Ask Slashdot: Stepping Down From an Office Server To NAS-Only?

First time accepted submitter rawket.scientist writes "I'm a full time lawyer and part time nerd doing most of the IT support for my small (~10 person) firm. We make heavy use of our old Windows Server 2003 machine for networked storage, and we use it as a DNS server (by choice, not necessity), but we don't use it for our e-mail, web hosting, productivity or software licensing. No Sharepoint, no Exchange, etc. Now old faithful is giving signs of giving out, and I'm seriously considering replacing it with a NAS device like the Synology DS1512+ or Dell PowerVault NX200. Am I penny-wise but pound foolish here? And is it overambitious for someone who's only dabbled in networking 101 to think of setting up a satisfactory, secure VPN or FTP server on one of these? We've had outside consultants and support in the past, but I always get the first 'Why is it doing this?' call, and I like to have the answer, especially if I was the one who recommended the hardware."

Synology

[GordonCopestake]

I recently installed a small DS212+ for a small office of 5 using around 1tb of data. The NAS was chosen as a low cost option but after running it for a few weeks it's actually better than a windows box for this use case, mostly because of its excellent software and ease of use. It has a built in VPN server and access to a host of 3rd party apps. Highly recommended.

Re:Synology

[AliasMarlowe]

I recently installed a small DS212+ for a small office of 5 using around 1tb of data. The NAS was chosen as a low cost option but after running it for a few weeks it's actually better than a windows box for this use case, mostly because of its excellent software and ease of use. It has a built in VPN server and access to a host of 3rd party apps. Highly recommended.

Agree with the recommendation for Synology; they're hard to beat on value although you can find cheaper NAS boxes. I presently have both a DS207 (1TB) and a DS211 (6TB), and they work like a charm. Both are configured with a pair of disks in RAID0 so they're fairly quick, and have automatic incremental backup to a group of USB drives. Synology's web server is solid enough, but you might want to harden it with suitable Apache configuration files and sensible policies. As parent said, there are excellent free applications available for download - we use their mail server, media server, and photo station, but there are also DHCP, VPN, LDAP, and ERP possibilities.

A DS1512 would absolutely blow away the DS211 in performance, and is marketed as being suitable for use by SMEs.

Re:Synology

[Pete+(big-pete)]

Agree with the recommendation for Synology; they're hard to beat on value although you can find cheaper NAS boxes. I presently have both a DS207 (1TB) and a DS211 (6TB), and they work like a charm. Both are configured with a pair of disks in RAID0 so they're fairly quick...

I also definitely recommend Synology NAS solutions - very capable machines and the company is committed to follow-up with their software updates. You buy the NAS now, and as they release continual updates to their firmware, it just gets better and better "for free".

On the other hand, I would never recommend running a NAS with disks in RAID0 - you run a NAS to store your data and to be completely reliable, I configure my DS508 in RAID5, and if I was running in an enterprise with a DS1512+ then I would certainly consider running in RAID6. I have "lost" a disk in my RAID5, and the NAS rebuilt easily once I replaced it - but if you lose a disk in RAID0, then wave goodbye to your data. Unfortunately disks are not 100% reliable, and the speed increase means nothing as soon as you start accessing the NAS over a network.

-- Pete.

Re:Cloud

[brad-x]

If you have any expectations of maintaining confidentiality for yourselves or your clients, a cloud service is not for you. All cloud providers make claims as to the privacy of your data - when put to the test they'll hand it over to the wrong people in a heartbeat.

AD Domain Services

Do you have an Active Directory domain? Domain users and groups are much easier to manage for file access than a bunch of local accounts. I'd keep using a full server just for that, but that depends on your security model.

Re:NAS

[Antique+Geekmeister]

For your own safety and piece of mind, do not do this. As a part-time support person in a small environment, you don't have the time to master the subtleties of effectively rootkitting a commercial server and maintaining special, out-of-band, non-vendor supported services on it. It's likely to break down at unpredictable times with basic system updates and network firewall changes associated with the NAS services themselves.

Strongly, strongly consider fragmenting the functions. A VPN and firewall box, running on a small physical applicance, is generally much safer to expose to the Internet than a Windows server that will requirely monthly major updates and possible reboots and possibly daily vital security updates that are too late to salvage the system from what it's _already_ been exposed to.

Oh, yes. Lose the FTP server, unless it's only for upload from your clients and there is no "browsing" function for the files already uploaded. FTP packets are sniffed on a frequent basis on poorly manged, publicly exposed routers and network switches for login names and passwords. It exposes you and your clients to all sorts of security issues if they're using their Windows login names and passwords for FTP access. There are numerous ways to do this better: gather your requirements first, and you can assess whether HTTPS, SFTP, FTPS, or something else might be better. The only reasons to use FTP now are obsolete clients that cannot be upgraded, technical people who refuse to be educated, and publicly accessible download sites with anonymous access.

I vote no-NAS

[Anonymous+Brave+Guy]

We also went through this a while ago, but the other way around. After kitting out a small office network, the one purchase we really regretted was the NAS (a Cisco-branded device, which in fact is a rebadged QNAP).

The hardware has not failed and supports hot-swapping drives if necessary, but those are about the only good things I have to say about this unit. It is in all other respects just a very limited and relatively expensive Linux server, where essential operations like scheduling regular, secure off-site back-ups are absurdly difficult, and where you can't easily install other server software (e-mail, calendars, DHCP, RADIUS, whatever) unless whoever supplied your NAS happens to make some sort of plug-in available for their particular style of firmware. Even Cisco gave up trying to provide any meaningful support in this area within a few months of the device launching, eventually just providing a mechanism for people to upgrade their firmware to QNAP's own.

When we were investigating options for a new device earlier this year, it looked like more recent NAS devices from other suppliers were little better, maybe differing in some of the details but essentially still the same old story.

My conclusion: NAS devices are for non-technical home users who want to plug in and go. If you're running a real business with serious requirements, and you have moderate Linux skills and/or a modest budget to bring in someone who does when you need them, then buy a real server with a specification suitable for your requirements. There is absolutely no advantage to buying a NAS for someone in that position, IME.

Re:I vote no-NAS

[jeff4747]

and where you can't easily install other server software (e-mail, calendars, DHCP, RADIUS, whatever) unless whoever supplied your NAS happens to make some sort of plug-in available for their particular style of firmware

So you needed a real server, and were surprised when a NAS didn't meet your requirements?

The problem isn't the NAS. It's you. If you need a real server, don't install a NAS and then whine when it's not a real server.

Re:Cloud

Don't know about client-attorney privilege, but anything medical is a HIPAA no-no. We actually used a "cloud" vendor who we caught using our info for their marketing purposes. We called them on the carpet about it, but they denied all such use, and they had the balls to threaten us with slander lawsuits. The doctors decided that they couldn't afford to make a big stink about it, but we immediately stopped using them.