Slashdot Mirror
Best IT-infrastructure For a Small Company?
DiniZuli writes "I've been employed by a small NGO to remake their entire IT-infrastructure from scratch. It's a small company with 20 employees.
I would like to ask the /.-crowd what worked out best for you and why? I came up with a small list:
Are there any must have books on building the IT infrastructure?
New desktops: should it be laptops (with dockingstations), regular desktop machines or thin clients? A special brand?
Servers: We need a server for authentication and user management. We also need an internal media server (we have thousands of big image and video files, and the archive grows bigger every year). Finally we would like to have our web server in house. Which hardware is good? Which setup, software and OS'es have worked the best for you?
Since we are remaking everything, this list is not exhaustive, so feel free to comment on anything important not on the list."
Can someone else please make the first post for me?
Media server? How about S3. Web server? How about EC2. Seriously, why spend time and $ on procuring, powering, cooling, backing up, and upgrading all that gear? Give everyone a laptop and a gmail account. Put the rest in a public cloud.
Just remember the golden rule, and you'll be fine. "K.I.S.S Keep it simple stupid"
What hardware is in place now?
big image and video files = a poor thin client setup.
Ask Slashdot: Why do your job when you can ask others to do it for you?
Maybe that's indeed what he should do since he already doesn't know enough to do it himself, have other people do everything.
Do my job for me?
"I've been hired by a small NGO. They have about 20 employees. I do not yet know enough about what I have been hired to do, so I am turning to Slashdot. Please, do my job for me and help me look good."
Why did they hire you when you don't know what you're doing?
Get a stable release of FreeNAS on commodity hardware. It will fit the bill for all of the features you are looking for. SMB for Windows clients, NFS for Linux/Unix/BSD, iSCSI targets and initiators, support for several raid cards and drive types, software raid control, several other features. http://freenas.org/
If you want to completely abdicate responsability for it all than that's the way to go.
Then you can concentrate full time on keeping your internet connection working because you'll be screwed without it
I tend to shy away from using laptops (even with docking stations and such) for primary machines. I'd go with regular desktops. The costs of upkeep and such will be more predictable that way. I don't prefer any one brand over another, but I typically tell my clients to stay away from Dells (because of all the issues with capacitors on motherboards over the last several years). My clients tend to go local, even if it costs a tad more, and those that do tend to be happier with their purchases.
Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
Do you have any clue what you're doing?
Media server? How about S3. Web server? How about EC2. Seriously, why spend time and $ on procuring, powering, cooling, backing up, and upgrading all that gear? Give everyone a laptop and a gmail account. Put the rest in a public cloud.
Kinda like instead of hiring an IT guy to redesign the infrastructure, you can just post the question to /.
If you have to ask, they've obviously hired the wrong person. You're talking about a very small network with very basic needs.. If you can't do that without having someone hold your hand, you're most definitely in the wrong field.
And when Joe Farmer runs his backhoe through your Fiber line? Send everyone home for the day? Tell your clients that their media is stuck on Amazon?
like took some with a BA over some with 2-4+ years in the field with out one.
And the CLOUD is so in right now. Everyone is using the CLOUD. Just say "CLOUD" and you'll be swamped with job offers. Women will be... ok never mind.
Yup, agreed. You could have your webserver in-house. You'll need a safe room to lock it away in, ideally with some aircon, maybe a halon fire suppression system. Plus an UPS, obviously. And you'll probably want to hire another cupboard, with the same systems, a few hundred miles away, for an off-site backup. Oh, and make sure your ISP provides you with a sufficiently fast uplink.
Alternatively, pay someone $50-$500 dollars a year for the same. It's a no-brainer unless you've got some really, really pressing reason.
Please consider this account deleted, I just can't be bothered with the spam anymore.
Is it a mobile population? What applications are they running? What propitiatory software are you running (or will you be running)? What is the budget?
The list goes on. For the client end looking at what the users are doing will give you the answer. If they are running million plus record pivot tables or doing 3d graphic design... thin clients are probably out of the question. What would be interesting is possibly looking at software as a service solutions for the "business applications" and you mentioned media applications. Reducing the IT support by focusing on that/those application(s).
As for the backend server if you are just going for a file/web server, go with Apache, linux, I am assuming there is a database somewhere in there (hopefully it is MySQL or Postgres or something cross platform). If it is high I/O plan for that. There really isn't any mystery to this.
Bottom line - pay attention to the business requirements. If you don't then, frankly your an idiot.
Indeed. The critical thing is almost certainly the back ups and network connection. They've presumably already go the software for doing their jobs picked out and everybody knows how to use it, at least partially.
However, it's almost certainly the case that they haven't gotten their backup system in order and finalized the network.
Asking them what they want should guide things along the way. It might be acceptable to use a service like backblaze to handle the back up process or more likely they'll need to keep it in house for reasons related to regulatory requirements. Without knowing more information it's hard to know what sort of advice to give.
Keep the whole thing simple, the next person who comes in will thank you for it. Don't introduce any weird convoluted things into the system and make sure to make it so that the whole system is modular, easily upgradeable, and when the time comes and they need to expand that it's expansion friendly.
The way most people work today, that's the case whether the server is in your building or not.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
You've given us very limited to work with. But making a couple of assumptions, you're all on the same site. Here's what I would do, buy a Dell or HP server running Windows SMB 2008 for all your clients, file server and user authentication; I'd get two servers, one a PDC and one as a BDC. I'd go laptop on the Thinkpad end with Windows 7. In house wireless would be easy vs networks and switches, get a couple of Apple BaseStations or go Ruckus Wireless access points (which totally ROCK btw). As far as backups go, clients sync files to PDC, the BDC acts as a backup for files, archives and domain. A couple of local HDD's and maybe one or two stored at a bank for backups, then using something like Mozy pro for offsite file backups. That way you have onsite, near site and offsite-- lots of redundancy. Web hosting, unless you need something fancy like posting something into some local database, be cheap ass and pay the $5 a month for Godaddy. Phones: Go with Phonebooth or use cell phones. Email: Google Apps for your domain. If you're starting from the beginning: Laptops $15,000 - $20,000 Servers and network gear: $10,000 Software: $10,000-$50,000 depending on what you need.
For servers: Use Supermicro-based servers with LSI hardware RAID cards. Run CentOS with SMB so that you can get domain support in place for the Windows workstations, but avoid having to pay obnoxious per-seat/per-connection licensing ON TOP OF server licensing as you would have to do with Microsoft's solutions. If you need a full feature alternative to Exchange, check out Scalix or Zimbra (both are very inexpensive compared to Exchange) and run either one on CentOS. For backups, I've become partial to just writing bash scripts to back up to external drives. Get three or more external hard drives and rotate through them day by day. If Windows is required for your server, I would recommend the same hardware, but be aware that the total costs are much, much higher when you factor in Server+client access licensing + groupware solution + realtime antivirus (annual subscription) + email gateway antivirus (annual subscription unless you want to wrestle with perl to get ASSP running on 64-bit Windows) = your new server is incredibly expensive. Another problem with Windows licensing is eventually Microsoft will pull the plug on client access licenses for your installed version, which means that you will be forced into an OS upgrade if the current OS would otherwise be perfectly adequate for your purposes.
For workstations: to decrease total cost of ownership (the pain of maintenance. If you are not married to Windows, consider using Macintoshes instead. Mac Minis offer pretty decent performance and take up a lot desk estate than PCs of comparable quality, plus you can also run Windows and Linux on Mac hardware if you need to. Why OS X? You can escape the insanity of malware/virus/trojan horse breakouts, maintenance is a heck of a lot easier, and backup and restore is far easier on a Mac than it is on Windows.
For laptops if maximum reliability and desktop-like performance are the priority: I would recommend Macbook Pro, or if you want real mobile workstations and if the budget allows it, Dell Precision M6500. I have a Dell Precision M6400 and it's great- they cram a desktop chipset into the laptop form factor and performance is excellent, plus if I enable all the power saving features I can still manage to get 3-4 hours of use on a charge (about an hour if I turn off power management for max performance). The M6500 is far better than my M6400 performance-wise as it uses Core i5/i7 processors and a newer generation nVidia chipset. If portability is a concern I would still go with the Dell Precision line, but the M4500. If budget is a concern and rules out the precisions, some of the Latitudes are pretty good as well, but I would stay far away from any of Dell's other laptop lines as the other lines are not built nearly as well (their netbooks are okay though).
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Let the new desktops vary according to what needs to be done; the needs of someone who's going to be editing a ton of video files are very different from someone who's going to be writing text in Word. There's only twenty employes, I don't think it's an onerous task for you to sit down with each new person who needs a new machine and talk about what they're going to be doing and how they'll be doing it; what's the setup of their dreams for doing their job if money's no limit, what can you get together that's actually within the budget?
egypt urnash minimal art.
Remember, your job is to make sure everything works smoothly for them, and if that means more work for you, well, that's what they pay you for. There's no one-size-fits-all solution. By asking them what they want and expect, you'll get something to start from.
Jesus had a UNIX beard.
New desktops
Get 20 desktop machines. For those employees who sometimes work remotely buy a laptop with docking station instead.
We need a server for authentication and user management.
Buy one server for authentication and user management.
We also need an internal media server
Buy one media server with lots of hard disk space.
and the archive grows bigger every year).
Make sure you will be able to add hard drives (possibly external) to the media server in the future.
OS: get what the IT admin (you?) are able to administer. A 20-employee company might not have a dedicated network administrator, so setting up a Linux environment in a MS-centric company could end up badly.
Seriously. It's 20 people. You can't really screw this up unless make their media server world-writable to the internet.
I think Microsoft still gives a bunch of free licenses for NGOs for Windows and maybe Office. Consider looking into it, as it will help you avoid a training budget.
In a BI-project I now assess the maturity of the organisation before I implement anything. I've had bad experiences with implementing advanced solutions in non-technical environments: they just don't get used.
So:
- Who will be maintaining the IT-infrastructure after the project is done, and is that full time or parttime?
- What are the skills of said person(s)? Windows, Linux, or non-existent?
- Is it the intention or even a possibility to outsource the maintenance?
- Is it the intention or desire to have the option to hire additional help on demand?
- Are the people in the NGO dependent on applications or software that needs to be ported to the new environment?
- Do they have specific hardware requirements for specific parts of their work, that necessitates ruggedized or other non-standard equipment?
The first 4 questions determine how much leeway you have in speccing exotic software. If you have to outsource or hire, get whatever the rest of the market is getting. Otherwise you have *some* leeway there. But not much. IMO, NGO's and other non-hightech organisations just can't deal with fancy stuff, even if it is much better than the non-fancy standard stuff. It's like selling cars in Africa: yes, the latest Mercedes M-class is a beautiful car, but if I bring one to the village smith, he won't be able to repair it. Get an old Toyota Landcruiser and more often than not they have the parts lying around and can just weld something together that will get you home. Which beats dying in a remote village in an airconditioned but very comfy Mercedes.
Also, you need to know which legacy apps to maintain: if they run on Windows and you're going for Linux, good luck with that.
Finally: a web server in-house? Why? You're asking us for advise on the OS etc: the onliest reason I can think of for getting a webserver in-house these days is if you have very special requirements for the stuff you want to run on it. And since you're asking *us*, that doesn't seem to be the case. So don't do it. I've dropped our webserver like a hot potato and never regretted it, even if the hardware was free. Just securing the thing, running a firewall, configuring the firewall, maintaining the webserver, backups, etc. are very expensive compared to outsourcing it.
As for clients: I have a client (a person, not a computer) who standardizes on Apples. Cost a bit more to purchase, costs MUCH less to maintain. But here as well: you need to deal with legacy applications, training and other issues.
So without more background, any advice is meaningless. It will be great for someone, but possibly disastrous for you in your situation.
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
Duh, mice need to have "buzz cuts" not braids. That creates shorter distance mouse com-fibers that have the fastest response time to user input.
First off is keep it simple. The simpler the better. This is not an enterprise, they don't have a lot of people to call on for support. So don't build anything complex.
I probably wouldn't bother with central authentication unless there's a reason, just do it per computer. Ask yourself what it gains you to have. If the answer is just "simpler administration" then don't use it. 20 computers is not a problem to administer without it, particularly since not everyone logs in to all computers. However the central servers are a point of failure, a place for problems.
Also have someone else host all your servers unless a file server is needed. There are plenty of good server hosts out there. For the web, depends on what you want. Pair is a top notch web host I used for many years. Top flight quality in every regard. Hostgator is who I use now to save some money and I'm perfectly satisfied. It works well, is reasonably fast, and they don't bitch that I do like 100GB of traffic a month.
For an internal file server, something simple and reliable. A computer with RAID-5 or RAID-10. Make sure to do offsite backups. An easy option for that is Acronis Trueimage. Great backup program and they will do network backups for a fee. It can encrypt the backup so no security issues. If their service is too expensive, use the software to backup to external HDDs and lock them in a safe or something.
Thin clients: You must be joking. Don't do thin clients unless you understand it well and are willing out lay out a lot of cash to make it reliable. Remember that if a desktop crashes, gets corrupted, whatever one person can't work. If the tin client server goes down EVERYONE can't work. There are some situation where they make sense. If you aren't experienced enough to know when don't use them (yours isn't one BTW).
As for computers, get something from a major supplier. Dell or Lenovo are my recommendations. They don't have an in house IT department they can't really be faffing about with repairs. Get them from someone that'll do onsite service and get a nice long warranty (unless you are sure they'll be replaced sooner). Make sure that there is a company out there that backs up the hardware that people can just call to have shit fixed.
Desktops vs laptops depends on the usage. If the intent is that these are used in the office, then desktops. They are cheaper to purchase, cheaper to find repairs for out of warranty, and harder for someone to walk off with. Don't get a laptop unless there's a real need to get a laptop. If people are going to be walking around with them for work reasons then fine, though it still might be good to have a desktops as well in case they forget their laptops at home or lose them or something.
For OSes, depends on your needs. I'd say Windows unless you have a reason not to. Yes, yes I know MS evil and MS tax and all that jazz. Forget all that. These computers are tools to get a job done, the users don't care past that. Get them the best tools for the job. That will probably mean Windows for running MS Office, and for working with media since Linux tends to fall down in that department. Only do Linux if you are sure it will meet their needs (and by sure I mean you've tested it) and they can get the support they need.
In general I'd stay away from Macs. They cost more per unit, and they are not good with business support. Their idea of support is generally "Take the system to a store, we'll look at it and get it back to you." Fine for a consumer, not for a business. For a business you want "I call you and a tech shows up tomorrow with all the parts to fix it." Only go with Macs if you have a real reason and if you can't think of one, then you don't have one.
Remember to keep pragmatism in mind above all else. Get people the tools that do the job they need. That is all computers are to non computer people is tools. You are just being asked about expensive hammers or saws or the like. Your job is to figure out what they need, what will do the job the best, what can be th
I say use Google Apps for email and Dropbox for Teams for file sharing Everyone can use their own clients and platforms (Mac, Linux, Windows) and can access their email and files whenever and wherever there is internet Google Apps: http://google.com/a/ Dropbox for Teams: https://dropbox.com/team_create Plus, a lot of people probably are familiar with GMail and they can use Outlook, and Dropbox is just easy to use Also, for a website, just use a host like GoDaddy or something, the cloud is the way to go (IMHO)
Check you techsoup.org. Cheap and free software for 501.c3 organizations.
You can build a stable and scalable infrastructure with any of the major OSes out there, so I would no be afraid to choose. The catch is: you have to know what you are doing. If it is just going to be you designing and supporting the infrastructure, pick whatever technology you are most competent with. Same for video servers and web server technology... but in this case, try and use server software that does not lock your content to that particular software, so you can change later. Standards help... though be careful: using an open standard like ODF seems nice, but you will find the rest of the business world pretty much 100% on MS Office.
If you plan to use technology or software with which you are not too familiar, I would seriously consider hiring a competent contractor to help, even if it's just for a few weeks of design work.
I can't say much about hardware. Whatever brand you pick, some people will praise it while others will have their horror stories about that brand. Desktops or laptops? That depends a lot on who will be using them. Why not let the users choose?
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
I work for a large non-profit, though we have offices all over the world with a pretty wide range of technology and budgets among them. One of our biggest drivers is cost and what a lot of people forget is that people are more expensive than just about anything else.
Everything you decide to do for yourselves means that you'll need more people who know what they are doing and that's expensive. If someone else can provide the level of expertise you need as part of a service, that can be huge.
Software definitely shouldn't be your highest cost. FOSS is usually free or close to it. But commercial software should also be inexpensive. Microsoft for example gives crazy discounts to non-profits.
What type of machines are best for people to work, depends a lot on what they do and how they do it. We have very few people in our offices that use desk top machines. Mostly graphic arts/video editing folks. Almost everyone else is using laptops.
Our area offices are close to what you describe in size people wise. We recommend that they have as fat a pipe as possible ( not much in some parts of the world ) and that's the most important piece. We encourage them to buy a good switch, good wireless access point and some printers that can connect to the network without requiring a print server.
Our financial/donation/HR apps are hosted remotely and accessed via Citrix. They all have batch modes for those areas with intermittent connections to the web. This alleviates the need to find people for every office that can take care of all the technical needs a local network and software generate.
This isn't exactly the same as you describe - but I'd recommend looking at the full cost of ownership of any option - not forgetting what competent people will cost.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
What's typically used in this sort of organization? What types of collaboration have to be done with folks on the outside?
Really, that defines the desktop choices. If, for example, a lot of publication or graphics work is going to be done - you'll want a Mac for those people because that's what the outsiders they'll coordinate with will be using (believe me - we didn't do this and it's been one annoyance after another over the years, thanks to my PHB!). If the support staff will have to work with folks on the outside at all - you'll almost certainly want to give them Windows and the latest version of Microsoft Office.
Servers... hard to think of a reason not to run Linux. Well, actually, again - who's going to be maintaining the boxes (is it you)? What's your comfort level with Linux or Windows servers?
Has anyone associated with this organization actually asked these questions?
This is not a good time to experiment, or to push your own agenda regarding how the world should be versus how it currently is. You're obviously young, and new to all this - if you're hoping to make this a career, you want to make sure the client ends up happy with your work.
#DeleteChrome
Your TCO having the users on Macs will be lower, as explained in prior post. Less help desk issues, almost no viruses, better backup, higher user satisfaction, and 3-year h/w service from Apple. Have your employees sign up for swimming or cooking at the local CC for one quarter and get 10% educational discount on the hardware. Run VMware Fusion on select machines that HAVE to have Windows. 20 employees? Put what you can in the cloud.
I will create a sig when innovation restarts in the U.S.
I did exactly this when building out my recent company. Google mail service is fairly good, but hosted exchange is far better in terms of operating like a normal company with blackberries, etc. We outsource our web serving also. We basically have a fileserver and a pair of ADS boxes for inside services, and a redundant Internet connection.
A year spent in artificial intelligence is enough to make one believe in God.
They hired this guy based on, let's say, "stylish" reasons and not by his qualifications. Because if he were a real geek, he'd know exactly what, how, and how much off the top of his head. So, let's fuck with him:
"Dude. You need a Mac Pro server and a 12-Core Mac Pro on every desk AND every one absolutely needs a 64GB WiFi 3GS iPad AND an iPhone. Otherwise, you will FAIL and children will starve!!!"
RIP America
July 4, 1776 - September 11, 2001
What do your users need to run? Is it basic Web/Email/word processing, or is there something else thrown in? If it's something like that you could probably get away with a bunch of thin clients and a big central server. Check out LTSP.
As for servers, from the information you gave it seems like a basic file server would work as your media server. Make sure you have enough RAM, and take a look at something like Ubuntu server, should be pretty straightforward to get going for 20 people. For your Web server, how much traffic? The same thing applies, RAM is good, and Ubuntu will work for you there too. Also, how much traffic are you looking at? You should also look at tuning Apache (or whatever server you end up using) for best performance.
And of course, if a GNU/Linux solution isn't your thing or Ubuntu isn't your thing, adjust accordingly.
Saying "I'll probably get modded down for this" in a post is the best way to get it modded up.
... if you need to ask slashdot how you should do your job... ???
If you aren't able to figure out the question at hand yourself I doubt your expertise for actually doing the job. Even if you get it running I suspect something will fail along the way. Unless I am wrong I urge you to look in the mirror and be true to yourself, your boss and the employees that count on you.
The first question is, who will be supporting these servers and what kind of expertise do they have? Second question: what are your needs? What kind of software will you be running? Third question: what does your budget look like? Answering these questions may answer your questions.
If your users are comfortable with Windows and you only know how to admin Windows servers and your business needs MS Office and Exchange, then you'll be buying a bunch of Windows machines. You won't find a manufacturer that people don't complain about, but Dell and HP are generally fine.
If you're a real Linux whiz and you want to save money on licensing costs, then Linux is certainly worth considering. Assuming you want an office suite, web browser, and email, it should be fine. Watch out, though-- if someone absolutely needs Adobe CS or MS Office (or other Windows specific software), you'll probably want to use Windows or Mac clients.
Macs: I like them. Imaging is easy. Administration is easy. They run Unix tools. Users like them. You can get major commercial software like MS Office and Adobe CS. I actually like iWork quite a lot. If you want to, you can run Window or Linux on them. On the down side, they're expensive and there are limited configurations. Most configurations are not upgradable. Also, it's worth noting that Apple is stopping production on their only rack-mount server.
Where does all this leave you? I don't know. I'm sad to say that if you're running a small business with limited tech capabilities, Windows SBS with Windows clients is a pretty safe bet. People are familiar with Windows, it's well supported, Windows domains provide an easy single-sign-on, and Exchange works well. I stay away from Windows, though, because I refuse to buy software which requires activation. Also, windows licensing can get expensive (don't forget about the CALs!).
And when Joe Farmer runs his backhoe through your Fiber line? Send everyone home for the day? Tell your clients that their media is stuck on Amazon?
And how often does that happen? Often enough to pay for server hardware, power, cooling, upgrades every 18 months, backups, and sysadmins to run it all?
And when Joe Farmer runs his backhoe through your Fiber line? Send everyone home for the day?
That's pretty much my experience with SMB. Especially with multiple locations or a datacenter elsewhere. The local staff just go home because they cannot fathom working without access to the Internet, even if local services are still working.
I am responsible for IT decision making for a similar-sized startup. I have around 15-years of IT-like activities behind me. At my current job, I keep costs low and the organization agile with a few simple rules.
Everyone gets a refurbished MacBook Pro with AppleCare. If it breaks (pretty much never), the user takes it to the Apple Genius Bar. Once the warranties run out, there's an Apple-certified support center near by. We replace computers every 2-3 years and keep a spare around just in case. Everyone gets a $100 USB drive for TimeMachine backups, so a damaged or lost laptop is at worst a few hours of lost productivity. If a user wants to run something other than MacOS X they're welcome to do so on their own.
We have no servers in-house other than a small Linux box which serves as a router. The network is managed with the goal that it be no more complicated than anyone's home network. "Network is down? Reboot the router." Granted, we have a symmetrical 10mbps RF link via TowerStream so it's pretty fast, but still, K.I.S.S.
All email, calendaring, etc are handled by Google Apps. $50 per person per year is ridiculously cheap for what it gets us. Most file server type needs are met by either Google Docs or DropBox.
For phones, we have an old PC running an Asterisk derivative and some VOIP desk phones from craigslist. We also have a GSM booster on the roof, and most people who need phones to work have company-funded iPhones. We're also looking at moving to Google Voice now that it's included in Google Apps.
Seriously reconsider the wisdom in running an authentication server for 20 users. You will spend more time configuring, patching, backing up and fixing that directory server than you would managing a spreadsheet of 20 local admin account passwords.
Run your corporate web server in-house? No effin' way. EC2 or a co-lo, never in house. You cannot cost-effectively match what a decent colocation provider can give you with regard to cooling, power, network capacity, redundancy or room for growth. They's what they do and they almost certainly do it better than you.
Wow,this is what happens when someone asks for help from an open source crowd! The ones who are all for sharing and showing love to one another so as to make software better and work relations better as well.Open source and Freedom seem to have got lost in the frenzy.Makes me sad to be on Slashdot and see this.
You might be able to do the job, but you lack confidence...
We might be able to do the job, but we lack details and motivation.
So, hire a more experienced consultant to help you out.
Or just think some more about it, and enjoy learning by doing.
Great idea, except:
1) S3 performance is poor. You've got to pay a LOT for performance.
2) Non-hardware (administration) costs are still going to be the same.
3) Cloud services are dependent upon connectivity. Which do you trust more: no link failure in thousands of miles of cables, fiber, and networking equipment, -or- the volatility of your local network and attached storage systems? You will need at least 2Mbit of low-latency throughput for something like this.
4) You will need redundant outside-network links. This may not even be possible in his locale, and if it is, there's no guarantee something upstream won't die (and in many places, the certainty of something failing upstream is fairly high due to shared carrier).
5) Are connections of sufficient throughput and latency even locally available? There's no mention of things like: mail use, type of work performed, etc. What if they do CAD work? What if they do a lot of email with attached documents? Graphic or sound work? These are use cases which are horrible for cloud computing.
That's just a starter list. It's suitable for some purposes, but for most day-in and day-out stuff, it is not good as a primary source of IT infrastructure.
For general purpose daily cloud computing, S3 isn't even a good/best option.
As for the OP... this guy should obviously not be in IT. The most notable thing missing from his list is: competent and experienced IT personnel. Obviously this was not considered as a requirement by those paying the bills, but it is important.
Hint: use requirements are the first thing to consider. Everything is based off of that. The vendors picked depend on experience and available purchase agreements. What I do for 90% of my customers will likely be a poor fit for many of your customers. And so on.
Fucking amateurs. They make us MSPs look bad.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Agreed. Laptops only when needed. Do people need to be mobile during the day, moving from place to place taking their computer with them? At a 20 person company having one person visit the office of the person with the computer in question does not seem prohibitive. Taking your computer to meetings and such, vastly overrated and usually a distraction.
...
If you like the idea of people taking their work home do you accept the increased costs of lost and stolen laptops and the decreased lifespan that frequent travel brings? Is your data secured on an encrypted volume? Even if IT creates an encrypted volume are users actually using it rather than saving files to the unencrypted desktop? Have you planned training to address this sort of issue?
When traveling overseas these lost/stolen concerns magnify. Furthermore is there anything on the laptop that your country does not allow to be exported or anything that the visited country does not allow to be imported? Perhaps even that state-of-the-art encryption software you normally use has export/import issues. Not to mention the "personal" folders where porn was downloaded. Have you planned training to address these issues? Even when a laptop is clean customs may hang on to it for some reason, its fully within their power to do so. Will having a person lose their day-to-day computer be an issue?
When a person takes work home are they on the clock? Do you live in a jurisdiction where unpaid overtime is becoming more and more of an issue even with salaried people? You may be setting your company up for an unpaid overtime lawsuit once someone becomes unhappy and quits. I've seen it happen. I've seen companies in California switch all their engineers and lower level of management from salary to hourly due to this sort of thing.
The list goes on
Laptops can be great and they can be required while traveling. Perhaps have a few than can be checked out on rare occasions when people *must* work at home or travel. Have them copy only what they need for that day or trip, and wipe the laptop when returned.
make it supereasy, SunRays for everyone.
You never mentioned a platform, so I'll assume you will use the same infrastructure as 95% of the world, Windows.
Windows offers many useful tools and functions (group policy, WDS, etc), and in it's small business server form gives you an extremely robust solution for a good price, up to about 50-75 (75 hard limit). It includes Exchange, Sharepoint, and internal media serving via Streaming Media Services should suffice. It also includes wizards for nearly all it functions.
The pain is the need to re-buy software if you grow above 75 users...
Ken
The only element of this which really needs any non-standard thought is the media server, and that depends. If you're just archiving stuff, even that isn't a problem, but if you have multiple people doing video editing, for instance, you will need some serious power
in the server and it's network connection. You also need to assess what level of reliability you need in that media server -- for instance can you afford to lose a few hours updates if something bad happens. If so, a standard server plus (say) mightly backups to another machine with a big RAID will do fine, if not, you need mirrored servers, and other complications.
As for someone with a BS, I'd never hire someone with a BA in IT related fields unless it were (maybe) a project manager, their knowledge was commensurate with a BS, and they had work experience.
And "2-4+" years of experience is inferior in your mind to some schmuck with a 4-year IT-centric arts degree? I will take someone with 3 years of solid IT experience over someone with a BA, any day of the week. Experience, with demonstrated competence, trumps formal schooling unless additional demonstrated competence is provided by said degree holder.
Conceptual stuff is important, but if they can't get the job done, they're useless (and cost more).
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
With very few specific exceptions, I would never put my business "on the cloud".
GMail? Nothing wrong with that... as long as you don't mind all your internal memos being examined by data-mining software.
S3? Cool. Let's just put the video about our upcoming IPO on somebody else's servers, where others can have access to it.
EC2? Yep. All of your financial reports and graphs will look just great coming from somebody else's data store.
Okay, so I'm being a bit sarcastic. But not much. I wouldn't care much if it weren't for the fact that we know they actually do mine data.
OK, seriously, I've done a couple dozen of these 10 to 50 user installations. Half the time is spent at the beginning to determine what the customer needs and wants, and what the budgeting will be. Things invariably cost a lot more than the customer anticipated so your goal is to manage expectations. If you don't do that, your life will either become a living hell (if you will be providing long-term support) or you will leave behind an unhappy customer.
Some of the basic things that were not considered when customers brought me on:
Are there remote employees? Will they need VPN access? What platforms are they using to connect? Can you verify that the endpoints are secure?
What is the anticipated volume of mail? In this day, it's often much cheaper to outsource to Google for smaller installations, but in some cases it makes a lot of sense to keep in-house.
When hosting your own web server how much downtime is acceptable? Do you need 24/7 uptime or will you have maintenance windows? What if your primary site burns to the ground? Do you have the floor space and adequate cooling? How much traffic is anticipated at the beginning of the project? How much do you expect to grow?
What applications do you need in-house? Accounting packages? Company intranet? Database? How will you separate your LAN for security purposes? Do you take credit cards as part of business?
What infrastructure applications do you need? Can you afford downtime on these? How many ports/switches do you need? Wireless? Separate backup LAN? OOB management for your servers?
Before you even start pricing hardware, find out what your customer needs and wants and willing to pay for.
What software do you currently use?
This decides a thin-clients vs. fat-client approach.
I'd second giving MacMini's a thought, while outsourcing as much as possible.
Windows 2000 - from the guys who brought us edlin
Probably a lot more detail is needed to give a useful answer to your question. However, there are some issues not mentioned yet. First, what is the budget for system administration and maintenance? Is there a budget for that at all? I do (volunteer) system administration for a couple of small human rights organisation (about the same size as yours). They are cash strapped and don't have the money to pay for a system administrator, or to contract for the work as needed. The rely on volunteers, and these are really hard to find. So, ask yourself what kind of expertise is available before you decide on a system. makes no sense to design a superb system when you have no one to keep it running. Hardware is generally kind of uninteresting. I would go for wireless (RADIUS) for as many clients as possible, and don't buy unnecessary powerful PC's. Waste of money. One system I build was based on Google Apps (Education license available for non-profits) for mail and remote access and a local NAS with LDAP that synchronises with Google. Create an account locally, a Google Apps account will be created automatically. Clients Windows XP / Windows 7. What makes this a good system is very low maintenance, easy deployment (everybody knows Gmail, etc) and good support for remote users. Office staff can deal with almost anything needed to keep the system running. For the NAS I used a Intel SS4200 NAS with 4Tb raw storage and installed a core version of Ebox (zentyal) on it for filesharing. LDAP and RADIUS. Web interface, office staff can deal with that. The second system is a MS Small Business Server 2003 with about 12 clients. That works well, problem is you need someone who knows SBS, and can handle sysadmin tasks. (And no, in my experience most people working for non-profits can't handle that). Licenses for SBS (and Windows) can be purchased through the Microsoft program for non-profits. it's cheap, and the money should be no problem. Mail runs on the SBS server, remote acces to the office PC's too. be ware that security is a bitch in this setup. Much harder to keep it safe that the first system. You say you want to run the website from the office. I have no idea why you would want to do that. It's a headache. If you go the Googel Apps way, use Blogger for a website (if simple is good enough) or create your own website with Joomla (host it somewhere) and handle authentication for your website through Google Apps.
What happens when the "cloud" company goes belly up without notice and takes your data with it?
Start with he network; Cisco ASA5505, Cat 3750-24, UC520 + 1 6965 phone per desktop. Servers and Desktops Buy a dell power edge 905 server. Toss Small Business server on it, setup roaming profiles, wsus, and windows deployment services. Buy dell optiplex 980 desktops, build windows 7 deployment image, sysprep and upload to server. Deploy image to all the desktops at once, lock down admin privileges, setup deep freeze and with a nightly or weekly maintenance mode. But then again, they should have hired someone who already knew this.
Should a company really put proprietary or sensitive information in the "cloud"? Is trusting your data to a remote location with a 3rd party, and thus constantly transmitting and retransmitting the data, really the best solution rather than maintaining your own infrastructure?
For a company that has no such data, the "cloud" may be a viable solution. However, when I routed my university email to gmail for my smartphone (since it did push, rather than pull every 15 minutes), I remember my bosses musing. He said he wondered how the university would feel if all their sensitive research (research = $$$ through grants and IP rights, and thus means new data is as vital as those bits representing your bank account balance) was placed on a service that scanned them for ad words - especially those departments involved with research with Microsoft or other rival companies. Although I do no research at my university, his point came across loud and clear. Its all about how much do you and should you trust the 3rd party "cloud" services.
Very interesting subject to me, because I've done this. I built the IT infrastructure for the company I now own and operate, but at the time, I was building it for some one else. It now just became mine through some sick twist of fate. Anyways, that said, ANY ONE WHO HELPS THIS DOUCHE BAG IS ALSO A DOUCHE BAG. OP; you should have never taken this job. You don't have the experience and know how to do this right. You should now go and an hero.
::i visited slashdot and all i got was this lousy sig::
The only answer i can give you is: 42!
The problem is, that you don't understand your own question.
E.g. Thin Client vs. Desktop vs. Notebook is not a universal truth. Nearly everything on the IT market exists for a reason. If you are mostly working on large images, thin clients would usually not be the very first choice. A desktop PC may not be well fitting for your much traveling CEO. Laptops in call centers have a tendency to disappear.
I can counter every question you ask with a dozend questions you have to answer first.
You are asking "Do i need a Porsche or a Scania flatnose truck?" What answer would you give on such a question (beyond ROTFL)?
Any answer you get at such a question now is an ideological answer or based on incomplete data.
People answering are replacing (in their own minds) your unknown needs with their well-known needs and answer accordingly. If you happen to take an answer from someone who has a similar usage-profile as you do, you get lucky. If not, your f*cked.
CU, Martin
maybe a halon fire suppression system.
Halon hasn't been advocated for years, what with the nasty side effect of depleting oxygen and killing people and stuff. Water + insurance + good backups is the current best practice.
And when Joe Farmer runs his backhoe through your Fiber line? Send everyone home for the day? Tell your clients that their media is stuck on Amazon?
Easy! Just fall back on your emergency operations procedure (likely involving paper) until service is restored.
You do have an emergency ops procedure, right? /., at least? :-p )
(Or you will after another next ask
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
Yeah, NGO = NON Governmental Organization = tree hugging PC hippies who have no clue. They'd only hire people based on their ability to fit some diversity requirement because no honest government would ever hire them... governments hire only the most competent and skilled people, which is why all US citizens are so happy with every government agent they ever encountered and why they support the government taking over all sectors where private businesses operate.
Yeah, I took your trolling and jumped full force into the flames. My point is this: with so little information on the original poster you shouldn't assume anything about their qualifications. After all, you wouldn't want me to profile you as a racist due to a single post that seems to indicate you believe that certain people can only be hired for their "stylish" qualities and those "stylish" attributes mean they are not qualified or skilled to perform a job.
The current Gmail administration seems to be OK, but what if it changes and what if they do by this time the same business?
It would be difficult to compete with guys who host your e-mail accounts and documents.
GMail? Nothing wrong with that... as long as you don't mind all your internal memos being examined by data-mining software.
Not to mention state and federal laws (SOX, HIPAA) that require controlled access to certain information.
Do you even lift?
These aren't the 'roids you're looking for.
This is a public forum, we're all volunteers here.
Personally, I'm okay with the occasional "Help me with best practices" post. I wouldn't want to read that stuff all the time, but it adds to the mix, when taken in small measures. Keeps me in touch with developments outside my immediate interests. Sometimes generates lively debate. Maybe helps other readers in the process, benefits the general welfare.
If you want to blame anyone, blame Slashdot editors for publishing this kind of thing.
-kgj
Amazon S3's website has a nice spiel on how to make HIPAA complaint web apps accessing it. Encrypting your data before putting it in the cloud isn't exactly rocket science.
Seriously. What did you put on your resume?
>> And when Joe Farmer runs his backhoe through your Fiber line? Send everyone home for the day? Tell your clients that their media is stuck on Amazon?
Dual connections with different topologies and hardware fail over. It isn't that expensive.
Having said that, I still would hesitate to put core assets (or even email) in the cloud.
I know it's Slashdot, and everyone here gets a rush from insulting people who they think know less, but really?
IT for an NGO with 20 people is a pretty entry-level position for setting up infrastructure. Even with experience it's useful to know what current thoughts are. Slashdot has a huge concentration of experienced people who can give good advice (and plenty more who can't.) You'd be a pretty poor infrastructure engineer if you didn't do some research before building things up for a new company. I think they made a great decision, the poster is being proactive in asking a big group of knowledgeable people for their current advice, internet searches alone can yield outdated advice. Sounds like someone I'd like to hire.
Plus it gives us all a great chance to update long-standing arguments about custom vs. generic, cloud vs. internal, mac vs. linux vs. windows, etc... And don't even try to say you don't like arguing about these things.
"Until the become conscious they will never rebel, and until after they have rebelled they cannot become conscious"
Host your internal media in the cloud? Are you crazy? Would you really prefer to have your large media files, gigabytes in size, at the other end of a 1-10MB/sec Internet connection, or hanging somewhere locally at the other end of a gigabit Ethernet connection?
Specialist Mac support for creative pros, Melbourne
My firm is a pretty small shop, with everything running off ClearOS. It's a really fantastic server/middleware package with a great configuration, plus domain services, etc. Honestly, it can do everything you need, and you even have options (can use local clients, etc, or the well-configured horde/kerberos install). It's running CentOS so if you want to branch into more advanced stuff, then it's all there and relative simple (as simple as anything is with SELinux). They also offer a $1000 box with certified hardware in a blade profile which seems nice, but since we have an actual server I have no actual experience with it. As for the software, however, I recommend it highly.
As for what machines for your clients, it really depends on what they need. If you're small-scale, then thin clients aren't going to save you any money. My advice is to talk to your users/their managers and figure out how they work. Do they do work from home? Are they on-site at all? Do they have a lot of working meetings? In those cases, laptops would make sense. If not, desktops would be cheaper.
I agree with you totally.
A lot of us have privacy concerns also. I guess for some, it's ok for all of your data, databases, accounting information, internal emails, etc, to be hosted on someone else's hardware. Lots of "managed hosting" providers have physical and root/administrator access. Great. What's a database of industry specific customers worth on the black market? Way more than the technicians on site will make in a month (or possibly a year).
Depending on the data, they may be contractually obliged to maintain their data in a secure location, where no one but a limited list of vetted employees can possibly have access to it. Google, Amazon, or even folks like Rackspace, won't give up their employee list with names, SSN's, home addresses, etc, for background verification. You'd be lucky to get the first and last name from the guy who you're talking to on the phone, much less a clue of who just logged onto the console to do a repair.
Serious? Seriousness is well above my pay grade.
Each business will have so many different things going on that it is unpossible to answer the question.
I would ask THEM as much what they would expect. Even get one or two key users involved, so they can sell your idea to the rest, because people do not like change. An internal person will be of big value, especially if that is not one of the managers.
And if you have many images and video, I assume also they will love desktop estate, so two screens or even three. Hardware? If we have no idea what it is used for, how can we answer? Setting up the system is the easy part. Who is going to maintain and upgrade it and how? What if that person doesn't do it anymore?
What is the software they are going to use and what does that software need? Does every person in that company has the same need. What will be the needs in three years?
There are so many unanswered questions that answering them is impossible.
Don't fight for your country, if your country does not fight for you.
5) Are connections of sufficient throughput and latency even locally available? There's no mention of things like: mail use, type of work performed, etc. What if they do CAD work? What if they do a lot of email with attached documents? Graphic or sound work? These are use cases which are horrible for cloud computing.
YOu have just explained why I'm not likely to ever see my data in the "cloud", hell, our own server across the room is too slow for a lot of CAD models, even a 5400RPM harddrive is sometimes. Load a 600MB part into an assembly of 10 of them, or even just the one 600MB on into a 200MB assembly, now multiply that by 5, and all of a sudden you just about cannot get enough bandwidth on your server. Same goes for those people in video or audio production.
All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
Is to fire the OP and get someone who knows what they are doing before they waste money on whatever the OP decides to do.
However, I am in this camp concerning this issue:
There are a couple things I can say. When I was going to build a practice domain at home with windows server (to centralize authentication and creating roaming profiles like at our university), I asked my boss the best way to incorporate laptops into such a model. His reaction was "Why?" A domain with central authentication for small groups (to him under 30-50, depending on the needs of the organization) creates more management work to be worth it. He took down his domain at his house and went to a media server since it was easier to manage - and laptops are just way too problematic to deal with in his view.
That is just one view. As yourself these questions: how will I install base images to the computers? If a new employee replaces an old one, will the system be re-imaged or will they use the existing set-up with all the legacy files? What software do I need? How will software be distributed (for example, locally installed or pushed out with SCCM or using virtualization like whatever SVS is called now or Microsoft Application Virtualization)? Will employees be assigned a specific computer or will they need to be able to use any workstation like it was their own system (the latter is our university's computer lab setup... and a lot goes into setting it up/maintaining it)? How sensitive is the data? What type of data needs to be stored? What level of scalability is predicted to be needed (or, will this NGO of 20 have a chance of becoming an NGO of 100 or an NGO of ten locations with 20 under central IT management)? What skill level/competencies will the NGO employees have? (Many times there are volunteers, which means you are dealing with the typical and often retired home-user *shudder* - like my mother, who managed to crash her PC regularly and even crashed the Mac I replaced that with!)
So, post a new thread with some details if you really want a serious answer to your problem. The questions I put above with the other various responses to your posts should give you a good start to all the questions you have to ask. Once you have a well defined problem to give us (not in the mathematical sense, but in the sense that people can conjecture about a solution due to specifics being provided), then I think you will see many more potential suggested solutions. Also, don't forget to respond to posters when they offer responses. :)
For such a small organization you might want to keep things as simple as possible given you're not going to have many staff to support 20 employees. Probably "one guy". To that end:
* Branded Gmail for email and calendar. You can use the branded google accounts for IM as well. The spam filtering and uptime are very good. Also you don't have to manage any of it. Your employees can automatically check their work email from anywhere w/o having to get on a VPN or use a particular email client.
* Macs. Makes you functionally immune to malware. Repairs/replacement are pretty speedy, esp. if you have a Mac store in your area. If you absolutely positively must have MS Office then you can get it as a native app. If you must run Windows then there's a free virtualization option (Virtual Box). It's not as good as Parallels, but it gets the job done.
* If you expect your employees to occasionally work from home (or on the road) or if you want to at least give them that option, then get everyone laptops. Providing external monitors, keyboard, mouse is fairly cheap. MacBooks (not MacBook Pro) are in the same ballpark cost-wise as similarly spec'd name-brand PC laptops.
* Hosting your own web server sounds like an unnecessary pain in the butt. If you absolutely must, then Linux/Apache is probably the way to go. I'd recommend the latest LTS version of Ubuntu (10.04). Going with an esoteric distribution just makes finding documentation and fixing problems that much more time-consuming.
I find it humorous that you assume people still work a world where you can operate when disconnected from the Internet. Even if everything's hosted locally you can't use the web or send e-mail. So yeah, you just go home for the day, I don't care if your servers are down the hall or the other side of the country.
But the obvious answer is redundancy with physical diversity, of course -- regardless of where your IT infrastructure is hosted.
I suggest build your own for all. If you have a small company, you may be able to get a bulk purchase saving. Build your own server and use Ubuntu Server. Use Ubuntu Desktop for the terminals. You will save money and be able to customize everything the way you want. Look in to it and you will see what I am talking about.
First Get the Zwicky book and follow the pretty pictures that do NOT have the universal no symbol next to them.
http://oreilly.com/catalog/9781565928718
This will mean that the person that has to clean up after you, does not have to start with ripping out all the wiring.
Second, set up a wiki for documentation so the person that comes in after you doesn't have to rip and replace because it is cheaper and quicker than figuring out what you have done.
Third, install network monitoring software such as opennms. (if you have a choice between one $1,500 server and two $500 servers go with the two $500 servers)
Fourth, do a netwok audit of all hardware and what software is on that hardware.
Fifth, price out what it will cost to bring your organization into compliance, if you are in the US and not a 501(c)3 this will probably be expensive.
Sixth, install project management issue tracking software, I use recommend redmine.
Now you are ready to start doing your job. (or at least you have not made the situation worse, and could possibly contract out your job.)
Work bio at MMWD
We use gmail for our company as well, and I have only recently hit the wall with it. I get a mew hundred MB of messages, and there is no method of deleting (or archiving) attachments off the system.
I am still surprised that there is no popular "appliance" type server for this purpose: something that supports file, print, authentication, accounting, and phone system out of the box. Go extra fancy and allow for painless mirroring and snapshot backups with a second (and third) unit if desired. It seems like at this point in time it shouldn't be that hard to do...
Having a Windows domain controller with centralized authentication is YES going to save your sanity, and your security.
1. Centralized authentication, so you as the IT guy can get on any machine no problem.
2. WSUS -- so you can actually get all your systems updated with MS updates, and keep them updated.
3. Login scripts and Group Policy -- so you can keep your other software updated. (And standardize settings. And make rolling out new computers MUCH faster.)
4. You'll then be able to get centralized/enterprise antivirus as well to keep your system properly safe.
If you have to update your software manually, and have more than 5 or so systems, you will NOT be keeping them up to date.
Yes, this costs more. Yes, this requires more upfront costs, time, effort, and learning.
This will also save your ass if you grow, as workgroups don't scale unless you have lots of cheap IT labor.
And it will save your ass from viruses/malware infecting your network.
In the long run, you'll spend a LOT less time maintaining a network of interconnected machines vs. "island" systems.
And don't host your web server locally unless you have a REALLY good reason. Hosted web sites are cheap commodities. Even if you need specialized software, you're probably better off with a hosted (maybe virtual) server. You're unlikely to have the huge and redundant bandwidth of a hosting provider.
And unless you need Exchange, Google Apps standard is an amazing bargain (free!).
And don't use laptops for users unless they're really needed. Laptops are much more likely to break or get stolen. Users do evil things to laptops. And they're slower and more expensive.
And avoid wireless keyboards/mice... Wired ones just work. Boring, but they work. Wireless ones quit, have dead batteries, and users can never figure out how to reconnect/pair them.
I find it humorous that you assume people still work a world where you can operate when disconnected from the Internet. Even if everything's hosted locally you can't use the web or send e-mail. So yeah, you just go home for the day, I don't care if your servers are down the hall or the other side of the country.
The other 90s era idea is that you can only have internet access from work.... What would you do if the building lost power or burned down? Well, work at home / coffee house / somebodies house, of course. Been there done that...
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
In short:
Desktops, not laptops. More reliable, cheaper, faster. Only get laptops if there is not enough desk space in the office. Avoid thin clients.
Brand: Do not build them yourselves. Get something from a big supplier. Get the business line, Dell or Lenovo.
Authentication and user managment: Do not bother below 30 persons. Above: Active Directory, LDAP, ...
Internal media server: If your users are competent a simple file server will be enough. Dell or Lenovo. Lots of SATA disks. More disks for onsite backup. Get offsite backup, too.
Web server: Do not inhouse your webserver. It provides you with no real advantages. You cannot compete on connection, reliability, UPS, etc with a big hoster. Get a development web server for testing inhouse
OS and software: Stick with what your users are competent with. Ubuntu is really nice, get it with enough Linux experience. Mac if you have enough money. Windows 7 is good and works.
General: Avoid "big" solutions. Do not blow money on anything were a salesmen visits your NGO. Learn from other NGOs.
Start with one healthy server, well configured for memory and disk, and put VMWare ESX on top of it. Acquire appliances (self-contained virtual environments -- there was a listing of them on the VMWare site iirc) for most of your basic needs - CRM, Portal, etc.
Build virtual servers for what you need and run on that one piece of hardware. Then it's pretty painless to grow -- as you add hardware, you just boot up the virtual machine on the new box. By virtualising everything from the start, you miss a lot of aggro.
Do not mock my vision of impractical footwear
Since your looking for a generic one size fits all kind of solution based on some sort of statistical analysis of slashdot posts, without any real knowledge of what the users requirements are... you should go with a mac pro server with attached raid. Use raid 1 on the server, use raid 6 on the external device and put your data on that. I might catch flame for suggesting this, but if you have no idea what platforms to put where, then your not going to be able to decide how to choose scheduling packages or much of anything else. Going with MAC OS Server allows the choices to have been made for you and you wont be exposed as a fraud.
Its always bad when someones kid can out admin you.
As far as the client machines, you really need to talk to the users and find out what they need to use to get the job done. One single misstep here can really ruin your year. If they seem to use windows, then go windows. You don't have the background needed to keep users happy on a platform they are not used to.
Speaking of data, you need to come up with a local and remote backup plan. Offsite backup is critical, dont skip it. Just stick with the server and explain anything not stored on the server will not be backed up remotely. Put external drives on all your client machines and use some full backup software. This is mainly for you to replace the machine when it fails. Also keep a spare client machine in the box for when this happens. With 20 users it will happen probably >1.5 times a year if your using something like Dell.
If you end up using windows on the clients, make sure to install some name brand anti-virus on everything, but turn off the local firewall options as long as they are on your local LAN so that you don't have to diagnose network issues all the time. It wont help much, but at least when they install a trojan you will have been perceived as doing your job and the anti-virus package will be to blame.
Never let anyone run an external service exposed to the internet. Keep the clients firmly behind the firewall or bad things will happen, and you probably won't be able to decide whats safe and what isn't.
Once everything is running, dont play around with it or you will trigger disruptions. Remember, as long as the users are happy and you don't lose data, you wont get fired. Not getting fired is your first priority until you get the hang of it. Basically, try to keep things running smooth and have a plan for when things break. In your spare time, test your recovery procedures on test machines.
That should get you through the first few years.
And dont ask crowds like slashdot how to do your job. Your not going to be able to sort through the opinions in a way thats going to help you. We each have a different perspective and a different style and we are all very opinionated for no important reason.
I think you underestimate just how much I just dont care.
How many IT employees do you suppose a 20 person company really needs? Personally, after about the 4th week, I think I would be about out of things to do in a company that size.
You haven't mentioned your budget. If it is small, you want to go with Linux and LTSP. Get 3 servers, 2 of which have sufficient disk space for your media. Setup LTSP on server A, your media stuff on server B, everything backs up to server C, which is a warm spare in case A or B dies.
The desktops would be Fit PC2 or equiv with LCDs and USB keyboards and mice.
What you gain : only admining 3 computers, desktops are interchangable. If something breaks, you just swap parts. Security is centeralized and simplified.
If it is that critical, then you should have a redundant network connection. Preferably one that eliminates last mile issues, whether it be 3G or a fiber pull that is completely separate from the primary all the way out to a different CO and provider. A 3G connection will only run you roughly $100 a month and while it isn't ideal, especially with the usage caps, it will hold you over until your primary line comes back up. Keeping a small office connected is not that difficult.
Servers;
You say the media server will have a shed load of files in an archive. Does this mean it won't be regularly accessed? In which case, just get a bare-bones box and shove a million hard drives in it. You don't need extreme CPUs to just store stuff.
In house webserver. Development or production? How much traffic? Do you have client's work hosted on the webserver? IMO, internal's fine for development or even staging environments - but production is best handled by a company who know what they're doing - so use one of the million reputable hosting providers out there.
Do you actually need a server for user management? One company I worked for had a brilliant, simple solution. Everyone had their own seat in the office, so their PC was 'theirs' and they had an account for that PC. They also had a folder on the in-house webserver (development only) that they could call their own and were advised to save all their work there because only the server was regularly backed up, the individual PCs weren't.
Clients;
Ask the work force. Ask the managers. Don't think that "Oh yay! Laptops mean people can do work outside the office" - if those machines are contain sensitive material, the management probably don't want people to do work outside the office. Some people also just don't like working on laptops. I for one would hate to use a laptop for a long period of time (ie, 9-5). If there's not [i]need[/i] for laptops/thin-clients, save the company a buck & get what they actually need.
If it is, then I will be happy to give you some advise. As a number of people have already mentioned, keep it simple. With that keep it so it is easy for you to manage as well as easy for you to get support for. Sure you can save a ton of upfront cost putting some linux based solution in but I am a big fan of "you get what you pay for." So go with a supported solution.
Start with the back end and work your way forward. People knock Microsoft, but Windows SMB is pretty affordable. Just don't skimp on the hardware, get something scalable. Either way having centralized management of users and resources is key! It is much easier to build it now than to have to migrate to it later. I had a client that was running in full workgroup but had a server. The previous consultants never set them up on a domain, hell they didn't even have the OS they paid for installed on the server. So if you have the opportunity to build from the ground up, build it right!
As for the network, if it is not already wired, well you may want to consider running hard Cat 6 cabling. Hire someone to do it since they will do it properly. Also remember it costs the same in labor to run multiple runs to a location as it does a single run. So plan for expansion. Same goes for the network hardware. Do max a single switch with just what you need, make sure you have room to add more connections.
For the storage server, well where is this data stored now? Are we talking GBs of current data or TBs? Also you mentioned Archving, well how often will this archived material be needed? Will it be accessed frequently or maybe once a year? You can always move it to optical disc and store in a secure location. You could also store it on the web as well.
As for moving everything to "THE CLOUD" well sure, you can host your entire server infrastructure there. There are decent companies out there like Rackspace for hosting services. But if you are working with large media files then you may want to keep some things in-house. To back all this up, well you can go with online backup solutions. Check out reviews, but keep in mind that the initial upload could take days to almost weeks depending on your bandwidth and the size of your data. So you may want to look at some form of backup-to-disk and then run your online backup of those files.
But before you begin ordering and what not, work with the staff and figure out what your budget is. That will help you decided what you can build.
If you are not fresh out of school and this isn't your first job, well then I am with the rest of the guys, quit and let them hire someone who can do the job and please go back to Geek Squad!
Dewser - all around techy "In the immortal words of Socrates - 'I drank what?'"
If you want to completely abdicate responsability for it all than that's the way to go.
Then you can concentrate full time on keeping your internet connection working because you'll be screwed without it
You still have the same responsibility, whether the server is inhouse or hosted by Amazon. If misconfigured, and backups are not working properly, it's much easier to loose everything if hosted by Amazon, so don't think that nothing can go wrong. But if configured properly, it can work very nice. We use it at our office. We have four servers for database and webservers, plus ECB volumes for data. We backup everything every hour, each instance, keep daily backups for a month, keep montly backups for half a year, all backups on a server on a different continent. Because it's incremental it doesn't use much space. We download those backups to a local Centos server via rsync. So yes, we have a local server, but it's a $400 desktop running Linux with a terabyte disk.
S3 isnt the only option, and you dont need to have everything in the cloud to benefit from the lower costs and overhead... and there are options that will reduce your admin costs as well. The most important thing is to understand how people will use the solution... for an NGO you're probably relying on a lot of communication outside the firewall and would benefit from a SaaS model for storing documents and collaborating within the team and with other associations and stakeholders.
I'd point you to some of the more document-heavy enterprise social software suites... a lot of them can handle your public website and intranet as one solution. Sharepoint is overkill for 20 people, but there are some smaller options out there. I personally work for IGLOO Software (www.igloosoftware.com), which is definitely worth a look.
Send me your contact information, and I'll work up a plan for you. I charge around $200.00 per hour, plus travel, meals, and housing if on-site work is required.
Your summary doesn't give us anywhere near enough information to plan. ...
Some additional information that would help
1) what is the estimated budget?
2) what sort of 'net connection do you have?
3) how much travel do your folks do?
4) what sort of tech-savvy do your folks have?
5) what is the building like?
6) any planned expansion?
7) what skillets do the it people have?
You're looking at a complete overhaul, expect to pay a lot to do it right.
If I were doing this, for a company of 20 people, i would expect to spend at least a week in place interviewing everybody to get a feel for what needs are before I even started to create a plan.
Seriously, send me your info, and all the info, I'll write up a proposal and price it out
I will not give in to the terrorists. I will not become fearful.
unless you've got some really, really pressing reason.
According to TFS they have thousands of large image and video files. My guess is some of the content might not be legal in some jurisdictions, so they want to own the hardware.
Wait for the follow up post in 6 months time - "I've inherited a IT mess from this college kid who was given a carte blanch to set it up and just screwed around on slashdot - what should I do? dump it all and start from scratch? the company is in Chapter 11"
That's why everyone on this ARPANET is raving crazy about its routing algorithm.
It's not actually complicated until you start deciding what you really need in an authentication system. The setup I eventually settled on with the group was not quite traditional, but does everything we need it to do. In addition, local nodes will cache all the credentials in the event of a network failure. This was the alternate to just building system accounts locally or just pushing a password file around. (Which doesn't meet contractual obligations).
In retrospect, none of it is entirely complex, but there was some effort into researching and putting the pieces together. The same goes for an asterix box to host telephony. It's not overly complex, but it does take some effort.
Now, it's not an awful idea and I have some grid based appliances in the field. I actually hate them with a passion because they break mysteriously. It might be fine for an organization who employees someone to sit on the phone with support all day, but I could literally replace it with a few certs for synchronization and vanilla applications.
Essentially, if you want someone to build an appliance that can be easily replaced with standard services then go for it. It wouldn't be a bad project and it might make a few dollars in support fees. However, be prepared to create stable and tested releases because the individuals who really need the appliance won't be able to fix it.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
Does this mash of symbols scare you?
root@tycho:~#
If it does, ask for boss for about $50k and start building a Windows infrastructure.
If those symbols don't scare you, you already know what you have to do...
In all seriousness though, the more you can integrate open source into your outfit, the better off you'll be. We use Linux in quite a few places, like:
OpenFiler for our NAS
Proxmox VE for most of our virtualization. When combined with OpenFiler on our NAS, we can instantly move VMs back and forth between VM hosts.
Ubuntu, Postfix, Spamassassin, and a few milters create a decent spam filtering gateway. It beats the crap out of anything we did in Exchange.
Another install of Ubuntu along with Shorewall makes for a great router/firewall. We used to use SonicWALL and were constantly telling customers "We have to buy a license for that" or even more frequently "It can't do that". In my opinion, Shorewall is a great balance between directly writing iptables rules and ease of configuration. Most people in IT can figure out how to open WinSCP, connect to the firewall, and then edit a text file whlie looking at the manual. If you need VPN access, just install OpenVPN, pptp, etc... Installing pptp is a bit of a pain, but it's much easier for the clients if they are running Windows at home. If all of that seems a bit daunting, try pfSense. They provide a great web interface and are pretty damn flexible. The only reason we don't use them is because we have some linux-specific management tools that don't work with the pfSense configuration system.
Yet another install of Ubuntu and Icinga let us monitor infrastructure for our larger 'small business' customers when they need it.
Most of our installs consist of a Windows Small Business Server or a Windows Standard server so we can join the workstations, create user accounts, and provide group policy for security and software installation. The rest is Linux.
There's no place like
Try to get this thought out of your mind. Place your web site with a reliable hosting company and free yourself of 99.999 percent uptime worries.
Other commenters have suggested you move everything to the cloud. This is a bad idea. But your web site? Should be a no brainer. Hosting it some place else is cheaper, more reliable and a whole lot faster.
I can't understand how one of the largest publicly owned companies like Google can trust all their data to the cloud. With all those farmers killing backbone cables daily, it's a miracle that their so-called "homepage" is even available for five minutes per week.
Why do you have to upgrade server hardware every year and a half? What about the expense of having enough bandwidth to handle that every growing media library he is talking about? That may take a lot of expensive upstream bandwidth which isn't exactly cheap.
This:
"thousands of big image and video files" + inhouse web server + local ISP (telco / cableco) slow uplink speed = flaky or failure-prone performance
Shared Hosting / VDS / CoLo (in increasing desirability) with fat pipes to a backbone segment is what you need for this.
GMail? Nothing wrong with that... as long as you don't mind all your internal memos being examined by data-mining software. [...]we know they actually do mine data.
How do we know this?...and which data?...and why does it matter? Obviously, Google tracks web search queries and monitors ad performance, but you seem to suggest that they are engaging in corporate espionage. Note that, even if they were doing this, it could not be considered data mining since data mining, by definition, is about the discovery patterns and trends, not specific facts.
Are you perhaps concerned about Google's AdSense reading your email in order to display relevant ads? You know, you can turn off all ads with a paid Apps account.
S3? Cool. Let's just put the video about our upcoming IPO on somebody else's servers, where others can have access to it.
First of all, corporate executives often pay a lot of money to make sure that their IPO publicity materials are seen by as many people as possible, so this was a horrible example.
More to the point, your argument seems to invalidate all forms of shared hosting by labelling them as unsecure, which is obviously absurd. No rational security policy in the world (except maybe military) requires you to actually own the hardware your data rests on. Nor do they require that your employees have direct access to said hardware. Most of them rightfully include language that restricts physical access by your employees.
While there may be some legitimate concerns about network connectivity, cost and data portability, everything that you're saying in this statement is just plain FUD.
I agree with much of what has already been stated here. You want to keep things as simple as possible while meeting the business needs of the customer.
The first step is to outline what those business needs are. What applications are they using? How much network traffic do they pass? What about their printing environment? Faxing? Are they using VOIP or video conferencing? What kind of downtime can they endure? If they want to keep all of this in house, are they prepared to build out a small data center type of area?
Then you need to understand their growth and their support capabilities. Can your solution scale to meet their needs in six months? Will they be able to cope if something goes south?
Also, what is your budget? They can ask for anything they want to, but if they don't give you the money to build it, you are done before you start.
S3... well no one is going to go looking through your data because no one cares about it. If it were actually important I would recommend encrypting before putting something in a public web store. In truth, you would likely be using EBS for data storage inside of Ec2 because S3 is ridiculously slow. Since EBS is a block device you just run it through a crypto loop when mounting.
Ec2 instances are accessible by the person who actually spins up the instance. It's built with a private key that no one has access too and again if the disks are a concern they should be encrypted as well. If a public instance is too much of a external risk there is a VPC environment which spins up instances that have only access to an an ipsec tunnel for network connectivity.
Gmail... well you are absolutely right.
Me, I wouldn't put most of my business in the cloud, but they are for real reasons. There are certainly types of processes that function perfectly in an elastic environment and can be profitable. However, none of the numbers have ever indicated it is cheaper then a traditional environment performing traditional work loads in high availability.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
Yeah. Build everything on your own. For those 20 people, it is totally cost efficient to ditch all those buzzword-toting salespeople and roll your own. Your own certified infrastructure, your own incident team, your own UPSs, your own false floors, your own operating systems, compiled with all optimizer switches on, of course, and your own client PC images, complete with in-house developed software distribution and policies.
After about 300 man-years worth of training, you're able to surpass most commercial offers. 300 man-years more and you're doing stuff in-house even Google dreams about. Then it's definitely cost-effective.
Some elements I think might be worth looking at:
- Google Search Appliance can handle the multimedia and other file indexing.
- For desktops, unless you NEED laptops, the Mac Mini + a keyboard, mouse, and non-Apple monitor is a great choice. Runs OS X, Linux, or Windows.
- GMail for corporate email.
- For file, web, and database servers, Linux.
- Colocate your servers elsewhere and use VPN. No need to worry about scaling, fire suppression, security, etc.
- Possibly a local cache server, since you're doing multimedia.
- Buy servers, don't piece them together yourself. Get on-site support. Otherwise that's you.
- Tape backup sucks. Backup over the Internet to a backup server in a colo center somewhere else.
I know of several insurance companies across 5 counties that have been essentially using "the cloud" for a long time (before it ever was popular).
well, actually, they were using web based applications from either their parent offices or the actual provider to obtain rates and set up policies. It's the same thing as the cloud concept as all they needed to do it route to those select locations.
Anyways, I can count several times a year in which either their electricity, internet, or something along those lines upstream, has prevented the offices from doing anything productive for a day or more. And when speaking with one of the reps, this seems to be something of a common thing that they just accept.
The cloud doesn't make sense for small to medium businesses because the type of investment needed to ensure productivity and negate any of those issues is more then they would save (power generator, back up internet, and so on). When your business is placed in a situation where someone crashing into a telephone pole across town or some hilljack decided to dig a drainage ditch 10 miles away will shut down most all productivity, it's not a good thing. When your business is large enough that a work stoppage causes losses greater then the costs of maintaining a generator or having a separate and redundant internet routed differently then the other, then it makes sense.
You mean we should have equipment on site that the cloud was supposed to replace in order to have a backup business operation in case of emergency? Isn't that sort of redundantly redundant?
Dual topologies can be pretty hard an very expensive. I have been to sites in lots of little "industrial" parks around various cities and almost all the fiber an copper is run down one single conduit all the way down the street. These places also usually don't back up to anything but more empty land for future expansion so there is no other direction to bring in connectivity from. Yes you get multiple providers and such but if that one conduit gets taken out they are both gone.
Wireless is getting better these days. Cisco makes some routers that take cardbus cellular air cards. This is a good option in those situations. The monthly cost if you don't use it is affordable and its enough bandwidth to keep 20 people or so doing e-mail, and maybe very slow web browsing, if you traffic shape things carefully. Its not bad as the failover route.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
It's clear you don't know much so here's the easiest thing you can do:
Buy a NAS device with user authentication
Get a hosting account for $50 per year from any competitive hosting company
Buy Dell desktops with Home edition of windows
You've saved the company lots of money, made administration simple and users have what they asked for. However you've provided no backup, no core infrastructure, no real plan for handling growth. When they are ready to move onto a real network, call an IT Professional.
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
far better in terms of operating like a normal company with blackberries, etc.
How Smartphone Users See Each Other
His question begs more questions -- do his employees travel? Do they stream video? Do they do heavy processing? What OSes do their applications run best on? Can you virtualize OSes or will that overhead affect the heavy-duty nature of the applications? Do you have the know-how to build your own central authentication service using LDAP, Kerberos, etc? Or would you better served with an Active Directory? And would it make more sense to pay for Cloud-based AD from Microsoft rather than maintaining in-house servers? How much people-power do you have for IT?
You just have to know the right questions to ask, then your infrastructure defines itself.
+1 for sure. If you're in a 20 person shop, there's no reason to invest anything beyond the bare minimum into IT, particularly if you're a 501(c)(3)! Google Apps is free for non-profits. http://www.google.com/apps/intl/en/nonprofit/index.html You can even use Microsoft Outlook (via Google Apps Sync for MS Outlook) and BlackBerry devices (via Google Connector for BES) if so inclined. Google Video, part of the Google Apps suite, will take care of your video archives. Get a decent Active Directory or OpenLDAP server set up for authentication. Laptops are the way to go, especially if your folks need to be out in the field meeting with clients or donors. Desktops are irrelevant today except for hardware geeks and fixed function workstations. Don't run your own web server -- you can't scale anywhere as quickly as any hosting company can. Conclusion: building your own infrastructure makes no sense for your particular operation.
[...]
In general I'd stay away from Macs. They cost more per unit, and they are not good with business support. Their idea of support is generally "Take the system to a store, we'll look at it and get it back to you." Fine for a consumer, not for a business. For a business you want "I call you and a tech shows up tomorrow with all the parts to fix it." Only go with Macs if you have a real reason and if you can't think of one, then you don't have one.
[...]
Disclaimer: I have not worked with Macs since the days of MacOS 9.x, so take everything I say with a huge grain of salt, as what I know about Macs is seriously out of date.
It's true that Apple doesn't send techs out to your site to fix computers for you, but if you're at a smallish operation, there is going to be very little need for that kind of thing anyway (at least in my experience). Once that's out of the equation, the Macs may be more expensive up front, but fixing them is generally faster and easier than fixing Windows computers. (Mac aficionados insist that things go wrong less frequently on Macs, but at least during the 90s when I was supporting Macs, this was not the case for me, the advantage was that Macs took less time and effort to fix.)
The number one downside with Macs is that most organizations have legacy applications that won't run on anything other than Windows. If you are starting up an organization from scratch though, this is not a problem. If you need to develop any apps, you can choose to develop them for whatever platform you choose to buy.
On the plus side, Macs work great as computers for average cubicle monkeys: it runs Internet Explorer, and it runs Microsoft Office, which is all most cubicle monkeys need. Microsoft has done a really good job with making the Mac version of Office highly compatible with the Windows version. Even your macros will run just fine (provided none of them make OS-specific calls to external functions).
Another downside: in the 90s when I was supporting Macs, most office workers didn't know how to use any computer. Back then, Macs had an advantage as office computers, because it takes less time to train someone to use Macs than to train them to use Windows computers. Nowadays, however, most people already know how to use Windows, so Windows has the advantage in training costs.
Then there's the upside you already know about: malware. Despite the claims of Mac people, there is nothing about MacOS that is in any way inherently resistant to malware attacks. The main advantage is that very little malware is made to run on Macintoshes. "In the wild" outbreaks are so rare that you can get away with not installing any antivirus at all and install them only when you read about an actual outbreak on one of the tech blogs/news sites. Back in the 90s, this seemed to happen around once every 1.5 years.
From what I understand, modern Macs play much nicer on Windows networks, and vice versa, from when I was dealing with mixed Mac-Windows environments in the 90s.
I happen to think Macs are very competitive with Windows as office computers, but clearly inferior as home computers (since there are far fewer games and educational titles written for Macs), and I find the general perception of "Macs for home, Windows for the office" attitude to be perplexing.
Does this mean I think every IT department should go out and trade in their Windows computers for Macintoshes? Hell no. There's a reason I haven't used Macs in a very long time. However, if one were starting an office from scratch, I think it would be a mistake to dismiss Mac as a platform without thinking about it carefully first.
I'll make this as simple as possible. 1) Make sure you understand what exactly its is you need and how it relates to your core business. 2) Leased services and SaaS have their place but not for core business needs. Most commonly you are nothing more than a cash cow to a company that is now in control of your resources. 3) Build relationships. My best experiences have been with Dell, Time Warner Telecom, and Barracuda Networks. 4) If you have a mobile workforce then go laptops. 5) Sounds like 1 Server running ESXi and a NAS would suit you nicely.
The cloud makes sense when a small or medium sized business CAN'T afford the investment in top-notch reliability, availability, and security for their own in-house infrastructure. With the cloud, that RAS investment is spread across thousands of customers. The likelihood of a backhoe breaking a fiber optic line is lower than some malware or hardware failure deep sixing an in-house server in a typical SMB.
They can go to Starbucks for Wi-Fi. Or use their 3G cards. Or tether to their BlackBerry devices. Seriously, there's little excuse for keeping an SMB's stuff on-premise, least of all is the threat of some mythical backhoe.
Let's expand on this, what happens when they lose a lawsuit and all their assets are frozen and some judge thinks your data is part of their assets or order the servers to be shut down in order to prevent wear and tear and degradation of value? Or even worse yet, when the FBI (insert alternative evil government agency of any country) responds to someone's alleged wrong doings by busting into the server farm and taking the equipment for evidence?
Using someone else' equipment in a location not under your control does present a lot of potential problems with people not even connected to your establishment.
You have obviously not worked at the usual 20 employee business with internal intfrastucture setup.
Most of the time, it's not a data center, it's a small room with air conditioning and a rack.
Live redundancy is something that is not in a business of 20 employees, unless the money's there.
-- This space for lease, low setup fee, inquire within!
A 20 employee company ? They probably wont have anyone dedicated to do the administration/maintenance/repairs/upgrades/etc. ? Keep it simple: hire someone else to do it. Really. Too much hassle for such a small firm.
...a kiddie porn site?
- thousands of images and videos that need to be kept in-house (incriminating evidence?)
- they are starting from scratch(last site got shut down?)
- run by a small group of people who don't know what they are doing (convicts?)
- no existing hardware to work with (evidence seized in previous raid?)
Media server? How about S3. Web server? How about EC2. Seriously, why spend time and $ on procuring, powering, cooling, backing up, and upgrading all that gear? Give everyone a laptop and a gmail account. Put the rest in a public cloud.
If privacy is a concern, and cloud is no option I would Implement Ubuntu Enterprise Server File / Mail / Print Server. Extra Backup in form of Barracuda Backup service for more info you could check www.barracudanetworks.nl or www.barracuda.com
for a 20 person shop, a single or dual (redundant) virtualized system can certainly host any app your business needs, including e-mail, fileserver, databases, applications, web, whatever... You can buy a couple of nice servers with lots of memory, a nice Drobo box or similar NAS for storage and a couple basic licenses for VMWare vSphere (or even go with a free alternative). That would give you enough horsepower to run a business on and scale to meet any modest growth...
Buy a third box and setup a test/dev environment too. You can test patches and updates and roll out new technology without impacting production. You can get your hands dirty with the technology in the test environment and learn a few things while your at it..
"There *IS* no patch for stupidity" -www.sqlsecurity.com
Amen to that.
-kgj
For some people it is. Especially a small operation.
Amazon and Google going "belly up". You REALLY have other things to worry about that have a much higher probability of actually happening.
That's a myth. Clean agents displace about 5% of the air leaving oxygen concentrations just about what they were before the dump.
They work by disrupting the chemical process of fire, not by depleting oxygen. They are like an anti-catalyst.
You would eventually get a little lightheaded if you stayed in a room for too long after a clean agent dump, but you have a good 5-10 minutes to take your time to exit the area. Not that you want to stay in an area with a fire in the first place. The smoke is far more dangerous than the clean agent.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Of course, a business would not use the free advertising supported GMail. Instead, you would use Google Apps for Business, which provides encrypted email with no advertising, lots of space, ability to cache email when off-line, 99.9% uptime guarantee, etc. I think it costs about $50/year per user, which is far less than the cost of staff time. Many small and large companies now do this. The major problem for an NGO might be that they have to work in some countries that don't allow certain types of data to be stored off-site in other countries, and I don't know if Google provides any way to handle this.
My only real problem with answering this post is that I generally charge $200 or so an hour for this sort of thing as well (not unlike spikevodka and others who responded). The problem is that if you don't already know the answers to the questions you post, you are (no offense intended) a poor choice for the person to put all of this together. I, like many others on the list, got the experience needed to answer it well and correctly and efficiently over 24 years of work as a sysadmin and general computer person. That means that I have enough experience to not to try to answer your questions based on the limited description you gave of the task. There are too many unanswered questions, and the answers to those questions make a huge difference to the best/cheapest most robust and scalable solution.
The biggest question isn't the services -- those are trivial to provide in many ways, most of them very inexpensively these days. It is the software. For starters is there any mission critical software package that only runs on architecture X that absolutely must be on everybody's desktop? For example, you mention many videos -- does this mean that you do things with graphical image editing and (perhaps) absolutely require some particular package that only runs on Windows clients or Mac clients? And so on.
As far as the services per se are concerned, my own inclination -- based on the limited description you've given -- would be to set up a small rackmount multiprocessor server stack -- probably (for only 20 employees) only two physical boxes. I would run Linux as the toplevel OS on those servers, and virtualize all other specific services both for failover and security reasons. If the software stack required for a typical desktop is just a browser, office suite, email client (that might also be the browser) and a few simple utilities I'd be very inclined to make the desktop clients boilerplate Linux boxes automagically installed via e.g. kickstart or any other automated tool, but once again one has decision forks when one considers the possibility that some people will want laptops (that have to be able to stand alone), other people will need desktops that are centrally managed and carefully defended, a few people may insist on Macs, others may whine if their system doesn't run Windoze of some sort..
Ultimately, as you can already see, working out the details of this sort of thing is where I very much earn at least midlevel consulting fees ($200/hour isn't really high end) when I do this professionally. I've got direct experience with all of this -- I've set up servers (virtualized and otherwise) since 1986, I've worked with many major architectures and made them play at least moderately happily together, I understand networking in quite a bit of detail and I understand network and computer security. How can I, how can anyone, tell you all of the questions to ask, all of the decision points you should consider? You'd have to become a chela and work under my supervision for a year or two before you even started to be competent to work through all of this on your own...
rgb
Even when the experts all agree, they may well be mistaken. --- Bertrand Russell.
Searching encrypted data, however, _is_ rocket science.
Presuming this isn't more sarcasm...
The point is that a decent webspace company (what-looks-like-a-shill-but-is-just-a-happy-customer: United Hosting) will give you a whole server of your own. You can install Ruby if it's not there, run whatever scripts you want with whatever priority, hell, you can fry an egg on the machine whilst rendering your badly thought out two hour Blender movie if you want, or lock it with a missing semicolon in a failed attempt to evolve a picture of Darwin using PHP. Trust me, I've done both, badly. Still doesn't cost all that much.
Please consider this account deleted, I just can't be bothered with the spam anymore.
Because he totally needs false floors for his 2 or 3 servers at his 20 person company.
I guess you sell people shit they don't need for a living, right?
I've had enough abrasive sigs. Kittens are cute and fuzzy.
I don't think you understand what sarcasm is; it doesn't matter whether what you are implying is true, it's that you are doing the implying by claiming preference for the opposite of what you actually prefer.
"... it could not be considered data mining since data mining, by definition, is about the discovery patterns and trends, not specific facts."
That's a pretty recent version of the definition. If you prefer I use the term "snooping", fine. However, even given your definition of "mining", it is now known that significant personal and business information can be inferred from mining. It isn't as impersonal as just a few statistics might imply.
And how do we know this? From information leaks that have in fact happened, and from statements by Google themselves. They have made announcements about how people should not fear because they "impersonalize" the data, but as I have already mentioned we know this is not sufficient to actually safeguard personal information... or business secrets. There has been a great deal of writing about this in the last few years. Where have you been?
And if you want evidence that Google is not always 100% honest about what it does, look here. I admit that this is not directly applicable to the subject at hand, but if they are less than honest in one aspect of their business, it is reasonable to presume that they are less than honest in other areas as well.
"First of all, corporate executives often pay a lot of money to make sure that their IPO publicity materials are seen by as many people as possible, so this was a horrible example."
I was not referring to "publicity materials", so this was a horrible assumption.
"No rational security policy in the world (except maybe military) requires you to actually own the hardware your data rests on."
This is a completely ridiculous statement. I have not worked for a company in the last 20 years, large or small, that did not have such a policy. Where did you come up with this idea? To be more specific: company data could only be on "company computers", whether they were owned or leased. The exception being an employee's own computer, if it was being used for work.
I will agree with you about the physical access part. But that's a separate issue. Most companies I worked for have had strict policies about physical access.
"While there may be some legitimate concerns about network connectivity, cost and data portability, everything that you're saying in this statement is just plain FUD."
Evidence, please? When somebody calls "bullshit", it is traditional to present some kind of real basis for saying so.
Lol.. There is no technical difference between the two from a user perspective. It's essentially the same, hosted applications and data. The same pitfalls apply outside of the supposed redundancy of the images which seemed to fail miserably when Amazon had those issues a year or so ago.
This is a web server we're talking about. You don't put all your raw material on a webserver. Even if you want to be the new youtube, your storage space is going to be independent to your webserver. You don't put your entire IP collection on the interwebs.
Please consider this account deleted, I just can't be bothered with the spam anymore.
The reasons are real enough. A small (non-tech) company is not likely to implement encryption on its storage. As far as S3 is concerned, I believe the consensus is that they are doing data mining. As mentioned in another post, it is now known that data mining, even when "personal information" is stripped out, still results in data from which personal and business details can be inferred. This is hardly imagination; it has been done. The famous AOL data dump is a case in point.
Just colo your own piece of hardware, that way you benefit from redundant connections with decent upstream rates (connections with decent upstream are very expensive to get wired up) and most likely an sla, reliable power with backup, a decent environment for the server... You supply the hardware so you configure it how you want and have root, make sure the box has a lights out management card so you can gain access to it regardless of what state the OS is in.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
And what would you do if the same farmer plows through your phone line? It depends on your buissnes, but I bet most companys wouldn't be able to work without phone either.
OTOH, with all your stuff in the cloud, people could work from home for a few days and at least get 80% of the work done.
What would you do if your local server would crash?
you said your NGO is around 20 people..... thats about the number of people you need to guarantee IT maintenance, internal helpdesk, 24/7 support, emergency standby, virus scanner updates...
Yes, server downtime IS a external risk when you move IT to the cloud. But until you can throw as much people as Google or Amazon at server maintenance, server downtime is MUCH MORE likely to happen to your local servers.
bickerdyke
I would not recommend cloud as you have no guarantee or insurance for availability and safety of service and data. :-)
For authentication Win2008R2 is OK and you can put desktops on domain as well install Exchange with full outlooks on desktops. For network infrastructure like web, dns, dhcp, openvpn, svn, monitoring etc just use plain Centos with webmin.
For large files storage there is openfiler with xfs filesystem. On openfiler you can install apache, webdav etc to access those files.
Use xen if those servers won't have too much load.
Finally opmanager is free and easy monitoring.
Hp dl servers are okay, even supporting remote KVM, but laptops only from dell.
For network switches buy only those which are high performance and relatively cheap. Slow and expensive ciscos are the worst.
Wire everything up properly including ups, management ports etc and you are the master
Free or not, advertising or not, is not the point. Tell me this: regardless of encryption during transport (which is not terribly relevant to the issue), does Google Apps come with a guarantee that your data is 100% private and not being mined? If so, I will remove my objection.
+1 insightful
too bad this is posted as AC
bickerdyke
3) Cloud services are dependent upon connectivity. Which do you trust more: no link failure in thousands of miles of cables, fiber, and networking equipment, -or- the volatility of your local network and attached storage systems?
In general: the thousand miles of cables that are meshed up for redundancy.
bickerdyke
Well, let's not even worry about that...
We use notebooks and docks at work to facilitate business continuity; take your NB home each night. We have VPN access to the network, so if the building goes down (we had a power failure a month ago) you are either at home or at some other place, VPN'd in and getting some work done. Dragging them to meetings to show of your latest deck is also desirable. If you have a need for continuity, this might help a lot.
Before you think much about the cloud, get some legal advice on how you can use shared services and the legal implications of not actually having your data onsite. as an NGO, you may have data that doesn't actually belong to you, or other agencies that want a say in what your data security looks like.
And your web server is best off somewhere that can manage DDOS attacks, intrusion prevention and detection, resilient links, and backup/restore/recovery. Do you NEED to take on web services for a public site? Now if this is a service for your business needs, think over the data location needs again and all the access problems. You will be getting into the VPN/access/firewalling stuff also.
Otherwise, your best investment will be documentation. Document EVERYTHING! It sucks, and you won't like it until you need it. Then your boss will appreciate your thoroughness, and see a potential disaster as an example of the process working as intended. Bear in mind you will need to scratch out the time to document from the limited time you will have to do all that is needed. Good luck.
deleting the extra space after periods so i can stay relevant, yeah.
To clarify this point, re: company computers:
Virtually every company I have worked for since 1990 has had a policy stating that confidential company information (which includes memos, reports, emails, etc.) remain on in-house company computers, or employee-owned computers if they were used for work, and nowhere else. Email was invariably hosted on a company-owned (or leased, but in-house) server. If you want to call that "irrational" policy, then be my guest.
I've admined SuperMicro, Dell, and HP at this point and would strongly recommend a second hand HP. Lots of parts availability, *excellent* management software, while the servers themselves are practically ready to run with all kinds of redundancy. Cheap supermicro doesn't work out to be low-cost.
Serversupply.com has tons of second-hand Proliants. You'll pay more than Craigslist, but less than new. Unless you *really* need tons of cpu horsepower, make sure the server has gigabit ethernet and Bob's yer Uncle. Get an old HP ultra320 SCSI storage array and load it up with 75+ GB drives for your storage. Yer bottleneck is always the network. Dead simple, cheap and reliable.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Seconding this, just because it's an interesting take on managing a company's needs...it'd probably still be a good idea to have a local box for login/email [if not using gmail] so you don't have to worry about lag over the WAN.
The cost benefit of doing something like this could be pretty big, especially if the small company is looking for a highly redundant, highly available, highly scalable solution, and they don't have anything in place already. If you built something similar in-house, you'd need a dedicated room with proper cooling (and possibly need it to be secured), racks, a UPS system, at least three servers (login/email [again, if not using gmail] on one box, storage on the 2nd box, web on another [especially if it's externally facing]), and a tape backup. This isn't factoring in any of the software needed to run it, any off-site backups (always a good idea), or any WAN requirements of on-site servers versus running almost everything in the cloud. Skimping on anything here means that you're going to have a ghetto setup, which is bad for everyone.
I'm wondering if the person asking the question has any idea what the client wants, though....why would you even consider thin clients if you've already put forth desktops/laptops as an option? It just seems like there's not a firm grip on what the client applications are going to be (or, if they do know what apps will be ran, that they don't have a firm grip on building out IT infrastructure.) Are the users ever going to be working from home? Are they only going to be using the web/word processors/console apps all day long, which would mean thin clients could be an okay solution? Do they need a lot of cheap computing power at their desk, but no need for mobility?
If you're doing email in-house, and using voip...as terrible as I feel about suggesting it, Microsoft Exchange and OCS tie in together rather nicely, and could handle your VoIP needs. Unfortunately, I don't have experience setting these products up versus setting up a free OSS alternative (asterisk/jabber), so I can't say which would be easier to build/support.
Regardless, the first thing to do is find out what the heck your client will be doing with their hardware, if they ever want to expand, and what your budget is. Then you can choose the right hardware for the job. Otherwise, you're just asking a question that's way too generic, and could be solved in a myriad of ways.
More to the point, your argument seems to invalidate all forms of shared hosting by labelling them as unsecure, which is obviously absurd.
It's not absurd. Or exactly as absurs as labelling shared hosting as secure.
Contrary to owned infrastructure, you can't control the security of a shared hosting provider. It boils down to a matter of trust. And would you actually trust a guy who askes questions like this to create (and maintain!) better security than a shared hoster with a compoter security team twice the size of his complete company?
bickerdyke
C'm on, people, this cannot be a serious question!
I am still surprised that there is no popular "appliance" type server for this purpose: something that supports file, print, authentication, accounting, and phone system out of the box
There is (though popular is debatable), if you disregard your "phone system" requirement: IBM's Lotus Foundations. It's built with SuSE Studio, so you might be able to add install Asterisk on the same machine (depends on the support contract, I guess).
Go extra fancy and allow for painless mirroring and snapshot backups with a second (and third) unit if desired. It seems like at this point in time it shouldn't be that hard to do...
I suggest you look at Platespin Protect with Open Enterprise Server. For the hardware component, take a look at Platespin Forge.
Wait a minute. I'm a manager, and I've been reading a lot of case studies and watching a lot of webcasts about The Cloud. Based on all of this glorious marketing literature, I, as a manager, have absolutely no reason to doubt the safety of any data put in The Cloud.
The case studies all use words like "secure", "MD5", "RSS feeds" and "encryption" to describe the security of The Cloud. I don't know about you, but that sounds damn secure to me! Some Clouds even use SSL and HTTP. That's rock solid in my book.
And don't forget that you have to use Web Services to access The Cloud. Nothing is more secure than SOA and Web Services, with the exception of perhaps SaaS. But I think that Cloud Services 2.0 will combine the tiers into an MVC-compliant stack that uses SaaS to increase the security and partitioning of the data.
My main concern isn't with the security of The Cloud, but rather with getting my Indian team to learn all about it so we can deploy some first-generation The Cloud applications and Web Services to provide the ultimate platform upon which we can layer our business intelligence and reporting, because there are still a few verticals that we need to leverage before we can move to The Cloud 2.0.
http://www.google.com/nonprofits/
http://www.google.com/nonprofits/allproducts.html
From:
http://www.google.com/nonprofits/operations.html
"Using Google Apps saved us tens of thousands of dollars and enabled us to get off the ground really quickly at a time when it was difficult to start a nonprofit."
I have no personal experience with it myself (yet), but I've been looking into it for a small nonprofit.
A 501(c)3 organization gets various extra freebies as Google Apps:
http://en.wikipedia.org/wiki/Google_Apps
"Education Edition same as Premier Edition except for:
* Free for "accredited not-for-profit 501(c)(3) entities 3,000 users, K-12 schools, colleges, and universities""
It's also an ethical tradeoff between feeding the centralization beast (making privacy invasion easier) versus helping an organization have a stronger community and focus more on its mission which is good for society and democracy.
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
The most important lesson to learn from the rise of the Cloud is to virtualize. Even if they decide to keep their servers in house, they should virtualize to make full use of their hardware while providing some extra layers of security and ease of use. Of course, modern operating systems provide a time sharing model, but they are not so great with separation of concerns. Virtualization solves both issues at the same time, for a secure (assuming you don't leave any holes in the client operating system prototypes), modular, easy to test and deploy solution. Just make sure your prototype systems are closed up, up-to-date, etc.
For example, my "IT infrastructure" consists of a crappy little router, a desktop I built, and dozens of nearly identical virtual machines running the software I need. One is a mail server. Another is a DHCP server. Another is a software development machine. Another is an internal documentation/wiki server. I can migrate to better hardware when I need to. (I am taking care of backing up, just in case -- and I have made sure the backups work). I can clone machines by typing a "clone" command. I can script adding clones to my DHCP server by MAC address. And so on. The Cloud makes most of this easier, to be sure. But not all of it.
After all, I am strangely colored.
I did exactly this when building out my recent company. Google mail service is fairly good, but hosted exchange is far better in terms of operating like a normal company with blackberries, etc. We outsource our web serving also. We basically have a fileserver and a pair of ADS boxes for inside services, and a redundant Internet connection.
Why can't you just use a Google apps connector to Blackberry enterprise server and save yourself some money (Assuming you only care about using blackberries for contact and calendar sync, because you can access email anyways). If it is a small company, you may just use Google Sync for Blackberry. Can't see the need for Exchange in either case
What's under yellowstone?
Zentyal is: Active directory Automatic failover Backup Centralized management Certification authority DHCP DNS Dashboard Filtering Firewall Groupware HTTP proxy IM Infrastructure Intrusion detection system LDAP replication Load balancing Mail server Monitoring Multi-gateway support NAT NTP Network Open Source Reporting Resource sharing Routing / Router Server Small business Traffic rate Traffic shaping Users and groups VLAN VPN VoIP Web server Workgroup
Zentyal (A.K.A. eBox)
Put identity in the browser.
What I've found the least hassle is to buy Dell hardware (I usually go for in-warranty used equipment from reputable eBays resellers), and run the latest LTS version of Ubuntu (currently 10.04). For instances when they need to run something that is windows only I first try the 'wine' emulator, and if that fails I resort to a licensed windows install on virtualbox running on an ubuntu server (this is usually to support some windows only hardware, like shared printers, etc.). Been working great so far with several small businesses now running on this setup.
You make a great point. If I am hiring someone to achieve a goal for me, the absolute last thing I want them to do is research the possibilities and find out what experiences and approaches others have taken in the past. I want someone like the people posting in this sub-thread. I want the kind of person who knows that research and due diligence are a complete waste of time. I mean what is there to know? Just do it, and worry about what "it" is, and whether the approach was a good idea later, after you've done the first 90% and it is time to do the other 90%.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Like you almost said in the end.. research some managed service providers (MSPs) and outsource your IT staffing/infrastructure/planning needs to them :)
Because you don't want to upgrade your entire infrastructure every 3 years - you do half now, the other half in 18 months, the first half in 36 months, and so on. Most servers are depreciated on a 3 year schedule, scheduling upgrades every ~18 months allows you to achieve some level of stability without tossing it all out the window at the end of your cycle.
As far as "having enough bandwidth", that's why you do analysis: compare costs of your current bandwidth needs & expected growth with the cost of buying, implementing, and supporting your own infrastructure. He does not say that they are constantly streaming this video library, just that they have a very large one. It's very possible that there is very little active, continuous streaming that would soak up huge amounts of bandwidth.
Get a nice i7 pc or server with a UPS, 12-16 gb RAM, a small hard disk for booting/OS and 4 hard disks for RAID 10 storage (or RAID 5 even), which the motherboard should provide directly. Put the free version of the XEN virtualizer on it. Install some VM's you can get preconfigured from Turnkey, Bitnami or Jumpbox or make yourself. Donwload an OpenFiler VM to use as a NAS for all your file needs, including storing the VM's. One VM could have a Liferay installation for a quick intranet. Another could have Postgress or MySQL, depending on your preferences, if you need a DB. For the employees, I agree that Macs are a good investment with low maintenance compared to Windows. Just not dealing with viruses or AV software will make your lives much easier! If you can get discounted second-hand Macs, they are a good setup. You COULD perhaps have a $1000 Mac Mini Server with all the sw you need, and use the Pages/Numbers software on the Macs instead of Office (no extra price). As an alternative, get semi-decent clones and use Ubuntu Linux on them, they are pretty close to Windows. Make sure eveyone knows how to print to PDF, send those files to clients instead of the original non-Word files and the formatting will go through ok. Configure the PC's to store the users documents in OpenFiler. If they don't have large files (or you pay for the additional storage, like $10/user/month) and wish to be able to work from home, rather than laptops get them DropBox accounts. By the time they get home, they can open the files on their home pc's AND have offsite backup. Don't bother with LDAP or AD. Host the company webserver at an ISP for a couple of bucks per month, as well as a mail server. The advantage of using XEN is that you can make any additional servers needed at the office easily without messing with existing servers or buying more hardware for a while. If the hardware died it's simple to put in a new server and run the images on it, without reinstalling or even restoring from backup. Ditto if you need to move to a larger server later on or want redundancy.
Imap in gmail makes things worse; 'deleted' is a label and not a folder. POP would actually work better if access from a single desktop was the only requirement. Every two weeks, I have to go into the web interface to try and find messages where I manually removed the attachments... The original message doesn't get deleted.
I am surprised Google got that thing so wrong. Fetchmail to the rescue?
In my experience, it's exponentially more likely for an internal network to be hacked than it is for Google/Amazon to have a major security breakdown or intrusion themselves (which has, as far as I know, never happened).
Google mines data so that they can display ads, not so they can learn your company's secrets. And, let's be honest. Unless you're sitting on the Cure For Cancer, Google or the Black Hat crowd probably don't care about your IPO.
-- If you try to fail and succeed, which have you done? - Uli's moose
Good recommendations, but what I am challenged by is the fact that every company starting out has the same needs. A single 'box' that you unpack and plug in is what you are looking for. Something that even breaks out security logic for various typical organization structures...
An install isn't the answer. I think the IBM package is flawed in that it has an antiquated collaboration model... But I haven't checked it out recently.
Small business owners want someone painless tomstart out with... That even gives them a directory structure for the file server. They are decisions that take time and add no value to their critical initial phase.
I don't think even has a solution tailored to start-ups..
Missing accounting, but if you install it on a box, you have something useful.
Fortunately, they're both publicly-traded companies who are required by law to disclose their financials. Google and Amazon are both doing fine, and wouldn't simply pull the plug on any of their managed services if they wanted to retain any of their customers in the future, no matter how bad their financial situation might get.
You'd be better off writing a contingency plan for what your business will do if a plague of locusts arrives, or if the US is invaded by Zimbabwe. The idea of Google or Amazon going belly-up with no warning is completely and totally outlandish. You cannot control for every variable -- you're best off focusing on your most likely, and most easily manageable sources of failure.
Managers need to let go of their "control freak" mentality. More often than not, it hurts the people that they are supposed to be managing, and does nothing to improve productivity. (See Also: Lotus Notes. It's infinitely customizable, so there's really no limit to how bad it can get.)
-- If you try to fail and succeed, which have you done? - Uli's moose
For most business scenarios, I would suggest that it is rarely a good idea to roll your own system.
It might work out if you are very savvy, have a local store for components or over-purchase for spares, are planning to stick around as a consistent technical resource rather than touch and go, and you don't anticipate a heavy workload precluding you from tedious debug efforts.
If you go out to newegg for your parts, then don't build your own. You'll either get unacceptable downtime waiting for replacement parts or have to buy replacement parts just in case. The big brands take advantage of economies of scale and have ample spare parts to dispatch relatively quickly at no extra charge. As a builder of systems for the home, I know the warranties on the parts are no where near acceptable for business continuity (always a huge effort to try to get warranty replacement).
Additionally, with an IBM, Dell, HP, or Lenovo system, you can generally get a field technician out to do tedious debug when the system fails in a non-obvious way.
It's not that much more to buy a total system, you have an extra amount of resource behind it, and if all else fails, you can generally still service them like a home-built system (at the cost of compromised warranty).
XML is like violence. If it doesn't solve the problem, use more.
Seriously, if you are asking these questions, you are not the man for the job.
Do the right thing for your client and yourself. Hire a professional who has done this sort of thing many, many times before. Most will not have a problem explaining why they recommend this or that. If this type of thing interests you, hire someone that will let you watch or even assist. You will learn a lot, and your client will get the systems they need.
PS - Forget about hosting the webserver locally. It is a dumb idea.
-Lod
Cheaper than Microsoft, Support from the vendor and it does everything you need, email, collaboration, messaging, security, and VPN. The latest running on Suse Linux called OES2 SP2 is amazing. AND it comes with free virtualization in the form of XEN. Not to forget the best Directory structure, eDirectory (8.8.6 is current)
~corporate tool, but employed~
i would wholeheartedly agree with this ... put as much as possible on the cloud. if you have to buy and place a server on your premises, there must be an iron-clad reason to do so, because the default should be the cloud. and dont be put off my reasons like data safety and data security -- data is more safe with a reputed cloud vendor jwith a professionally managed data centre than it is with a 20-employee NGO with a single ill-paid sysadm ( just as money is safer with a bank than under the mattress at home )
Insight into much, Influence over nothing !
If you're buying Macs, buy refurb macs. They're just as reliable, and a lot cheaper, than new macs. Plus since they tend to be last-gen, all the kinks have been ironed out of them...or at least the workarounds are all known.
Where I work 90% of client machines are Macs, and support (when needed) only deals with the other 10% that's Windows (accounting, CEO). Internal IT doesn't do a lot with Macs, because the Macs don't have issues. Backend infrastructure is mainly Linux (Ubuntu on Dell).
Ticonderoga now has a cloud pencil service? Who knew?!
But seriously, part of any good security plan is business continuity in the event of disaster, such as a widespread multiday power outage. For a lot of places that means closing the doors for a while, but some industries (eg healthcare) can't count on that option. Paper recordkeeping is a very robust interim solution.
Assuming you remember to print out your emergency procedures and forms before the power goes out...
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
I'm in a similar position at an NGO, except that we have offices in 4 other countries with 20 or more people each.
Here's what worked for us, your results may vary:
New desktops: should it be laptops (with dockingstations), regular desktop machines or thin clients?
Laptops. We are frequently traveling, often to areas with little to no internet access, and being able to bring your data with you is a good thing. Mostly Macbooks, as they are reliable, easy to use, and integrate well with the rest of our systems.
Servers: We need a server for authentication and user management.
We use Zimbra for authentication and user management. It also serves our email - IMAP and SMTP, shared calendars and task lists - synchronized over calDAV, and a web-based interface to all of the above.
We also need an internal media server
Each office has an internal Linux server running Samba, authenticating over LDAP to Zimbra. Works equally well with Mac and Windows clients.
Finally we would like to have our web server in house.
Are you sure about that? Do you have the bandwidth and a reliable enough connection? We went with a dedicated server hosted somewhere with multiple redundant connections.
feel free to comment on anything important not on the list.
Email and collaboration software?
Again we use Zimbra, and it integrates remarkably well with iCal on Mail on the Macs. Windows users can use Thunderbird + Lightning or the Zimbra desktop client.
Printing?
We run CUPS on the Linux server, so the Macs pick up the shared printers automatically. Windows users can print over Samba with click to install drivers.
All that we see or seem is but a dream within a dream.
Go with a Hardware Firewall / VPN device from Cisco for the external connection If you web server is for the external world go with a Linux based system with Apache if its for a internal intranet setup go with IIS which is placed behind the External hardware firewall. A second internal hardware firewall to separate the internal network from the Web Server. While a Single server can handle almost everything your looking for with such a small company I would advise not putting all your eggs in one basket. Go with cheaper servers and multiple servers vs 1 or 2 large powerful servers. Server 1 a File and Print Server with a Raid 5 disk setup. Server 2 Antivirus Server / Deployment Service / Microsoft ISA Server / Certificate Server Server 3 DNS / Active Directory / DHCP / Exchange Server Primary Server 4 DNS / Active Directory / DHCP / Exchange Server Secondary Server 5 Door Access / Security Camera Control (if you have either) Otherwise skip this. Server 6 SQL Server, Application Server and BES if you use Blackberry's, You will want a DAT backup drive for the file server with daily backups. If its a public company you will need 8 weeks worth of daily backup tapes plus monthly backup tapes for 7 years and yearly tapes for 7 years worth of backups to meet SOX compliance. In Active directly do both a Global Group and domain local group for each shared resource. Put people into users in the Global group and attach the Global group to the domain local group which is applied to the actual resources in the file server. Make heavy use of groups to resources vs assigning people directly to folders. Hardware use Dell Desktops, not laptops for the office. Set internal resource asset numbers in the bios, lock out front USB ports and set the bios to only boot from hard drive. Use a good bios password. I prefer Windows XP to Windows Vista and 7 for a business setup. Unless your using any software that requires Windows 7 stick with XP and make sure all users are regular users with no admin privileges. Any programs that require admin users can usually be fixed with a registry change or a rights change on its folders. You will want to create a batch file to secure machines, set logging options to be longer then defaults and remove local admin accounts. I like Trend Office scan over SAV but both are good for central management. KIX is a good login script program with AD for setting up auto mounts of drives based on what groups the user belongs to in AD Force complex passwords and rotation. Make heavy use of Group Policies to secure machines. Use Cat 6 cables if your redoing all your cabling as well and put in at least 2 ports at each work station. Avoid wireless but if you want to use wireless use a internal office setup on radious authentication Use GB port layer 3 switches and activate 802.1x network authentication. Physical protection of servers and networking equipment important to make sure you pad lock all networking points and all hardware to prevent access to ports on back and internal guts. Use large multifunction copier vs personal printers, page per cost is way cheaper. It adds up quickly. Make sure it supports secure print so HR and other confidential users can print secure. Setup all devices with passwords to prevent users from messing things up. UPS battery backup for all the servers and network equipment. Keep a few laptops on hand with encryption as loaner machines so if users need to work from home they can VPN into there work station. Data should never leave the actual business. Never allow work on a laptop since data can get lost or stolen. Set the users home directory to be on the server as a shared drive and lock out there ability to write on any part of the local C drives to prevent users from saving important files on the desktop which wont be backed up unless you use roaming profiles. Using group policies users should be allowed to restart a machine but not shut it down. Virus scan should be nightly with a deep scan once a week. Use a off site company like Iron Mountain to do the offsite tape s
Use standards for everything you can. Don't use some product because some propreietry feature is a must-have, or you'll be locked in to that vendor for ever, and if they go away, then you're stuck. And dont just go with what one company calls their "standard", but something that is common and interoperates between vendors.
Design your corporate network with some level of security; know your risks, compromise to make things work smoothly for staff, but understand the compromise. Give people the "least surprise" when having to get on your WiFI, use your printers, etc.
I think a core is to get some central authentiation. Look at LDAP. Then look at using that LDAP data for building an authenticated Wiki. Consider using radius fed from LDAP to secure your ethernet ports (802.1x) - so get a managed switch that supprots that. Its a standard, so you dont HAVE to go for Cisco - I had a lot of joy with the now very old DLink business class gigabit swiches (GDS3224 I think they were) - but don't use propriatry stacking as you'd be stuck to always using that switch/firmware - use LACP and MSTP.
Encourage yourself to have an always-accurate LDAP. Make an internal directory that is auto populated with all relevent fields from LDAP. Extend your LDAP to contain everythign needed. If you find someone in some department is copying all the names to excel to make a phone directory, try and ind out what your current online phone directory doesnt give them, and fix it. Up to them if they want a printed hard copy - but that should be just a case of hitting print in a browser.
Put two Wireless networks in each office - one that uses certiicate based WPA as a secured network for staff, and one that is protected by a simple shared password for guests. Put up signs so that guests are welcomed to use your guest wifi, more than using a wireed ethernet port (which would also, as above be protected with 802.1x - except that's not always possible with ports for printers, etc - but even still you can MAC address lock those ports).
Design your VLANs into areas of shared security risk. Printers. Finance Staff workstations. Common File Servers. Tech Admins. HR. Bridge these staff VLANs to wireless using cert-WPA so that people aren't having to circumvent your security.
Put in a Jabber server, authenticated using LDAP. Let your Jabber server talk out to other networks. Encrypt your internal IMs via your Jabber server.
Put in a SIP server, and use softphones for most people.
The exception to using standards and doing it yourself: Offload email to GMail or similar. Use their calendaring. Get android phones and be done with it. Then use Thunderbid to work with your GMail accounts and calendars... using STANDARD protocols, such as ICAL, IMAPS, etc.
But, use Standards where you can.
Google -- according to their own public statements -- mines data so they can display ads, AND sell your data to other people. Whether THEY are interested in your company's secrets is irrelevant. We know today that even data with all "personalized" information stripped out can still be used to infer personal information and "confidential" business information. We know this. It was proven when AOL released all that "impersonal" data years ago, and it has been shown many times since. I'm not making this stuff up.
Whether they get hacked or not is completely irrelevant. THEY are marketing your data. They admit to doing it. So what's your point?
>
Ec2 instances are accessible by the person who actually spins up the instance. It's built with a private key that no one has access too
Go and re-learn what that key is for .. and what it actually does ..
nothing is "BUILT" with that key .. it is simply a value that can be used in the manifest.xml. What you do with it , is up to you ..While 'SOME' ( perhaps even most ) use it to secure access .. the person spining up the instance does not need to have the private part of the key to launch it .. in fact I have a few configurations that ignore the "launch key" totally ..
Also ... about the comment on the vpc product ..
the only difference between a vpc instance and 'public' instance is firewall rules .. That product was only added for people that did not want to roll there own. Proper manipulation of security groups and use of any flavor of ipsec gateway can duplicate it ... Its nothing special.
I think you dont "get" what ec2 is designed to do .. .. But then again , no one can define 'the cloud' anyway .. so its expected.
I love Linux/open source as much as the next guy, but c'mon: Small Business Server 2008 R2 on a Dell/IBM server with big SATA disks and hardware RAID1 and all the CALs you need would be about $5000 with tape backup.
Comes with Active Directory, Exchange, Sharepoint, Remote Web Workplace (Outlook Web Access and terminal services/RDP to the desktops), quotas, roaming profiles, group policy, you can throw Blackberry Enterprise Express on it if they require smartphones. Simple to manage, reliable.
It's pretty hard to beat for a ~75 user network; have dozens of clients running SBS 2003 and 2008 and it's a no-brainer.
I'd stay away from web hosting in-house though: unless you have some back office integration concerns, there's no value to having your website running off your office's Internet connection (think DoS or web vulnerability and the added complexity of another server configured in a DMZ) for the average brochure website, a $10-20 a month web hosting package is more than sufficient.
body massage!
That's a pretty recent version of the definition. If you prefer I use the term "snooping", fine.
Actually, I prefer you use the terms "espionage" or "data theft" since that is what you are implying.
it is now known that significant personal and business information can be inferred from mining. It isn't as impersonal as just a few statistics might imply.
Indeed, it is possible to de-anonymize certain data, but for that to be of any consequence, the data must be *distributed* to another party who would do so. I'm not aware of any alleged cases of Google distributing Google Apps data to third-parties (except as ordered by subpoena). If you have evidence of this, please post it.
And how do we know this? From information leaks that have in fact happened, and from statements by Google themselves. [...] There has been a great deal of writing about this in the last few years.
Citation please...and remember, we are talking about data stored in paid, corporate Google Apps accounts, not issues with Google Buzz, StreetView or some experimental Google Labs project. Google has a policy of temporarily holding back experimental apps and features from their corporate customers so that they have time to evaluate them for stability and security.
I realize that there was reportedly an issue that would prevent some privileges from being fully revoked in Google Docs after certain documents had already been shared (kinda like how actual files work), but this security issue was resolved quickly and responsibly. IIRC, there was also some controversy over how Gmail used SSL. All sorts of apps suffer from bugs and security holes, but compared to the security track record of, say, Microsoft...theirs is pretty darn good.
And if you want evidence that Google is not always 100% honest about what it does, look here [bit.ly].
I have read this article, and I even agreed that this is a case of biasing search results. However, the contention being made there is that Google could use this result-biasing to engage in anti-competetive practices with other companies, not that they are doing anything to harm their own customers. To outright call them liars is not really fair since its debatable whether or not one would consider these enhanced search boxes to be "search results". In the context of Google's own definition of a "search result", they are telling the truth.
No rational security policy in the world (except maybe military) requires you to actually own the hardware your data rests on.
This is a completely ridiculous statement. I have not worked for a company in the last 20 years, large or small, that did not have such a policy. Where did you come up with this idea?
Well, I have not worked in IT for nearly that long, so maybe something has changed since then. Nevertheless, nowadays, companies outsource. My ideas about security policies come from reading them, and I have yet to see one that forbids outsourcing of hosting services. Also, I am intimately familiar with the PCI DSS, which permits outsourcing as long as the vendor in question is also PCI compliant. The general consensus is that if you can be PCI compliant, then you are already compliant with almost every other security standard there is...some notable exceptions being regulations that govern big telecom companies and military contractors.
In fact, there are some standards that a small business can't hope to be compliant with without sending their data off to a third-party! Consider services like Postini, which are used to enforce email retention and filtering policies. BTW, Postini is owned by Google and a lightweight subscription is included with your Google Apps purchase.
While there may be some legitimate concerns about network connectivity, cost and data portability, everything that you're saying in t
If you want to call that "irrational" policy, then be my guest.
I do, because it is. Your security policy that was written in 1990 needs to be updated for the 21st century.
App for that -- http://www.google.com/enterprise/marketplace/viewListing?productListingId=5282+1826658422239398150
Put identity in the browser.
Contrary to owned infrastructure, you can't control the security of a shared hosting provider.
That's usually a good thing. In-house IT staff sometimes cut corners on security either due to laziness, ignorance or some combination of both. IT services companies tend to be much more strict about information security since that's the core of their business.
It boils down to a matter of trust. And would you actually trust a guy who askes questions like this to create (and maintain!) better security than a shared hoster with a compoter security team twice the size of his complete company?
This statement contradicts your previous ones. I honestly can't tell if you are agreeing or disagreeing with me.
6.1 Obligations. Each party will: (a) protect the other party’s Confidential Information with the same standard of care it uses to protect its own Confidential Information; and (b) not disclose the Confidential Information, except to Affiliates, employees and agents who need to know it and who have agreed in writing to keep it confidential. Each party (and any Affiliates, employees and agents to whom it has disclosed Confidential Information) may use Confidential Information only to exercise rights and fulfill its obligations under this Agreement, while using reasonable care to protect it. Each party is responsible for any actions of its Affiliates, employees and agents in violation of this Section.
6.2 Exceptions. Confidential Information does not include information that: (a) the recipient of the Confidential Information already knew; (b) becomes public through no fault of the recipient; (c) was independently developed by the recipient; or (d) was rightfully given to the recipient by another party.
6.3 Required Disclosure. Each party may disclose the other party’s Confidential Information when required by law but only after it, if legally permissible: (a) uses commercially reasonable efforts to notify the other party; and (b) gives the other party the chance to challenge the disclosure.
7. Intellectual Property Rights; Brand Features.
7.1 Intellectual Property Rights. Except as expressly set forth herein, this Agreement does not grant either party any rights, implied or otherwise, to the other’s content or any of the other’s intellectual property. As between the parties, Customer owns all Intellectual Property Rights in Customer Data, and Google owns all Intellectual Property Rights in the Services.
Put identity in the browser.
I recommend that you resign and let someone who isn't totally incompetent "remake their entire IT-infrastructure from scratch"
Required reading for internet skeptics
And when Joe Farmer runs his backhoe through your Fiber line? Send everyone home for the day?
Yes, do exactly that. Since everything is on the cloud they can work from home just as easily as they do from the office!
I posted this once before and it mysteriously disappeared. Go figure.
You have a good point. I was not being sarcastic at all. I was exaggerating... slightly.
"... and (b) not disclose the Confidential Information, except to Affiliates, employees and agents"
You have proven my point for me. Do you know who "Affiliates" are? Look it up. In this case (yes, I am speaking of this particular Agreement), "affiliates" are those companies and advertisers to whom Google has agreed to sell information.
The rest of the language SOUNDS all nice and secure, but if you read it carefully, what it's really saying is "we won't give your information to anybody except those to whom we have agreed to sell it... but THEY must agree to also keep it confidential."
Which is basically is no assurance at all. Who are those affiliates? How reliably will they keep their word about keeping YOUR confidentiality? Etc.
Thanks very much. You go use Google Apps all you want. I'll keep my own data on my own computer.
This is a straw-man argument. It is illegal for banks to share such information. Google, on the other hand, routinely sells it, and publicly admits to doing so. You are comparing apples and oranges.
Someone just up above posted part of Google's agreement that applies to Google Apps. In it, they openly state that they will share your information with "affiliates". Affiliates, in their terminology, are people to whom they sell information.
Don't try to tell me about network security. I'm in the frigging business of shoving data around online. I think I know a little bit about it. And I'll be damned if I can figure out why some people think that "being in the 21st Century" is an excuse to ignore genuine privacy issues.
Your suggestion to use IMAP is ridiculous. Because it leaves your email on the server (precisely the kind of situation we were discussing), it is LESS secure than POP3. It might be more convenient in some cases, but that's all.
Please explain to me why being in the "21st Century" is somehow an excuse to ignore legitimate privacy and security concerns. I admit that I have completely failed to follow your line of reasoning, if that is what it is.
"EC2? Yep. All of your financial reports and graphs will look just great coming from somebody else's data store. "
Really? Who cares. There are very few CDN's in the world and unless you're Google, who cares if your financial reports are being hosted through, Google, Akamai, etc..
Bye!
The legal language sounds exactly like what it means. Need to know. You asked for privacy and assurance that data's not mined. Ignore the legal NTK verbage if you like. It's no skin off my back.
Put identity in the browser.
YOu have just explained why I'm not likely to ever see my data in the "cloud", hell, our own server across the room is too slow for a lot of CAD models, even a 5400RPM harddrive is sometimes. Load a 600MB part into an assembly of 10 of them, or even just the one 600MB on into a 200MB assembly, now multiply that by 5, and all of a sudden you just about cannot get enough bandwidth on your server. Same goes for those people in video or audio production.
Right, but do you do your own payroll?
Virtually all people who put stuff on the cloud have hybrid environments. You can be doing fluid dynamics down the haul and still have hosted Exchange or whatever.
Advice: on VPS providers
"The cloud": two syllables, nine characters.
"Farming shit out to some website": nine syllables, thirty-two characters.
Efficiency!
It bugs me when people on tech sites say that "the cloud" is a ridiculous new idea that won't work, given that it's an expression for a set of practices that have been in use in industry for over a decade.
GMail? Nothing wrong with that... as long as you don't mind all your internal memos being examined by data-mining software.
Not to mention state and federal laws (SOX, HIPAA) that require controlled access to certain information.
The word you're looking for is "SAS70".
Advice: on VPS providers
I've spent the last several years studying IT, and whatever I was studying, I'd imagine how I'd set up the systems and network for an NGO. I expect most IT professionals like to daydream about what they'd do, given the chance to set things up from scratch.
The questions the poster asked were so general, they suggest the poster was not a professional. Job #1: hire a professional. Then, do some homework, so you can work with the professional.
1. Establish a file server, mail server, domain server, etc. Start talking to vendors.
2. Establish backup servers for redundancy
3. Setup a team of 4 people with skills in networking, databases, mail exchanges app servers and web servers.
4. If you need 24x7 support or weekend support, hire 2 more people. Start talking to contract staffing companies. They might hire one of your friends who needs a job.
5. Ask for budgets for mail access clients, offsite backups, redundancies, etc.
6. Provide options for mobile access, home access, vpn, etc.
7. Ask for more budget to provide the same. Start talking to more vendors.
8. Talk to multiple vendors to hand out contracts so that you get invited to various breakfasts, dinners, events.
9. Ensure that the 20 person company has an IT team of 10 persons and you are telling them what they should do, when they should do it and how. If not, the servers will overload, all their IT systems will break and leave them bankrupt and open to serious litigations. Or something like that.
O this learning! What a thing it is - William Shakespeare
I've used SME Server with FreePBX in similar roles.
It's as close to appliance-level simplicity as you're likely to get.
"I've got more toys than Teruhisa Kitahara."
Please explain to me why being in the "21st Century" is somehow an excuse to ignore legitimate privacy and security concerns.
Your "concerns" are FUD. See my previous posts. If you're asking what's different now...well, there's this new-fangled thing called the world wide web, not to mention ubiquitous high-speed WAN connections. A great combo if I say so myself.
It's a 20 person company. Do you really think he's going to have the proper power conditioning, cooling, and remote-access setup for lots of live servers for basic stuff like e-mail and chat?
Keep it as simple as possible. Don't use docking stations, as they will be useless the moment laptops change. Just have people use laptops. Bog standard local NTFS file server with Raid1 for safety, and backed up offsite. Use hosted exchange if they must have meeting requests, or Gmail if not. Chat over skype.
IT is not about finding the quirky, brilliant solution that configures *just so*. It's about finding the robust solutions that will continue to work pretty well more or less indefinitely. Intra-company communication via skype means that Skype is responsible for making sure the IM server stays up, not you. Or substitute gChat / your medium of choice. Obviously, if they're legally required to log you should bring that in-house.
In two years, the hardware will be a mess of different configurations. New people will want to bring in their own laptop. That carefully constructed network map with everyone allocated a specific IP tied to their login will be useless bunk. You will be on your second wireless router. A new hire has to be able to walk in with a laptop off the street, connect to your network as painlessly as possible, and go. Login to the intranet, the intranet has links to all the software they'll need, go. The router configurations are all DHCP, and where they aren't every bloody port and plug is labeled.
If your replacement had to replace something, could they? Could a new, slightly technical user set themselves up without paging you? KISS.
The ______ Agenda
That is why you network with 2 providers and an emergency backup (such as satellite).
Note that if you are hosting your e-mail offsite, when the network well and truly goes down, everyone can whip out their phones and still work. But if your e-mail is local, nothing can get in or out. Similarly, if you have hosted services and your netlink goes down, wander over to Starbucks and keep going.
It really only makes sense to locally host high-bandwidth services, like file or version control servers. Anything else can be anywhere else.
The ______ Agenda
Allow me to disclose my bias: I hate MS products, especially Office after it went all Ribbon-y. I also have a moral objection to product activation. So, all I use on my primary computer is OOo 3.2.1, and the machine has been OOo-only since the day I bought it two years ago. I appreciate all the effort that the developers have put into it and that it is free.
That said, OOo is a pain to use. Document assembly just hurts. How often do you make tables in your word processing documents? MS Word is great about manipulating columns, rows, etc. Text wrapping is great. OOo... oh my god. It's nearly impossible to get the table the way you want it to be. Bullets and numbering in Writer is nowhere as flexible as in Word, and I have often switched back to manual numbering in exasperation. Autocorrect in OOo blows, it usually annoys more than it helps, so I have turned it off. Never had a problem with MS Office.
Doing scientific work? Want to embed sections of a spreadsheet in your Writer doc? Great, just don't expect the cells to look nicely. Border formatting in Calc sucks. Oh, and heaven forbid you find an error in your embedded spreadsheet cells; editing those in place is so problematic/laggy that it is just easier to delete the whole table and copy/paste from the (fixed) source spreadsheet. Text wrapping around these elements is abysmal... there's no option similar to Word's "in line with text", and so the thing stays as a floating table (no other option). OOo does offer some wrapping options that I don't think have parallels in MS Word: "background" and "through". These are excellent examples of a page wrap that I doubt anyone really wanted, because they allow text to wrap right through the table, becoming superimposed over or superimposing upon the table. Wow! Did I mention that the borders on the embedded tables will disappear on random sides when it comes time to print/export as PDF? WYSINWYG.
Charts in Calc suck. There is no analogue to Excel's "chart as a sheet" option. That means if you change your page layout, etc, you have to go manually try to resize the floating chart to the new desired size with your mouse. It is difficult to get it exactly to the print size limits, because the chart is a floating object that does not snap to cell borders and lags/jumps when you try to drag it for fine positioning. It is very easy to get it a few pixels off and then have your chart print out as multiple pages, yay! It should go without saying that printing charts is a pain unless you send them to another sheet (trying to print just the chart without the data that is otherwise on the sheet).
Which brings me to another point: there is no polynomial regression curve fitting for scatter plot charts in Calc, unlike Excel. This missing feature has driven me back to Excel for my reports more than once.
There are lots of little annoyances with Calc, like there being no quick way to perform a sum on all relevant rows in a column. In Excel, this would be "=SUM(B:B)". In Calc, you are forced to enter "=SUM(B1;B65536)". Annoying. Also, the use of semicolons to separate function arguments is an annoying difference from Excel. Why not just use the same format? Was it patented? Most of the rest of the UI tries to be Excel-like... so why this difference?
I could go on, but you get the picture. I believe the users who complain about OOo. Some just dislike having to learn anything new, but OOo does have serious limitations/annoyances for those who have scaled the learning curve. BTW, yes I did search for solutions to most of these issues/annoyances in OOo... they don't exist.
tl;dr: I use OOo because I hate MS, but it is very difficult to do so—sometimes it is impossible to get a final product polished the way you wanted. Using something this painful probably builds character.
Google didn't get it "wrong"... they're data mining all YOUR email. Even if they're not showing it to the public they're still scanning it all for search engine, advertising, new product development data. THAT is why it is so very hard to DELETE anything from Gmail.
I read the description for this and I can't tell what it actually does. Smells like snakeoil to me, and the four "customer" reviews seem fake. They claim to make you "HIPAA, HITECH, GLBA, SOA compliant". HITECH is the same as HIPAA, and as for GLBA/SOX...anyone telling you that you need to specifically use technology "X" to be GLBA or SOX compliant is just blowing smoke up your ass since those are accounting regulations that only vaguely touch on IT requirements.
I'm guessing that this is just your run-of-the-mill encryption plugin that is being marketed toward hospitals and the like.
20 employees - this is fairly small, but not too simple depending on your daily usage. What are your users doing with the computers? Are you running and special software? Are there developers?
.
I agree with above as you should do better homework at identifying what the users do & need.
For example: whether your users should use laptop or desk computers - it mostly depends on costs and mobility needs, are your users working while traveling or are they only at the office?
Whether your server should be inhouse or external depends on costs vs. security needs as well as do flexibility and required access to the actual hardware.
Hardware also depends on cost vs. do you need something dedicated to graphic processing? heavy financial or statistical work?..
As for Media solution:
"We also need an internal media server (we have thousands of big image and video files, and the archive grows bigger every year)" -
For that there is a great open source solution called Kaltura - http://www.kaltura.org
Kaltura will allow you to syndicate, manage, transcode, integrate with other solutions, etc. at no costs and easily.
Version 3 also runs on the Amazon EC2 in case you decide to go cloud based, or you can just download the software and install on your Linux box inhouse.
How did you get hired?
Did they ask if you had experience setting up an entire IT infrastructure from scratch?
If they have hired you as a Chief Technical Officer, and you need to ask slashdot about this, then I suggest that they have hired the wrong person.
http://davesboat.blogspot.com/
I don't think anyone is saying it won't work, I think they are saying it won't work for everyone or even them.
They are expressing their concerns to why or why not.
Most important is who will manage the system. You talk about a NGO. It may base its existence on some set of ethical values. Find a person who developed sufficient net skills, and who shares the values behind the NGO.
I manage my own home site. Domain, mail server, web server. For presence online, one fixed IP address, plus some friend with a second fixed address somewhere else, is enough. No opaque clouds to block my view. A small PC which is always powered is enough.
If requests are kept reasonable - i.e., not pretending to be able to handle thousands of contacts per second, not pretending to maintain multi-million contact mailing lists, and especially not pretending to aspire to the useless utopia of assured 24/7 fault-free presence - half a day per week of paid maintenance plus the emergency intervention here and there should keep your ONG afloat.
You should be able to provide whatever PC-dependent functions you want the 20 people to make use of with Linux apps. Your in-house Linux expert, if adeguately motivated, will be eager to write small scripts (or even huge applications) to cater for your specific needs. Of course, workplace PC's should only be used for work-related activities...
This only works for ethically motivated entities. If you manage a purely for-profit concern, no matter how small, you can only motivate experts to manage your network and machines with money, and there will always be someone who can offer more money than you. For good experts who base their choices on money, it will be a no-brainer to abandon you. What you will be left with are unskilled people with some vague point-and-click experience. You can opt for the cloud, but remember that, whenever an even vaguely important concern is raised, the survival or even the well-being of the entity providing the cloud services will always come before yours. ALWAYS! They are big and you are less than small.
The solution: either become a huge money-printing concern and get the best people available on the market, or much better, BE ETHICAL.
This is something that really belongs in some clever Linux Distribution. The vast majority of companies are small businesses, meaning under 75 employees. At that scale nearly everything should be "canned" solutions by now.
What you really need is a system that builds in best practices right from the start. Something that MAKES you answer every question up front: Backups, disaster recovery, security, growth, directory services... all is more important that the desktops. In a proper IT structure "desktops" and mobile devices are "expendable" Local data goes back to the "mothership" as quickly as possible and the choice of desktop OS is whatever you need. Networking, apps, file layouts, are all at the bottom of the list as far as being important.
If I was setting up something truly from scratch, I would set up something that mimicked the "online" models people are getting used to. Don't even let users "choose" file systems, force them to do housekeeping and put data where it belongs. Sharepoint is on the right track, but it's hobbled more by the legacy of people and apps doing whatever they want than technical issues.
You do point out a key thing. What's really needed in the industry is a platform that meets HIPAA, SOX, ITIL, PEMBOK, etc standards right out-of-the-box. So much of this stuff is just knowing that it needs to be done. once you have to FIX 20 people to have backup, strong passwords, etc you lose control of your IT structure quickly. I'm most of the way through a CIS degree an have only had one class in management that even touched this stuff... in spite of the fact that the "IT" department at my company spends 60%+ of it's time managing the "big picture" things now. If you knew what was expected up front, you could save thousands of labor hours later.
IN terms of hardware pieces, buy the best you can afford. Always over estimate the number of employees and devices you'll need. Make sure everything has an upgrade path, from 100mb to 1000mb network switches, ect, etc. Go for virtualization wherever you can, backing up, disaster recovery, and upgrading become infinitely easier once you're working with images that can be backed up and restored at will.
The last thing would be to stick to a lease schedule rather than buying stuff. It forces you to buy better stuff and justify it. Second, it forces you to plan "the next" upgrade on a timetable. IT equipment still has a 3 year depreciation rate, so your company should use it if they have the cash flow. This also means you can fit neatly in the business "5-year" plan because you get a mid plan correction if you go over or under what your estimations for growth were. Most importantly, once you put something in place... you're not going to touch it for 3 years at all costs! And use that time to do interesting stuff for the business.
Wrong. There's nothing about Gmail that makes it incompatible with regulatory compliance. Furthermore, SOX and HIPAA regulations are not very specific about the technology solutions that need to be put in place. They just mandate that you have an effective infosec policy and (in the case of SOX) that you have a policy for retaining electronic correspondence. SOX doesn't even have a specific retention period...just that you include *all* correspondence and that your retention policy be reasonable. Google Apps + Postini gives you all the controls you need to achieve both the security and retention goals. So, Gmail?...Nope there's nothing wrong with that.
it's not "farming out to a website". Companies with lots of small offices, have been using this model for a long time. The parent company has all the big servers properly maintained and the branch offices are "expendable". They ship a box with 2 PCs, cash register, and a Cisco VPN router to the branch and call Geek Squad to plug it in. All the PC updates and business apps live on the server farm. The shift to web based apps made this even easier as the computer literally has no apps installed at all. Authentication is done completely thru the VPN router and something like Citrix. The PC never even stores the actual transaction or customer data.
When I worked for McDonald's in the 1990's they were using SCO Unix exactly like this. The computer would dial home for updates, orders, and system messages every night. It would tell the managers when they needed to swap the backup tapes and everything to take care of the local system. They could load all the cash register prices, and buy more food automatically. This was all "amber screen" stuff, it's funny how we've come full-circle with the internet putting everything back under centralized control.
OK, lemme get this straight...you want to take an accounting (i.e. not IT) standard that was written by accountants, for accountants, that pre-dates the web, is not actually codified into law, and invoke it as a reason for why gmail is inadequate for corporate correspondence? Let me know if I missed something here.
Keep it simple sometimes works best. Simply split the company IT infrastructure in two, for critical services, accounting, productivity etc. use thin clients and for email and the internet use netbooks on a wireless network. Two completely separate networks, so they can trash their portable computers with all the crap off the internet and it has zero impact on critical services.
The netbooks should have a unique recovery media to rebuild each one cutting the down time to say 10 to 20 minutes, generally speaking the only security affected will be the users own personal security as the netbooks should have no access to company critical services including banking and accounting.
Chaos - everything, everywhere, everywhen
Gee, I wonder how long your company's firewall would hold up if the nation of motherfucking China decided they wanted to take it down?
P.S. I know that's not actually how the attack went but I think you get the point
Windows SBS. Windows 7 on all the clients.
You can go down the linux road, but it won't last.
Nearly all new staff will need cross-training in your OS, Open Office, and whatever else is non-Windows. Remember, you can assume people will have Win7 at home, but you can't do that with linux and regular staff. And once that cost equals the money you 'saved' on MS licenses, you'll have to explain how this happened when the whole point was to 'save money'.
And that's before we
Raised floors is probably excessive, but redundant power, redundant disk, redundant backbone uplinks... Off-site backup... You need to maintain firewall rules and IPS signatures if you want half decent security, and possibly a webapp firewall if you're running complex apps and want more security controls.
You're talking $80-$100k initial investment to "do it right" and $10k to get a "stick it in the coat closet, don't care if its broken sometimes" attitude. Plus, say, another $3k-$10k/yr in administration.
I would say the average business running a single server would require a VERY VERY pressing reason to have on-site web hosting if they value their uptime and data.
$1000 per year for a business class 4-hour change-response and 99.99% uptime SLA is expensive. It would likely be less, even hosting hundreds of gigs of data. It would get you the service of a $50k outlay in-house. Why the hell would you pay 50x more, just to have to support it yourself? Think about that.
Water is a poor replacement for putting out fires that are most often electrical in nature.
Something like 95% of the server rooms I've been in (about 300 in the last five years) uses either a halon or halon replacement, or one of the new aerosol potassium systems. The places that have water systems have frequently told me about accidental discharges, leaks, condensation, etc.
Frankly, I've only heard of one server room fire, but I've heard of 15 or 20 accidental discharges of the fire suppression system. I would favor a system that doesn't destroy everything OR kill anyone when accidentally discharged. The new potassium aerosol systems seem to fit that bill.
It's not exactly a contradiction, but you have to choose the lesser of two evils. (And I just described both evils, thats why it seems like a contradiction)
A good, trustworthy hosting company is better than any in-house IT you could get for the same money.
But there is no guarantee that in either your or an outsourced company, the staff would cut the same corners you mentioned. Laziness, ignorance, incompetence or lack of funding can happen anywhere.
Your only option to get better security than a (trustworthy) server provider, is to hire a bigger and better security/IT-staff than said provider. But that won't be cheap.
As this depends on an unknown factor (the service quality of the hoster), you basically have to gamble on it. (or "factor it into your risk assesment" as they call it nowadays)
As a hint, compare, say, googles security breaches to the number of sql-injections on self-managed servers. Then have a look at googles security budget.
You know know your options:
a) Take the risk of a corrupt service hoster stealing your data (small risk, but huge potential damage)
b) Take the risk of a sloppy inhouse IT doing something stupid (huge risk if you have a single guy handling everything)
or c) throw an obscene amount of money on a top-notch inhouse IT
bickerdyke
You have no idea what you're doing as a system administrator if you can't solve and implement these questions yourself within a few days.
Use what works, and design around people.
If you really put your mind to it, most people could find something they should have done that doesn't require being online. Like say go through and update some documentation, I've rarely seen any place where everything is documented and the documentation is up to date. Instead it always end up that some people start goofing off and it's contagious, you aren't interested in doing boring stuff when you can be chit-chatting or leaving early.
Live today, because you never know what tomorrow brings
I would take 20 Xb0x360 devices and hook them up to some playstations which will have USB disks attached to them. Each and every one of the Xb0X 360 devices I would equip with a Kinect device (linux drives are there) and I would programm me a virtual keyboard. Missing USB ports can easily be soldered onto the motherboards of the Playstations Then I would change the office layout so everybody has their own cubical in which they can standup an do their minority report moves to handle their day to day tasks (You will have to write some software for that). Anything more, just ask. And now seriously Please approach this from a user/business perspective. What does the company need to do their business?. And then look at the support structure of each standard solution. If the support people know linux, then do linux. If the users know Windows, Then give them windows. If the companies customers and suppliers work with linux/osx/windows thats another pointer. There is shitload of standard stuff out there which will do the job just brilliantly. No need to bother /. with this!
Hi there,
here is my Setup for a small Company with low budget.
This is work in progress so please be gentle.
Serverbased on http://www.zentyal.org/. Comes with everything preconfigured. Uses ubuntu as OS.
Hardware depends on your budget. I used these services
- Mailserver
- Fileserver (Samba)
- E-Groupware as CMS and Resources/Projektmanagement (ZARAFA is the new default Groupware, but i haven't tried it yet)
- LDAP for usermanagement and adresses
- OpenRadius (Optional if you want authentification) - Disabled as we don't use wireless.
Website Outsourced to hoster. This ist simply too complex to handle ourselves.
Clientsside:
Used Laptops (IBM T42 or T60) for around 200-300€ each.
Software:
- Win XP preinstalled. Ubuntu might be an alternative.
- OOO for normal work.
- Firefox/Thunderbird for Mail/Web using LDAP for Contacts
- File-syncing with Toucan
- E-groupware on the server for Calendar/Mail/Ressourceplaning
For the Clients using cheap used laptops means, you can buy newer ones every year. Broken ones are just replaced.
I use Funambol to Sync mobile phones Contacts with the LDAP server. IMAP for Mail. If you want Push services you can look into Z-Push, wich is part of ZAFARA.
I just started, so some parts are still under testing.
Hope this gives you some Ideas.
Greets
Metasepp
I work for a school - it has 50+ employees, several computer rooms, a laptop / PC in every room and a requirement to be working all day long without fail. I've worked for dozens of schools, from 20 to a 100 employees, starting out from uni with zero experience in working in school IT or even Windows networking. It's not difficult. Even primary schools here demand two-three times more storage, clients and management than your stated project would require.
Before I was hired to run it all, the schools went to Dell, RM or similar and bought the cheapest office servers and got on with it. Usually it was whoever was most IT-literate that decided whether to buy salesman's offer A, B or C. It really is that simple. The kids store hundreds of Gigs of data but there are thousands of Gigs of space on even a basic system. The system is way over-specced for its task but that's because it has to take account of a lot of problems (for office work, moving to another machine is hardly a chore... for a room full of kids that now can't work on an individual computer, it means the lesson is over for them all, weeks of planning are out of the window, the inspector's / parents might well cause trouble, confidence in the system is shaken and the IT guy has a lot of explaining to do). The IT systems in a school RUN the damn school - from door entry, to telephony, to pupil databases, to medical information (necessary to administer vital injections), to class registers (necessary for fire evacuations), to the canteen, to all the invoicing, to paying salaries, to submitting to government-mandated requests, etc. If school IT goes down, the school is basically out of action. Most of them run it on a hidden office server that wouldn't look out of place in a solicitor's office with 3 people and it sits idle 99.9% of the time. There's nothing to scale at this point.
You're not talking Google here. You're talking a server, a set of clients and maybe some storage. The sort of thing that any idiot can set up with an order from a network server manufacturer in under a day even if they opt to install the damn OS on every machine themselves. Hell, the first time I did it, I'd had zero experience with networks outside of a 10BaseT ISA network card and setting IP's - I phoned up Viglen, gave them a minimum spec for machines, agreed the price and got about £100 off by offering to install Server 2003 myself. I set up an AD for a school from bare metal that was more secure, and more usable, than anything they had in their previous network from a big educational-IT supplier with support contract. It took eight hours to do the setup (more was spent on unboxing, waiting for installs, cloning disks from images, etc.) and convert 50+ client machines. It was built alongside their network until I was confident enough to flick the switch on their old server (which they had zero access to) and enable mine. It still runs the whole school - everything. The lessons can't even begin without it because they only have interactive whiteboards, projectors and laptops that are on the domain (so they don't even have a board to draw on if the domain is not operational). I'm still impressed at how well it operates despite being my "first" network for someone else. That was about 8 years ago now, and they normally replace everything after 4 years.
What you're asking isn't difficult. If you *can't* do it, then you shouldn't even be trying, especially if it's for a business. If you were hired to do that, but don't know how, you shouldn't have been. If you've just been nominated at random, then you're better off calling in a supplier to do a one-off build. £11,000 gets you a 16-client, 2-server setup last time I looked, with delivery, full installation, software licensing, hardware support, etc. for a multi-user office setup. They sell them as "insta-network" kits for schools that are new-build, re-build or just want to add another IT suite. I even think that's expensive, but that's only a fraction of the wages of someone for a
First you have to figure out how your business works - what is the needs of the business?
If "everyone" only works at the office you can stick with stationary computers since they are generally more reliable than laptops and less prone to get stolen.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Just do it, and worry about what "it" is, and whether the approach was a good idea later, after you've done the first 90% and it is time to do the other 90%.
What is in fact just another application of the well known 90/90 rule.
All hope abandon ye who enter here.
Hopefully you realized I was alluding to the rule myself ... and the reason for it being so apropos can be clearly seen by the fact the the GP's post has been moderated +5 Insightful while mine has only received a 1 point bump. It is unfortunate, but a large subset of the software creating populace simply don't belong there :-(
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
This is your answer. Well, it is if you're a company man and not trying to build an IT kingdom. A real IT man will make himself 'indispensable" within a few short months of taking that position. But then he wouldn't have posted here.
I guess I've got some ideas: Mainly, don't spend their money. Provide for the majority of their tech support needs with your salary. One thing I violated that rule on was a switch. When it came time to get one, and I admit I sped up that process a bit, I got a decent managed 3Com (Cisco is too expensive). You know, being alone, if we were to have real network problems, (I'm a general tech, not a networking expert, and they were having some undefined "flakiness") I could bring Intermapper or something up and figure it out. Of course I never really needed managed switch for 50 people (there were older unmanaged 24 and 10 ports also) so take from that what you will. When I did spend their money I tried to buy good stuff that would last.
Oh and about strangers and their laptops. You'll want a firewall too, and have a public open wifi outside of it. Unless you really have to worry about leechers don't password it or anything, and have the ssid be obvious to the name of your company. Honestly, the old WRT54G would do fine for that for 20. (I had a cisco 630 die once and I substituted the venerable linksys for 40 users for the few days it took to get a replacement. You could not tell the difference). The second one, if you have another one, can be on the internal network. And I'd have any hot network ports plugged outside the firewall too. People plug in without asking. Perhaps it shows that I'm not all that confident in my ability to secure the server against a real threat, so keeping the internal network minimal helps.
Which is exactly what he is doing, and he posted over the weekend no less.
You seem to be assuming that the only thing he is doing is asking Slashdot, but congrats on making sure he gets a sip from a sewer pipe rather than the sip from the firehose he was expecting and for which he was hoping.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
i'm a ditto head on this, worked for a school with about 35 employees that had a sysadmin that wanted server experience for her resume. What a horrible waste of time, money resources as well as a nasty mess at the end. Even the guy they hired to help her set it up recognized the idiocy and put in a sub-domain that hosted his on-line store and retired to the beach on the money from that until a friend and i tried to figure out where all the bandwidth was going. When we cracked the stinking pile open the so called sysadmin started to cry. we lost.
Now, my friend's in Beijing and I'm in Shanghai, the sysadmin is still there running that ridiculous mess.
there was no reason in the world to host all that stuff in house, case closed.
Subversion of spatial scale luxury decoration ideas.
[...] No rational security policy in the world (except maybe military) requires you to actually own the hardware your data rests on. Nor do they require that your employees have direct access to said hardware. [...]
Our legal department respectfully disagrees. We shell out quite some cash on top of our regular support contracts so that no outside technician touches any system with its hard-drive installed. They have to bring their own bootable disk. And we recently had to move our branch's mail server from the Austria head office to our location in Germany. We are not even in a sensitive industry. But between state regulation, data protection laws and insurance terms we have very little room for outsourcing anything. The only component hosted externally is our static website. Everything else is kept on premises.
Rudolf Hess edited Mein Kampf. He was the very first grammar nazi.
Google -- according to their own public statements -- mines data so they can display ads, AND sell your data to other people.
[citation-needed]
-- If you try to fail and succeed, which have you done? - Uli's moose
In terms of backups, I'm starting to think that people would effectively benefit from something like an automatic remote revision control system (like Subversion, Git, Mercurial, etc...) and a background process on their laptop or PC that runs every few hours and just commits local changes to a local and remote repository. Then you get backups, historical backups with the ability to revert by date and time, and an efficient use of disk space (since only modified files are backed up).
But obviously for end users unfamiliar with revision control systems you would need a very user-friendly GUI to retrieve older copies of lost files.
I dunno, there's plenty I can do when I don't have internet access.. usually the priority is getting the internet access working again, but there's still programming that can be done, documents that can be tidied up, etc.
It all depends on what you actual job/company is.
----- The internet has given everyone the ability to have their voice heard equally as loud.. even if they shouldn't be
This used to be clarkconnect, now it is clear os.
Cheap storage VM.
This is for a small co. of about 12-15 engineers, (depending on how many part-timers your count). They do lots of computational modelling, so lots of storage space and CPU is needed. This sounds like it might be a bit similar to your needs (if you're going to do anything interesting with that large collection of videos & multimedia)
They have one "main" file server for project work. It's a white box PC from the local shop and has a couple of TB of hard drives in it. It runs ubuntu server with samba (like all the other servers in this co.). It has needed work about twice in the last 4 years.
They have a couple of old Dell workstations which are too slow to do engineering on now. One runs an external-facing FTP server (it could probably run a small website if needed, too) and one runs an internal wiki and a few other similar tools. I could probably move some of the internal stuff into the main file server, but we had the old machines kicking around, and it's useful to be able to fix stuff without breaking the whole network for the whole company at the same time.
We have a modelling file server, which is a big Supermicro rack server. It's a 4 or 5U box, because they have an open-plan office and nowhere to put the rack, so the rack-mount servers have to be very big (for what they are), so they can be quiet. This has space for 8 hard drives so you can pack it out with largish drives and there will be enough space for all but the most data-hungry organisations. It's expensive compared to the white-box PC, but if you really need the extra space, it can be difficult to find an off-the-shelf machine with space for more than 6 hard drives (and it's a lot easier to replace one if one fails, too).
We have a backup file server. This uses rsync to mirror the (newer) contents of the other two servers, so that if one of them falls over, we don't have a bunch of engineers sitting around while I get the train into the office, work out what's wrong, get the right part, fix it, etc. It also compresses the important (non-replacable) data every week so that someone can copy it to an external drive and take it off-site. Much cheaper than the internet connection that we would need to mirror a week's work in reasonable time over the internet.
All of the computers are cheap white-boxes from the local shop running windows XP or 7 with various versions of MS Office (whatever was current when the machine was bought). No-one seems to have any problem with the fact that the boss uses XP and office 97 while the new guy uses Win 7 and office 2010, and I have better things to do than make an issue out of it. We keep track of whose license is who's on the wiki. Most machines also have OpenOffice, but there is general user resistance to that concept.
We have a couple of PCs for doing number crunching. They sit in the corner and run VNC servers. If people need to crunch numbers they use them, otherwise they use their own cheap workstations.
In summary: buy off-the-shelf PCs for the users. So long as they have windows, office, anti-virus, etc. they'll get on with what they need by themselves. The hassle of getting people to use linux or OpenOffice is not worth the 250 pounds we pay to MS per computer. An off-the-shelf workstation or server with some extra HDs and some version of linux makes a perfectly adequate file server. Use sneakernet for backups.
As I say, your situation may be completely different, but I hope mine might give you some ideas.
Look down the page. It's in their TOS.
Nonsense. "Need to know" are weasel words. This exact kind of language has been used by people who sell to advertisers (and others) for years. If you are buying consumer information for the purpose of advertising (other other purpose), then pretty much by definition you "need to know" that information in order to advertise to those people. So while it sounds good, it really means NOTHING.
Repeat: what this says is that Google can sell your information to others (affiliates). It does ask those affiliates to keep the information confidential... but so what? In the same position, I could legally sell your info to 100,000 people and ask them ALL to keep it "confidential"! And just how confidential does that make it?
I am not "ignoring" the words need to know. I have seen them before -- many times -- and I know what they mean in this context: next to nothing.
I have seen your previous posts. You aren't making any real, logical arguments. You are simply making blanket statements and apparently assuming I should accept their validity.
I repeat (because you haven't given me an answer): what makes living in the 21st Century an excuse to ignore legitimate privacy and security concerns? And simply saying that my concerns are FUD is not an argument. Go ask Bruce Schneier if you like. He's a renowned expert. And he'll tell you the same things. I am not making this stuff up.
The final decision on this is probably above the OP's pay grade, but consider putting employees on the "Bring your Own Laptop" plan. One of your biggest expenses at a company this size (unless you have very expensive vertical market software) is desktop hardware. Company-owned machines take a lot of hard use, and somehow people's own property lasts longer.
Sir, you are everything wrong with the IT industry. Too many techs have taken the "Build first, ask questions later" approach and we end up with legacy systems that need to be completely replaced. I'm sure this is the approach the last guy did, and that's why the whole thing needs to be done from scratch.
At least, that's what I would say if I couldn't recognize sarcasm, like the clods who marked that "Insightful." And why can't we have <del> OR <strike> tags?
I sometimes ask revealing, often ignorant-seeming questions. Maybe they're harder to answer than you think.
The biggest issue with the request is that we don't really know what the customer really does. Sure, they're a small NGO, but do they do accounting, document storage, engineering, or classified work? All of these have specific requirements that change the loadout.
Second, how does the client interface with vendors and their clients? What data format do they need to output or accept? This, more than anything else, will determine software requirements. What proficiency are the users? If they are very skilled at a specific software title, your customer can spend money on that software to avoid retraining. If they are unskilled, a learning curve will occur regardless, so software selection can be made with capability and cost as primary factors.
From the answer to these and other questions, you can derive the desktop software loadout, data flow, and server requirements. From these in turn you can derive network architecture, desktop specifications, and server specifications. Note the process:
Regulations > Interface > Tasks > Users > Desktop OS and Software > Data Flow > Server OS and Software > Network > Server Spec. > Desktop Spec.
Now that we covered this, a little general info. To rack or not to rack. If you are installing new infrastructure and your budget allows, place all network and server infrastructure in a rack. Lay it out and lock it down. Track every wire, origin, destination, and termination. This will go a long way to saving time when you must look uber-proficient.
Desktop apps and operating system? Depends. If the client has never used a computer or is only marginally proficient, use Ubuntu 10.10 and save yourself an ungodly amount of labor. Just make sure that you nail down a service contract first. After training the users and some limited admin work, you will have little to do, if you rely on per hour support with a limited client base, you will go broke supporting Ubuntu, but your clients will be happy.
As far as the server goes, things are a little more flexible, unless there are some specific server side applications. Assuming there are not, I have has excellent results running Ubuntu Server. Even in a windows-centric organization using Exchange, I have run Ubuntu 10.10 server and Citadel Server replacing an aged exchange server, saved myself days and my client a truckload of money.
Network is fairly straightforward. For 20 users on a DSL backbone, a 10/100 switch is fine for office use unless there is heavy data access on the servers. If there is, or you are running VoIP, use gigabit. As a security solution, use Endian Community firewall on a dedicated machine, segmenting the system in a logical manner (guest access, trusted network, and VoIP for example).
The specifics of the server will depend on the client use. Some basics: I nearly always spec Dell or SuperMicro. Don't choose a 1U server unless you need the space. The vertical clearance is simply too tight, heat is an issue, and standard PC parts don't fit. This will increase the likelihood of a failure and increase the support costs. Exception to this is the Atom based servers from SuperMicro. If you don't need the processing horsepower of a Zeon (like a basic fileserver) and you are not running Windows Server, the Atom based 1U servers they make are an extremely cost effective solution.
Finally, what kind of desktop? User's choice. Whatever you do, do not deploy a laptop as a desktop and expect them to use the laptop keyboard. Between the ergonomics and construction, this will be a nightmare for all concerned. Use an external keyboard and mouse. The chief selling point of a laptop is the built in UPS you get for free (battery), but make sure the asset doesn't walk off. Another point, if you do deploy Linux on the desktop, use extreme caution and make sure the hardware is supported straight out of the box. I installed Ubuntu laptops as desktops at a client, using certified equipment (Dell Inspiron
Just by keeping your network and infrastructure completely free of any Microsoft products, you'll already be mostly there.
Our office loses power about once a month. Call it ten times per year. I put UPSes literally everywhere. But we keep everything in-house.
My hesitation to using a cloud thing is that you are reliant on a third party for your most valuable asset. We have a new guy at work, he wants to use every weirdly-named online service for every issue that comes up. We don't need 39 external dependencies, thanks.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
I get that many NGOs are ignorant little cash cows with minimal oversight, but if you are dealing with only 20 users, you probably don't need that much infrastructure, unless the NGO is expecting ludicrous growth over the next 2-3 years. The issue with in-house servers is you need someone to manage them, and that is an ongoing expense that may be hard to justify when cloud services can do it better, faster and cheaper. The nice thing about hosted services is someone else has already figured out all the scaling issues, all you have to do is pay your small monthly dues and use the damned thing. That web server ? Forget it! For the cost of a fiber line to the office, you could lease five managed servers in a respectable datacenter. You only need one, or maybe even a VPS would suffice.
The best way to approach a small network is to treat it like a small network. You can probably get by with one modest server with a terabyte of mirrored storage, running your domain controller and file/print shares. If and when they outgrow this "SoHo server", meaning when it starts slowing down their work, then you'll know it's time to reevaluate their needs. Start small and try to keep the big picture in mind, the best way to plan these things is to look at how quickly an investment will pay for itself in increased productivity.
-Billco, Fnarg.com
Google's main business is IT, so it would be idiotic to outsource everything of their strategic advantage.
The NGO this article was about certainly isn't strategically selling IT services, on the contrary, they just need something to work with.
Companies that do something which isn't in their core interest are one of these cases:
- If they do it in full quality anyway, they're wasting money.
- If they don't reach a quality or flexibility level typical for commercial services, they're missing out on opportunities.
- If they do it perfect, for perfect budgets, they still squander funds, staff and management attention to something that is not providing enough profit (compared to their core product)
- And if they profit from it enough, do it perfect, for a perfect budget and it's not their core product, management has named the wrong product their "core".
Full control is needed for services that can bring you down the instant anything goes even slightly wrong or hamper you for years if it isn't flexible enough to change with your business. If the outside commercial market is better AND cheaper than you on these services, you better not buy any stock in the company. If that company still decides to do everything themselves, you should sell any and all shares immediately. And update your resume, if you happen to work there.
I don't know what kind of redneck mecca you live in, where farmers cut cables often enough to affect your bottom line. I can count exactly one backhoe incident in 6 years at my datacenter, and they routed around it within an hour - epic fail for the network admin who didn't test the failover, but I ain't cutting myself over one measly hour of downtime. Shit happens, and clients are usually quite understanding of such unforeseen events. If they're not, you either need to charge more for the liability, or just plain fire them and let them find some other sucker to put up with their whining.
-Billco, Fnarg.com
If you do any of these, raising the floor by a few cms and putting a couple of floor tiles on it are probably the least of your financial worries. A 20-people company will go bust long before that if they build a data center, no matter how small.
And if they skimp on backups, availability, incident response, security and best-practice maintenance, they go bust even faster.
There is no "try" when doing IT infrastructure.
It was a response to the GP who warned everyone with outsourced data centers from farmers cutting their lines as the main danger to services in the cloud. And we all know how often Google - which is hosted in their own cloud - is going down, i.e. never.
I've done a few dozen of these so I'll give you my opinon on this: "Make your life as easy as possible". I'm a linux guy outside the office so it's very tempting to try to be benevolent and go with centOS, macbooks, etc, etc like some people have been suggesting. DONT LISTEN TO THEM. Microsoft has spent nearly 3 decades perfecting the small office and enterprise network. They will make your life so much easier. In this case youd need a decent server machine, somewhere in the 3-5 grand category. Install Server 2008 R2, configure Active Directory, DHCP, DNS, and Exchange on it. Get a small cisco firewall that can also take care of the routing. Set up GPO's as permitted by user software. Get a nice central managed antivirus solution like eScan or Comodo. Create login scripts for mapping shared drives and installing printers and make sure all people are working off the network drives at all times. If youre really ambitious you can also set up a network boot ghosting option for quick imaging rebuilds... although this may be a bit outside the scope of your company. Now sit back and relax. Most days you will be legitimately doing nothing. This is coming from a linux guy... go with Microsoft.. it makes your life easier and hey.. .its not your money anyways.
If it ain't broke, don't fix it.
Yep. And in case it hasn't been mentioned in this thread already, Microsoft Small Business Server is designed for this kind of scenario. Here, pricing to get you started (server + CAL packs). If it has the services you need then it's a great way to get started with user authentication, e-mail, web services, etc. And it's in line with the parent's recommendation of KISS.
There may be some Linux equivalent, which would be important depending on what your comfort zone is (do you come from a Linux or Windows background?), but that's not my forte, sorry.
Right, which is why they just install a few servers, hire someone to run updates on them once a month or so, and call it a day.
What the fuck would a 20 person company need an "incident response team" for? When Bob clogs the fax machine trying to feed too many pages at once? You are a fucking joke.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Don't get me wrong, I use hosting myself for some things.
But I would never recommend that a small company outsource their file server. That's the kind of thing that needs to be local. Mail could go either way. Web hosting they could outsource unless they want to run that locally.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
That doesn't sound like a "cloud" to me. Sounds like thin client architecture.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
DiniZuli, without knowing more about any required applications such as Graphics, CAD or Accounting; it's going to be hard to decide what would be the best solution.
For instance, if you are a web development house that needs to do a lot of photoshop work, you might need or want to go with OSX boxes.
Too bad you're an AC. I could have told you that many universities are moving to Live@Edu which is the Microsoft offering of cloud-based authentication, email, calendaring, etc on par with Google. If the whole university takes it, MS usually offers it for free.
From the sounds of it something from QNAP can serve for most of the "servers" you will need.
Relatively easy to use and should save you allot of grief.
I'll leave you with the power / cooling / security aspects.
BTW, I love my laptop but I think you will be better with desktops. Thin clients would be nice but you don't seem to have a user base large enough to make it worthwhile.
Valid point. Are you talking about building a complete in-house cloud solution from the ground up, or are you talking about implementing a 3rd party proprietary API that may contain some "black boxes"?
I've never been one for buzz words or paradigms, as you can obviously tell. I know going to the cloud is all the rage - just look at the stupid "to the CLOUD!" commercial for photo editing because your family is too self-absorbed in their own thing to hold still for even a couple of seconds. (...and yes, the end result did look like a really bad cut-and-paste Photoshop job.)
Sorry, I did not realize we were letting banks define the term NGO. Of course, what other types of groups could I see claim that their purpose is to "relieve suffering, promote the interests of the poor, protect the environment, provide basic social services, OR undertake community development"? Being from the US, the first one that pops into my head is Christianity. Then again, I can even generalize - many major religions claim these as tenets. Therefore, Christians are Hippies... something the Conservative Christian movement would love to be characterized.
By the World Bank's definition, sure its "hippie bullshit". Should I equate that as trying to relieve suffering is bullshit, trying to promote the interest of the poor is bullshit, that protecting the environment is bullshit, that providing basic social services is bullshit, or that undertaking community development is bullshit?
Also, I'm sorry you don't think I understand what an NGO is because of your personal definition. I used the common definition vs the banker's practical definition, the one you could find in a dictionary or at dictionary.com: "noun an organization that is not part of the local or state or federal government". I could argue you don't even know how to decompose the english language and see there is a "non-" prefix attached to the adjective "governmental" which modifies the noun "organization".
Of course, I'll make your argument and state this is a bit of sophistry (a subtle, tricky, superficially plausible, but generally fallacious method of reasoning. - dictionary.com again) because there is a difference between the literal definition and the schema we have built for what an NGO is. We often use NGO to mean more than something like the KKK or a linux user's group (organization: a group of persons organized for some end or work; association - dictionary.com again). We have a schema that says they are usually some form of non-profit working to better society.
Where I think the real failure is the understanding of what a hippie is. Hippie: noun "a person, esp. of the late 1960s, who rejected established institutions and values and sought spontaneity, direct personal relations expressing love, and expanded consciousness, often expressed externally in the wearing of casual, folksy clothing and of beads, headbands, used garments, etc.", and I hardly think most NGOs could fall into this category. I mean, do you think the NGO African Gender Institute is trying to promote Gender Equality or the NGO Action Against Hunger is trying to promote development by rejecting the establishment, engaging in direct personal relations expressing love, and wearing beads & used clothing???
As I said originally, I know the original post was to inspire a flame-war of some sort. So, in the words of Johnny Storm... "Flame on!"
Web sites get defaced, file servers get broken into, FTP/WebDAV/whatever sites are made into downloading/warez-zombies. Happens once in a blue moon. But usually right before that project milestone, customer meeting or other all-important deadline.
Printers get clogged beyond easy repair, client machines break down, keyboards need to be replaced after a coffee spill.
The "incident response" team doesn't need to come crashing through the windows when the fax machine breaks and they don't need to send a signal to the Batcave, but someone someday will have to fix what's broken. If all you have is the usual student relative of a coworker, it may take a while to get back to work. Depending on your work, that can be something between 10 or 10.000 dollars wasted.
is there really a difference?
However, Windows comes with hidden costs in the form of viruses, botnets and EOL pressures.
Linux makes sense where "function" trumps "form"
I have seen your previous posts.
I suspect you missed this comment in which I elaborated greatly on my argument and asked you twice to provide examples to back up your claims, which you have not supplied.
I've been advocating use of Google Apps in the enterprise to various people for nearly three years, for no other reason than that I like the service and hate Outlook. Frankly, I'm getting pretty tired of dealing with the same closed-minded prejudices over and over again, so this will be my last post on the subject. Feel free to have the last word if you must and consider yourself the victor in this debate. Peace.
Well, what can I say?...Sometimes I forget that /. has a global audience. I guess I need a new acronym for this:
IANAAL (I Am Not An Austrian Lawyer)
By the way, IIRC, I read somewhere that information security policies in Palestine require a gunman armed with an AK-47 to stand outside the entrance to your data center. I'm sure they have their legitimate reasons too. :-}
Indeed, it is possible to de-anonymize certain data, but for that to be of any consequence, the data must be *distributed* to another party who would do so. I'm not aware of any alleged cases of Google distributing Google Apps data to third-parties (except as ordered by subpoena). If you have evidence of this, please post it.
YOU missed the part where I pointed out that their TOS says they can do so. I don't need evidence that they are actually doing so. Their insistence on including terms such that they CAN is enough for me. You can call that prejudice if you want, but that doesn't make it so. Once again, for example, AOL claimed to be doing the same thing (and with similar TOS, I might add). Yet their public release of data solidly confirmed that the "anonymized" data was not so anonymous after all. Other data releases have resulted in similar conclusions. This is recorded history. Why do you deny this?
"Citation please...and remember, we are talking about data stored in paid, corporate Google Apps accounts, ..."
Right. And as I have already mentioned, up above in this same thread is a copy of part of the Google Apps TOS, which includes wording stating that they can sell your data. Don't try to tell me I'm wrong about that; it's exactly the same language that data-miners have been using for years. Even Facebook tried to get away with it.
"To outright call them liars is not really fair since its debatable whether or not one would consider these enhanced search boxes to be "search results". In the context of Google's own definition of a "search result", they are telling the truth."
This is really laughable. So Google gets its own special definition of "search result", does it? And by that special definition of their own, they aren't quite lying? Are you paying attention to what you are writing here? I'm not trying to be derogatory, but that is a bit much to take.
"The general consensus is that if you can be PCI compliant, then you are already compliant with almost every other security standard there is...some notable exceptions being regulations that govern big telecom companies and military contractors."
Apparently you haven't heard about all the data "losses" and security breaches by those same contractors and government organizations. Standards are great. But in order for them to work, people have to comply with them. Here is the single biggest problem with most of these "standards": fallible PEOPLE, many of them low on the corporate totem pole, are assigned to oversee their compliance. Often it is those very people who are caught later for having "borrowed" some data.
Government agencies have been reported every couple of months for the last few years, for "losing" hard drives full of important, confidential data. So have large financial firms, and military intelligence. Corporations have "leaked" data. Employees have stolen "confidential" business data. The list goes on.
"Actually, I called it "FUD", and I think I backed up my case pretty well. When somebody tells me that flying spaghetti monsters are real, I ask *them* for evidence...not the other way around."
First off, don't hide behind exact wording when your meaning was perfectly clear. You might have been SLIGHTLY (and only slightly) more polite about it, but for all practical purposes you were saying I was full of bullshit. And you STILL haven't given me any real reason for thinking so, other than your flat claims that I am full of bullshit. I am serious. In a logical argument, you have to refute what the other person says. Simple claims that "I haven't seen it" and "I don't believe you" don't carry much weight.
I have in fact, pointed you at evidence, if nothing more than
"Actually, I called it "FUD", and I think I backed up my case pretty well. When somebody tells me that flying spaghetti monsters are real, I ask *them* for evidence...not the other way around."
And actually, I find this statement to be the most amusing of all. I will counter it with my own analogy: When you're checked into a room at the Bates Motel, and I tell you there is someone with a knife behind you... well, don't say you weren't warned.
Wow. I never thought of Google as a knife-weilding maniac before. But analogies don't lie so I've made up my mind...I'm switching to Hosted Exchange!!!
That is, unless you think that GoDaddy guy looks like Hannibal Lecter. No...wait...he doesn't wear glasses. OMG, its Benjamin Linus from Lost!!! No, wait...it's Agent Smith!
Shit, they cut the hard line! Get out...It's a trap!!!!
A surprisingly civil response to my flamefest. I have to have a little respect for you for that.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Hey, I just did this for an 8 person company.
1 8 port GB switch, a UPS, DSL modem, HP ML110 server with 4GB RAM and 3x320GB HDDs in a RAID 5 array, and a free copy of ESXi4 vSphere. On here run Ubuntu server as a VM Guest for OpenLDAP, SAMBA, and LAMP for their intranet (a media WIKI server) for storing manuals and other documentation.
For mail, I used the 10 person free verison of Zimbra as a VMWare appliance.
For their internet firewall, I used Astaro.
What they get: Directory services, File/Print, Intranet, full groupware mail services, mobile access to mail with any phone supporting iMap or Active sync, and webmail. Astaro provides a VPN, and virus scanning at the border.
When they grow past 10 users, They'll be big enough to pay for full versions of their suites, and easily expand onto a second ESXi4 server for more redundancy, and allow them to gracefully age out the old server.
Then we just sell them 4 hrs engineering time each month to do maintenance for all their desktops/laptops and server side updates. As they have a VPN, we just do it from our office, no travel required.
All up, NZ$8000 give or take, and most of that is just the one off services time to set everything up and move their data from their PCs to the network.
For their main desktops They are happy with their Dells, for roaming staff, I recommended 11" Macbook Airs, for battery life and ruggedness. Expensive at NZ$1600 a pop, but will last much longer than most other plastic fantastic ultraportables. Also being fairly small, and limited disk space, and no Windows OS for games, less likely for the staffs family to mess with them 8) I recommended no Flash either, to keep temptation away. Small drives also means a full disk image can be easily taken regularly, and restored if required. Timemachine for away from the network backups.
You want to host the web server for a 20 person NGO in house? What will the bandwidth cost? How will that handle high load because of a highly publicized event? Hosting the web sever in house is will be a catastrophic failure. Get a VPS, then you won't have to worry about bandwidth.
Email - there are tons of decent email hosting companies, GMail, Rackspace, LuxSci, etc, depending on your budget (Rackspace is the cheapest, LuxSci is the nicest). You want to use cloud email, in house email is too big of a headace for 20 people. If you're worried about security LuxSci email is HIPAA compliant.
You can either get a Microsoft AD server, or use Linux. Desktops are better than laptops for in the office, they're harder to steal and/or misplace, cheaper to repair or upgrade, and they last longer. If you use Windows, you'll have to buy a decent antivirus, but you should be able to find everything else Open Source.
Get a decent router, cisco small business routers are nice, they don't crash like cheap routers do.
You'll want faster speed to and from your file server.
Do you know what "analogy" means? It's not a simile, or even a metaphor.
Valuable information and excellent post you got here! I would like to thank you for sharing your thoughts and time into the stuff you post!! Thumbs up! Big thanks for the useful info., http://www.optionpoppers.com/
Amen.
I asked a question which was posted to Ask Slashdot a long time ago.
A number of sneering comments suggested the mere fact I'd posted to Ask Slashdot was proof I had no business doing what I do, despite the fact I'm a recognised world leader in the field.
Asking around never hurts.
Do you or your partner snore? - Visit www.snoring.com.au