Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Data Storage Networking IT

Ask Slashdot: Stepping Down From an Office Server To NAS-Only? 227

Posted by timothy
from the feel-so-naked dept.
First time accepted submitter rawket.scientist writes "I'm a full time lawyer and part time nerd doing most of the IT support for my small (~10 person) firm. We make heavy use of our old Windows Server 2003 machine for networked storage, and we use it as a DNS server (by choice, not necessity), but we don't use it for our e-mail, web hosting, productivity or software licensing. No Sharepoint, no Exchange, etc. Now old faithful is giving signs of giving out, and I'm seriously considering replacing it with a NAS device like the Synology DS1512+ or Dell PowerVault NX200. Am I penny-wise but pound foolish here? And is it overambitious for someone who's only dabbled in networking 101 to think of setting up a satisfactory, secure VPN or FTP server on one of these? We've had outside consultants and support in the past, but I always get the first 'Why is it doing this?' call, and I like to have the answer, especially if I was the one who recommended the hardware."
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Stepping Down From an Office Server To NAS-Only?

Comments Filter:
  • by Tukz (664339)

    I know "Cloud service" is such an awful term, but if you frequently access the data from outside the network, why not consider having the data online somewhere?

    Besides that, a NAS should do just fine.
    Either build on (FreeNas) yourself or buy one of the numerous premade systems.
    The VPN could be established on network level and not the NAS itself.

    • Re:Cloud (Score:5, Insightful)

      by brad-x (566807) <brad@brad-x.com> on Sunday July 22, 2012 @09:48AM (#40729697) Homepage
      If you have any expectations of maintaining confidentiality for yourselves or your clients, a cloud service is not for you. All cloud providers make claims as to the privacy of your data - when put to the test they'll hand it over to the wrong people in a heartbeat.
      • by snemarch (1086057)

        Use a service with client-side encryption (SpiderOak springs to mind, even if it has a terribad UI), or do your own encryption - problem solved.

        IMHO you shouldn't rely solely on cloud backup, though, bad things can happen even to datacenters... but it's a nice supplement to your local backup.

        • Re: (Score:2, Informative)

          by Anonymous Coward

          Unfortunately, you are not familiar with technical ineptitude of the laws of the US. There is a quite a debate within legal communities regarding whether storing data in the cloud (encrypted or not) breaks lawyer client confidentiality.

          • Re:Cloud (Score:4, Informative)

            by Anonymous Coward on Sunday July 22, 2012 @01:00PM (#40730733)
            Don't know about client-attorney privilege, but anything medical is a HIPAA no-no. We actually used a "cloud" vendor who we caught using our info for their marketing purposes. We called them on the carpet about it, but they denied all such use, and they had the balls to threaten us with slander lawsuits. The doctors decided that they couldn't afford to make a big stink about it, but we immediately stopped using them.
      • by Hanzie (16075) *

        +1

      • by xQx (5744)
        Look... The way most sysadmins run their local servers, the way most users have crappy passwords, and the fact that even in 2012, social engineering works just as well as it did in 1992, your data isn't that bloody confidential anyway.

        You would be one of 100,000 customers of any given "evil cloud provider", unless you are involved in something that your government or it's allies finds distasteful - YOU ARE JUST NOT THAT IMPORTANT.

        Most of the terms and conditions you sign with cloud providers boil down to "w
    • by Dan667 (564390)
      replace the word "cloud" with "mainframe" if you want to know all the problems with this approach when you search the internet. Mainframe problems have not changed, just the marketing.
  • Nas4free or freenas (Score:2, Informative)

    by Anonymous Coward

    I highly recommend nas4free. Easy setup all around including windows shares. Plus zfs is a big plus and high on the geek scale

  • Just did the same (Score:3, Informative)

    by Anonymous Coward on Sunday July 22, 2012 @09:36AM (#40729637)

    I just did the same for a client who had downsized. We moved from a rackmount Xserve and RAID solution down to a Mac mini server (for DNS and few other tasks) and a Synology NAS. It was my first Synology, but I was very pleased. It was fairly easy to configure, and has been trouble free so far. It offers excellent outside access via web interface, and has a built in SSL VPN. The largest issue I had with it was configuring a rotating backup. I ended up using the Mac mini for the backup. The client's been very pleased with the solution, which sits on a desk. The server room has been cleared out.

    • I vote no-NAS (Score:5, Interesting)

      by Anonymous Brave Guy (457657) on Sunday July 22, 2012 @12:26PM (#40730557)

      We also went through this a while ago, but the other way around. After kitting out a small office network, the one purchase we really regretted was the NAS (a Cisco-branded device, which in fact is a rebadged QNAP).

      The hardware has not failed and supports hot-swapping drives if necessary, but those are about the only good things I have to say about this unit. It is in all other respects just a very limited and relatively expensive Linux server, where essential operations like scheduling regular, secure off-site back-ups are absurdly difficult, and where you can't easily install other server software (e-mail, calendars, DHCP, RADIUS, whatever) unless whoever supplied your NAS happens to make some sort of plug-in available for their particular style of firmware. Even Cisco gave up trying to provide any meaningful support in this area within a few months of the device launching, eventually just providing a mechanism for people to upgrade their firmware to QNAP's own.

      When we were investigating options for a new device earlier this year, it looked like more recent NAS devices from other suppliers were little better, maybe differing in some of the details but essentially still the same old story.

      My conclusion: NAS devices are for non-technical home users who want to plug in and go. If you're running a real business with serious requirements, and you have moderate Linux skills and/or a modest budget to bring in someone who does when you need them, then buy a real server with a specification suitable for your requirements. There is absolutely no advantage to buying a NAS for someone in that position, IME.

      • Re: (Score:2, Informative)

        by Cederic (9623)

        My conclusion: NAS devices are for non-technical home users who want to plug in and go. If you're running a real business with serious requirements, and you have moderate Linux skills and/or a modest budget to bring in someone who does when you need them, then buy a real server with a specification suitable for your requirements. There is absolutely no advantage to buying a NAS for someone in that position, IME.

        Depends on the NAS device. I work for a UK clearing bank and we have customer and financial data on a SAN but there are terabytes of documents in various forms on NAS devices.

        Sure, these aren't your £240 WD Live Book Duo (which I use at home, can install my own software on, and am delighted with) but don't be dissing off the shelf NAS solutions. Just buy one that meets your needs.

        you can't easily install other server software (e-mail, calendars, DHCP, RADIUS, whatever) unless whoever supplied your NAS happens to make some sort of plug-in available for their particular style of firmware

        Oh, my misunderstanding. I thought that when you said "running a real business" you actually meant a real business. W

        • Your snarky reply does not change the fact that a real server could do everything the NAS could do and many other things as well. A NAS is just a server with a lot of hard disks, a lot of limitations, and hopefully at least some decent preinstalled networking, access control and storage management tools so it has some vague semblance of value.

          If you disagree then perhaps, instead of making vague allusions to some mysterious high-end kind of NAS, you would do us all the courtesy of stating specific models an

      • Re:I vote no-NAS (Score:5, Insightful)

        by jeff4747 (256583) on Sunday July 22, 2012 @05:53PM (#40732185)

        and where you can't easily install other server software (e-mail, calendars, DHCP, RADIUS, whatever) unless whoever supplied your NAS happens to make some sort of plug-in available for their particular style of firmware

        So you needed a real server, and were surprised when a NAS didn't meet your requirements?

        The problem isn't the NAS. It's you. If you need a real server, don't install a NAS and then whine when it's not a real server.

        • So you needed a real server, and were surprised when a NAS didn't meet your requirements?

          No, at the time we set the network up, we just needed some reliable mass storage. We assumed, foolishly as it turned out, that getting a NAS would be the quickest and easiest way to achieve that.

          We soon discovered that setting up the NAS was no easier than setting up a real server. In fact, it was more awkward, in the sense that it's probably still using much the same Linux tools as a real server under the hood, but you can't use all the familiar sysadmin knowledge your team has because you have to configur

      • Re:I vote no-NAS (Score:4, Informative)

        by Local ID10T (790134) <ID10T.L.USER@gmail.com> on Sunday July 22, 2012 @08:14PM (#40732845) Homepage

        Your experience with the QNAP NAS sounds pretty crappy.

        I have installed Synology NAS DS212s in a couple of my retail locations to replace servers (that were really only used for hosting shared folders...) and found them to be inexpensive, fast, quiet, reliable, simple to configure and maintain, small footprint, and extremely energy efficient.

        The Synology NAS is currently configured for:

        • hosting folders shared by various teams
          (users are on Macs, Windows, and Linux desktops)
        • hosting personal folders for each staff member
        • backing up files hosted on a few specific workstations -with user-browsable versioned backups ala Apple's Time Machine
          (HR and Payroll desktops are backed up once daily, point-of-sale is backed up hourly using a plugin that allows a snapshot backup of the databases without interrupting it's near constant use)
        • VPN endpoint server allowing mobile users to connect to their network files
        • VPN linking two sites -configured to make this site and its sibling appear to be on the same LAN segment to users
        • VPN client connection to a third site where the NAS backs itself up using RSYNC
          (the host system then backs this data up as part of it's own backup scheme)
        • anti-virus for hosted files.

        The Synology NAS boxes are running a fairly standard Linux with a custom GUI overlay. They maintain their own packages for various applications, but you can log in to a shell and install/configure as you wish.

        YMMV

  • by mseeger (40923) on Sunday July 22, 2012 @09:36AM (#40729639)

    My experiences with a QNAP TS-459U-SP+ are quite good. With the QPKG-Extensions, you even get non-standard services installed.

    I would still recommend to have a small 19 inch rack (on wheels) for noise protection and to have some space for expansion.

    • by mwvdlee (775178) on Sunday July 22, 2012 @11:56AM (#40730361) Homepage

      After how they massively shafted their entire customerbase (including me) with the NMP-1000 and NMP-1000P mediatanks, I will never buy a QNAP product again.

      • by mrmeval (662166)

        It would bolster your claim if you're post a link to a discussion of this.

        • by mwvdlee (775178) on Monday July 23, 2012 @01:03AM (#40733979) Homepage

          Link to the official QNAP forum: http://forum.qnap.com/viewforum.php?f=176 [qnap.com]
          Many open bugs in core features, no support.

          Here's a short list of NMP-1000 features, and how well they actually work on the latest firmware:
          * Playback of video files encoded in H.264 - Almost no H.264 encoded files work. Most playback either choppy or not at all.
          * Plays lots of digital music format, including FLAC, PCM, WMA, AC3, DTS, and WAV - Many WMA files don't play. Not all DTS encoding works.
          * Supports almost all popular media formats files such as MKV(H.264), M2TS(Bluray) and AVI - MKV files rarely work.
          * Apple movie trailers & Flickr, Youtube, Internet Radio, Shoutcast - Only Shoutcast works for about half of the listed channels, the rest doesn't.
          * Bittorrent support - Maximum download speed ~13kb/s, cannot recover from paused downloads, crashes every few hours.
          * NAS - Transfer speed less than a cheap NAS harddisk.

          These are just the issues I encountered personally. Apparently playback is much worse depending on how you rip the files.

  • Synology (Score:5, Informative)

    by GordonCopestake (941689) on Sunday July 22, 2012 @09:44AM (#40729669) Journal

    I recently installed a small DS212+ for a small office of 5 using around 1tb of data. The NAS was chosen as a low cost option but after running it for a few weeks it's actually better than a windows box for this use case, mostly because of its excellent software and ease of use. It has a built in VPN server and access to a host of 3rd party apps. Highly recommended.

    • Re:Synology (Score:5, Informative)

      by AliasMarlowe (1042386) on Sunday July 22, 2012 @10:58AM (#40730011) Journal

      I recently installed a small DS212+ for a small office of 5 using around 1tb of data. The NAS was chosen as a low cost option but after running it for a few weeks it's actually better than a windows box for this use case, mostly because of its excellent software and ease of use. It has a built in VPN server and access to a host of 3rd party apps. Highly recommended.

      Agree with the recommendation for Synology; they're hard to beat on value although you can find cheaper NAS boxes. I presently have both a DS207 (1TB) and a DS211 (6TB), and they work like a charm. Both are configured with a pair of disks in RAID0 so they're fairly quick, and have automatic incremental backup to a group of USB drives. Synology's web server is solid enough, but you might want to harden it with suitable Apache configuration files and sensible policies. As parent said, there are excellent free applications [synology.com] available for download - we use their mail server, media server, and photo station, but there are also DHCP, VPN, LDAP, and ERP possibilities.

      A DS1512 would absolutely blow away the DS211 in performance, and is marketed as being suitable for use by SMEs.

      • Re:Synology (Score:5, Informative)

        by Pete (big-pete) (253496) * <peter_endean@hotmail.com> on Sunday July 22, 2012 @01:12PM (#40730795)

        Agree with the recommendation for Synology; they're hard to beat on value although you can find cheaper NAS boxes. I presently have both a DS207 (1TB) and a DS211 (6TB), and they work like a charm. Both are configured with a pair of disks in RAID0 so they're fairly quick...

        I also definitely recommend Synology NAS solutions - very capable machines and the company is committed to follow-up with their software updates. You buy the NAS now, and as they release continual updates to their firmware, it just gets better and better "for free".

        On the other hand, I would never recommend running a NAS with disks in RAID0 - you run a NAS to store your data and to be completely reliable, I configure my DS508 in RAID5, and if I was running in an enterprise with a DS1512+ then I would certainly consider running in RAID6. I have "lost" a disk in my RAID5, and the NAS rebuilt easily once I replaced it - but if you lose a disk in RAID0, then wave goodbye to your data. Unfortunately disks are not 100% reliable, and the speed increase means nothing as soon as you start accessing the NAS over a network.

        -- Pete.

        • Oh, and much as I hate replying to myself, I just remembered another very handy nice feature of Synology NAS boxes, they have a nice easy-to-use mechanism to backup the contents to another Synology box over the network. This is handy in upgrading, and in an enterprise environment it's a nice way to have an up-to-date redundant solution in case the worst happens. So if you have the budget and you want to have belt-and-braces (and in a law firm I hope both of these are the case) then I'd probably recommend g

  • by obarthelemy (160321) on Sunday July 22, 2012 @09:46AM (#40729675)

    If you just want networked storage, anything will do. Don't forget backups (several of those, some offline, some in a safe place), access control, intrusion detection... Probably get RAID too (RAID is *NOT* a backup) for higher availability and uptime.

    You mention stuff your server doesn't do. Does it mean you'd like to do it ? Are you doing it another way ?

    If you work in a law office (you said you're a lawyer, not that you're in a law office ?) are there specific legal requirements regarding auditing, security, confidentiality ... ?

    Are you OK with people making backups of files and leaving with them when they are fired or resign ? ...

    • by jovius (974690)

      I went through about the same process and in the end decided to build everything myself. I wanted to have full control of the system and the system needed be expandable: a mini-ATX board, memory, drives (2*2TB for storage and 1 16GB SSD for the OS) and the enclosure. For the OS I chose Ubuntu, although some other distro may be more optimized for the purpose (I mostly connect to the box with SSH). If one goes the most minified route the ready system can be fit in a shoe box. The board I have is passively coo

    • Agreed that RAID is a must, as is independent backup. At present, we have a tape drive. Sometimes the secretary remembers to run it, sometimes she doesn't. But even when she does, she keeps the tapes on site and close by "so we don't lose them". One small fire, one small flood, one pissant vandal, and *shudder*. I know the cloud backup providers will surrender to subpoena power without a fight. But I also know how to get a protective order on attorney-client privileged files after the subpoena is issu
      • But if cloud-based backups (especially automated, encrypted cloud-based backups) let us mitigate our disaster risk and cut out the oops-forgot-to-change-the-tape factor, they're the lesser of two evils.

        Since you're a lawyer, I'll just strongly suggest here that you read the terms of any on-line backup service you're considering using with the same care that you would review a document for a client. We did, and despite not being lawyers, we decided pretty quickly that we wouldn't use any of the ones we were considering.

        The clue was in the way they could typically shut down their respective services at about five minutes' notice with little if any guarantee that we would be able to retrieve backed-up data i

  • It will be fine (Score:4, Insightful)

    by slaker (53818) on Sunday July 22, 2012 @09:47AM (#40729693)

    You're barely using the capabilities of the machine you have now and you don't have any reason to keep the server. Get a decent VPN-capable router or pay $20/year for LogMeIn Hamachi if that's a need and combine it with a Synology or QNAP NAS. Those have firmware that's relatively straightforward to support and if there's ever a need for more advanced file services, they're already baked into the device.

    Do make sure you buy decent disk drives for it. "Green" or "Eco" drives from WD or Seagate work for shit in disk arrays.

    This really won't be a downgrade for you. It will actually probably make your life easier.

    • by iamgnat (1015755)

      Do make sure you buy decent disk drives for it. "Green" or "Eco" drives from WD or Seagate work for shit in disk arrays.

      My WD greens have been running in my NAS for almost 3 years and have been fine. One was bad upon receipt, but the supplier RMA'd at no cost to me. If I ever get off my ass to complete my warm backup array, I'll use the same drives.

      • Did you put them in a RAID? Green drivers suck AT A RAID. If you don't put them in a RAID, they'll do fine.

        If you don't access those files a lot, and don't use a RAID, those green drivers are great. They'll save power and last more.

        • by iamgnat (1015755)

          RAID5 with a stand-by hot spare that I rotate in periodically (speaking of...). Where I see performance issue is network bandwidth due to my choice to use iSCSI so I can use an unsupported (by the NAS itself) filesystem and an authentication/sharing system that is native to the majority of the client machines that use the space. Even with GigE large files can be annoyingly slow even if I'd doing the work on from the iSCSI controller where I can watch and see that the network IO is maxed out.

          • ...this seems like a good time/place to ask for advice.

            I'm setting up an external, hardware raid1 disk dock as an on-site back-up solution.

            I know 'raid is not a back-up' but I'm planning to use this as a once a week back-up of my internal HDD, I'm talking a home/single computer environment.

            The specifics are a StarTech, 2 disc dock with on-board raid 1 and 2x WD Black HDDs. As I said, I'd be making back-ups weekly and it wouldn't be attached to anything at other times. I realise that this is an on-site
        • I have one or two WD greens in my storage array (which is RAID 5) right now. Have for years, and they've been fine.
    • by Chewbacon (797801)
      Really depends on what you're using it for. HD intensive applications would make "green" drives a bad choice. I started going to green drives to save energy with my home server, which is used really for backups and media sharing. Just my wife and I using it. For sharing of documents and such, I'd think it would be worth trying in the environment discussed above.
  • AD Domain Services (Score:5, Informative)

    by Anonymous Coward on Sunday July 22, 2012 @09:52AM (#40729715)

    Do you have an Active Directory domain? Domain users and groups are much easier to manage for file access than a bunch of local accounts. I'd keep using a full server just for that, but that depends on your security model.

    • We do have an Active Directory domain. We aren't using it for anything but one-size-fits-all login credentials.
    • by phayes (202222)

      When all your files are on a single server/NAS, and all you want are the services he asked for, an AD just adds complications & is no easier than just using the server's local authentication.

  • by Bert64 (520050) <bert@s[ ]hdot.fi ... m ['las' in gap]> on Sunday July 22, 2012 @09:53AM (#40729725) Homepage

    Most of the NAS boxes are embedded linux boxes, usually running on a low power CPU of some kind...

    With most of these its possible to get shell access and install whatever you want on them, although for things like setting up a vpn on it you will probably need kernel level support which may or may not be present in the stock kernel supplied with the device.
    That said, presumably you have some kind of router or nat device too, which will almost certainly have some level of vpn capability by default.

    Running a DNS server should be trivial.. I personally run a couple of buffalo 4-drive nas boxes, and just looking through the package list i see bind and dnsmasq, both perfectly capable dns servers depending on your requirements.

    I do take issue with the term "secure vpn", nothing is totally secure as such a name implies.

    • by Idbar (1034346)
      You're right. I'd like to know further about the needs of the poster. But I didn't know about NX200s, just checked, and for that price, I see you could get either a huge capacity Buffalo Terastation, or a couple of Synology or QNAP and try to set them up for physical diversity.

      It all really depends if he only wants storage, or some kind of performance. Some of these new NAS come with Core-i3, while older come with Atom processors, and others with ARM (Like I think those from WD), which may be enough for
    • Re:NAS (Score:5, Insightful)

      by Antique Geekmeister (740220) on Sunday July 22, 2012 @10:37AM (#40729921)

      For your own safety and piece of mind, do not do this. As a part-time support person in a small environment, you don't have the time to master the subtleties of effectively rootkitting a commercial server and maintaining special, out-of-band, non-vendor supported services on it. It's likely to break down at unpredictable times with basic system updates and network firewall changes associated with the NAS services themselves.

      Strongly, strongly consider fragmenting the functions. A VPN and firewall box, running on a small physical applicance, is generally much safer to expose to the Internet than a Windows server that will requirely monthly major updates and possible reboots and possibly daily vital security updates that are too late to salvage the system from what it's _already_ been exposed to.

      Oh, yes. Lose the FTP server, unless it's only for upload from your clients and there is no "browsing" function for the files already uploaded. FTP packets are sniffed on a frequent basis on poorly manged, publicly exposed routers and network switches for login names and passwords. It exposes you and your clients to all sorts of security issues if they're using their Windows login names and passwords for FTP access. There are numerous ways to do this better: gather your requirements first, and you can assess whether HTTPS, SFTP, FTPS, or something else might be better. The only reasons to use FTP now are obsolete clients that cannot be upgraded, technical people who refuse to be educated, and publicly accessible download sites with anonymous access.

      • Re:NAS (Score:4, Insightful)

        by sprior (249994) on Sunday July 22, 2012 @11:21AM (#40730105) Homepage

        I completely agree with the idea of breaking this up into multiple machines. Keeping everything together on the same machine is often referred to as a busybox and means that any security holes in the pieces may be used together to compromise the machine and once that machine is compromised the attacker has full control over the family jewels.

        I'd keep the router, VPN, DHCP, and DNS functions on its own box. I went with a barebones Supermicro box for around $300 bought from Newegg and installed the pfSense router/firewall on it. Once you get past some learning curve it is very easy to administer through the web interface and the entire config is saved to one file and easy to keep a copy of, so if things go horribly wrong you can rebuild it easily and quickly.

      • I'll readily concede that I cannot root-proof a NAS device on my own, or anything else for that matter. I'm pretty limited in my ability to troubleshoot a mis-configured firewall, too. But we have to have something, and I'm mainly wondering if a NAS device is inherently more vulnerable or more buggy than a full-on file server.

        Clients emphatically do not have access to our file server. Quite a few of them are facing very serious criminal charges, and a certain number might even be guilty. Frequently a
        • by QQBoss (2527196)

          Clients emphatically do not have access to our file server. Quite a few of them are facing very serious criminal charges, and a certain number might even be guilty. Frequently a client will want to send us files; we accept those by e-mail or physical media. Occasionally a client will ask for a copy of his file; we're pleased to burn that to CD-ROM.

          Heh!

    • by Shoten (260439)

      I do take issue with the term "secure vpn", nothing is totally secure as such a name implies.

      Only a noob thinks that anything is totally secure, but there's definitely a difference between "secure" and "not secure." The term is not invalid just because it is not absolute, any more than the word "safe" is invalid to refer to a firearm with the safety on. Do safeties fail? Yes. Do they not make a huge difference in the probablity of an accidental discharge? Also, yes. Thus, the term is valid and holds utility because it does define a meaningful state where risk is significantly reduced. The sa

      • I do take issue with the term "secure vpn", nothing is totally secure as such a name implies.

        Only a noob thinks that anything is totally secure, but there's definitely a difference between "secure" and "not secure." The term is not invalid just because it is not absolute....the term is valid and holds utility because it does define a meaningful state where risk is significantly reduced...the fact that there are no magic bullets that are entirely without risk does not invalidate an entire lexicon of security.

        Thank you. Is it not pathetic that this point needs to be made EVERY time the word "secure" comes up, because some pedant is all "zomg nothing is secure!!!111"

      • by Bert64 (520050)

        What "meaningful state" ? To what level is risk reduced? Are you saying that something should be labelled "secure" because someone has made a minimal token effort to put even the most trivial level of authentication on it?
        This is a misused marketing word, aiming to imply that the competitor's products are somehow massively insecure, even when the reality could be completely different. I have seen many products advertised as "secure" with gaping holes, similarly there are many products with no such advertisi

        • by Shoten (260439)

          If you think that abuse of a word means the word becomes invalid, then you'd end up with an incredibly abbreviated vocabulary. "Best," "better," "good," "intelligent," "pretty," "fit"...I can go on and on, listing the words that would become invalid. Just because one person lies doesn't mean the word has no relevance when it's used to represent the truth. And you don't have to calibrate terms like these in order to use them. You're making up characteristics of some mythical VPN you imagine, which in fac

  • by Anonymous Coward on Sunday July 22, 2012 @10:22AM (#40729857)

    Find out what you need to do, first, I just spent a disastrous contract job with a company that said "get us bids, then we'll write the specs". And all the groundwork that was necessary for *whichiver bid they accepted*, including storage integration cleanup and getting formerly neglected projects onto backup, met tooth and nail resistance and insistent project review from the current IT staff who had *no idea* and couldn't be bothered to know what their current system did, they were "too busy". They had enough time to complain bitterly about how their old debris was better, when it didn't meet the most basic requirements of reliable backup, recoverability, or supportable technologies.

    For someone being paid hourly and who was smart enough to write in the inevitable support calls as billable time, it made me a lot of money, but they made themselves unhappy because they acted like Java programmers. There's an unstated, unstable, never documented API, and they'd just throw it over the wall in one of their endless meetings of people who have nothing to do with the work, to someone in their group who didn't get to go to the meeting, and toss it out to me. "And Then A Miracle Occurs." And boy, did I make miracles occur behind the scenes!!! I'm looking forward like hell to when these clowns go to the Cloud. I am going to make *so much money* translating their last rounds of ill-conceived fractureware practices into the sort of large-scale, but limited API features that the Cloud is actually good at.

    In your case, if I had time to take on the job, I'd separate security functions such as VPN from the storage system. Assess if you're an all CIFS storage shop, how much you need, and what your backup and archival storage requirements are. (In a law firm, that archival storage requirement is critical.) Assess your database and email storage backup requirements. (Again, as a law firm, your email storage requirements are important.) And assess ease of recovery of lost data versus the risk of having material your clients would prefer did not show up in a subpoena. (Lawyer/client privilege is vital, so is having only *half* the material show up in the subpoena, the half that makes your client look guilty, without the evidence that clears them.)

    NAS's work very well: most of them are Samba behind the scenes, and many of them do NFS as well as CIFS. Don't do that: the privileges for CIFS access and NFS access are very, very different and had to resolve in real life. NAS's also work great for off-site backup: simply swap backup storage devices and take one offsite, then swap regularly.

    Think hard about that VPN technology. All Windows boxes support PPTP built-in, and despite the great cries of "oooohhhh, IPSEC is so much better" I've seen no reliable reports that there's a genuine performance or security improvment. The big risks are that the software won't work (which is extremely common with IPSEC and peculiar Windows flavors still in use), and that people will leave themselves logged in with their screens unlocked or their remote systems rootkitted. (VPN's do nothing to address this: good firewall management of the VPN connection does, and this has *nothing to do* with the underlying VPN technology.) IPSEC supports lots of expensive RSA key technologies that you can spend a lot of money for, and which most clients *HATE, HATE, HATE* because they lose those damn funky keychain fobs, which could have been designed better by a bunch of random number generators taking a Java garbage collection break from writing Hamlet.

  • by Melakh (2670043) on Sunday July 22, 2012 @10:25AM (#40729875)
    Since you want to be the IT admin guy off the side of your desk, the short answer is - can you manage it on a NAS? If not then stick with what you know and focus on your day job - the first time you have to spend 2 days fixing or configuring something that's new you'll have blown any cost savings from getting a server anyway. I run what you're describing, though I let the router handle VPN access. If you stick with Windows Server, everything you want to try and do will have a solution you can find in 2 mins on Google, if you go onto a proprietary NAS you will end up working around a lot of things to get them how you need them - Offline files for your users will be a little bit cranky, how you do backups will be limited to the NAS' interface, if you want your security settings 'just-so' (presumably important in your industry) you'll need to make sure the NAS software can cope with that.
    • At this point, I've flushed about two days of what would otherwise be billable hours in trying to nurse our old server back to health, and now I'm here on Sunday trying to figure out where to go next. You're right that the process would have been worse if I hadn't been able to look up and quickly decipher a few key error messages online, but I regard a certain amount of time as the price of doing business.

      With Windows, I'd call myself a power user, but I'm no full fledged network admin. I'm not intimid
      • Sure, but that's an old dying server. A NAS doesn't spare you from that pain. NAS's can be old and dying as well.

        At the point you're at, the most cost efficient option would actually be just getting a new server and migrating the data over. No having to muddle with un-ADing everything and get everything onto a NAS. Same services on more stable hardware.

        Moving off of Windows to a NAS is a giant unknown. Running on Active Directory means everyone's files are on the server (ideally, if it's set up right), and

  • You might look into Thecus [thecus.com]. I've had the N7700 for about 3 years now on the recommendation of someone who has a N5400 (and had it for a few years before I got mine) and (after I got mine) got his sister to buy a N7700PRO that he manages for her. There is no built-in DNS or VPN support, but some quick Google searches show that someone built a DNS module and it looks like there might be a VPN module too (I haven't used either so I can't speak to if or how well they work).

    I did have my motherboard die 2 months

  • by proxima (165692) on Sunday July 22, 2012 @10:43AM (#40729953)

    I'm more familiar with Synology NASes (albeit on the consumer side) and Dell servers (instead of that NAS). Coming from a Linux sysadmin background, I was impressed with how the Synology combined pretty easy GUI management while not preventing you from doing stuff on the back end Linux side. You can play around with Synology's web interface yourself online [synology.com]. It's pretty cool what they can do with a bunch of javascript.

    These things are built for file serving, and it's about as easy as it gets to set up. They also package all sorts of stuff as add-on services, though I don't personally use DNS. My complaint with the home-designed versions in the past is that they skimped on RAM, making them less useful for any kind of real server application. The higher end models like the 1512+ do better, and for just DNS and file serving it should be more than sufficient. Don't expect it to compete with a $1500 server in terms of computational performance, obviously, but it should be able to pretty much max out the drives' performance.

    I had a drive die on my personal NAS, and the process went exactly as it should: it emailed me saying there might be problems; I did an extended SMART test via the GUI to double check it; I obtained an RMA for the drive and installed it; it restored to the new drive without incident.

    • by wkk2 (808881)

      Make sure your service agreement allows you to destroy a failed drive, for credit, instead of doing an RMA.

  • I'm curious as to what the business case is to replace your current server? You say that it is on it's "last legs" but didn't say exactly what this means. Is it end-of-life, running out of room, running slow? End-of-life definitely means replacement but the other two are solvable.

    There are fundamental questions that you need to answer before deciding to select a replacement using different technology. For example, have you factored in the replacement for any add-on software (i.e. anti-virus, encryption,

    • It's end-of-life, insofar as it's running Server 2003, out of warranty, and developed a persistent RAID error that has defied diagnosis and cure over about two days and four tech support calls of attempts.
  • by StormyWeather (543593) on Sunday July 22, 2012 @10:54AM (#40729989) Homepage

    I haven't seen it here, but you could pick up something like a dell optiplex 755 for dirt cheap on ebay, put a raid card in it, a couple 1tb hard drives, and put linux on it, and make shares using samba. That's exactly what we do at our IT shop, and it works fine for us. We install windows servers all the time, but we just don't need it, and our email is gmail, our web services are VPS servers at a host. If you are worried about replacement parts you could just order two of the exact same machine and keep one dark :)

    My suggestion no matter what people here say is to then do a backup to the cloud using Jungledisk as a client, and Amazon or Rackspace as a storage provider. If you generate your security keys and opt not to give them to Jungledisk the keys to store for you then I'm not exactly sure how they are going to cough up your data to the "wrong people." The only people that could legally get them to turn over data would be the feds, and that would be your dream since it would mean they invaded your client attorney privilege thus pretty much self destructing any case they might have had. If they were going to get your data from a cloud service, it would be a lot easier to just bust into your office, but that doesn't happen at least by the government as it's self defeating.

    • Single best answer I've heard here, if it's specifically storage space that's needed. If I can be a bit pedantic though, I don't think an Optiplex 755 would be the best unit to use though, simply because those towers invariably only have space for two hard disks, so you'd need a new case. Even if you transplanted the case, you'd all need a new PSU since those things are basically custom wired for that case, so now you're replacing the power supply, so you're basically buying an Optiplex for the mobo/CPU/RAM

  • Everyone's saying "cloud, cloud," but I don't think that's necessarily a great idea. Why? Latency, for one...being a law firm, I assume your primary application for users is Microsoft Word. So, imagine that you have a Word document open, not on the other end of a switched 100MB or 1GB link, but at the other end of a 30MB connection that you share with everyone else in the office. You double-click on the document, and wait while it is downloaded. Now, mind you, you also have to think about the autosave

  • I'm a full time IT consultant and run the legal department for our admittedly small firm. We've recently been sued for breech of contract and was wondering if you could suggest the best approach to defend ourselves. Hmm, maybe not don't you think? I probably don't need to tell you that records and files are a critical asset to the success of any legal firm. Your requirements for security, confidentiality, recoverability are core to your business and each of these need to understood before selecting the ri
  • it's a great way to configure all your Windows machines without having to go and physically touch each computer.

    That said, there's nothing wrong with using an AD domain controller for that purpose and then having a NAS for file storage, especially if the NAS can integrate with AD so you can get the permissions set easily.

  • I suggest taking a look at Windows Server 2012 File Server role - W2K12 - deduplication is an in box feature
    - SMB Multichannel - better performance uisng 4 TCP channels
    - Storage Spaces - SAN like features with no special hardware (this is not dynamic volume)
    - Thin provisioning - using Spaces, Windows can create TP LUNs
    - NFS 4 server - in box role in W2K12
    - Resilient File System (ReFS) - high degree of compatibility with the most common NTFS features, but has resiliency and scalability features th
  • It depends on what you use the system for. If it's only for simple file sharing, then a NAS would be fine. But if you want to use the server to manage updates and backups, which you should, then consider a Windows SBS 2011 Essentials server. It is a bit pricey but it pulls backups from all of your systems, and you can set up a WSUS server so you only have to authorize updates once--then each system will pull the update from the server when it's time to shut down. It definitely makes life a lot easier compar

  • This is a fairly clear case where Samba [samba.org] would be of use for LAN access. It's quite simple to set up and runs very reliably on top of your favorite distro.

    For remote sharing, SFTP would be the way to go. SSHFS [linuxjournal.com] is a clever trick for very user-friendly remote access.

  • I have a Buffalo TeraStation that I use just for a NAS to store backups on, but I did notice it has quite a few powerful features that made me think, "hey, I ~could~ use this along with a decent router to pretty much meet the needs of a SOHO"

    I certainly think you ~could~ go this route, but honestly, I don't think you should. Here's why: those NAS units are pretty chill and the good ones have some kind of self-healing/recovery option ... like my TeraStation's Raid5. I've had a drive fail and it was a fairly

  • The first thing is to Blow the dust out before doing anything else then as you've already got Sunk Cost into the server, I'd look at it from the cost perspective of Repair/Replacement before doing anything else. Personally, I suspect that the real problem is that the drives are reaching the replacement point and though they're expensive right now, I'd suggest looking at at least a 1TB model such as the Samsung F3 or WD Black for reliability. On the software front, if you've been using Windows for a while, y

  • Question to OP: Are your workstations joined to the domain and using the 2K3 server as a login server? Are login scripts, group policy etc used on the ten computers? Or are they all standalone?
    If they are standalone, replacing the 2K3 with a NAS I'd say is a very good option.

    On a consulting basis I've converted a couple Windows SBS environments over to using a NAS. Users have been very happy with the change and these devices have performed well and been able to take over the function of the SBS provided they weren't using Sharepoint/Exchange.

    I have to say, the QNAP and Synology are very effective, and easy to setup appliances. A typical slightly tech-savvy person could set this up without a problem -- it's little more difificult than a home router. The interface is very intuitive.
    I've found the QNAP is a bit more robust in its feature set, and if you go with the Pro+ models (starting at like $400-$500 w/o disks) based on the intel Atom processor. This is like getting a linux box with an x86_64 architecture. The thing can run a mySQL server/webserver etc.

    After the initial setup, the NAS appliances need little/no maintenance. It can handle its own backup, or you can plugin an external disk and copy the array to it, alert you via-email if there's a drive/SMART issue,

    Now, if you do already have a domain/ADS environment, you'll have to bring in some slim little machine to replace the 2K3 server as a Domain Controller. Both QNAP and Synology can join a domain and use AD logins and groups as credentials, making login seamless if the computers are domain members (no prompt for login/password etc)
    Otherwise, you'd have to unjoin all the computers from the domain and make them standalone, and then migrate profiles back to local etc -- quite an IT expedition.
    If this is your situation, I'd recommend going ahead and upgrading to a 2K8 R2 server on a slim machine, and perhaps just using that rather than a separate NAS appliance.

    • It'd be fair to say we're underusing ADS. We have it, and we use it for our basic login credentials, but we don't really have any need to segregate our internal users into groups.
      • While you not really be using ADS for Group Policy or anything else, your machines are domain members -- so the user profiles are stored in a username.DOMAIN format in C:\Users or (XP) C:\Documents and Settings\. For users to not have to setup a whole new profile, you'll have to make sure to migrate this accordingly -- that means rename the folder, modify permissions, and maybe even hack the registry a bit.

        The Synology and QNAP (or any FreeNAS-based appliance) can be a domain member, meaning it can auth

  • With a generic OS you can do full disk encryption to protect the data in case the server is stolen. Truecrypt works on windows, probably even with software RAID, but I haven't tried it with RAID. If you do this, remember to encrypt the backups as well (in fact, even if you don't encrypt the main server, it's important to encrypt the backups as they can be easily stolen). Overall, I don't know what to recommend. A NAS box is easier to manage, but less flexible. If you only access a couple of GB of data frequ

    • by ericdano (113424)

      Though of course you'd want a UPS on that......would it really matter? He's a lawyer. Law documents. I don't think they'd need a cache.

  • by ericdano (113424) on Sunday July 22, 2012 @01:07PM (#40730767) Homepage

    A huge old Windows 2003 machine is sucking power like a highly paid prostitute. And you aren't using exchange? Why did you even consider Windows 2003 when you could have built/bought a Linux/Unix based server for quite a bit less. I mean, the license per seat of a Windows server is probably upwards of $1K for about 10 people. Isn't it? I know Dell and others were selling non-Windows servers over 10 years ago.......

    I'd wholeheartedly recommend getting a NAS. I have a Synology DS1512 that I got in April, upgrading from a ReadyNAS NV that I had for 5 years. Nothing against ReadyNAS/Netgear, that unit was robust and I never lost a single byte of data even though a few hard drives failed on it (gotta love RAID5). It is now serving as a backup device for my Synology unit.

    Anyhow, the Synology unit is LIGHTYEARS ahead of the Netgear stuff in terms of software and hardware. They have a whole line of stuff from 2 disk units to like 16 disk units. All of them run the same software. They are easy to configure, and maintain. You can easily set it up to be able to share files over a VPN with it. Or your can log in via the web and get documents. Or have it stream music and videos over the internet for you. Macs, PCs, whatever can hook up to it. They even have iOS/Android apps to monitor or access files from it (like a streaming audio app, video app, etc).

    The software and hardware is sound. I had a flakey DS1512 initially, buying it like the day after it was available. Some sort of ROM patch was needed. Synology was fairly good about providing me with a replacement (I did have to complain a lot to their support people). And the current 4.1 beta of their software is causing random crashes on my unit......but it is BETA after all. The release version is rock solid (DSM4). My DS1512 was running that since I got it and it never had any issues at all.

    I'd say that hands down, when I was researching a replacement to my aged ReadyNAS NV, the Synology software and hardware was the winner. And it has proven so far to be true. And I still have two more drive bays to fill on it......;-)

    • The main problem is that nothing in the Linux space comes close to how user-friendly and easy a simple Active Directory setup is for allowing users to login to any machine in the office. Or how easy it is to assign users to groups and have everything work properly.

      I've been looking at various directory servers for the past 2-3 years in the Linux land and *all* of them are either non-free, or require a lot of tweaking, or you have to play with alpha software (such as Samba4). Or you have to roll your own
    • Yeah, I know, sometimes juries forget that. :-) But with all respect to other posters, even a hundred happy campers aren't enough to prove out a product.

      You have a problem to solve. The solution will, over time, require more than just technology. Focus on the company at least as much as the technology. Where are they going to be in 3 years? How is their support? What kind of record do they have in the areas of retention and compliance?

      I support the suggestion to use a standalone firewall/vpn. Otherw
  • I went a bit overboard in buying one, but I'm really liking it now. I bought a DS1512+ and five 3TB hard drives for about $1600. So far, it's been great. It was a breeze to setup, it's using a hybrid RAID format that's expandable, and I've got an FTP running on it now. Using iSCSI to be able to map drives on my computer for apps that don't support network locations (hey Steam) is awesome.

    I'd highly recommend it.

  • If I wrote "I am a full time IT person and part time amateur lawyer for our IT service provision company", what would your advice be? Correct. Physician, heal thyself: stop messing about, ignore the DIY responses from Slashdot and pay someone to do the job properly. Being in charge of IT at a law firm is a deeply boring job, but you surely must have a local service provider for whom it's routine. The business of buying and selling houses is pretty tedious, but fortunately I know a good local guy who makes i
  • Two success stories...

    The first was a small business with a dozen workstations wherein a Windows SBS was dismantled and retired. Everthing was migrated to a small Synology (currently running their DSM 4.x), OpenDNS and Google Apps. Works well.

    The second is a medium size business I'm working with that has multiple sites. They're using Windows primarily for authentication. But all storage needs are taken care of by Synology DS1512+:
    http://www.synology.com/products/product.php?product_name=DS1512%2B&la [synology.com]

  • If you can afford it ($700, diskless) Drobo [drobo.com] is easily the best storage small business storage solution out there.

    • by ausrob (864993)
      I really like the Drobo range, great functionality and disk configuration options.. but found the pricing to be a bit too prohibitive. An alternative might be a Thecus (http://www.thecus.com/) which seem to be a fair bit cheaper but lack the innovative features of a Drobo. However I think they deliver a fairly solid platform of functionality for the price.
  • Articulate, looks like if a real answer comes up it could help others...

    is there hope for /. yet?

    -AI

  • I have installed Synology NAS DS212s in a couple of my retail locations to replace servers (that were really only used for hosting shared folders...) and found them to be inexpensive, fast, quiet, reliable, simple to configure and maintain, small footprint, and extremely energy efficient.

    The Synology NAS is currently configured for:

    • hosting folders shared by various teams
      (users are on Macs, Windows, and Linux desktops)
    • hosting personal folders for each staff member
    • backing up files hosted on a few specific w
  • by FlyingGuy (989135) <flyingguy.gmail@com> on Sunday July 22, 2012 @11:09PM (#40733631)

    As a lawyer you should not even consider it. Lawyers must guarantee confidentiality of all client work, you remember that part from law school right? You need a departmental server that says who gets access to what and you need to track who authored and who modified. You must ensure it is not only backed up and those backups safely stored, but discoverable.

    You also need a completely bullet proof journaling file system so you can un-delete documents that are inadvertently deleted and we are not even talking deliberate acts here, just and oops because the judge is not going to be very sympathetic and your opposing counsel will smile appreciatively when you don;t meet a filing deadline ( I forget the exact word when you must file by a certain date in order to have standing ).

    The above is the very reason most lawyers have not gone paperless. AFAIK, the only two products out there that meat the above criteria are a Windows or a Novell ( OES2 - linux with the Novell layer on top ) server. Now you can download Novell OES2 for free ( you have to create an account ) and they will try and get you to purchase support, but you are not required to but you would be a fool not to.

    The bottom line here is don't play fast and loose with your clients information if not for their sakes then for your own. Fucking this stuff will not only get you slapped with a huge malpractice suite but could damn well get you disbarred, but I figure you know that.

I am not now, nor have I ever been, a member of the demigodic party. -- Dennis Ritchie

Working...