the nicest). You want to use cloud email, in house email is too big of a headace for 20 people. If you're worried about security LuxSci email is HIPAA compliant.
You can either get a Microsoft AD server, or use Linux. Desktops are better than laptops for in the office, they're harder to steal and/or misplace, cheaper to repair or upgrade, and they last longer. If you use Windows, you'll have to buy a decent antivirus, but you should be able to find everything else Open Source.
Get a decent router, cisco small business routers are nice, they don't crash like cheap routers do.
You'll want faster speed to and from your file server.
check out http://turnkeylinux.org with all it's appliances...
Do you know what "analogy" means? It's not a simile, or even a metaphor.
Valuable information and excellent post you got here! I would like to thank you for sharing your thoughts and time into the stuff you post!! Thumbs up! Big thanks for the useful info., http://www.optionpoppers.com/
Amen.
I asked a question which was posted to Ask Slashdot a long time ago.
A number of sneering comments suggested the mere fact I'd posted to Ask Slashdot was proof I had no business doing what I do, despite the fact I'm a recognised world leader in the field.
Asking around never hurts.
Do you or your partner snore? - Visit www.snoring.com.au