leew
Sat Mar 29 13:49:20 PDT 2008
Greg Peterson wrote:
> Thanks again for taking the time to reply. This is exactly the dialogue I
> was hoping for. See my replies below.
>
> "leew [MVP]" <useContactPage@LWComputing.dot.com> wrote in message
> news:47edb592$0$5611$607ed4bc@cv.net...
>> Greg Peterson wrote:
>>> Very good points, but allow me to respond....
>> Quick question - what is it this business does? Is it a real estate
>> agency? A sales office? What? I don't need to know EXACT SPECIFIC
>> DETAILS, but I'm being forced to generalize because I know nothing of what
>> the business will do, other than it will have 20-30 users and many with
>> laptops.
>>
> It's a light manufacturing company. About 20 office people (design
> engineers, purchasing, HR, accounting, etc.) and about 8 people in the plant
> (of which only 2 people in shipping & receiving have computers).
>
Earlier, you said that your web site would be receiving minimal traffic,
so it would be hosted elsewhere... see, to me, that's when it makes the
MOST sense for YOU to host it yourself. If your web site were BUSY,
THEN you want it hosted on a reliable system in a data center somewhere
where they have emergency generators and multiple connections to the
internet in case one fails.
Most new businesses don't start out this big. So this isn't new, is it?
Are you just walking into the environment? What do they have now? Or
do they have nothing now (not a single desktop computer?) Are YOU the
business owner? Or just the "trusted IT advisor" who is also an
employee? If so, is your role SOLELY IT/Technical, or are you, for
example, primarily a bookkeeper who is expected to handle the IT needs?
>>> "leew [MVP]" <useContactPage@LWComputing.dot.com> wrote in message
>>> news:47ed89c1$0$25019$607ed4bc@cv.net...
>>>> 1. Single Logon. In a domain environment, you can setup your computers
>>>> so that each user has a logon that can be used on ANY computer. When
>>>> they change their password, the change is effective on ALL computers
>>>> that are a member of the domain. In a Workgroup, you must setup a user
>>>> account on EACH computer the user will log on to - or use a common logon
>>>> which means you have no way of tracking who does what.
>>>>
>>> Everyone will have one computer, and there will not be any need to use
>>> one another's computer. So I guess the Single Logon does not matter
>>> here.
>> Sorry, but in my experience, there's always a need, especially when you
>> have 20-30 users. Even for you or your support people.
>
> Still not convinced we'd be using one another's computer. In the 3
> businesses I've worked in (all fairly large companies), I've never been
> asked to use someone else's computer, nor has someone else used mine.
In the small businesses I've worked with, I've had one REALLY small
business find it REALLY great when I told one of the owners when his
computer died he could just sit right down in front of someone else's
computer and log on, having access to everything he needed. He didn't
realize this is how he was setup (even though I know I told both
partners when I set them up this would be one of the advantages).
As I mentioned, there's a cramped office I work with and they can sit
ANYWHERE without issues... if this company grows and there isn't room in
the office for everyone, this may become something of an issue... maybe
not. But without a server, this gets very complicated.
There's no guarantee anyone will ever need to use someone else's
computer... but wouldn't it be nice if you could say to the boss(es) if
and when his/her computer dies, all they need to do is sit down in front
of another and log on and INSTANTLY, without doing anything else, they
will have access to their information?
>
>>>> 2. Centralized Management - you can control system settings on ALL
>>>> systems from one system. For example, SBS will allow you to redirect
>>>> everyone's My Documents and Desktop folders to a folder on the server.
>>>> This is called folder redirection.
>>>>
>>> This is a good point, but what is the purpose of collecting everyone's
>>> "My Documents" and desktop folders? Is it for backup purposes? If so,
>>> why not use an online backup tool for each computer (e.g.
>>> www.carbonite.com). Cost is about $50/year per computer.
>> Ok... $50/computer/year... that's $1000 per year. How much data will you
>> have? How fast will your internet connection be? Folder Redirection is
>> also used when users move around. At one of my clients, they are packed
>> in like sardines and by redirecting their folders, they can sit at ANY
>> unused computer and when they log on, they have complete access to all
>> their files without having to do anything. But that's not the only form
>> of centralized management.
>>
> That's right. $1000/year for safe, secure backup with unlimited storage.
> Regardless of the backup solution, we will pay for a T-1 (to ensure Skype
> has sufficient bandwidth), and do the backups at night. To compare with
> what my present employer does, we paid several thousand $ for a server &
> tape backup system, and pay $750/MONTH for Iron Mountain data storage to
> come onsite every morning to pickup our tapes and store them offsite. You
> can see how $1000/year quickly got my attention.
First, a T1 is NOT fast. It's generally RELIABLE, but it's not fast.
IT's OFTEN the fastest UPLOAD you can get for anything resembling a
reasonable price for a small business, but it's NOT fast. Download
wise, most ISPs I've seen (and this DOES depend where you are based)
offer speeds AT LEAST twice as fast download - even DSL, if you were
close by is up to 6 to 10x faster (DSL 6x, DSL2 10x) and is typically
CHEAPER than a T1. (DSL Upload is USUALLY half T1). Cable can vary
widely. Some cable internet companies max upload at 1 Mb, and have
download speeds anywhere from 1.5 Mb (T1) to 30 Mb. My own cable
internet provider gives my little data center 30 Mb download and 5 Mb
upload for $80/month with almost the same reliability as a T1).
Second, CALLS take more bandwidth than you might think. A VoIP call
TYPICALLY takes 80-100 Kb... that means a MAXIMUM of 15 calls - but when
you factor other traffic in - like people reloading gmail every time
they change a web page and downloading attachments, that could EASILY
drop to 5 to 10 calls... and at peak times, say when two people are
downloading a 5 MB attachment and someone else is downloading something
else that maybe they shouldn't be, you could end up with dropped calls
or call quality that sounds worse than a cell phone with 1 bar of
signal. Most businesses that utilize VoIP will want MORE THAN ENOUGH
bandwidth (like a business your size with a cable internet that has my
capabilities) or a separate connection just for their phones. One
company I'm familiar with will put ONLY 12 calls on a data T1 and they
reserve that bandwidth to ensure data doesn't interfere with the calls.
(A standard voice T1 holds 24 calls).
I don't believe Backup is that black and white either. For example, for
my clients, I recommend using online backup services for CRITICAL data -
like the database that is vital to the company and the accounting data.
Other things typically get backed up to an external hard drive that is
rotated off site once per week to someone's home. Now, this isn't IDEAL
for everyone. It fits my clients. But for clients/companies that face
certain regulatory requirements, it's necessary to use tape and a
company like IRON MOUNTAIN.
Most of my clients pay about $500 for the backup system - 3 external
hard drives with no monthly fees for off-site storage. But again,
backup REALLY needs to be customized (I've HEARD of carbonite,
obviously, but I've not used them nor contacted them. Consider this, if
it really is $50/computer... then what if you ran EVERYTHING off the
server... and JUST backed up the server... for $50. That ALONE would
pay for the server in 3-5 years. (Check this - their licensing may
prohibit it, but I couldn't quickly and easily find anything that said
that).
>
>> I assume you'll be getting Microsoft Office for this company? Or perhaps
>> an Antivirus program? Both office and Antivirus can be deployed using
>> Active Directory. Do you want to go around to each machine and install
>> office manually? Or would you like to copy the source CD to the network,
>> define the package, and then the next time each computer is booted, office
>> and the antivirus program and possible other software is automatically
>> installed. Ok... so you buy office with the computer... fine... what
>> about upgrades?
>>
> Here you bring up a genuine advantage. I can see the pain/time required of
> going around to each machine to do updates. But so far, that seems to be
> one of the few concrete benefits of using a server.
>
>> Do you think you might want to be able to restrict what people do online?
>> Servers can help you do that more effectively and administered all from a
>> remote location. What happens if you have a custom software program that
>> needs an update on each computer... with a small script, you can push that
>> update to everyone's systems with about 20 minutes of work.
>>
> We may need to restrict what they do online, but isn't that possible using a
> fairly sophisticated router? As for the custom software program you asked
> about, so far I foresee us only using over-the-counter software.
To an extent, yes, but sophisticated routers tend to cost far more than
servers.
>
>> Perhaps you'd like to TRY to prevent your systems from getting infected
>> with malware... well, you CAN go to each computer and implement policies
>> manually - or you can setup one or more policies and apply them to all
>> workstations from the server simply by placing the workstation or policy
>> on the appropriate object in Active Directory.
>>
> Another genuine advantage. I'll think this one over, but see my point below
> about malware.
>
>> How about setting up printers? Is everyone going to have their own? That
>> seems like a waste... do you want to know who prints what? Maybe give
>> someone priority so their print jobs ALWAYS print first (bosses usually
>> like that). Maybe you want to add a printer to the network... Well, with
>> a server, add the printer to an SBS system and the next time the
>> workstation user logs on, they have access the printer... OR you could go
>> around and spend 5 minutes on each computer configuring the printer
>> manually... or instruct your users how to do it, I suppose...
>>
> My current employer leases a very heavy use printer/copier/fax for about
> $500/month that serves all employees. If someone ahead of you has a
> 500-page file printing, the touch screen on the printer allows you to change
> the priority of the queue. As for adding the printer, this is a one-time
> setup on all computers, so I would just e-mail out the 5-step process for
> each person to set up the printer. I see no real advantage here of having a
> server.
I really hope you don't have employees like my clients do. Half of them
can follow the instructions... the other half... you'll be helping. And
only ONE printer/copier? It obviously depends on EXACTLY what kind of
printing needs you have, but that cramped company client of mine has 10
printers or varying kings (they do have varying needs), but several are
just plain b&w laser printers and they all get used by MOST people there.
>>>> 3. I've used Gmail for an organization I'm in. I love google... but I
>>>> HATE gmail. I've gotten so many important messages flagged as SPAM it's
>>>> not funny. Maybe it was a config error on our administrators part, but
>>>> I also don't like that I can't create (easily, if at all) sub folders. I
>>>> would strongly advise against using the gmail facility at this time (I'm
>>>> sure I'm in the minority).
>>>>
>>> Point taken.
>>>
>>>> 4. Centralized backup. With Folder redirection, mentioned in #2,
>>>> you can backup virtually all user data without concern by backing up
>>>> JUST the server. (Your network, ideally, will be setup so that your
>>>> users can use ANY workstation (or almost any workstation) and if one
>>>> fails, it really won't matter; they can sit at another employee's desk
>>>> and pick up right where they left off).
>>>>
>>> See my response to point #2 above. If someone's computer fails, there
>>> will of course be some downtime given the time to reconfigure their
>>> computer and retrieve their backup, but that should be somewhat rare.
>> It should be - until they get infected with malware once a month (or more
>> often) because that new employee likes to tweak EVERYTHING and downloads
>> software illegally or maybe "stumbles" onto a porno web site with malware
>> embedded in it.
>>
> Maybe I'm underestimating the danger of malware. Isn't Vista supposed to be
> much more "resistant" to malware? Can't a good firewall at the router
> prevent most types of malware. Again, I do not see how having a server is
> the only solution here.
I'd drop the "much". The "much" is more of a Microsoft word, I feel.
Yes, it's more resistant... but it's still Windows, the #1 target BY FAR
in the world. And nowadays, hackers aren't actually looking for you to
find them. Botnets are prevalent even in MAJOR companies with
supposedly FANTASTIC routers and firewalls and Intrusion Prevention
Systems (IPSs) and Intrusion Detection Systems (IDSs).
Good equipment can protect you better than not-so good equipment. But I
setup a computer at a company slightly bigger than yours (35 people) and
a BRAND NEW SYSTEM, with a nicely configured sonic wall firewall, was
infected within a week so deeply it took me 3 hours to clear out the
infection - probably should have reinstalled (I wanted to learn this
malware, so I billed for 2 hours and spent the early evening figuring
out how to get rid of it) until I finally did. And they were infected
so badly because the user ran with administrator privileges.
>
>>>> 5. Exchange Server, included with SBS, will provide shared and group
>>>> calendars, e-mail, tasks, and contacts.
>>>>
>>> I have been using Gmail's group calendar and contacts and find them both
>>> very good.
>> I haven't used them so I can't specifically comment on them... but
>> consider this - IF you buy a server, the obvious choice is Small Business
>> Server (SBS). SBS is CHEAPER than a "Standard" copy of server AND it
>> INCLUDES Exchange Server... so you might as well put it to good use. The
>> capabilities of exchange are impressive (and occasionally frustrating --
>> but you can say about virtually any groupware solution).
>>>> 6. One of the best features of SBS (and Windows Server 2003 and later)
>>>> is Volume Shadow Copy, not typically offered by any CHEAP NAS. This
>>>> feature takes automatic, periodic backups that users can easily restore
>>>> themselves by right clicking on a folder and reviewing the history of
>>>> the backups. EXPENSIVE NAS units typically offer this "snapshot"
>>>> feature, but they typically cost AT LEAST $5,000 - usually more like
>>>> $10K plus.
>>>>
>>> The NAS would be used only for file sharing, not for taking backup
>>> images. An online tool like Carbonite would be used. Storing the data
>>> online (and offsite) makes sense in that it protects from fire, floods,
>>> etc.
>> Volume Shadow Copy is NOT the same thing. I assume Carbonite would run
>> nightly? Volume shadow copy, as I configure it for most of my clients,
>> runs every 3 hours from 7am to 7pm. At which point you can go back to any
>> of the backup points - 7am, 10am, 1pm, 4pm, or 7pm on a given day. And
>> it's instantaneous (as instantaneous as a file copy).
>>
> The more frequent backup points are nice, but we're not running a nuclear
> reactor here : ). Simply turning back the clock to the previous night's
> backup would sufficient for most. If they are working on something crucial,
> they should back it up to flash drive throughout the day.
Neither are my clients... but it has come in hand more than once... a
few months ago, their accounting file got corrupt... we were able to
step back in blocks of 3 years to find a good one. And just yesterday
we quickly recovered an entire deleted folder off a server from earlier
that morning.
Relying on users to do backups is the best way to lose information. How
often do you backup your system? Even if you're one of the FEW who can
HONESTLY say they backup their home computers often, ask your friends.
Most people don't reliably backup their own important information...
they aren't going to reliably backup yours, even when they are working
on it.
>
>> Otherwise, in general, you are correct. Except that this is dependent
>> upon your internet connection to some extent and the recovery time would
>> be longer.
To put in some perspective, with a T1, your recovery speed - assuming NO
CALLS and NO OTHER INTERNET USE, this is what you get:
Restore:
1 MB 5.3 seconds
10 MB 53 seconds
100 MB 8.9 minutes
1 GB 1 hour 28.9 minutes
10 GB 14.8 Hours
100 GB 6+ DAYS. Imagine if your NAS went down and you ONLY had
Carbonite backups. No data for a week. No Calls, Internet, or e-mail
for a week (or you don't get the data for more than a week).
I'm not sure what exactly your design engineers will be doing, but at
one company I do work for they have a couple of CAD developers and in
less than a year, they've got 3+ GB of data. That alone would be 4.5
hours to restore with your backup plan and internet connection.
>>
>> Also, how are you backing up the NAS device? What happens if it fails?
>> Especially if you end up setting up a significant configuration, this
>> could be HOURS of tedious work getting a NAS to replace it.
>>
> The NAS would also be backed up to Carbonite. Right now, I'm looking at the
> Droboshare, which has received widespread praise for it's simplicity and
> idiot-proof concept.
>
http://www.drobo.com/products_droboshare.aspx
Interesting concept - I hadn't heard of them before. BUT, I don't like
using technologies that don't explain how they do things. This device
apparently DOES do redundancy (a REQUIREMENT in my opinion) BUT, it's
not clear how. It does not appear to use a "standard RAID" style of
redundancy so in the unlikely event that more than one drive failed, I'd
be concerned about how you could recover data - even with a data
recovery service. I'd consider it fine for anything not truly critical,
but otherwise, I tend to be more conservative and doubt I'd be using it
in your instance.
>
>>>> 7. Remote access options with SBS include Remote Web Workplace,
>>>> Sharepoint, and VPN.
>>>>
>>> This is a very good point, but with laptops being issued to many
>>> employees who travel, and using Gmail for e-mail and calendar features, I
>>> see the remote logon being less important. The only thing they'd need
>>> remote access to would be the local NAS, which we would probably set up
>>> with an FTP or something.
>> I hope you wouldn't use FTP. That's just inviting people to steal your
>> data. FTP is an insecure protocol, user names and passwords are
>> transmitted in clear text, meaning anyone who can catch a packet can
>> determine how to access your files. This is not exactly difficult for a
>> hacker.
> Good point. Could we circumvent this risk by using SSL?
If you can find appropriate clients that use SSL and can setup that as a
feature on your network. Does the Drobo device support SSL FTP?
SOMETHING has to.
Sharepoint, included free with Windows Server would seem like an ideal
document sharing platform for you.
>
>> What about accounting systems? Or maintenance?
>>
>>>> I have a few pages you might want to review to get a better
>>>> understanding of the SBS product and backup in general. You should also
>>>> might want to review the link on Volume Shadow Copy.
>>>>
>>>>
http://www.visualwin.com/VSS/
>>>>
http://www.lwcomputing.com/tips/static/sbs.asp
>>>>
http://www.lwcomputing.com/tips/static/backup.asp
>>> Thanks very much for taking the time to reply.
>> Couple of other tips -
>>
>> Get an account rep with Dell (or some other major vendor - my preference
>> is Dell) and for a business, stick to the OptiPlex, Latitude, Workstation,
>> and PowerVault lines. These systems are relatively cheap, come with
>> excellent warranties, and are GENERALLY highly reliable in my experience.
>> EVERYONE can make a lemon... and everyone can make a BATCH of lemons...
>> but in my experience, you have very good odds of NOT having too many
>> lemons and when you do, getting them repaired quickly, when using Dell.
>> (I despise HP - every time I've called their support for ANYTHING I get
>> routed to India and get a different, lame suggestion as to how to repair
>> something. Again, in my experience, 50/50 chance you hit the Dell India
>> support queue... but that's a 50% better chance than you have with HP...