Ask Slashdot: Stepping Down From an Office Server To NAS-Only?

First time accepted submitter rawket.scientist writes "I'm a full time lawyer and part time nerd doing most of the IT support for my small (~10 person) firm. We make heavy use of our old Windows Server 2003 machine for networked storage, and we use it as a DNS server (by choice, not necessity), but we don't use it for our e-mail, web hosting, productivity or software licensing. No Sharepoint, no Exchange, etc. Now old faithful is giving signs of giving out, and I'm seriously considering replacing it with a NAS device like the Synology DS1512+ or Dell PowerVault NX200. Am I penny-wise but pound foolish here? And is it overambitious for someone who's only dabbled in networking 101 to think of setting up a satisfactory, secure VPN or FTP server on one of these? We've had outside consultants and support in the past, but I always get the first 'Why is it doing this?' call, and I like to have the answer, especially if I was the one who recommended the hardware."

Cloud

[Tukz]

I know "Cloud service" is such an awful term, but if you frequently access the data from outside the network, why not consider having the data online somewhere?

Besides that, a NAS should do just fine.
Either build on (FreeNas) yourself or buy one of the numerous premade systems.
The VPN could be established on network level and not the NAS itself.

Re:Cloud

[brad-x]

If you have any expectations of maintaining confidentiality for yourselves or your clients, a cloud service is not for you. All cloud providers make claims as to the privacy of your data - when put to the test they'll hand it over to the wrong people in a heartbeat.

Re:Cloud

[snemarch]

Use a service with client-side encryption (SpiderOak springs to mind, even if it has a terribad UI), or do your own encryption - problem solved.

IMHO you shouldn't rely solely on cloud backup, though, bad things can happen even to datacenters... but it's a nice supplement to your local backup.

Re:Cloud

Unfortunately, you are not familiar with technical ineptitude of the laws of the US. There is a quite a debate within legal communities regarding whether storing data in the cloud (encrypted or not) breaks lawyer client confidentiality.

Re:Cloud

[Hanzie]

+1

Re:Cloud

Don't know about client-attorney privilege, but anything medical is a HIPAA no-no. We actually used a "cloud" vendor who we caught using our info for their marketing purposes. We called them on the carpet about it, but they denied all such use, and they had the balls to threaten us with slander lawsuits. The doctors decided that they couldn't afford to make a big stink about it, but we immediately stopped using them.

Re:Cloud

[Dan667]

replace the word "cloud" with "mainframe" if you want to know all the problems with this approach when you search the internet. Mainframe problems have not changed, just the marketing.

Re:Cloud

[xQx]

Look... The way most sysadmins run their local servers, the way most users have crappy passwords, and the fact that even in 2012, social engineering works just as well as it did in 1992, your data isn't that bloody confidential anyway.

You would be one of 100,000 customers of any given "evil cloud provider", unless you are involved in something that your government or it's allies finds distasteful - YOU ARE JUST NOT THAT IMPORTANT.

Most of the terms and conditions you sign with cloud providers boil down to "we will have robots read your information so we can better target advertising to you, and sell aggregated figures about our customers habits to anybody who wants to buy them".

Before you get all spooked out about taking your data offsite, it might pay to ask:
1. Who are these "wrong people", and why do they want what I have?
2. Is my cloud provider likely to just freely hand over my data to them?
2a. if it's so easy - why don't I beat them to the punch and asking their cloud provider to hand over their information to me!

In actual fact you probably have the illusion of security with onsite data, and actual security with offsite data.

Re:Cloud

[Norm+DeGuerre]

Depends on your interpretation of "cloud" and HIPAA compliance, I think. Keeping HIPAA or privacy act stuff in plaintext on some general-purpose cloud service probably isn't good, but there are a number of EHR vendors, including my own, that are more than willing to host medical applications and data. In all cases I know of, it'll be an in-house datacenter or colo, but I bet a lot of this gets replicated to someone else's cloud storage eventually.

Re:Cloud

[Magic5Ball]

> or buy one of the numerous premade systems.

Better yet, buy two and sync one as an off-site backup, not because you want an off-site backup, but because most consumer NAS devices lack enterprise build quality. Drobo devices are the exception.

Also, be sure to examine the firmware before making a purchase, by downloading the source from the manufacturer's website. The NAS boxes cobbled by the hard drive manufacturers tend to be based on older versions of (possibly insecure) open source NAS tools, with some in house garbage on top to implement custom features.

For example, on one particular brand of web-enabled NAS by a famous hard drive manufacturer, the URL to reset the configuration settings *for all models in the line* is widely available in support forums. This gets you remote admin. The web host for their custom scripts runs as root, and contains several locations where unsanitized strings from the URL get passed directly into an exec(). Some of the cloud-sounding services that enable you to remotely access your firewalled NAS are so poorly secured that it's possible to Google for particular strings appearing on the NAS remote admin configuration pages.

(Yes, the manufacturers know about all this. No, they're mostly not interested in fixing these problems in unsupported use modes: "The manual says not to connect these devices to the Internet.")

Nas4free or freenas

I highly recommend nas4free. Easy setup all around including windows shares. Plus zfs is a big plus and high on the geek scale

Just did the same

I just did the same for a client who had downsized. We moved from a rackmount Xserve and RAID solution down to a Mac mini server (for DNS and few other tasks) and a Synology NAS. It was my first Synology, but I was very pleased. It was fairly easy to configure, and has been trouble free so far. It offers excellent outside access via web interface, and has a built in SSL VPN. The largest issue I had with it was configuring a rotating backup. I ended up using the Mac mini for the backup. The client's been very pleased with the solution, which sits on a desk. The server room has been cleared out.

Re:Just did the same

Devil's advocate here. Since this is a production environment, even though the Mac doest cost, having the hardware backed by some sort of warranty is important. An old workstation breaking that stores all their critical law data may cause them downtime and such. It might even bring malpractice lawsuits from clients.

The Mac Mini can be called a "server", as Apple states that as well. This is important, not for hardware but for legal eagle stuff. Plus, if anything breaks, Apple is good at the consumer/SOHO level of getting stuff fixed. Enterprise, different story, but this is just one NAS we are meaning. If two internal drives which are mirrored can hold the needed data, that would be close to ideal. Of course, having a backup system, at the minimum rotating external USB hard disks between the law office and a secure offsite location (Iron Maiden is the standard, but you could use a climate controlled storage with a heavy duty safe inside.)

At the minimum, I'd buy a low end Dell or HP server and install an OS on that. That way, clients can be assured that some reasonable precautions are kept with their data.

Of course, for long term archiving, just saving files to a DVD or Blu-Ray drive may not cut it. I prefer at least two disks on optical media, as well as a backup on a HDD or flash, just to be safe. Stashing stuff in a TrueCrypt container on DropBox is also OK, but use a keyfile and not just a passphrase if one wants to not worry about brute force guessing.

Re:Just did the same

[gtvr]

"Iron Maiden is the standard" ??? Iron Mountain

QNAP was my choice....

[mseeger]

My experiences with a QNAP TS-459U-SP+ are quite good. With the QPKG-Extensions, you even get non-standard services installed.

I would still recommend to have a small 19 inch rack (on wheels) for noise protection and to have some space for expansion.

Re:QNAP was my choice....

My experiences with a QNAP TS-459U-SP+ are quite good. With the QPKG-Extensions, you even get non-standard services installed.

I would still recommend to have a small 19 inch rack (on wheels) for noise protection and to have some space for expansion.

qnaps have done us proud, go take a look

Re:QNAP was my choice....

[mwvdlee]

After how they massively shafted their entire customerbase (including me) with the NMP-1000 and NMP-1000P mediatanks, I will never buy a QNAP product again.

Re:QNAP was my choice....

[mrmeval]

It would bolster your claim if you're post a link to a discussion of this.

Re:QNAP was my choice....

[DeadS0ul]

After how they massively shafted their entire customerbase (including me) with the NMP-1000 and NMP-1000P mediatanks, I will never buy a QNAP product again.

Do you mind explaining your situation? What did QNAP do that was so terrible?

Re:QNAP was my choice....

[mwvdlee]

Link to the official QNAP forum: http://forum.qnap.com/viewforum.php?f=176
Many open bugs in core features, no support.

Here's a short list of NMP-1000 features, and how well they actually work on the latest firmware:
* Playback of video files encoded in H.264 - Almost no H.264 encoded files work. Most playback either choppy or not at all.
* Plays lots of digital music format, including FLAC, PCM, WMA, AC3, DTS, and WAV - Many WMA files don't play. Not all DTS encoding works.
* Supports almost all popular media formats files such as MKV(H.264), M2TS(Bluray) and AVI - MKV files rarely work.
* Apple movie trailers & Flickr, Youtube, Internet Radio, Shoutcast - Only Shoutcast works for about half of the listed channels, the rest doesn't.
* Bittorrent support - Maximum download speed ~13kb/s, cannot recover from paused downloads, crashes every few hours.
* NAS - Transfer speed less than a cheap NAS harddisk.

These are just the issues I encountered personally. Apparently playback is much worse depending on how you rip the files.

Synology

[GordonCopestake]

I recently installed a small DS212+ for a small office of 5 using around 1tb of data. The NAS was chosen as a low cost option but after running it for a few weeks it's actually better than a windows box for this use case, mostly because of its excellent software and ease of use. It has a built in VPN server and access to a host of 3rd party apps. Highly recommended.

Re:Synology

[AliasMarlowe]

I recently installed a small DS212+ for a small office of 5 using around 1tb of data. The NAS was chosen as a low cost option but after running it for a few weeks it's actually better than a windows box for this use case, mostly because of its excellent software and ease of use. It has a built in VPN server and access to a host of 3rd party apps. Highly recommended.

Agree with the recommendation for Synology; they're hard to beat on value although you can find cheaper NAS boxes. I presently have both a DS207 (1TB) and a DS211 (6TB), and they work like a charm. Both are configured with a pair of disks in RAID0 so they're fairly quick, and have automatic incremental backup to a group of USB drives. Synology's web server is solid enough, but you might want to harden it with suitable Apache configuration files and sensible policies. As parent said, there are excellent free applications available for download - we use their mail server, media server, and photo station, but there are also DHCP, VPN, LDAP, and ERP possibilities.

A DS1512 would absolutely blow away the DS211 in performance, and is marketed as being suitable for use by SMEs.

Re:Synology

[Pete+(big-pete)]

Agree with the recommendation for Synology; they're hard to beat on value although you can find cheaper NAS boxes. I presently have both a DS207 (1TB) and a DS211 (6TB), and they work like a charm. Both are configured with a pair of disks in RAID0 so they're fairly quick...

I also definitely recommend Synology NAS solutions - very capable machines and the company is committed to follow-up with their software updates. You buy the NAS now, and as they release continual updates to their firmware, it just gets better and better "for free".

On the other hand, I would never recommend running a NAS with disks in RAID0 - you run a NAS to store your data and to be completely reliable, I configure my DS508 in RAID5, and if I was running in an enterprise with a DS1512+ then I would certainly consider running in RAID6. I have "lost" a disk in my RAID5, and the NAS rebuilt easily once I replaced it - but if you lose a disk in RAID0, then wave goodbye to your data. Unfortunately disks are not 100% reliable, and the speed increase means nothing as soon as you start accessing the NAS over a network.

-- Pete.

Re:Synology

[Pete+(big-pete)]

Oh, and much as I hate replying to myself, I just remembered another very handy nice feature of Synology NAS boxes, they have a nice easy-to-use mechanism to backup the contents to another Synology box over the network. This is handy in upgrading, and in an enterprise environment it's a nice way to have an up-to-date redundant solution in case the worst happens. So if you have the budget and you want to have belt-and-braces (and in a law firm I hope both of these are the case) then I'd probably recommend getting 2 boxes, and back one up to the other.

-- Pete.

Re:Synology

[SimplyGeek]

Depends on the use case. RAID 0 has it's place when performance is paramount, especially for temporary storage.

Re:Synology

[Pete+(big-pete)]

If performance is paramount, use SSD disks, and still use RAID5 or RAID6. The performance gains of RAID0 are absolutely not worth the risks in an enterprise environment.

Also if you're looking for ultimate performance, then you'll connect to the NAS via eSATA and not on the network (the Synology NAS in question has 2xeSATA ports).

I don't think a law firm is going to need such screaming fast disk access anyway.

-- Pete.

QNAP

Have a look at the products from QNAP. I just purchased one for home use and am blown away by the functionality. Out of the box it does way more than we've even thought of implementing at work. The web based user interface is very easy too.

I'm not sure what your goal is.

[obarthelemy]

If you just want networked storage, anything will do. Don't forget backups (several of those, some offline, some in a safe place), access control, intrusion detection... Probably get RAID too (RAID is *NOT* a backup) for higher availability and uptime.

You mention stuff your server doesn't do. Does it mean you'd like to do it ? Are you doing it another way ?

If you work in a law office (you said you're a lawyer, not that you're in a law office ?) are there specific legal requirements regarding auditing, security, confidentiality ... ?

Are you OK with people making backups of files and leaving with them when they are fired or resign ? ...

Re:I'm not sure what your goal is.

[jovius]

I went through about the same process and in the end decided to build everything myself. I wanted to have full control of the system and the system needed be expandable: a mini-ATX board, memory, drives (2*2TB for storage and 1 16GB SSD for the OS) and the enclosure. For the OS I chose Ubuntu, although some other distro may be more optimized for the purpose (I mostly connect to the box with SSH). If one goes the most minified route the ready system can be fit in a shoe box. The board I have is passively cooled and I think I could have the system passively powered too so it would be completely silent.

I researched the available options and always ended up with more questions than answers: can I modify the setup or do I void the warranty if I do something? How future proof the system is? Am I going to be dependent on just one company? I compared the specs of various systems and there always was something that didn't quite fit. It's the same thing with external harddrives. Instead of closed sets I prefer harddrive enclosures which allow easy changing and updating of the internal drive.

Re:I'm not sure what your goal is.

[rawket.scientist]

Agreed that RAID is a must, as is independent backup. At present, we have a tape drive. Sometimes the secretary remembers to run it, sometimes she doesn't. But even when she does, she keeps the tapes on site and close by "so we don't lose them". One small fire, one small flood, one pissant vandal, and *shudder*. I know the cloud backup providers will surrender to subpoena power without a fight. But I also know how to get a protective order on attorney-client privileged files after the subpoena is issued. As I see it, there's no way to keep any kind of record, ever, without risking an outsider discovering it. But if cloud-based backups (especially automated, encrypted cloud-based backups) let us mitigate our disaster risk and cut out the oops-forgot-to-change-the-tape factor, they're the lesser of two evils.

Right now, we're a two attorney firm (me and my boss, who's very game but a little green when it comes to tech), looking to hire a third. We also have a pool of about five support staffers. We all have to be able to access one another's files - I'll write a memo to file, which Boss will review, the he'll dictate a letter for Paralegal A, who asks Paralegal B to help her find the recipient addresses and print off the enclosures, and then back to Paralegal A who scans and files the outgoing letter to our correspondence. The paralegals are high turnover, and prone to downloading scamware. I do what I can viz education and virus removal, but there are limits. We also travel cross-country with a specialty arbitration practice we have, and need to be able to access client files from the road.

As to what our server doesn't do, we POP into our e-mail, use Google Calendar for our scheduling, and have our simple little WordPress website hosted offsite. No real reason to change this at this point.

I'm not OK with former co-workers making backups and carrying them off; no attorney is. But I'm even less OK with trying to parcel out file access on a case-by-case and employee-by-employee basis

Re:I'm not sure what your goal is.

[Anonymous+Brave+Guy]

But if cloud-based backups (especially automated, encrypted cloud-based backups) let us mitigate our disaster risk and cut out the oops-forgot-to-change-the-tape factor, they're the lesser of two evils.

Since you're a lawyer, I'll just strongly suggest here that you read the terms of any on-line backup service you're considering using with the same care that you would review a document for a client. We did, and despite not being lawyers, we decided pretty quickly that we wouldn't use any of the ones we were considering.

The clue was in the way they could typically shut down their respective services at about five minutes' notice with little if any guarantee that we would be able to retrieve backed-up data in the event of a disaster affecting us around the same time. Typically, all the useful mass-restore options like getting everything sent in the mail on DVDs/hard drives seem to be cut off the moment they announce that their service is closing down. Your only remaining option is usually to download every byte over an Internet connection within perhaps 72 hours of the notice being given, at a time when obviously every customer they have will be trying to do the same thing. That wouldn't even get you the full amount of data that the entry-level plans for these services claim to support, on a saturated fast leased line, with no contention for access to the servers.

I'd say a minimum acceptable requirement for an off-site backup service is enough notice of any change/closure that we could make other arrangements with continuous cover from one service or the other, and a meaningful and technically credible promise that we could get every byte of our data back before they closed down the service. If they aren't willing to give a contractual guarantee that they can do that, and demonstrate that they are maintaining the necessary resources to honour that commitment immediately if anything happens to their business, then how can they possibly be a trustworthy partner for large amounts of sensitive data? It's like an insurance policy that ends with the words "Policy may be arbitrarily and unpredictably void in the event of a claim being required". Sure, it's not likely that they my business will suffer a catastrophe within a couple of weeks of a backup service closing down, but then it's not likely that we'll suffer a catastrophe at all, is it? If we were going to pay a silly amount of money for robust off-site backups, we'd want some sort of legally and technically credible promises in return.

Re:I'm not sure what your goal is.

[E-Prime]

I've owned a professional Thecus NAS and that was not a pleasant experience. My current Synology DS1010+ NAS is literally light-years better and was only slightly more expensive. Software and support do matter, especially for a box that you probably just want to configure and forget about.

Re:I'm not sure what your goal is.

[obarthelemy]

That's why you get *at least 2* offline backup contracts, from unrelated companies with facilities in different locations. And strongly encrypt everything ^^

Re:I'm not sure what your goal is.

[obarthelemy]

Regarding physical safety, you *must* do something right now. I've had clients go bankrupt after a fire, not because they lost their facilities, but because they lost their files.

Regarding confidentiality, strong encryption does work, at least as a delaying tactics so you have time to.. lawyer up... Both for tapes, online backups, removable HDs... If you go for online backups, don't trust the supplier's encryption, and contract several (several companies, hosted at different sites) so that if one goes down, you still have the other (s). And keep doing tapes. I'd to the monthly (full)+weekly (full)+daily (incremental) backup dance, with at least the monthlies stored long term, in 2 different safe locations.

Regarding paralegals: you can lock down machines so employees can't install stuff on them. You can also re-image them daily as an extra precaution. And disable USB ports both in hardware and at the OS level. For a legal firm, with the confidentiality constraints you have and the risk of a paralegal ending up at a competitor's/litigant's/law enforcement/... those don't sound over the top.

Re:I'm not sure what your goal is.

[cerberusss]

Sometimes the secretary remembers to run it, sometimes she doesn't. But even when she does, she keeps the tapes on site and close by

Does she say so, or did you, yourself, see her doing it? I've had the situation where a developer said he had made a backup, and after a drive crash, he claimed he said: "he would soon make a backup". So we had to restore some old shit, which thankfully turned out to barely have changed.

My conclusion: manual backups are a foolish thing to rely on.

Re:I'm not sure what your goal is.

[pnutjam]

Even if they have iron clad guarantees for file availability (which you will pay through the nose for) there are too many variables. The CEO could be a crook, or you could be on the same equipment the feds seize for some sort of investigation.

Re:I'm not sure what your goal is.

[Anonymous+Brave+Guy]

That's basically the conclusion we came to as well, though any backup plan is always a matter of risk and how much you're prepared to spend to mitigate how much potential danger, and you have to draw the line at some point.

Still, if a backup service isn't even claiming to offer sensible guarantees that they will actually provide the service advertised, that doesn't seem like a great starting point. We decided that in the current economic climate, there is a significant risk of any business failing or any on-line service being closed down as the result of some commercial transaction involving the company that operates it.

FWIW, in the end, we wound up using a combination of:

(a) some basic off-line storage procedures involving encrypted removable media, which we update every few days (or sometimes more frequently) based on how much has happened since the last time, and

(b) some near-real-time on-line storage using a small local hosting firm whose people we have personally met.

We're happy that the odds of losing the on-line storage permanently are fairly slim. If that does happen, or if there's a major connectivity problem, then there's always a limit to how much data we'll lose access to, because we have the physical media as well. The whole set-up is fully encrypted on our side, and the total cost including overheads seems to be about the same as renting a bunch of space on something like Amazon's web services, and significantly less than subscribing to a lot of the dedicated on-line backup services.

My view of on-line backup services has wound up similar to my view of NAS devices: they provide a valuable option for people who don't have the technical expertise to go with something better, but if you do have that expertise, I just don't see what advantages the dedicated backup services really offer in return for the lock-in, limited flexibility, and typically higher costs. Again, maybe there are certain sizes/types of business where the cost/benefit trade-off looks different, but I haven't personally encountered one.

It will be fine

[slaker]

You're barely using the capabilities of the machine you have now and you don't have any reason to keep the server. Get a decent VPN-capable router or pay $20/year for LogMeIn Hamachi if that's a need and combine it with a Synology or QNAP NAS. Those have firmware that's relatively straightforward to support and if there's ever a need for more advanced file services, they're already baked into the device.

Do make sure you buy decent disk drives for it. "Green" or "Eco" drives from WD or Seagate work for shit in disk arrays.

This really won't be a downgrade for you. It will actually probably make your life easier.

Re:It will be fine

[iamgnat]

Do make sure you buy decent disk drives for it. "Green" or "Eco" drives from WD or Seagate work for shit in disk arrays.

My WD greens have been running in my NAS for almost 3 years and have been fine. One was bad upon receipt, but the supplier RMA'd at no cost to me. If I ever get off my ass to complete my warm backup array, I'll use the same drives.

Re:It will be fine

We use WD green HD's in a small raid array. The file server currently gets shut-down outside office hours, so the lower running temperature reduces the temperature cycle range. Any file used that day is in RAM anyway, so speed has not been a problem.
We use large-ish files in a small office situation. Using raid 1 f2 I get 140 MB/s for a single file, from 2 drives, which is more than enough to saturate our 1 Gbit network.
We use the same drives in desktops. I recently dropped a new drive from 1 meter on a stone tile floor. It has been working fine since, with a well dented corner...
One drive developed problems being recognised by the BIOS on boot, but worked flawlessly once detected.
On the whole, I'm very pleased with the WD green drives, even in raid in an office setup.

Re:It will be fine

[marcosdumay]

Did you put them in a RAID? Green drivers suck AT A RAID. If you don't put them in a RAID, they'll do fine.

If you don't access those files a lot, and don't use a RAID, those green drivers are great. They'll save power and last more.

Re:It will be fine

[iamgnat]

RAID5 with a stand-by hot spare that I rotate in periodically (speaking of...). Where I see performance issue is network bandwidth due to my choice to use iSCSI so I can use an unsupported (by the NAS itself) filesystem and an authentication/sharing system that is native to the majority of the client machines that use the space. Even with GigE large files can be annoyingly slow even if I'd doing the work on from the iSCSI controller where I can watch and see that the network IO is maxed out.

Re:It will be fine

[Chewbacon]

Really depends on what you're using it for. HD intensive applications would make "green" drives a bad choice. I started going to green drives to save energy with my home server, which is used really for backups and media sharing. Just my wife and I using it. For sharing of documents and such, I'd think it would be worth trying in the environment discussed above.

Re:It will be fine

[bigstrat2003]

I have one or two WD greens in my storage array (which is RAID 5) right now. Have for years, and they've been fine.

Re:It will be fine

[marcosdumay]

You probably lost some throughput because of them. That is, unless you have a very unusual usage pattern.

Re:It will be fine

[bigstrat2003]

I might have, but those drives are my storage for media, ISO files, etc. I don't really need speed from them.

AD Domain Services

Do you have an Active Directory domain? Domain users and groups are much easier to manage for file access than a bunch of local accounts. I'd keep using a full server just for that, but that depends on your security model.

Re:AD Domain Services

[rawket.scientist]

We do have an Active Directory domain. We aren't using it for anything but one-size-fits-all login credentials.

Re:AD Domain Services

[phayes]

When all your files are on a single server/NAS, and all you want are the services he asked for, an AD just adds complications & is no easier than just using the server's local authentication.

Re:AD Domain Services

[chrisinspace]

That was going to be my question. If you need AD for user authentication and management then you'll need a Win server. I would think for a law firm securing the user logins and domain access would be critical. What do you mean by one-size-fits -all?

Re:AD Domain Services

[rawket.scientist]

We have a very binary approach to data access. Everyone in our small office needs to be able to see all of the client files. No one outside of our office needs to see a blinking thing. So by one-size-fits-all, I mean that our receptionist has access to the same file set that our senior partner does - she has to, if she's going to be able to tell a client when his next court date is.

Re:AD Domain Services

[drdrgivemethenews]

Does your law office have any ambitions to grow?

If it does, the ability to scale up your system, and compliance issues, are more important than what's been discussed here. You need enterprise-class storage and a solid backup and archive plan to protect the business. A compliance strategy should be put into place, whether you actually do anything right now or not. It's not fun to have to invent one when the subpoena arrives.

I'd strongly suggest a visit to a channel partner of NetApp and/or EMC. They have low-end products suitable for a business like yours. You have an insurance policy on your legal business. Consider this investment an insurance policy on your legal data.

Windows Server is actually an acceptable alternative if you don't have near-term growth ambitions.

Re:AD Domain Services

[rawket.scientist]

Does your law office have any ambitions to grow?

Not exponentially, at least in terms of staff. I don't expect us to top 20 bodies at any time during the useful life of this hardware. But I do expect more and more courts to go the way of the federal system with PACER/ECF. In fact, one of our local jurisdictions is already e-Filing. And we are increasingly able to get, say, squad car video in digital formats. So I do expect our data volume to increase at a rapid clip. We're at ~100 GB now; I don't want anything less than 2 TB of storage room.

Re:AD Domain Services

[mysidia]

So by one-size-fits-all, I mean that our receptionist has access to the same file set that our senior partner does - she has to

You have no need whatsoever to implement group policies or computer usage lockdown rules for certain workstations or users to improve security?

You don't have an HR or accounting department which owns files on the server that your receptionist has no business looking at without permission, and your organization has no need to have a capability of auditing file access at some point, in case you want to investigate possible abuse or or compromise of the network by an outside attacker?

That's unusual. Most business /do/ have a need to store at least some files, that only certain people need access to.

Consider you are essentially suggesting to downgrade from an AD environment with central authentication, authorization, and auditing capabilities, to a simplistic NAS environment with local credentials, more complex user management, and probably no security auditing capabilities.

Re:AD Domain Services

[gl4ss]

the problem they have really seems to be that what you're actually buying when getting a nas is a shitty server. which is fine if you only need to move files every now and then.

but otherwise you might just as well buy a decent server and storage attached to it and save a bundle - even if you're buying brand-name.

NAS

[Bert64]

Most of the NAS boxes are embedded linux boxes, usually running on a low power CPU of some kind...

With most of these its possible to get shell access and install whatever you want on them, although for things like setting up a vpn on it you will probably need kernel level support which may or may not be present in the stock kernel supplied with the device.
That said, presumably you have some kind of router or nat device too, which will almost certainly have some level of vpn capability by default.

Running a DNS server should be trivial.. I personally run a couple of buffalo 4-drive nas boxes, and just looking through the package list i see bind and dnsmasq, both perfectly capable dns servers depending on your requirements.

I do take issue with the term "secure vpn", nothing is totally secure as such a name implies.

Why host internally? Move data into the cloud.

[tbg58]

Since you're already considering NAS it means you're not running client-server apps or databases on the server side. Why not go the full monty and put your data into the cloud using Dropbox, Google Drive? If you have less than 100G you can spend about $100 per year. You will want to publish some process guidelines in your ops manual, but this could work for you very economically. Although I am not completely familiar with it (and not affiliated in any way) Clio practice management http://www.goclio.com/ is another way you can put the management of your practice into the cloud with matter, document and contract management.

Synology

[anomalie]

I've been using a Synology DS1010+ for a few years. They are affordable, easy to setup, and come with a good number of features. There is a VPN server, but there are also a few simpler methods for remote access on the Synology. If you mainly need remote access to data on the Synology, the Cloud Station software is simple and you can work with files offline. They also provide easy to use mobile apps for remote access. Its a good device to keep files on your client machines backed up. If you were comfortable with your dabbling in networking, you'll do fine with a Synology.

Re:NAS

[Idbar]

You're right. I'd like to know further about the needs of the poster. But I didn't know about NX200s, just checked, and for that price, I see you could get either a huge capacity Buffalo Terastation, or a couple of Synology or QNAP and try to set them up for physical diversity.

It all really depends if he only wants storage, or some kind of performance. Some of these new NAS come with Core-i3, while older come with Atom processors, and others with ARM (Like I think those from WD), which may be enough for certain applications.

Importantly, I'd also check if the software from the box comes preloaded in one of your harddrives or if it's in an internal memory card. WD NAS for example are really annoying to upgrade because their software comes on the data drives themselves. Not sure exactly how Buffalos/Dell/Synology/QNAP work on that space.

A mixed approach might be worth considering

[tenchima]

Having used various Synology NAS devices over the years, I can recommend them. Although if you buy any of their devices that can have a memory upgrade, I recommend following their requirements to the letter. We have had an instance where using memory that on paper was identical, turned out to by slightly different and bricked the whole system (Synology, to their credit, replaced the system at no cost).

As with any device on site, backups that go off-site are very important. If you don't do this, then the cloud option as a backup is a good idea. If you choose the cloud option as a primary, remember that all devices that get you to the cloud (Local switch, Firewall, router, ISP feed etc) are all now single points of failure that can cause you to lose access to your data for a period of time.

Software that needs a server?

Almost every law office I can think of that I've worked with over the years has had some software package that needs a "server" pc to run it. Many of the firms I work with use timematters, quickbooks, softpro(which you could get by with just copying the files to a network location once it is installed), etc. A single 2008r2 server running active directory with redirected desktops and documents could be a good option. It can handle internal dns, gives you plenty of backup options including the built in image based backup and gives you the option of installing apps that need installing. Sure if you use something like quickbooks or peachtree you can have a computer in the office host it but then you start running into issues of remembering which services you need to reinstall if you replace it or when issues come up. Maybe ever server essentials although I haven't used it.

Re:Software that needs a server?

[rawket.scientist]

We've played with Amicus, which is server based, but not been thrilled. We do a lot of contingent work, so the hourly billing features aren't so important. We also do a lot of travel, so the ability to check the office calendar on a smart phone, or copy a client's file onto a USB stick, is indispensable.

Otherwise, we're too small for Sharepoint and one person handles our books with a local install of QuickBooks.

Collect your specs first

Find out what you need to do, first, I just spent a disastrous contract job with a company that said "get us bids, then we'll write the specs". And all the groundwork that was necessary for *whichiver bid they accepted*, including storage integration cleanup and getting formerly neglected projects onto backup, met tooth and nail resistance and insistent project review from the current IT staff who had *no idea* and couldn't be bothered to know what their current system did, they were "too busy". They had enough time to complain bitterly about how their old debris was better, when it didn't meet the most basic requirements of reliable backup, recoverability, or supportable technologies.

For someone being paid hourly and who was smart enough to write in the inevitable support calls as billable time, it made me a lot of money, but they made themselves unhappy because they acted like Java programmers. There's an unstated, unstable, never documented API, and they'd just throw it over the wall in one of their endless meetings of people who have nothing to do with the work, to someone in their group who didn't get to go to the meeting, and toss it out to me. "And Then A Miracle Occurs." And boy, did I make miracles occur behind the scenes!!! I'm looking forward like hell to when these clowns go to the Cloud. I am going to make *so much money* translating their last rounds of ill-conceived fractureware practices into the sort of large-scale, but limited API features that the Cloud is actually good at.

In your case, if I had time to take on the job, I'd separate security functions such as VPN from the storage system. Assess if you're an all CIFS storage shop, how much you need, and what your backup and archival storage requirements are. (In a law firm, that archival storage requirement is critical.) Assess your database and email storage backup requirements. (Again, as a law firm, your email storage requirements are important.) And assess ease of recovery of lost data versus the risk of having material your clients would prefer did not show up in a subpoena. (Lawyer/client privilege is vital, so is having only *half* the material show up in the subpoena, the half that makes your client look guilty, without the evidence that clears them.)

NAS's work very well: most of them are Samba behind the scenes, and many of them do NFS as well as CIFS. Don't do that: the privileges for CIFS access and NFS access are very, very different and had to resolve in real life. NAS's also work great for off-site backup: simply swap backup storage devices and take one offsite, then swap regularly.

Think hard about that VPN technology. All Windows boxes support PPTP built-in, and despite the great cries of "oooohhhh, IPSEC is so much better" I've seen no reliable reports that there's a genuine performance or security improvment. The big risks are that the software won't work (which is extremely common with IPSEC and peculiar Windows flavors still in use), and that people will leave themselves logged in with their screens unlocked or their remote systems rootkitted. (VPN's do nothing to address this: good firewall management of the VPN connection does, and this has *nothing to do* with the underlying VPN technology.) IPSEC supports lots of expensive RSA key technologies that you can spend a lot of money for, and which most clients *HATE, HATE, HATE* because they lose those damn funky keychain fobs, which could have been designed better by a bunch of random number generators taking a Java garbage collection break from writing Hamlet.

Re:NAS

[ixnaay]

What does NAS stand for in this context? The only NAS that I know is Naval Air Station.

http://lmgtfy.com/?q=NAS

What skillset do you have?

[Melakh]

Since you want to be the IT admin guy off the side of your desk, the short answer is - can you manage it on a NAS? If not then stick with what you know and focus on your day job - the first time you have to spend 2 days fixing or configuring something that's new you'll have blown any cost savings from getting a server anyway. I run what you're describing, though I let the router handle VPN access. If you stick with Windows Server, everything you want to try and do will have a solution you can find in 2 mins on Google, if you go onto a proprietary NAS you will end up working around a lot of things to get them how you need them - Offline files for your users will be a little bit cranky, how you do backups will be limited to the NAS' interface, if you want your security settings 'just-so' (presumably important in your industry) you'll need to make sure the NAS software can cope with that.

Re:What skillset do you have?

[rawket.scientist]

At this point, I've flushed about two days of what would otherwise be billable hours in trying to nurse our old server back to health, and now I'm here on Sunday trying to figure out where to go next. You're right that the process would have been worse if I hadn't been able to look up and quickly decipher a few key error messages online, but I regard a certain amount of time as the price of doing business.

With Windows, I'd call myself a power user, but I'm no full fledged network admin. I'm not intimidated by a CLI and a bit of a learning curve, but I don't have commands memorized, either. With *nix, I'm only slightly more skilled than a monkey banging on the keyboard at random.

Re:What skillset do you have?

[maccodemonkey]

Sure, but that's an old dying server. A NAS doesn't spare you from that pain. NAS's can be old and dying as well.

At the point you're at, the most cost efficient option would actually be just getting a new server and migrating the data over. No having to muddle with un-ADing everything and get everything onto a NAS. Same services on more stable hardware.

Moving off of Windows to a NAS is a giant unknown. Running on Active Directory means everyone's files are on the server (ideally, if it's set up right), and backed up on the server. Running on a NAS? A NAS is just dumb storage. Do you have backup strategies ready to go for the individual machines? Are you going to be ensuring those backups are happening?

Again, it's one thing to look at this from "the Windows server is dying, it needs to be replaced now" than it is to look at it from longer term maintenance questions.

Re:What skillset do you have?

[pnutjam]

I would use something like this before I went for a NAS: http://www.clearcenter.com/Software/clearos-professional-overview.html

Re:Why host internally? Move data into the cloud.

He's a lawyer. The cloud is nice for a lot of things but for sensitive, legal, or financial data I would say stay away. Way too many legal issues over proper protection of data.

Re:NAS

[Antique+Geekmeister]

For your own safety and piece of mind, do not do this. As a part-time support person in a small environment, you don't have the time to master the subtleties of effectively rootkitting a commercial server and maintaining special, out-of-band, non-vendor supported services on it. It's likely to break down at unpredictable times with basic system updates and network firewall changes associated with the NAS services themselves.

Strongly, strongly consider fragmenting the functions. A VPN and firewall box, running on a small physical applicance, is generally much safer to expose to the Internet than a Windows server that will requirely monthly major updates and possible reboots and possibly daily vital security updates that are too late to salvage the system from what it's _already_ been exposed to.

Oh, yes. Lose the FTP server, unless it's only for upload from your clients and there is no "browsing" function for the files already uploaded. FTP packets are sniffed on a frequent basis on poorly manged, publicly exposed routers and network switches for login names and passwords. It exposes you and your clients to all sorts of security issues if they're using their Windows login names and passwords for FTP access. There are numerous ways to do this better: gather your requirements first, and you can assess whether HTTPS, SFTP, FTPS, or something else might be better. The only reasons to use FTP now are obsolete clients that cannot be upgraded, technical people who refuse to be educated, and publicly accessible download sites with anonymous access.

Thecus

[iamgnat]

You might look into Thecus. I've had the N7700 for about 3 years now on the recommendation of someone who has a N5400 (and had it for a few years before I got mine) and (after I got mine) got his sister to buy a N7700PRO that he manages for her. There is no built-in DNS or VPN support, but some quick Google searches show that someone built a DNS module and it looks like there might be a VPN module too (I haven't used either so I can't speak to if or how well they work).

I did have my motherboard die 2 months out of warranty, but their replacement cost was reasonable, they took care of it fast, and they upgraded it to the new N7700PRO board for me.

When I initially set mine up I know they natively supported a Windows format, ext3, and xfs (experimental at the time). If I recall correctly it supports SMB, NFS, AFP, and iSCSI for remote connections. I set mine up using iSCSI so I could format it to a different format (which means my client systems have to talk to the server that manages it rather than directly to the Thecus itself).

3 years ago their interface was horrible, but it's seen a lot of improvements over the years and is much nicer now.

Re:Thecus

[E-Prime]

Thecus has abysmal support and horrible software compared to its competitors. That it's much improved doesn't say a lot, except that it was awful then and somewhat less so now. I had the N5200 Pro and it kept throwing disks out of the RAID, despite using disks that were on their approved list. No response from support and lots of complaints from users in their forums. After 6 months the power supply died, so not impressed by the build quality either. Got a Synology DS1010+, which was about half the size and a lot cooler looking, threw in the same disks and have never had a problem since. Also, their UI is just generations ahead of what Thecus has, not to mention that it *actually works*.

They might work for you

[proxima]

I'm more familiar with Synology NASes (albeit on the consumer side) and Dell servers (instead of that NAS). Coming from a Linux sysadmin background, I was impressed with how the Synology combined pretty easy GUI management while not preventing you from doing stuff on the back end Linux side. You can play around with Synology's web interface yourself online. It's pretty cool what they can do with a bunch of javascript.

These things are built for file serving, and it's about as easy as it gets to set up. They also package all sorts of stuff as add-on services, though I don't personally use DNS. My complaint with the home-designed versions in the past is that they skimped on RAM, making them less useful for any kind of real server application. The higher end models like the 1512+ do better, and for just DNS and file serving it should be more than sufficient. Don't expect it to compete with a $1500 server in terms of computational performance, obviously, but it should be able to pretty much max out the drives' performance.

I had a drive die on my personal NAS, and the process went exactly as it should: it emailed me saying there might be problems; I did an extended SMART test via the GUI to double check it; I obtained an RMA for the drive and installed it; it restored to the new drive without incident.

Re:They might work for you

[wkk2]

Make sure your service agreement allows you to destroy a failed drive, for credit, instead of doing an RMA.

Re:They might work for you

[talmage]

I have two NASes, one at home and one off-site. I've recently learned that when a drive fails, in order to keep using your NAS, you have to have spare drives on hand. Even if you report the failed drive to the manufacturer immediately, it takes time for the new drive to arrive. In that time, your data is unprotected by the redundancy of RAID unless you have a spare drive to take the place of the failed one. Otherwise, it's best if you take the NAS offline or use it read-only.

In two months, I've had three drives fail under warranty. First, a pair fo them failed, then one of the replacements failed. In each case, because the failure happened mid-week, it took until the following week for the new drives to arrive from the manufacturer. In this period, I've been without the full use of my NAS for two weeks because I didn't have and wouldn't buy extra drives.

Re:They might work for you

[proxima]

I have two NASes, one at home and one off-site. I've recently learned that when a drive fails, in order to keep using your NAS, you have to have spare drives on hand. Even if you report the failed drive to the manufacturer immediately, it takes time for the new drive to arrive. In that time, your data is unprotected by the redundancy of RAID unless you have a spare drive to take the place of the failed one. Otherwise, it's best if you take the NAS offline or use it read-only.

Of course replacement drives take time to arrive. If uptime is essential, you should configure your RAID to have a hot spare. Then any two drives can die sequentially. I have no problem using an array in degraded mode so long as the data is backed up elsewhere...and obviously any data of importance should be backed up elsewhere.

Once you start getting into massive disk arrays, it starts to pay to have spares sitting around. For a home or small office environment with a handful of drives, you're better off using any spare drives as a USB backup or getting a large enough unit to support the drive online. Big datacenters have people around all the time to manage disk failures, but you might be off on vacation.

Business Case for Upgrade

[David_Hart]

I'm curious as to what the business case is to replace your current server? You say that it is on it's "last legs" but didn't say exactly what this means. Is it end-of-life, running out of room, running slow? End-of-life definitely means replacement but the other two are solvable.

There are fundamental questions that you need to answer before deciding to select a replacement using different technology. For example, have you factored in the replacement for any add-on software (i.e. anti-virus, encryption, backup, etc.)? Are you willing to spend time and resources to learn how to operate, maintain, and manage a new system? How well is the vendor support rated and are they available on weekends, after-hours?

Microsoft Server may not be the most efficient OS for file serving, but it is the easiest to support.

I would definitely recommend buying a piece of hardware that has out-of-band management, assuming that you have remote access (i.e. VPN) to your office. This allows remote access to the hardware when the OS is not working properly. Saves having to run into the office to troubleshoot a problem.

Re:Business Case for Upgrade

[rawket.scientist]

It's end-of-life, insofar as it's running Server 2003, out of warranty, and developed a persistent RAID error that has defied diagnosis and cure over about two days and four tech support calls of attempts.

Re:NAS

[Shoten]

I do take issue with the term "secure vpn", nothing is totally secure as such a name implies.

Only a noob thinks that anything is totally secure, but there's definitely a difference between "secure" and "not secure." The term is not invalid just because it is not absolute, any more than the word "safe" is invalid to refer to a firearm with the safety on. Do safeties fail? Yes. Do they not make a huge difference in the probablity of an accidental discharge? Also, yes. Thus, the term is valid and holds utility because it does define a meaningful state where risk is significantly reduced. The same is true of secure solutions in the IT sector...the fact that there are no magic bullets that are entirely without risk does not invalidate an entire lexicon of security.

Why not just an ubuntu box?

[StormyWeather]

I haven't seen it here, but you could pick up something like a dell optiplex 755 for dirt cheap on ebay, put a raid card in it, a couple 1tb hard drives, and put linux on it, and make shares using samba. That's exactly what we do at our IT shop, and it works fine for us. We install windows servers all the time, but we just don't need it, and our email is gmail, our web services are VPS servers at a host. If you are worried about replacement parts you could just order two of the exact same machine and keep one dark :)

My suggestion no matter what people here say is to then do a backup to the cloud using Jungledisk as a client, and Amazon or Rackspace as a storage provider. If you generate your security keys and opt not to give them to Jungledisk the keys to store for you then I'm not exactly sure how they are going to cough up your data to the "wrong people." The only people that could legally get them to turn over data would be the feds, and that would be your dream since it would mean they invaded your client attorney privilege thus pretty much self destructing any case they might have had. If they were going to get your data from a cloud service, it would be a lot easier to just bust into your office, but that doesn't happen at least by the government as it's self defeating.

Re:Why not just an ubuntu box?

[Voyager529]

Single best answer I've heard here, if it's specifically storage space that's needed. If I can be a bit pedantic though, I don't think an Optiplex 755 would be the best unit to use though, simply because those towers invariably only have space for two hard disks, so you'd need a new case. Even if you transplanted the case, you'd all need a new PSU since those things are basically custom wired for that case, so now you're replacing the power supply, so you're basically buying an Optiplex for the mobo/CPU/RAM, and those mobos can get a bit weird when running purpose built *nix distros. Then again, they're so widely available that getting an Optiplex and a custom case and new PSU might be cheaper than buying a CPU and mobo from Newegg anyway.

To add a bit to this, there are several different ways to do samba on a machine like this. Turnkey Linux has a file server distro that is excellent and very simple. OpenFiler, FreeNAS, and Nas4Free are also very good distros for small volume stuff and you don't need an expensive RAID card to make them useful...but you do need a huge quantity of RAM for decent performance, whereas a simple Samba distro is much leaner in that regard.

I also agree with "put a solidly encrypted data blob on an Amazon S3 instance"; Jungledisk is a great tool for it for the reasons you stated.

Re:Why not just an ubuntu box?

[ixidor]

the ram usage is a misconception*. it is not freenas/nas4free vs ubuntu that is so much the issue. it is that zfs basically needs 1Gb of ram per 1Tb of space. in my personal case, this meant i was limited to about 16tb of space. i chose my raid card specifically to be able toadd in this http://www.newegg.com/Product/Product.aspx?Item=N82E16816401184 later so i would have needed a motherboard that supported 64GB of ram, putting med to high en server stuff. sure as it sits now, i have debian running, and uses such a small fraction of my 8Gb of ram it never concerns me. but i lose all the cool features zfs provides. *i want to be fair, freenas with no zpool/zfs will use very little ram. in practical terms zfs with 4+ 2Tb drives will consume all the ram a "normal" desktop bord would have.

Re:Why not just an ubuntu box?

[cthulhu11]

I haven't seen it here, but you could pick up something like a dell optiplex 755 for dirt cheap on ebay, put a raid card in it, a couple 1tb hard drives, and put linux on it, and make shares using samba.

You did read the part where he wants to *not* have this be his full-time job, right? Let's count the ways in which the above are incompatible with that aim: 1) He'd be stuck with a Dell

2) He's a friggin *lawyer* and you want to trust his whole office to a cheap-ass *used* box of eBay?

2a) He's a laywer. This means he has at least a wife/partner and wants to leave the office occasionally

3) Figuring out the interface on a given RAID HBA. Since Dell uses LSI cards, that means delving into megacli, which clearly was written by deranged wombats

4) Picking a Linux distribution

5) Figuring out how to install 4)

6) Spending two weeks trying to set everything up on an OS that's new to him

7) Spending another two weeks starting over from scratch when he discovered that the anachronisms and desktop focus of Linux led him to an inappropriate configuration

8) Finding some way to monitor the HBA RAID volumes

That's exactly what we do at our IT shop

Something the OP doesn't have and doesn't want.

and our email is gmail, our web services are VPS servers at a host.

Unacceptable for a law office. I looked into a home NAS some time ago and Synology by and far has the best reputation there, better than QNAP for sure. As as been noted here, the boxes are not opaque at all and open to customization.

LDAP

[AliasMarlowe]

The main benefit you would lose by changing to a NAS is the centralized domain authentication, assuming you have one. If you don't have a domain then a NAS would work great. I've setup a couple of Synology before, they perform well and are easy to manage.

That was true a few years ago, but newer Synology boxes can be LDAP servers. My DS211 supports this, but my older DS207 does not.

Cloud? Really?

[Shoten]

Everyone's saying "cloud, cloud," but I don't think that's necessarily a great idea. Why? Latency, for one...being a law firm, I assume your primary application for users is Microsoft Word. So, imagine that you have a Word document open, not on the other end of a switched 100MB or 1GB link, but at the other end of a 30MB connection that you share with everyone else in the office. You double-click on the document, and wait while it is downloaded. Now, mind you, you also have to think about the autosave feature, but you can set that to save locally to avoid any issues with this problem. But each time you hit 'save,' that document goes back up to the server.

There is enormous potential for trouble here. Word is not network-aware in ways that will help manage this latency and slow activity...and the user experience will suffer. I've done IT work for law firms, and trust me...as you must already know, lawyers are not usually accepting of things like Word seeming to lock up for several seconds every time they open, close, or save a document. And this doesn't even take into account the issue of making your entire infrastructure beholden to that one Internet link...if it goes down, you lose access to everything. That's not good.

I do wonder why you would drop a centralized point of authentication (which is what you have, running Windows Server), which gives you the ability to have role-based access and easy resetting of passwords as needed (again, I have worked with a lot of lawyers in my time). If I were in your shoes, I would go the other way, keeping the server going and making more use of what it has to offer (like some very helpful Group Policy settings). But I don't know your exact situation, skillset, or requirements, so that may be off base. I would definitely NOT use cloud as your primary storage, however.

Get professional advice

[kellymcdonald78]

I'm a full time IT consultant and run the legal department for our admittedly small firm. We've recently been sued for breech of contract and was wondering if you could suggest the best approach to defend ourselves. Hmm, maybe not don't you think? I probably don't need to tell you that records and files are a critical asset to the success of any legal firm. Your requirements for security, confidentiality, recoverability are core to your business and each of these need to understood before selecting the right solution for your firm, and to be honest that requires the someone with the appropriate knowledge and expertise to advise you. I'm sorry to say, that in my experience, doctors and lawyers are the worst offenders for not bringing in outside expertise to advise them on technology issues. It's frustrating because they, more than anyone, know the value of professional expertise. Spend some money to obtain professional IT advise (just like you expect people to spend money on legal advice). It's better than having to explain to the partners how someone hacked your "secure" FTP server and posted all your client records to Wikileaks.

Re:Get professional advice

[rawket.scientist]

Stipulated. You get what you pay for

:)

Re:NAS

[sprior]

I completely agree with the idea of breaking this up into multiple machines. Keeping everything together on the same machine is often referred to as a busybox and means that any security holes in the pieces may be used together to compromise the machine and once that machine is compromised the attacker has full control over the family jewels.

I'd keep the router, VPN, DHCP, and DNS functions on its own box. I went with a barebones Supermicro box for around $300 bought from Newegg and installed the pfSense router/firewall on it. Once you get past some learning curve it is very easy to administer through the web interface and the entire config is saved to one file and easy to keep a copy of, so if things go horribly wrong you can rebuild it easily and quickly.

You should be using Active Directory

[Nimey]

it's a great way to configure all your Windows machines without having to go and physically touch each computer.

That said, there's nothing wrong with using an AD domain controller for that purpose and then having a NAS for file storage, especially if the NAS can integrate with AD so you can get the permissions set easily.

Take a look at W2K12 File Server and SMB 3.0

[thetrom]

I suggest taking a look at Windows Server 2012 File Server role - W2K12 - deduplication is an in box feature
- SMB Multichannel - better performance uisng 4 TCP channels
- Storage Spaces - SAN like features with no special hardware (this is not dynamic volume)
- Thin provisioning - using Spaces, Windows can create TP LUNs
- NFS 4 server - in box role in W2K12
- Resilient File System (ReFS) - high degree of compatibility with the most common NTFS features, but has resiliency and scalability features that go beyond NTFS
- Windows Server Backup - now supports backup to the cloud (in box feature)
- Support for Hyper-V VMs - now Hyper-V supports running VMs using a file server and SMB 3.0
- Scale-out - with more than one server, File Server can be configured in a scale out mode for better scalability

Sources:
http://www.windowsnetworking.com/articles_tutorials/Overview-File-Server-Role-Windows-Server-8-Failover-Clustering.html
http://www.windowsitpro.com/article/windows-server/top-ten-windows-server-2012-storage-enhancements-143157
http://blogs.technet.com/b/windowsserver/archive/2012/03/28/microsoft-online-backup-service.aspx
http://blogs.technet.com/b/bettertogether/archive/2012/07/21/windows-server-2012-part2-virtualization-enhancements-scalability-amp-flexibility.aspx
http://www.microsoft.com/en-us/server-cloud/windows-server/2012-editions.aspx

Full disclosure: I do work for Microsoft. I am a senior program manager on the Virtual Machine Manager team. I work on Storage Automation using SNIA SMI-S/ My blog is: http://blogs.technet.com/b/hectorl

Depends...

[darkmeridian]

It depends on what you use the system for. If it's only for simple file sharing, then a NAS would be fine. But if you want to use the server to manage updates and backups, which you should, then consider a Windows SBS 2011 Essentials server. It is a bit pricey but it pulls backups from all of your systems, and you can set up a WSUS server so you only have to authorize updates once--then each system will pull the update from the server when it's time to shut down. It definitely makes life a lot easier compared to individually managing ten systems.

Re:NAS

[rawket.scientist]

I'll readily concede that I cannot root-proof a NAS device on my own, or anything else for that matter. I'm pretty limited in my ability to troubleshoot a mis-configured firewall, too. But we have to have something, and I'm mainly wondering if a NAS device is inherently more vulnerable or more buggy than a full-on file server.

Clients emphatically do not have access to our file server. Quite a few of them are facing very serious criminal charges, and a certain number might even be guilty. Frequently a client will want to send us files; we accept those by e-mail or physical media. Occasionally a client will ask for a copy of his file; we're pleased to burn that to CD-ROM.

At present, we do not have an FTP server. We'd had a fairly hefty network (for a business of our size, at least) set up back in 2008, but I'm not married to anything so long as we can get access to our files at off hours and on the road.

Samba and SFTP

[SgtChaireBourne]

This is a fairly clear case where Samba would be of use for LAN access. It's quite simple to set up and runs very reliably on top of your favorite distro.

For remote sharing, SFTP would be the way to go. SSHFS is a clever trick for very user-friendly remote access.

Re:NAS

[Voyager529]

I do take issue with the term "secure vpn", nothing is totally secure as such a name implies.

Only a noob thinks that anything is totally secure, but there's definitely a difference between "secure" and "not secure." The term is not invalid just because it is not absolute....the term is valid and holds utility because it does define a meaningful state where risk is significantly reduced...the fact that there are no magic bullets that are entirely without risk does not invalidate an entire lexicon of security.

Thank you. Is it not pathetic that this point needs to be made EVERY time the word "secure" comes up, because some pedant is all "zomg nothing is secure!!!111"

Re:From an IT Services Point of View

[swalve]

The only thing worse than the home built network is the one where they hired some "expert" to build or repair it. The expert being someone's brother-in-law, of course. That's where you find managed switches with no configuration; $10,000 servers with expensive RAID cards left unconfigured and the drives are JBOD; an old HP Vectra with 12 MagicJacks plugged into $2 USB hubs, which are then plugged into a $20,000 Nortel phone system; unused KVMs; etc.

Re:NAS

[QQBoss]

Clients emphatically do not have access to our file server. Quite a few of them are facing very serious criminal charges, and a certain number might even be guilty. Frequently a client will want to send us files; we accept those by e-mail or physical media. Occasionally a client will ask for a copy of his file; we're pleased to burn that to CD-ROM.

Heh!

You can, but should you?

[DigitalSorceress]

I have a Buffalo TeraStation that I use just for a NAS to store backups on, but I did notice it has quite a few powerful features that made me think, "hey, I ~could~ use this along with a decent router to pretty much meet the needs of a SOHO"

I certainly think you ~could~ go this route, but honestly, I don't think you should. Here's why: those NAS units are pretty chill and the good ones have some kind of self-healing/recovery option ... like my TeraStation's Raid5. I've had a drive fail and it was a fairly painless but also quite LONG process to repair. Drive died, bought replacement, slammed it in... the work was simple, but it was nearly 24 hours before it was all green and fully up to speed.

Had that been my main server, I wouldn't have been too happy with that long of an outage.

However, in my situation, the NAS was just a backup, my WIn2008 server was on-line and fully available and working the whole time.

If this were an actual office, I'd have had a second win2008 server as a secondary domain controller and would have the important data set up on a DFS and that would handle file sharing. The NAS would be used as backup.

How many days could your office reasonably go with your main shared drives off-line for repair/reconstruction - even if you eventually got all your data back, it seems like lost time in a law office would be a BAD THING.

Re:Why host internally? Move data into the cloud.

[um...+Lucas]

I work at a small law firm too, and Clio (this is the first time I've heard of it) seems interesting, I feel much safer using software that's been tried and tested -- amicus, worldox and timeslips. My understanding is that you can add web functionality to timeslips so you can access files from an iPad or other mobile device. But they're still in your office under your control. Seems much more the ideal situation that relying on a third party to handle that, not to mention such business issues such as what are clios financial resources like? Will we get to the office one day and get an email saying "were sorry, but we went out of business. Your data is inaccessible." or even "we got bought by xyz corp and in order to turn us profitable, they've cut out some of the security related expenses we'd been incurring". That sort of thing. Pure conjecture, though...

Re:Why host internally? Move data into the cloud.

[Anonymous+Brave+Guy]

Among other obvious reasons:

1. The cloud services you mentioned aren't even close to secure enough for legally sensitive documents.

2. Judges are unlikely to accept "my Internet connection was down" as a valid reason for not filing documentation properly.

3. Legal documents are written using serious software, not trivial web apps. They have numerous technical requirements and typographical conventions that must be strictly adhered to, in some cases to the point where courts will specify the precise font you must use for all submissions, for example. You don't write this sort of thing in Google Docs, where the concept of a cross-reference has yet to appear and the numbering styles available are one small step past "numbered" and "not numbered".

My Suggestion

[fast+turtle]

The first thing is to Blow the dust out before doing anything else then as you've already got Sunk Cost into the server, I'd look at it from the cost perspective of Repair/Replacement before doing anything else. Personally, I suspect that the real problem is that the drives are reaching the replacement point and though they're expensive right now, I'd suggest looking at at least a 1TB model such as the Samsung F3 or WD Black for reliability. On the software front, if you've been using Windows for a while, you're pretty familiar with it, so I'd stick with that instead of trying to learn something new unless your reasoning is to move to something with less admin needs, then a good NAS is viable. This also works if you're looking at saving money on power as a NAS should use far less then the server does.

If you want something new to play with, repair/replace the failing hardware - probably the drives/psu - and install either Free or OpenBSD on the server. Otherwise for reduced admin/learning curves stick with the known Windows as you've already learned most of what's needed.

Re:Can I Ask A Business Question?

[PPH]

That all depends on your response time requirements. And what fraction of the problems are h/w related (can't fix remotely and require a service call). Sure, you could hire an IT support outfit. And when something breaks, you call them. And wait. What is 10x your billable rate if everyone in the office is twiddling their thumbs?

If you do go the outsourced route, you'll want to include documentation and a comprehensive set of HOWTOs for your system so you can patch it while waiting for the Geek Squad van. Trouble is: many IT firms either won't touch this kind of deal. Or they'll run your bill up through the roof when they finally arrive, supposedly to "fix" all the things you "broke" while patching the system.

Synology or QNAP... I've done this Server - NAS

[Midnight_Falcon]

Question to OP: Are your workstations joined to the domain and using the 2K3 server as a login server? Are login scripts, group policy etc used on the ten computers? Or are they all standalone?
If they are standalone, replacing the 2K3 with a NAS I'd say is a very good option.

On a consulting basis I've converted a couple Windows SBS environments over to using a NAS. Users have been very happy with the change and these devices have performed well and been able to take over the function of the SBS provided they weren't using Sharepoint/Exchange.

I have to say, the QNAP and Synology are very effective, and easy to setup appliances. A typical slightly tech-savvy person could set this up without a problem -- it's little more difificult than a home router. The interface is very intuitive.
I've found the QNAP is a bit more robust in its feature set, and if you go with the Pro+ models (starting at like $400-$500 w/o disks) based on the intel Atom processor. This is like getting a linux box with an x86_64 architecture. The thing can run a mySQL server/webserver etc.

After the initial setup, the NAS appliances need little/no maintenance. It can handle its own backup, or you can plugin an external disk and copy the array to it, alert you via-email if there's a drive/SMART issue,

Now, if you do already have a domain/ADS environment, you'll have to bring in some slim little machine to replace the 2K3 server as a Domain Controller. Both QNAP and Synology can join a domain and use AD logins and groups as credentials, making login seamless if the computers are domain members (no prompt for login/password etc)
Otherwise, you'd have to unjoin all the computers from the domain and make them standalone, and then migrate profiles back to local etc -- quite an IT expedition.
If this is your situation, I'd recommend going ahead and upgrading to a 2K8 R2 server on a slim machine, and perhaps just using that rather than a separate NAS appliance.

Re:Synology or QNAP... I've done this Server - NAS

[rawket.scientist]

It'd be fair to say we're underusing ADS. We have it, and we use it for our basic login credentials, but we don't really have any need to segregate our internal users into groups.

Re:Synology or QNAP... I've done this Server - NAS

[Midnight_Falcon]

The NAS comes with its own local authentication that you can set in the absence of a domain, so a random user wouldn't have credentials, and thus wouldn't be able to access shares -- unless you explicitly set them public/open to everyone.
The permissions on a Synology or QNAP are very clear and it's hard to do this by mistake.

Re:Synology or QNAP... I've done this Server - NAS

[Midnight_Falcon]

While you not really be using ADS for Group Policy or anything else, your machines are domain members -- so the user profiles are stored in a username.DOMAIN format in C:\Users or (XP) C:\Documents and Settings\. For users to not have to setup a whole new profile, you'll have to make sure to migrate this accordingly -- that means rename the folder, modify permissions, and maybe even hack the registry a bit.

The Synology and QNAP (or any FreeNAS-based appliance) can be a domain member, meaning it can authenticate users to the domain. So, if someone is logged into a workstation as DOMAIN\john.doe, and john.doe has permission on the file share, they can access it without having to enter (or save via Start>Run>control keymgr.dll) a username/password -- since it's assumed.
It also supports local authentication, so you can setup your 10 users in it as local users, and then save those credentials on individual workstations -- this is what you'd do in the absence of a domain controller.

However, as a Linux/samba/winbind based system of accessing ADS, it cannot be an Active Directory domain controller. So, if your existing 2K3 server were to fail, your users wouldn't be able to login to the NAS. And then their computers after whatever the group policy setting for password caching (typically 72 hours) expires.

This is why I would recommend -- as the most painless upgrade -- going with an actual, slim Windows 2K8 R2 server. Get a tower system that goes in a closet for 2-4k with basic RAID. Host file shares on that. Use Group policy to push printer/file share settings to all the workstations -- which wil; be simple because they're already on the domain.
Then don't forget to demote your old domain controller (the 2K3) gracefully and then raise ADS services to 2K8 R2 level.

While a nice, business grade QNAP might be $500 ..disks making it maybe $750..the amount of time you'd spend migrating individual workstations off the domain would outweigh the benefit -- how much do you bill an hour as a lawyer? How many hours you willing to spend on this?

A properly configured 2K8 server with drive maps group policy, etc, could make the process of migration a breeze. So that might be the way to go despite the sexier, slimmer approach of the NAS appliance.

This is a rare instance I recommend using MS server if you're wondering if I'm an MS fanboy..I'm actually mostly a *nix admin...but it just makes sense in tihs case.

I vote no-NAS

[Anonymous+Brave+Guy]

We also went through this a while ago, but the other way around. After kitting out a small office network, the one purchase we really regretted was the NAS (a Cisco-branded device, which in fact is a rebadged QNAP).

The hardware has not failed and supports hot-swapping drives if necessary, but those are about the only good things I have to say about this unit. It is in all other respects just a very limited and relatively expensive Linux server, where essential operations like scheduling regular, secure off-site back-ups are absurdly difficult, and where you can't easily install other server software (e-mail, calendars, DHCP, RADIUS, whatever) unless whoever supplied your NAS happens to make some sort of plug-in available for their particular style of firmware. Even Cisco gave up trying to provide any meaningful support in this area within a few months of the device launching, eventually just providing a mechanism for people to upgrade their firmware to QNAP's own.

When we were investigating options for a new device earlier this year, it looked like more recent NAS devices from other suppliers were little better, maybe differing in some of the details but essentially still the same old story.

My conclusion: NAS devices are for non-technical home users who want to plug in and go. If you're running a real business with serious requirements, and you have moderate Linux skills and/or a modest budget to bring in someone who does when you need them, then buy a real server with a specification suitable for your requirements. There is absolutely no advantage to buying a NAS for someone in that position, IME.

Re:I vote no-NAS

[Cederic]

My conclusion: NAS devices are for non-technical home users who want to plug in and go. If you're running a real business with serious requirements, and you have moderate Linux skills and/or a modest budget to bring in someone who does when you need them, then buy a real server with a specification suitable for your requirements. There is absolutely no advantage to buying a NAS for someone in that position, IME.

Depends on the NAS device. I work for a UK clearing bank and we have customer and financial data on a SAN but there are terabytes of documents in various forms on NAS devices.

Sure, these aren't your £240 WD Live Book Duo (which I use at home, can install my own software on, and am delighted with) but don't be dissing off the shelf NAS solutions. Just buy one that meets your needs.

you can't easily install other server software (e-mail, calendars, DHCP, RADIUS, whatever) unless whoever supplied your NAS happens to make some sort of plug-in available for their particular style of firmware

Oh, my misunderstanding. I thought that when you said "running a real business" you actually meant a real business. Who the fuck installs email, calendaring or DHCP servers on their NAS device?

Re:I vote no-NAS

[jeff4747]

and where you can't easily install other server software (e-mail, calendars, DHCP, RADIUS, whatever) unless whoever supplied your NAS happens to make some sort of plug-in available for their particular style of firmware

So you needed a real server, and were surprised when a NAS didn't meet your requirements?

The problem isn't the NAS. It's you. If you need a real server, don't install a NAS and then whine when it's not a real server.

Re:I vote no-NAS

[Anonymous+Brave+Guy]

Your snarky reply does not change the fact that a real server could do everything the NAS could do and many other things as well. A NAS is just a server with a lot of hard disks, a lot of limitations, and hopefully at least some decent preinstalled networking, access control and storage management tools so it has some vague semblance of value.

If you disagree then perhaps, instead of making vague allusions to some mysterious high-end kind of NAS, you would do us all the courtesy of stating specific models and specific features they have that a general server box of a similar specification couldn't match, so we can all have an informed discussion.

I thought that when you said "running a real business" you actually meant a real business. Who the fuck installs email, calendaring or DHCP servers on their NAS device?

It seems likely that quite a lot of people do, given that basically every NAS on the market comes with options to do at least some of those things, and the vendors' support forums are full of people trying to figure out how to root them to install the missing ones.

I notice that your selective quoting missed out the "scheduling regular, secure off-site back-ups" problem I also mentioned. Maybe real businesses like banks are above such things. Do you by any chance work for RBS?

Re:I vote no-NAS

[Anonymous+Brave+Guy]

So you needed a real server, and were surprised when a NAS didn't meet your requirements?

No, at the time we set the network up, we just needed some reliable mass storage. We assumed, foolishly as it turned out, that getting a NAS would be the quickest and easiest way to achieve that.

We soon discovered that setting up the NAS was no easier than setting up a real server. In fact, it was more awkward, in the sense that it's probably still using much the same Linux tools as a real server under the hood, but you can't use all the familiar sysadmin knowledge your team has because you have to configure the device using a web interface with pretty bar charts and non-standard "friendly" terminology and the occasional undocumented corner case.

And as requirements involve -- and requirements always evolve for IT in small businesses -- you can adapt or completely repurpose a general server, while a NAS is forever a NAS.

Perhaps you're right, and instead of a NAS, we should have bought a real server all along. But in that case, my question to you is: who should buy a NAS in the first place? The only answer I've got is "someone who doesn't know enough to set up/administer a real server and can't bring in help who does know enough", which might apply to a lot of home users but probably doesn't apply to anyone responsible for setting up IT facilities for a business.

Re:I vote no-NAS

[Local+ID10T]

Your experience with the QNAP NAS sounds pretty crappy.

I have installed Synology NAS DS212s in a couple of my retail locations to replace servers (that were really only used for hosting shared folders...) and found them to be inexpensive, fast, quiet, reliable, simple to configure and maintain, small footprint, and extremely energy efficient.

The Synology NAS is currently configured for:

• hosting folders shared by various teams
  (users are on Macs, Windows, and Linux desktops)
• hosting personal folders for each staff member
• backing up files hosted on a few specific workstations -with user-browsable versioned backups ala Apple's Time Machine
  (HR and Payroll desktops are backed up once daily, point-of-sale is backed up hourly using a plugin that allows a snapshot backup of the databases without interrupting it's near constant use)
• VPN endpoint server allowing mobile users to connect to their network files
• VPN linking two sites -configured to make this site and its sibling appear to be on the same LAN segment to users
• VPN client connection to a third site where the NAS backs itself up using RSYNC
  (the host system then backs this data up as part of it's own backup scheme)
• anti-virus for hosted files.

The Synology NAS boxes are running a fairly standard Linux with a custom GUI overlay. They maintain their own packages for various applications, but you can log in to a shell and install/configure as you wish.

YMMV

Re:I vote no-NAS

[BlackSnake112]

You have small clients. That is fine. But a 2 drive 6tb max solution may not be what other people need or want. And it is RAID 1, so the 6TB is misleading it is really 3TB (unless they now have a 6TB dive out). I keep hitting a wall with the 2 drive solutions. That are not big enough. Then again I am dealing with videos not word documents. That is really the issue for companies and people to answer. How much space is enough? For me I am probable going to go FreeNAS. It is for my own use anyway. I just want to have the videos available to use and free up space on the DVR system.

On a side note has anyone used those red WD dives? They look good for the NAS on paper. Reality is often different.

Re:I vote no-NAS

[Local+ID10T]

Agreed. The space requirements for my team is miniscule. I only used the 1tb drives, and that is more than they will ever need in those locations. Even the inventory, product information, and customer databases are only a few GB each.

It is funny to me to have a TB on a single drive, it was only a decade ago that I was running my first SAN -one of the early HP fiber channel systems. It was a 4 ft wide by 6 ft tall rack with 37GB drives striped vertically and horizontally (with hot spares in each stripe). It provided us a whole TB of space which was divided up and allocated to various servers (Windows, Unix, and VMS). It was enough for the entire site -including FAB, engineering, finance, marketing, HR, etc.

I am very pleased with the capabilities and performance of the Synology NAS devices. I like the custom packages they have, and the fact that it requires no hacks to access the linux underneath -just a checkbox in the admin panel to allow shell login. Click the checkbox, fire up putty, log in, and have at it.

They do make much larger boxes, supporting real raid configurations (I just cant bring myself to consider mirroring or striping across 2 drives to be RAID, no Redundant means its just AID...) I only chose the 2 drive version because it makes replacing a disk when it fails so much easier than with a single drive box.

I did see the new WD Red drives, but they have not been certified as compatible yet, and people in the Synology forums mentioned having issues when using drives that were not specifically listed on the compatibility list. I went with the WD Black series drives -a 5 year warranty and listed as tested and verified compatible by Synology. I have been trying to read up on the firmware tricks WD is using in the Red series, but so far have not found anything beyond marketing puff pieces.

Re:I vote no-NAS

[Muad'Dave]

So get a bigger one. I have a Synology 1010+ for home use and love it. I have all my VMs on it connected to VMWare as an iSCSI disk. It works flawlessly, and having the two GB Ethernet ports bonded makes transfers pretty fast. If you outgrow it, you can add a 5 bay expansion chassis and keep growing.

The UI is good, and they have lots of packages you can install to do other 'server-like' things.

Re:I vote no-NAS

[pnutjam]

Even NAS functions like file permissions and file snap shots can get crapped up easily in every NAS I've ever seen. I would use a stripped down Linux running SAMBA over any commercial NAS. Some of the open source NAS software also works well, but many of them are more like NAS/SAN hybrids.

IMHO the ability to maintain your hardware with low cost off the shelf parts is also a killer feature of the Linux Samba NAS.

Re:I vote no-NAS

[pnutjam]

Especially when this is only a couple hours work for someone with any real knowledge. Provided hardware is supplied, you are talking about under $500 of labor to have a better system that can easily be remotely maintained and patched.

Re:I vote no-NAS

[jeff4747]

my question to you is: who should buy a NAS in the first place?

Someone who understands they're only buying lots of storage? And isn't pretending that they'd be able to make the box do something else later?

Re:I vote no-NAS

[Cederic]

http://bit.ly/LJTTeg

Now fuck off.

Re:I vote no-NAS

[Anonymous+Brave+Guy]

Just in case anyone else reading this thread is curious, that's a "let me Google that for you" link for the phrase "enterprise class nas devices".

I don't normally feed trolls, but I did take a look at a few results from the first page of search results, just in case I really had completely missed something. The top result goes to a page where the animated "New!" GIFs flash red and yellow. For those of you young enough that you only remember slapping "Beta" graphics on every web page you ever made, flashing graphics are what we used to mock before that, along with the blink tag and scrolling marquees.

But let's be fair and focus on the content. I followed the link to the first product described on that first page, which would surely put my recent experience in perspective. And so it did. The first device there offers a magnificent 2TB of storage in only 4U of rack space, based on a combination of 8x250GB drives. It also comes with such advanced features as an expandable RAID array, in case you don't want the full 2TB initially I assume, and automatically synchronising data with other devices of the same type. It even works on heterogeneous networks with PCs, Macs and Linux boxes! Truly, this is in a different class to the hardware I'm working with today. In fact, even our entry-level workstations can match that kind of spec, never mind the servers.

Just to be really fair, I did also check out some of the serious hardware that appears further down the page. Some of them make compelling sales pitches. If you buy a Thecus N16000, then "Whether rain, shine, or Armageddon, your data will always be there" apparently.

When all is said and done, I'm still waiting to find a counter-example to my position that these are essentially just inflexible servers that happen to be built in cases with lots of hot-swap disk enclosures, though. There is nothing in even the highest-spec devices I found on the first results page that you couldn't also achieve with a general server. There appear to be similar concerns about, for example, integrating with only a very limited number of vendor-chosen back-up services as standard, just like we had with the Cisco box we bought. And as it turns out, despite being only a "small business" product, the Cisco NAS was actually pretty close to the feature spec of a lot of these so-called enterprise-class devices, it just has a smaller number of drive bays and not as much redundancy in the power and networking.

So I stand by my earlier questions: who is the market for these high-end NAS devices, and what advantages does this kind of device offer given that anyone buying one of these boxes presumably has the expertise in-house to configure a real server anyway and will surely need to do a lot of manual configuration either way to integrate with the rest of the network?

Of course, for the OP, who was asking about storage solutions for a small business with around 10-20 staff, this is all rather academic, because they'd be looking at an entry-level NAS or an equivalent server anyway. So I stand by my original advice there as well: as long as you have either moderate Linux sysadmin skills in-house or the budget to bring in suitable help occasionally, there is very little advantage to choosing a NAS over a real server with a similar spec, at least among the various options we've evaluated over the past couple of years.

Re:I vote no-NAS

[Anonymous+Brave+Guy]

But even if you only want lots of storage, you can buy anything up to and including rack-mount servers with lots of hot-swap drive bays and redundant power/networking easily enough, and then set them up however you want using standard tools.

Re:I vote no-NAS

[Anonymous+Brave+Guy]

Who said anything about building their own? Though building even quite substantial servers is easy these days if you're used to DIY PCs, it's not for everyone and there are also plenty of places who will build you a custom server box with the right kind of hardware. And of course you can buy a server of just about any scale off-the-shelf from a vendor like HP or Dell if you're willing to spend the money on it or if you need to place really large orders. Since you work in a bank, you might actually be in that position, though of course most businesses won't be.

Also, don't your servers also need things like resilience, fail-over, throughput, and low power consumption? And even if someone did a custom build themselves or bought one in, why would you assume it would somehow be inferior to a pre-built NAS box in features and/or reliability?

Re:I vote no-NAS

[TerraRasa]

Oh, my misunderstanding. I thought that when you said "running a real business" you actually meant a real business. Who the fuck installs email, calendaring or DHCP servers on their NAS device?

Basically, what Cederic said. A NAS is a very specific piece of equipment, designed and engineered for a specific task, that of storing data/programs in a location reachable on a network. If you want to be running other services, such as DNS, then utilise a server solution, not a NAS solution. In reality, a server is infinitely more versatile than a NAS solution.

Re:I vote no-NAS

[Anonymous+Brave+Guy]

Basically, what Cederic said. A NAS is a very specific piece of equipment, designed and engineered for a specific task, that of storing data/programs in a location reachable on a network.

In what ways, exactly?

Advantage of a "real computer"

[fa2k]

With a generic OS you can do full disk encryption to protect the data in case the server is stolen. Truecrypt works on windows, probably even with software RAID, but I haven't tried it with RAID. If you do this, remember to encrypt the backups as well (in fact, even if you don't encrypt the main server, it's important to encrypt the backups as they can be easily stolen). Overall, I don't know what to recommend. A NAS box is easier to manage, but less flexible. If you only access a couple of GB of data frequently, you can add enough RAM to fit all the frequently accessed files, for better performance (e.g. prevent delays when opening a file).

Re:Advantage of a "real computer"

[ericdano]

Though of course you'd want a UPS on that......would it really matter? He's a lawyer. Law documents. I don't think they'd need a cache.

NAS all the way

[ericdano]

A huge old Windows 2003 machine is sucking power like a highly paid prostitute. And you aren't using exchange? Why did you even consider Windows 2003 when you could have built/bought a Linux/Unix based server for quite a bit less. I mean, the license per seat of a Windows server is probably upwards of $1K for about 10 people. Isn't it? I know Dell and others were selling non-Windows servers over 10 years ago.......

I'd wholeheartedly recommend getting a NAS. I have a Synology DS1512 that I got in April, upgrading from a ReadyNAS NV that I had for 5 years. Nothing against ReadyNAS/Netgear, that unit was robust and I never lost a single byte of data even though a few hard drives failed on it (gotta love RAID5). It is now serving as a backup device for my Synology unit.

Anyhow, the Synology unit is LIGHTYEARS ahead of the Netgear stuff in terms of software and hardware. They have a whole line of stuff from 2 disk units to like 16 disk units. All of them run the same software. They are easy to configure, and maintain. You can easily set it up to be able to share files over a VPN with it. Or your can log in via the web and get documents. Or have it stream music and videos over the internet for you. Macs, PCs, whatever can hook up to it. They even have iOS/Android apps to monitor or access files from it (like a streaming audio app, video app, etc).

The software and hardware is sound. I had a flakey DS1512 initially, buying it like the day after it was available. Some sort of ROM patch was needed. Synology was fairly good about providing me with a replacement (I did have to complain a lot to their support people). And the current 4.1 beta of their software is causing random crashes on my unit......but it is BETA after all. The release version is rock solid (DSM4). My DS1512 was running that since I got it and it never had any issues at all.

I'd say that hands down, when I was researching a replacement to my aged ReadyNAS NV, the Synology software and hardware was the winner. And it has proven so far to be true. And I still have two more drive bays to fill on it......;-)

Re:NAS all the way

[WuphonsReach]

The main problem is that nothing in the Linux space comes close to how user-friendly and easy a simple Active Directory setup is for allowing users to login to any machine in the office. Or how easy it is to assign users to groups and have everything work properly.

I've been looking at various directory servers for the past 2-3 years in the Linux land and *all* of them are either non-free, or require a lot of tweaking, or you have to play with alpha software (such as Samba4). Or you have to roll your own LDAP schema. Or you run into some other corner case.

Samba4 probably comes the closest of all of them at giving you a way to manage users/groups, hook PCs to a domain controller for authentication, etc. But it's still not done yet after years of work.

Re:Do this.

[ericdano]

WTF......a Synology DS1512 will set you back about $1000 for 3 2TB drives. You also get Active Directory, VPN.

Way way cheaper. Or he could get a smaller Synology unit (like a 2 or 4 bay one) and save even more.

Re:Why host internally? Move data into the cloud.

[rawket.scientist]

3. Legal documents are written using serious software, not trivial web apps. They have numerous technical requirements and typographical conventions that must be strictly adhered to, in some cases to the point where courts will specify the precise font you must use for all submissions, for example. You don't write this sort of thing in Google Docs, where the concept of a cross-reference has yet to appear and the numbering styles available are one small step past "numbered" and "not numbered".

This!

We have fifteen years worth of investment in carefully styled MS Word documents. Format matters, not just for courts, but for clients who expect a certain level of professionalism and consistency. Telling a client, "Yeah it looks all funny because we decided to start using iGoogleBook's TweetDocs and haven't got it all figured out yet," does not inspire confidence. Also, our best typists are 80 wpm and/or using keyboard shortcuts as a matter of spinal reflex. Cloud document services just aren't there yet.

Re:Cloud...

[rawket.scientist]

Call us cousins up here in tornado alley, and on the floodplain of a major river. I am very, very interested in using cloud-based services for offsite backup - the further from our next federal disaster declaration, the better.

That said, I'd rather get a dropbox or carbonite style service but work off of local copies for our hour-to-hour needs. We're on a DSL connection and I have not been delighted by any cloud-based word processor I've tried.

I just bought a DS1512+

[JNighthawk]

I went a bit overboard in buying one, but I'm really liking it now. I bought a DS1512+ and five 3TB hard drives for about $1600. So far, it's been great. It was a breeze to setup, it's using a hybrid RAID format that's expandable, and I've got an FTP running on it now. Using iSCSI to be able to map drives on my computer for apps that don't support network locations (hey Steam) is awesome.

I'd highly recommend it.

Situation in reverse

[Kupfernigk]

If I wrote "I am a full time IT person and part time amateur lawyer for our IT service provision company", what would your advice be? Correct. Physician, heal thyself: stop messing about, ignore the DIY responses from Slashdot and pay someone to do the job properly. Being in charge of IT at a law firm is a deeply boring job, but you surely must have a local service provider for whom it's routine. The business of buying and selling houses is pretty tedious, but fortunately I know a good local guy who makes it painless. You can write the contract.

As for using cloud services, I believe you can get a proper T&C from Microsoft, one that you can review as a lawyer. Your tradeoff is the security of your offices, the reliability of your electricity supply and HVAC, and the reliability with which you remember to take secure off site backups, versus the reliability of your Internet connection.

If that doesn't persuade you, look up Ricardo's Law.

Bottom line: lower risk, lower cost

[drstevep]

We moved to a mix of NAS and Cloud a few years ago. We wouldn't go back.

No more time spent on our servers. No more worrying about patches, upgrades, hardware failure, etc. No staff time lost to systems maintenace, backups.

We use the cloud for most project storage. Always [sic] available, at the office, at home, at client sites. Added benefits include systems backups, syncing folders, etc. Requires some trust in the vendor maintaining system integrity, but the risk is lower than at-office implementation.

We use two NAS devices for corporate data and archival storage. Each has a mirror set; I just like two devices as well because (a) they are dirt cheap, and (b) it gives me some level of redundancy in case one of the boxes goes and dies. They sync to each other. We periodically burn DVDs for offisite backup, multiple copies. This is the only weak point; maybe at some point in the future I'll add a third, off-site, sync'ed system.

In all, it works well. IMHO, it provides more than a single onsite server would provide, at a lower cost.

Examples aren't proof

[drdrgivemethenews]

Yeah, I know, sometimes juries forget that. :-) But with all respect to other posters, even a hundred happy campers aren't enough to prove out a product.

You have a problem to solve. The solution will, over time, require more than just technology. Focus on the company at least as much as the technology. Where are they going to be in 3 years? How is their support? What kind of record do they have in the areas of retention and compliance?

I support the suggestion to use a standalone firewall/vpn. Otherwise, it sounds like Windows Server with a RAID 1 configuration will cause you the least grief long term. You could buy a couple of the little NAS boxes for backup and archive.

Re:NAS

[Bert64]

What "meaningful state" ? To what level is risk reduced? Are you saying that something should be labelled "secure" because someone has made a minimal token effort to put even the most trivial level of authentication on it?
This is a misused marketing word, aiming to imply that the competitor's products are somehow massively insecure, even when the reality could be completely different. I have seen many products advertised as "secure" with gaping holes, similarly there are many products with no such advertising which are quite well done and while obviously not perfect, are a lot better than some of those heavily marketed as "secure".

Security is a process, your product is not magically "secure" because you say it is, or because you now use a password (which might be password)... The term is misleading, and generally does more harm than good.

What it usually boils down to in terms of a VPN is "a vpn that uses authentication", and i'm not really aware of any vpn that doesn't require some form of authentication...

Another problem is that many of the people making purchasing decisions are what you would call noobs, so they buy into the marketing hook line and sinker.. I have even heard people say they don't need to change default passwords or configure anything because "the product is secure".

What we use in my office

[EmagGeek]

I own a company that is a little larger than yours, but our needs are handled easily by a whitebox VMWare ESXi machine running a firewall/VPN Server appliance, an Ubuntu Server virtual machine, and some other VMs for various duties.

It has served us well, and the beauty about VMs is that they're entirely portable to other hardware, so if you need to replace the server, the VMs just migrate right over - no reinstalling or reconfiguring anything.

Something to look at... and it's fiendishly simple.

Re:Synology Rocks

[E-Prime]

Mod parent up. It sounds like advertising but it really is true. I'm equally impressed by my DS1010+ and I'm not easily impressed.

Re:NAS

[Shoten]

If you think that abuse of a word means the word becomes invalid, then you'd end up with an incredibly abbreviated vocabulary. "Best," "better," "good," "intelligent," "pretty," "fit"...I can go on and on, listing the words that would become invalid. Just because one person lies doesn't mean the word has no relevance when it's used to represent the truth. And you don't have to calibrate terms like these in order to use them. You're making up characteristics of some mythical VPN you imagine, which in fact does not represent what standard (in terms of adoption, in terms of majority of products, or any other majority view) VPNs are like today.

By the way...I know what I'm talking about here. In 2001, I gave a talk at DefCon on the Uber Hax0r track on attacking VPN security to validate vendor claims. Trust me...there has been a hell of a lot of improvement in 11 years, and I can't think of a VPN on the market today which is just "a VPN that uses authentication".

Or, to put things in business terms..what would you alternative be, hm? Simply to not have remote access? Good luck with that. Or perhaps you would prefer a VPN that is classifed as "insecure?" Security is the business of being helpful by facilitating things. Going into jihad mode over a single necessary word simply because someone abused it is not helpful. Finding solutions is helpful..claiming with blanket assumptions that all of a particular body of technology...a widely-adopted and proven technology at that...is not usable is not.

Thumbs-up for Synology

[BaldingByMicrosoft]

Two success stories...

The first was a small business with a dozen workstations wherein a Windows SBS was dismantled and retired. Everthing was migrated to a small Synology (currently running their DSM 4.x), OpenDNS and Google Apps. Works well.

The second is a medium size business I'm working with that has multiple sites. They're using Windows primarily for authentication. But all storage needs are taken care of by Synology DS1512+:
http://www.synology.com/products/product.php?product_name=DS1512%2B&lang=us
with WD RE4 drives in RAID 5:
http://wd.com/en/products/products.aspx?id=30
at each site.

Both companies are using either USB or eSATA portable drives to back up the NAS data nightly, which is managed by the Synology software. They really are solid and easy to manage.

Some businesses may need more infrastructure for their business needs, and will need a Windows foundation if the software they want to use requires it. Or maybe Linux and other open-source solutions under the right circumstances. But a decent Internet pipe and a Synology box can provide most of the infrastructure needed for small businesses running workstation-based software.

Re:Thumbs-up for Synology

[yonaada]

yes windows is the best but i like also linux Business

Drobo

[colsandurz45]

If you can afford it ($700, diskless) Drobo is easily the best storage small business storage solution out there.

Re:Drobo

[ausrob]

I really like the Drobo range, great functionality and disk configuration options.. but found the pricing to be a bit too prohibitive. An alternative might be a Thecus (http://www.thecus.com/) which seem to be a fair bit cheaper but lack the innovative features of a Drobo. However I think they deliver a fairly solid platform of functionality for the price.

Best Ask Slashdot in a while

[AlienIntelligence]

Articulate, looks like if a real answer comes up it could help others...

is there hope for /. yet?

-AI

Be careful. You are being paid as lawyer, not admi

[PaterMaximus]

I can not answer your question but I must comment on taking on the role of Sys Admin. I hope I am wrong and your company is different than mine. In doing so you transitioned from contributing profit to being overhead. Sure your colleagues love it on the surface, but when the bonuses go out, you will probably be poorer for it. I know, it happened to me (in another profession).

Synology NAS -my experience

[Local+ID10T]

I have installed Synology NAS DS212s in a couple of my retail locations to replace servers (that were really only used for hosting shared folders...) and found them to be inexpensive, fast, quiet, reliable, simple to configure and maintain, small footprint, and extremely energy efficient.

The Synology NAS is currently configured for:

• hosting folders shared by various teams
  (users are on Macs, Windows, and Linux desktops)
• hosting personal folders for each staff member
• backing up files hosted on a few specific workstations -with user-browsable versioned backups ala Apple's Time Machine
  (HR and Payroll desktops are backed up once daily, point-of-sale is backed up hourly using a plugin that allows a snapshot backup of the databases without interrupting it's near constant use)
• VPN endpoint server allowing mobile users to connect to their network files
• VPN linking two sites -configured to make this site and its sibling appear to be on the same LAN segment to users
• VPN client connection to a third site where the NAS backs itself up using RSYNC
  (the host system then backs this data up as part of it's own backup scheme)
• anti-virus for hosted files.

The Synology NAS boxes are running a fairly standard Linux with a custom GUI overlay. They maintain their own packages for various applications, but you can log in to a shell and install/configure as you wish.

YMMV

A bit OT but...

[rHBa]

...this seems like a good time/place to ask for advice.

I'm setting up an external, hardware raid1 disk dock as an on-site back-up solution.

I know 'raid is not a back-up' but I'm planning to use this as a once a week back-up of my internal HDD, I'm talking a home/single computer environment.

The specifics are a StarTech, 2 disc dock with on-board raid 1 and 2x WD Black HDDs. As I said, I'd be making back-ups weekly and it wouldn't be attached to anything at other times. I realise that this is an on-site backup (i.e useless in the case of theft or fire/disaster) but would anyone disagree that this is a good on-site solution?

Re:A bit OT but...

[iamgnat]

I know 'raid is not a back-up'

RAID is not a backup if it is your only source of data. If it is a backup of what is on the source, then it is by definition a backup solution and a safer one that backing up to another single drive (assuming level 1 or above). What you describe sounds like a perfectly reasonable solution for the use case you describe.

Not a smart idea

[FlyingGuy]

As a lawyer you should not even consider it. Lawyers must guarantee confidentiality of all client work, you remember that part from law school right? You need a departmental server that says who gets access to what and you need to track who authored and who modified. You must ensure it is not only backed up and those backups safely stored, but discoverable.

You also need a completely bullet proof journaling file system so you can un-delete documents that are inadvertently deleted and we are not even talking deliberate acts here, just and oops because the judge is not going to be very sympathetic and your opposing counsel will smile appreciatively when you don;t meet a filing deadline ( I forget the exact word when you must file by a certain date in order to have standing ).

The above is the very reason most lawyers have not gone paperless. AFAIK, the only two products out there that meat the above criteria are a Windows or a Novell ( OES2 - linux with the Novell layer on top ) server. Now you can download Novell OES2 for free ( you have to create an account ) and they will try and get you to purchase support, but you are not required to but you would be a fool not to.

The bottom line here is don't play fast and loose with your clients information if not for their sakes then for your own. Fucking this stuff will not only get you slapped with a huge malpractice suite but could damn well get you disbarred, but I figure you know that.

Do not buy from Synology!

[nebbian]

My company bought a Synology DS 1511+ about four months ago due to our aging Thecus NAS starting to show some signs of giving up. Note that we had been using this Thecus unit for many years, and the only problem we were having was that we would occasionally get warning messages about the disks being on their last legs. All our file operations were fine.

The Synology unit has had issues from day 1, mostly to do with file locking. After several weeks of random "This file could not be saved", or "Too many open files" messages, we started to ask Synology for help. They were useless. It took over a month for them to even acknowledge our increasingly desperate pleas for help, and several times we would arrange a time for them to log into our system only for them to forget to turn up.

Eventually we started fiddling around in the system ourselves, bumping up inode limits, stuffing around with everything to try to stop the system from falling over constantly. It doesn't help that when you turn logging on, the device suffers from a memory leak that after a couple of days renders it useless. It also doesn't help that they're using a version of Samba from 3 years ago.

We're waiting delivery of a QNap device as I type this, and I seriously can't wait to see the end of the piece of shoddy crap from Synology.

Please, do not buy a synology NAS. You'll regret it later.

Re:Do not buy from Synology!

[nebbian]

Forgot to mention, when we started having issues we created an entry in our timesheet system so that if we were having issues we would log our time against it. We're now up to 80 hours of lost productivity due to this device.

It's cost us around $10,000 in lost productivity.

Don't go there.

QNAP has no disk scrubbing

[Bender+Unit+22]

Just be aware that QNAP does not have any disk / RAID scrubbing feature so it cant check if there is a lot of blocks are going going bad.

It can only check the file system and s.m.a.r.t. tests.
I guess if you have a server running, you could read everything to /dev/null once in a while. og pehaps figure out how to add cron jobs to the qnap itself that stays after reboot.

Re:QNAP has no disk scrubbing

[Bender+Unit+22]

argh, just looked at a QNAP, I'm not sure it even reads the parity block when reading it uses MD so I guess the only thing it's RAID function are good for are complete HD failure.
and then you have to play there aren't any undiscovered bad blocks.

Re:NAS

[Killjoy_NL]

Network Attached Storage

I use it myself and am quite happy with it, I have an old Netgear with 4x2TB drives in Raid 5, good enough to hold my media and music and all the important files in backup. It's fast enough for streaming to my XBMC HTPC as well. :)

Re:Why host internally? Move data into the cloud.

[Killjoy_NL]

Not just that, but I just read a short news article about Microsoft having their staff snoop through private files of their Skydriver users.
Their explanation is that every file is scanned and the ones that get flagged get a manual inspection.
A user of the Tweakers.net website got his Skydrive blocked because he had 1 or more nude pictures on it and MS doesn't like nudity it seems.
I'll never cloudify my "personal" pictures like that. That user now has a windows smartphone with very limited functionality because of this taurus excrementus.

Re:Synology Rocks

[Killjoy_NL]

As I am in the market for a new NAS myself, I will definitely take a look at these :)

KISS - the best method!

[net.bit.herder]

As I am sure you have seen, there are many on here with great ideas. You said that you have about 100GB worth of data, and years of sweat equity in documents in MS Word. You already know Windows, so why break that approach? Buy yourself a name brand Server, so that you get some support for the hardware. Dell, HP, Lenovo, Cisco (Yes Cisco Makes Servers!) Put about 8GB of RAM in it, and get at least 3 1TB Raid drives (of course it will need a RAID controller!). Put Windows Server 2008 R2, and you can migrate your data. You will continue to maintain your DNS/DHCP settings and your office will continue to function the way that you have determined that is best!

Resara

[gregthebunny]

Buy a Resara device (http://resara.com/) or roll you own (http://resara.org/).

You'll get file storage, an Active Directory-compatible domain, DNS, DHCP, etc.

Re:NAS

[essbase_nerd]

/.ers are fast to criticize non-it pros for attempting tech. This guy sounds fairly competent, and this isn't an extraordinarily difficult task.

Worked great for me

[Caffeine_Coder]

I was in the same boat, but not in an office setting.  I had a custom built linux server running RAID 6 providing FTP, HTTP, DHCP, DLNA, etc..  I got tired of the administration, having a huge box sitting under the desk, and I initially installed the wrong distro as well (gentoo).

After months of research, I went with a Synology 1812+.  I'm very pleased to say, I love it, and I gained functionality.  I can do everything I was doing before and more.  FTP, HTTP(s), DHCP, email, DLNA, media server, Samab, NFS, VPN, SSH, telnet, quotas and more.  It is also MUCH quieter and more energy effecient.

It has a UI interface to configure everything. While editing conf files in vim provides the most flexibilty, I felt the UI provided just enough configuration / functionality to meet my needs.

Yes, it has a slower CPU and less RAM, but for a file / media / etc... server, it is more than enough.

If you combined this with a reasonable router / firewall, you will be fine.

Sentinel

[Kingazaz]

Your situation sounds almost identical to mine in terms of size, environment, and needs. We are retiring our SBS 2k3 box in favor of a Western Digital Sentinel DX4000 and Public Folders software by CodeTwo to provide the shared calendar/contacts that Exchange used to handle. We also use gotomypc so that the attorneys can access their systems remotely, and in turn access the Sentinel.

I'm not an attorney, just the guy who became the resident tech based on serendipitous skills. Sooooo, I won't vouch for our system satisfying all legal requirements for accountability, but I will vouch for the cost effectiveness, simplicity, and general good results we've had for the last few months. We use JST's CollectMax software to track the collections portion of our business, which runs on the above mentioned server, but will be moving to a different box when I shut that down. Since CollectMax has an imaging module, I had tried to turn us into a less-paper office (paperless is just too unrealistic) and we have had some success there, though a couple hundred physical files still circulate daily as has always been the case.

I'll note too that we use Carbonite to backup individual systems throughout the day because I can't get everyone to save purely on the network, nor is that necessarily desirable since deletions are permanent. Also, we have another NAS as well as a large HD on one of the partner's machines that both field nightly backups of documents and images.

My 2

Re:Synology Rocks

[SimplyGeek]

I cannot recommend the Synology NAS enough. Before I bought the DS411 (4 disks) I was using a general purpose Linux server. A Linux server is the way to go for customization and performance if you are comfortable as a linux sys admin. But for just plain file storage, including the TONS of other stuff DSM (Synology's management software) handles, I was much happier with the NAS.

What it came down to was this: A linux box can do more, but it's more work to manage. With the Synology, it just works. I cannot understate how important this is.

Re:Just look at a buffalo NAS

[SimplyGeek]

You get what you pay for with Buffalo. For a 1 person home use case, maybe. But even then I wouldn't get it.

Re:NAS

[pnutjam]

One desktop computer, add some extra drive and use this: http://www.clearfoundation.com/Software/overview.html

Re:Get professional advice: Seconded.

[pnutjam]

This was rudely stated, but true. You should use your knowledge to find someone you can trust who will communicate processes with you and teach you to do the little things. Stay away from the big consulting houses. They will send you someone who can't answer your questions because they are following little scripts and don't actually know how to do things. Look for a small provider you can trust.

Talk to an expert

[Custard]

> full time lawyer and part time nerd doing most of the IT support

I am clearly biased since I am one of the horde of consultants to small business, but I suggest talking to someone who has done this at least a dozen times before.

How would you respond to someone who posted "I'm a full time sysadmin and part time (self-taught) lawyer who handles the contract work..."

Plus your billing rate is probably higher than an IT guys.

Government changes

[tepples]

unless you are involved in something that your government or it's allies finds distasteful - YOU ARE JUST NOT THAT IMPORTANT.

The next administration could find anything distasteful.

RAID5 makes me want to BAARF

[tepples]

I have "lost" a disk in my RAID5, and the NAS rebuilt easily once I replaced it - but if you lose a disk in RAID0, then wave goodbye to your data.

With modern drives sized in terabytes, the same thing can happen to RAID5 if you lose a disk while rebuilding.

Re:RAID5 makes me want to BAARF

[Pete+(big-pete)]

I have "lost" a disk in my RAID5, and the NAS rebuilt easily once I replaced it - but if you lose a disk in RAID0, then wave goodbye to your data.

With modern drives sized in terabytes, the same thing can happen to RAID5 if you lose a disk while rebuilding.

Hence the other part of my comment which you didn't quote: "and if I was running in an enterprise with a DS1512+ then I would certainly consider running in RAID6" (although at the time of writing I was actually thinking of the DS1812+ which is more suited to RAID6 as it holds more disks)

I have seen a RAID5 fail whilst waiting for a vendor to replace a disk in a corporate environment - let's just say the vendor had some explaining to do...

-- Pete.