Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Stepping Down From an Office Server To NAS-Only?

timothy posted more than 2 years ago | from the feel-so-naked dept.

Data Storage 227

First time accepted submitter rawket.scientist writes "I'm a full time lawyer and part time nerd doing most of the IT support for my small (~10 person) firm. We make heavy use of our old Windows Server 2003 machine for networked storage, and we use it as a DNS server (by choice, not necessity), but we don't use it for our e-mail, web hosting, productivity or software licensing. No Sharepoint, no Exchange, etc. Now old faithful is giving signs of giving out, and I'm seriously considering replacing it with a NAS device like the Synology DS1512+ or Dell PowerVault NX200. Am I penny-wise but pound foolish here? And is it overambitious for someone who's only dabbled in networking 101 to think of setting up a satisfactory, secure VPN or FTP server on one of these? We've had outside consultants and support in the past, but I always get the first 'Why is it doing this?' call, and I like to have the answer, especially if I was the one who recommended the hardware."

cancel ×

227 comments

Sorry! There are no comments related to the filter you selected.

Cloud (1)

Tukz (664339) | more than 2 years ago | (#40729627)

I know "Cloud service" is such an awful term, but if you frequently access the data from outside the network, why not consider having the data online somewhere?

Besides that, a NAS should do just fine.
Either build on (FreeNas) yourself or buy one of the numerous premade systems.
The VPN could be established on network level and not the NAS itself.

Re:Cloud (5, Insightful)

brad-x (566807) | more than 2 years ago | (#40729697)

If you have any expectations of maintaining confidentiality for yourselves or your clients, a cloud service is not for you. All cloud providers make claims as to the privacy of your data - when put to the test they'll hand it over to the wrong people in a heartbeat.

Re:Cloud (2)

snemarch (1086057) | more than 2 years ago | (#40729737)

Use a service with client-side encryption (SpiderOak springs to mind, even if it has a terribad UI), or do your own encryption - problem solved.

IMHO you shouldn't rely solely on cloud backup, though, bad things can happen even to datacenters... but it's a nice supplement to your local backup.

Re:Cloud (2, Informative)

Anonymous Coward | more than 2 years ago | (#40729983)

Unfortunately, you are not familiar with technical ineptitude of the laws of the US. There is a quite a debate within legal communities regarding whether storing data in the cloud (encrypted or not) breaks lawyer client confidentiality.

Re:Cloud (4, Informative)

Anonymous Coward | more than 2 years ago | (#40730733)

Don't know about client-attorney privilege, but anything medical is a HIPAA no-no. We actually used a "cloud" vendor who we caught using our info for their marketing purposes. We called them on the carpet about it, but they denied all such use, and they had the balls to threaten us with slander lawsuits. The doctors decided that they couldn't afford to make a big stink about it, but we immediately stopped using them.

Re:Cloud (1)

Hanzie (16075) | more than 2 years ago | (#40730675)

+1

Nas4free or freenas (2, Informative)

Anonymous Coward | more than 2 years ago | (#40729631)

I highly recommend nas4free. Easy setup all around including windows shares. Plus zfs is a big plus and high on the geek scale

Just did the same (3, Informative)

Anonymous Coward | more than 2 years ago | (#40729637)

I just did the same for a client who had downsized. We moved from a rackmount Xserve and RAID solution down to a Mac mini server (for DNS and few other tasks) and a Synology NAS. It was my first Synology, but I was very pleased. It was fairly easy to configure, and has been trouble free so far. It offers excellent outside access via web interface, and has a built in SSL VPN. The largest issue I had with it was configuring a rotating backup. I ended up using the Mac mini for the backup. The client's been very pleased with the solution, which sits on a desk. The server room has been cleared out.

Re:Just did the same (0)

Anonymous Coward | more than 2 years ago | (#40729803)

I certainly hope that they just had the Mac mini laying around unusued, cause if you made them buy a Mac just to run DNS and act as backup console you're an idiot.

The hardware they already had most likely could have been reloaded with a fresh OS and configured for very cheap. Hell an old workstation could handle those tasks easily.

Re:Just did the same (2, Interesting)

Anonymous Coward | more than 2 years ago | (#40730175)

Devil's advocate here. Since this is a production environment, even though the Mac doest cost, having the hardware backed by some sort of warranty is important. An old workstation breaking that stores all their critical law data may cause them downtime and such. It might even bring malpractice lawsuits from clients.

The Mac Mini can be called a "server", as Apple states that as well. This is important, not for hardware but for legal eagle stuff. Plus, if anything breaks, Apple is good at the consumer/SOHO level of getting stuff fixed. Enterprise, different story, but this is just one NAS we are meaning. If two internal drives which are mirrored can hold the needed data, that would be close to ideal. Of course, having a backup system, at the minimum rotating external USB hard disks between the law office and a secure offsite location (Iron Maiden is the standard, but you could use a climate controlled storage with a heavy duty safe inside.)

At the minimum, I'd buy a low end Dell or HP server and install an OS on that. That way, clients can be assured that some reasonable precautions are kept with their data.

Of course, for long term archiving, just saving files to a DVD or Blu-Ray drive may not cut it. I prefer at least two disks on optical media, as well as a backup on a HDD or flash, just to be safe. Stashing stuff in a TrueCrypt container on DropBox is also OK, but use a keyfile and not just a passphrase if one wants to not worry about brute force guessing.

I vote no-NAS (5, Interesting)

Anonymous Brave Guy (457657) | more than 2 years ago | (#40730557)

We also went through this a while ago, but the other way around. After kitting out a small office network, the one purchase we really regretted was the NAS (a Cisco-branded device, which in fact is a rebadged QNAP).

The hardware has not failed and supports hot-swapping drives if necessary, but those are about the only good things I have to say about this unit. It is in all other respects just a very limited and relatively expensive Linux server, where essential operations like scheduling regular, secure off-site back-ups are absurdly difficult, and where you can't easily install other server software (e-mail, calendars, DHCP, RADIUS, whatever) unless whoever supplied your NAS happens to make some sort of plug-in available for their particular style of firmware. Even Cisco gave up trying to provide any meaningful support in this area within a few months of the device launching, eventually just providing a mechanism for people to upgrade their firmware to QNAP's own.

When we were investigating options for a new device earlier this year, it looked like more recent NAS devices from other suppliers were little better, maybe differing in some of the details but essentially still the same old story.

My conclusion: NAS devices are for non-technical home users who want to plug in and go. If you're running a real business with serious requirements, and you have moderate Linux skills and/or a modest budget to bring in someone who does when you need them, then buy a real server with a specification suitable for your requirements. There is absolutely no advantage to buying a NAS for someone in that position, IME.

QNAP was my choice.... (3, Insightful)

mseeger (40923) | more than 2 years ago | (#40729639)

My experiences with a QNAP TS-459U-SP+ are quite good. With the QPKG-Extensions, you even get non-standard services installed.

I would still recommend to have a small 19 inch rack (on wheels) for noise protection and to have some space for expansion.

Re:QNAP was my choice.... (1)

Anonymous Coward | more than 2 years ago | (#40729967)

My experiences with a QNAP TS-459U-SP+ are quite good. With the QPKG-Extensions, you even get non-standard services installed.

I would still recommend to have a small 19 inch rack (on wheels) for noise protection and to have some space for expansion.

qnaps have done us proud, go take a look

Re:QNAP was my choice.... (3, Informative)

mwvdlee (775178) | more than 2 years ago | (#40730361)

After how they massively shafted their entire customerbase (including me) with the NMP-1000 and NMP-1000P mediatanks, I will never buy a QNAP product again.

Synology (5, Informative)

GordonCopestake (941689) | more than 2 years ago | (#40729669)

I recently installed a small DS212+ for a small office of 5 using around 1tb of data. The NAS was chosen as a low cost option but after running it for a few weeks it's actually better than a windows box for this use case, mostly because of its excellent software and ease of use. It has a built in VPN server and access to a host of 3rd party apps. Highly recommended.

Re:Synology (4, Informative)

AliasMarlowe (1042386) | more than 2 years ago | (#40730011)

I recently installed a small DS212+ for a small office of 5 using around 1tb of data. The NAS was chosen as a low cost option but after running it for a few weeks it's actually better than a windows box for this use case, mostly because of its excellent software and ease of use. It has a built in VPN server and access to a host of 3rd party apps. Highly recommended.

Agree with the recommendation for Synology; they're hard to beat on value although you can find cheaper NAS boxes. I presently have both a DS207 (1TB) and a DS211 (6TB), and they work like a charm. Both are configured with a pair of disks in RAID0 so they're fairly quick, and have automatic incremental backup to a group of USB drives. Synology's web server is solid enough, but you might want to harden it with suitable Apache configuration files and sensible policies. As parent said, there are excellent free applications [synology.com] available for download - we use their mail server, media server, and photo station, but there are also DHCP, VPN, LDAP, and ERP possibilities.

A DS1512 would absolutely blow away the DS211 in performance, and is marketed as being suitable for use by SMEs.

Re:Synology (4, Informative)

Pete (big-pete) (253496) | more than 2 years ago | (#40730795)

Agree with the recommendation for Synology; they're hard to beat on value although you can find cheaper NAS boxes. I presently have both a DS207 (1TB) and a DS211 (6TB), and they work like a charm. Both are configured with a pair of disks in RAID0 so they're fairly quick...

I also definitely recommend Synology NAS solutions - very capable machines and the company is committed to follow-up with their software updates. You buy the NAS now, and as they release continual updates to their firmware, it just gets better and better "for free".

On the other hand, I would never recommend running a NAS with disks in RAID0 - you run a NAS to store your data and to be completely reliable, I configure my DS508 in RAID5, and if I was running in an enterprise with a DS1512+ then I would certainly consider running in RAID6. I have "lost" a disk in my RAID5, and the NAS rebuilt easily once I replaced it - but if you lose a disk in RAID0, then wave goodbye to your data. Unfortunately disks are not 100% reliable, and the speed increase means nothing as soon as you start accessing the NAS over a network.

-- Pete.

QNAP (1)

Anonymous Coward | more than 2 years ago | (#40729673)

Have a look at the products from QNAP. I just purchased one for home use and am blown away by the functionality. Out of the box it does way more than we've even thought of implementing at work. The web based user interface is very easy too.

I'm not sure what your goal is. (3, Informative)

obarthelemy (160321) | more than 2 years ago | (#40729675)

If you just want networked storage, anything will do. Don't forget backups (several of those, some offline, some in a safe place), access control, intrusion detection... Probably get RAID too (RAID is *NOT* a backup) for higher availability and uptime.

You mention stuff your server doesn't do. Does it mean you'd like to do it ? Are you doing it another way ?

If you work in a law office (you said you're a lawyer, not that you're in a law office ?) are there specific legal requirements regarding auditing, security, confidentiality ... ?

Are you OK with people making backups of files and leaving with them when they are fired or resign ? ...

Re:I'm not sure what your goal is. (1)

jovius (974690) | more than 2 years ago | (#40730059)

I went through about the same process and in the end decided to build everything myself. I wanted to have full control of the system and the system needed be expandable: a mini-ATX board, memory, drives (2*2TB for storage and 1 16GB SSD for the OS) and the enclosure. For the OS I chose Ubuntu, although some other distro may be more optimized for the purpose (I mostly connect to the box with SSH). If one goes the most minified route the ready system can be fit in a shoe box. The board I have is passively cooled and I think I could have the system passively powered too so it would be completely silent.

I researched the available options and always ended up with more questions than answers: can I modify the setup or do I void the warranty if I do something? How future proof the system is? Am I going to be dependent on just one company? I compared the specs of various systems and there always was something that didn't quite fit. It's the same thing with external harddrives. Instead of closed sets I prefer harddrive enclosures which allow easy changing and updating of the internal drive.

Re:I'm not sure what your goal is. (2)

rawket.scientist (812855) | more than 2 years ago | (#40730091)

Agreed that RAID is a must, as is independent backup. At present, we have a tape drive. Sometimes the secretary remembers to run it, sometimes she doesn't. But even when she does, she keeps the tapes on site and close by "so we don't lose them". One small fire, one small flood, one pissant vandal, and *shudder*. I know the cloud backup providers will surrender to subpoena power without a fight. But I also know how to get a protective order on attorney-client privileged files after the subpoena is issued. As I see it, there's no way to keep any kind of record, ever, without risking an outsider discovering it. But if cloud-based backups (especially automated, encrypted cloud-based backups) let us mitigate our disaster risk and cut out the oops-forgot-to-change-the-tape factor, they're the lesser of two evils.

Right now, we're a two attorney firm (me and my boss, who's very game but a little green when it comes to tech), looking to hire a third. We also have a pool of about five support staffers. We all have to be able to access one another's files - I'll write a memo to file, which Boss will review, the he'll dictate a letter for Paralegal A, who asks Paralegal B to help her find the recipient addresses and print off the enclosures, and then back to Paralegal A who scans and files the outgoing letter to our correspondence. The paralegals are high turnover, and prone to downloading scamware. I do what I can viz education and virus removal, but there are limits. We also travel cross-country with a specialty arbitration practice we have, and need to be able to access client files from the road.

As to what our server doesn't do, we POP into our e-mail, use Google Calendar for our scheduling, and have our simple little WordPress website hosted offsite. No real reason to change this at this point.

I'm not OK with former co-workers making backups and carrying them off; no attorney is. But I'm even less OK with trying to parcel out file access on a case-by-case and employee-by-employee basis

NAS (0)

Anonymous Coward | more than 2 years ago | (#40729687)

A NAS is the perfect for this use-case. I wouldn't go "cloud" for the primary source though because it would just slow things down, and it may not work for you depending on what applications you're using. I don't see why you're doing DNS internally? That seems unnecessary -- unless the box is also your domain controller for AD? I would definitely go with something dedicated, but not consumer-level. So stay away from the D-LINK/Netgear NAS devices. I've used the QNAP 419P in the past and it was decent, but under-powered (couldn't reach gigabit speeds on transfers because the CPU the NAS was getting pegged out). I think any of the current Intel based QNAPs would be a good choice to look into -- they had a great web management interface and lots of options. Doing VPN straight to the box seems a bit out there, but the QNAP had a nice web-based file manager that you could expose externally via SSL.

I can't see why you'd want a rack for a 10 person office, if it's not needed.... ? But this shouldn't go in a closet w/o ventilation either.

Re:NAS (0)

Anonymous Coward | more than 2 years ago | (#40729703)

Keep backup strategy in mind though... a mirror on the same NAS is not a backup :-). I'd probably go with a mirror on the NAS + a local drive for nightly backups + external cloud backup for worst-case like DropBox.

It will be fine (3, Insightful)

slaker (53818) | more than 2 years ago | (#40729693)

You're barely using the capabilities of the machine you have now and you don't have any reason to keep the server. Get a decent VPN-capable router or pay $20/year for LogMeIn Hamachi if that's a need and combine it with a Synology or QNAP NAS. Those have firmware that's relatively straightforward to support and if there's ever a need for more advanced file services, they're already baked into the device.

Do make sure you buy decent disk drives for it. "Green" or "Eco" drives from WD or Seagate work for shit in disk arrays.

This really won't be a downgrade for you. It will actually probably make your life easier.

Re:It will be fine (2)

iamgnat (1015755) | more than 2 years ago | (#40729815)

Do make sure you buy decent disk drives for it. "Green" or "Eco" drives from WD or Seagate work for shit in disk arrays.

My WD greens have been running in my NAS for almost 3 years and have been fine. One was bad upon receipt, but the supplier RMA'd at no cost to me. If I ever get off my ass to complete my warm backup array, I'll use the same drives.

Re:It will be fine (1)

marcosdumay (620877) | more than 2 years ago | (#40730345)

Did you put them in a RAID? Green drivers suck AT A RAID. If you don't put them in a RAID, they'll do fine.

If you don't access those files a lot, and don't use a RAID, those green drivers are great. They'll save power and last more.

Re:It will be fine (1)

iamgnat (1015755) | more than 2 years ago | (#40730669)

RAID5 with a stand-by hot spare that I rotate in periodically (speaking of...). Where I see performance issue is network bandwidth due to my choice to use iSCSI so I can use an unsupported (by the NAS itself) filesystem and an authentication/sharing system that is native to the majority of the client machines that use the space. Even with GigE large files can be annoyingly slow even if I'd doing the work on from the iSCSI controller where I can watch and see that the network IO is maxed out.

Re:It will be fine (1)

Anonymous Coward | more than 2 years ago | (#40730015)

We use WD green HD's in a small raid array. The file server currently gets shut-down outside office hours, so the lower running temperature reduces the temperature cycle range. Any file used that day is in RAM anyway, so speed has not been a problem.
We use large-ish files in a small office situation. Using raid 1 f2 I get 140 MB/s for a single file, from 2 drives, which is more than enough to saturate our 1 Gbit network.
We use the same drives in desktops. I recently dropped a new drive from 1 meter on a stone tile floor. It has been working fine since, with a well dented corner...
One drive developed problems being recognised by the BIOS on boot, but worked flawlessly once detected.
On the whole, I'm very pleased with the WD green drives, even in raid in an office setup.

NAS vs Server (0)

Anonymous Coward | more than 2 years ago | (#40729709)

The main benefit you would lose by changing to a NAS is the centralized domain authentication, assuming you have one. If you don't have a domain then a NAS would work great. I've setup a couple of Synology before, they perform well and are easy to manage.

LDAP (1)

AliasMarlowe (1042386) | more than 2 years ago | (#40730031)

The main benefit you would lose by changing to a NAS is the centralized domain authentication, assuming you have one. If you don't have a domain then a NAS would work great. I've setup a couple of Synology before, they perform well and are easy to manage.

That was true a few years ago, but newer Synology boxes can be LDAP [synology.com] servers. My DS211 supports this, but my older DS207 does not.

AD Domain Services (5, Informative)

Anonymous Coward | more than 2 years ago | (#40729715)

Do you have an Active Directory domain? Domain users and groups are much easier to manage for file access than a bunch of local accounts. I'd keep using a full server just for that, but that depends on your security model.

Re:AD Domain Services (1)

rawket.scientist (812855) | more than 2 years ago | (#40730323)

We do have an Active Directory domain. We aren't using it for anything but one-size-fits-all login credentials.

Re:AD Domain Services (0)

Anonymous Coward | more than 2 years ago | (#40730527)

I'd stick with AD and a Windows file server for security reasons. (I know that sounds crazy) It's easier to integrate with AD if you need directory and file permissions. In a law firm you likely have confidential client data that needs to be visible to authorized personnel. AD groups and folder permissions are easier to set up if everything is built to work together. Many NAS boxes are Linux based and their file and directory security may be harder to integrate with AD. A wrong directory permission that exposes data to the wrong people would be bad in a law frim setting. (Windows boxes need monthly patching but that's the way it goes)

The other think to look at is the CPU speed on anything you buy. Many NAS boxes have badly underpowered CPUs (like Atom, Marvel, etc) and software based RAID. I wouldn't buy anything with less than an Intel i3 chip in a NAS box. CPU speed and data protection algorithms directly affect the speed of NAS boxes. (to their detriment if the CPU is too slow)

These days you can get a monster file server with a built in hardware RAID controller (for RAID 5 - which is good enough speed wise with hardware RAID) for under $5000, probably under $3000 depending on what space you need.

The other thing that may sound crazy is tape backup (encrypted). Having offsite backup is a good idea if you use a bonded storage facility to pick them up or a trusted employee to rotate tapes to a safety deposit box. (even if it's only once per week -it's better than nothing)
LTO3/4/5 tapes/drives are extremly reiliable now.

Re:AD Domain Services (1)

chrisinspace (1646549) | more than 2 years ago | (#40730537)

That was going to be my question. If you need AD for user authentication and management then you'll need a Win server. I would think for a law firm securing the user logins and domain access would be critical. What do you mean by one-size-fits -all?

Re:AD Domain Services (1)

rawket.scientist (812855) | more than 2 years ago | (#40730611)

We have a very binary approach to data access. Everyone in our small office needs to be able to see all of the client files. No one outside of our office needs to see a blinking thing. So by one-size-fits-all, I mean that our receptionist has access to the same file set that our senior partner does - she has to, if she's going to be able to tell a client when his next court date is.

Re:AD Domain Services (1)

drdrgivemethenews (1525877) | more than 2 years ago | (#40730771)

Does your law office have any ambitions to grow?

If it does, the ability to scale up your system, and compliance issues, are more important than what's been discussed here. You need enterprise-class storage and a solid backup and archive plan to protect the business. A compliance strategy should be put into place, whether you actually do anything right now or not. It's not fun to have to invent one when the subpoena arrives.

I'd strongly suggest a visit to a channel partner of NetApp and/or EMC. They have low-end products suitable for a business like yours. You have an insurance policy on your legal business. Consider this investment an insurance policy on your legal data.

Windows Server is actually an acceptable alternative if you don't have near-term growth ambitions.

Re:AD Domain Services (0)

Anonymous Coward | more than 2 years ago | (#40730661)

Synology has an AD server "app".

Re:AD Domain Services (2)

phayes (202222) | more than 2 years ago | (#40730503)

When all your files are on a single server/NAS, and all you want are the services he asked for, an AD just adds complications & is no easier than just using the server's local authentication.

Re:AD Domain Services (0)

Anonymous Coward | more than 2 years ago | (#40730695)

Given the use case and particular skills of the OP I recommend Microsoft Small Business Server simply because it provides a complete solution and would be easy to administer.

Microsoft Small Business Server 2008/2001
  Microsoft Active Directory
  Microsoft Exchange 2007/2010
  Microsoft Outlook Web Access
  Microsoft Web Server
  Microsoft SQL Server

For mobile communications use (i) Microsoft Outlook Web Access; or (ii) IMAP; or (iii) BlackBerry Enterprise Server Express and if necessary BlackBerry Mobile Fusion and BlackBerry Universal Device Service if using non-BlackBerry smartphones (which can be installed on top of Microsoft Small Business Server). As a lawyer the OP probably has better things to do than spend his billable hour time fixing information technology infrastructure.

NAS (2)

Bert64 (520050) | more than 2 years ago | (#40729725)

Most of the NAS boxes are embedded linux boxes, usually running on a low power CPU of some kind...

With most of these its possible to get shell access and install whatever you want on them, although for things like setting up a vpn on it you will probably need kernel level support which may or may not be present in the stock kernel supplied with the device.
That said, presumably you have some kind of router or nat device too, which will almost certainly have some level of vpn capability by default.

Running a DNS server should be trivial.. I personally run a couple of buffalo 4-drive nas boxes, and just looking through the package list i see bind and dnsmasq, both perfectly capable dns servers depending on your requirements.

I do take issue with the term "secure vpn", nothing is totally secure as such a name implies.

Re:NAS (1)

Idbar (1034346) | more than 2 years ago | (#40729785)

You're right. I'd like to know further about the needs of the poster. But I didn't know about NX200s, just checked, and for that price, I see you could get either a huge capacity Buffalo Terastation, or a couple of Synology or QNAP and try to set them up for physical diversity.

It all really depends if he only wants storage, or some kind of performance. Some of these new NAS come with Core-i3, while older come with Atom processors, and others with ARM (Like I think those from WD), which may be enough for certain applications.

Importantly, I'd also check if the software from the box comes preloaded in one of your harddrives or if it's in an internal memory card. WD NAS for example are really annoying to upgrade because their software comes on the data drives themselves. Not sure exactly how Buffalos/Dell/Synology/QNAP work on that space.

Re:NAS (0)

Anonymous Coward | more than 2 years ago | (#40729821)

What does NAS stand for in this context? The only NAS that I know is Naval Air Station.

Re:NAS (1)

ixnaay (662250) | more than 2 years ago | (#40729869)

What does NAS stand for in this context? The only NAS that I know is Naval Air Station.

http://lmgtfy.com/?q=NAS [lmgtfy.com]

Re:NAS (5, Insightful)

Antique Geekmeister (740220) | more than 2 years ago | (#40729921)

For your own safety and piece of mind, do not do this. As a part-time support person in a small environment, you don't have the time to master the subtleties of effectively rootkitting a commercial server and maintaining special, out-of-band, non-vendor supported services on it. It's likely to break down at unpredictable times with basic system updates and network firewall changes associated with the NAS services themselves.

Strongly, strongly consider fragmenting the functions. A VPN and firewall box, running on a small physical applicance, is generally much safer to expose to the Internet than a Windows server that will requirely monthly major updates and possible reboots and possibly daily vital security updates that are too late to salvage the system from what it's _already_ been exposed to.

Oh, yes. Lose the FTP server, unless it's only for upload from your clients and there is no "browsing" function for the files already uploaded. FTP packets are sniffed on a frequent basis on poorly manged, publicly exposed routers and network switches for login names and passwords. It exposes you and your clients to all sorts of security issues if they're using their Windows login names and passwords for FTP access. There are numerous ways to do this better: gather your requirements first, and you can assess whether HTTPS, SFTP, FTPS, or something else might be better. The only reasons to use FTP now are obsolete clients that cannot be upgraded, technical people who refuse to be educated, and publicly accessible download sites with anonymous access.

Re:NAS (3, Insightful)

sprior (249994) | more than 2 years ago | (#40730105)

I completely agree with the idea of breaking this up into multiple machines. Keeping everything together on the same machine is often referred to as a busybox and means that any security holes in the pieces may be used together to compromise the machine and once that machine is compromised the attacker has full control over the family jewels.

I'd keep the router, VPN, DHCP, and DNS functions on its own box. I went with a barebones Supermicro box for around $300 bought from Newegg and installed the pfSense router/firewall on it. Once you get past some learning curve it is very easy to administer through the web interface and the entire config is saved to one file and easy to keep a copy of, so if things go horribly wrong you can rebuild it easily and quickly.

Re:NAS (1)

rawket.scientist (812855) | more than 2 years ago | (#40730163)

I'll readily concede that I cannot root-proof a NAS device on my own, or anything else for that matter. I'm pretty limited in my ability to troubleshoot a mis-configured firewall, too. But we have to have something, and I'm mainly wondering if a NAS device is inherently more vulnerable or more buggy than a full-on file server.

Clients emphatically do not have access to our file server. Quite a few of them are facing very serious criminal charges, and a certain number might even be guilty. Frequently a client will want to send us files; we accept those by e-mail or physical media. Occasionally a client will ask for a copy of his file; we're pleased to burn that to CD-ROM.

At present, we do not have an FTP server. We'd had a fairly hefty network (for a business of our size, at least) set up back in 2008, but I'm not married to anything so long as we can get access to our files at off hours and on the road.

Re:NAS (1)

QQBoss (2527196) | more than 2 years ago | (#40730313)

Clients emphatically do not have access to our file server. Quite a few of them are facing very serious criminal charges, and a certain number might even be guilty. Frequently a client will want to send us files; we accept those by e-mail or physical media. Occasionally a client will ask for a copy of his file; we're pleased to burn that to CD-ROM.

Heh!

Re:NAS (0)

Anonymous Coward | more than 2 years ago | (#40730479)

If you want to take a middle-ground approach, set up a SAN instead of a NAS. It can be locked down with no access besides backups etc: for example, it could host the tape drive. The iSCSI exports will be used on your Windows server, giving you capacity, snapshots, and backups, while still retaining the "simplicity" and comfortable environment of the Windows server.

I'm familiar with ZFS for this kind of application, but I'm certain you can get your snapshots etc with other systems: I'm just not acquainted with them.

Re:NAS (0)

Anonymous Coward | more than 2 years ago | (#40730185)

CLEARLY you've never used a Synology DiskStation. Try one. You'll sing a different tune when it comes to small businesses. It's feature rich and has delivered continuously every day for 2+ years. It's one of the best IT purchases I ever made.

I suggest having some experience with this market before recommending against it. Your recommendations above, had I listened to you 2 years ago, would have cost me a fortune in comparison. Sure, you can always do things the hardcore IT way, but we're talking business here, and you're methods are out of touch with the current state of NAS tech and its price point.

Seriously, try one.

Re:NAS (2)

Shoten (260439) | more than 2 years ago | (#40729981)

I do take issue with the term "secure vpn", nothing is totally secure as such a name implies.

Only a noob thinks that anything is totally secure, but there's definitely a difference between "secure" and "not secure." The term is not invalid just because it is not absolute, any more than the word "safe" is invalid to refer to a firearm with the safety on. Do safeties fail? Yes. Do they not make a huge difference in the probablity of an accidental discharge? Also, yes. Thus, the term is valid and holds utility because it does define a meaningful state where risk is significantly reduced. The same is true of secure solutions in the IT sector...the fact that there are no magic bullets that are entirely without risk does not invalidate an entire lexicon of security.

Re:NAS (1)

Voyager529 (1363959) | more than 2 years ago | (#40730253)

I do take issue with the term "secure vpn", nothing is totally secure as such a name implies.

Only a noob thinks that anything is totally secure, but there's definitely a difference between "secure" and "not secure." The term is not invalid just because it is not absolute....the term is valid and holds utility because it does define a meaningful state where risk is significantly reduced...the fact that there are no magic bullets that are entirely without risk does not invalidate an entire lexicon of security.

Thank you. Is it not pathetic that this point needs to be made EVERY time the word "secure" comes up, because some pedant is all "zomg nothing is secure!!!111"

Why host internally? Move data into the cloud. (1)

tbg58 (942837) | more than 2 years ago | (#40729747)

Since you're already considering NAS it means you're not running client-server apps or databases on the server side. Why not go the full monty and put your data into the cloud using Dropbox, Google Drive? If you have less than 100G you can spend about $100 per year. You will want to publish some process guidelines in your ops manual, but this could work for you very economically. Although I am not completely familiar with it (and not affiliated in any way) Clio practice management http://www.goclio.com/ [goclio.com] is another way you can put the management of your practice into the cloud with matter, document and contract management.

Re:Why host internally? Move data into the cloud. (1)

Anonymous Coward | more than 2 years ago | (#40729915)

He's a lawyer. The cloud is nice for a lot of things but for sensitive, legal, or financial data I would say stay away. Way too many legal issues over proper protection of data.

Re:Why host internally? Move data into the cloud. (0)

Anonymous Coward | more than 2 years ago | (#40729937)

Simple fact: Cloud is limited by the bandwidth of your internet link!!
It is not uncommon to have 100Mbps LAN (or even 1Gb/s) in an office. How fast IS your Internet?

Re:Why host internally? Move data into the cloud. (1)

um... Lucas (13147) | more than 2 years ago | (#40730395)

I work at a small law firm too, and Clio (this is the first time I've heard of it) seems interesting, I feel much safer using software that's been tried and tested -- amicus, worldox and timeslips. My understanding is that you can add web functionality to timeslips so you can access files from an iPad or other mobile device. But they're still in your office under your control. Seems much more the ideal situation that relying on a third party to handle that, not to mention such business issues such as what are clios financial resources like? Will we get to the office one day and get an email saying "were sorry, but we went out of business. Your data is inaccessible." or even "we got bought by xyz corp and in order to turn us profitable, they've cut out some of the security related expenses we'd been incurring". That sort of thing. Pure conjecture, though...

Re:Why host internally? Move data into the cloud. (1)

Anonymous Brave Guy (457657) | more than 2 years ago | (#40730473)

Among other obvious reasons:

1. The cloud services you mentioned aren't even close to secure enough for legally sensitive documents.

2. Judges are unlikely to accept "my Internet connection was down" as a valid reason for not filing documentation properly.

3. Legal documents are written using serious software, not trivial web apps. They have numerous technical requirements and typographical conventions that must be strictly adhered to, in some cases to the point where courts will specify the precise font you must use for all submissions, for example. You don't write this sort of thing in Google Docs, where the concept of a cross-reference has yet to appear and the numbering styles available are one small step past "numbered" and "not numbered".

Synology (1)

anomalie (693098) | more than 2 years ago | (#40729751)

I've been using a Synology DS1010+ for a few years. They are affordable, easy to setup, and come with a good number of features. There is a VPN server, but there are also a few simpler methods for remote access on the Synology. If you mainly need remote access to data on the Synology, the Cloud Station software is simple and you can work with files offline. They also provide easy to use mobile apps for remote access. Its a good device to keep files on your client machines backed up. If you were comfortable with your dabbling in networking, you'll do fine with a Synology.

Cloud... (1)

jmatthew3 (100802) | more than 2 years ago | (#40729753)

I may be influenced by the fact that my firm's two offices are in New Orleans and Pensacola, two highly hurricane-prone areas. As a result of hurricanes, disaster preparedness has been etched into the firm's thinking (as well as my own - I was a software engineer during Katrina and worked on moving services to the cloud during that time - I am now a lawyer).

Anyway, why not go to the cloud? Something like Jungle Disk would replace a shared disk. There are also products more focused on legal work, such as Netdocuments. Of course, cost is always an issue, but Jungle Disk is relatively cheap.

As a plus, cloud systems let the attorneys work from home without needing a VPN client.

From an IT Services Point of View (0)

Anonymous Coward | more than 2 years ago | (#40729759)

Stick to what you do and hire someone to replace your server. I don't know how many times I've been called to a place to fix an issue and I find out they built the network themselves. Take my advice: stick to a server or hire a professional and concentrate on being a lawyer.

Re:From an IT Services Point of View (1)

swalve (1980968) | more than 2 years ago | (#40730287)

The only thing worse than the home built network is the one where they hired some "expert" to build or repair it. The expert being someone's brother-in-law, of course. That's where you find managed switches with no configuration; $10,000 servers with expensive RAID cards left unconfigured and the drives are JBOD; an old HP Vectra with 12 MagicJacks plugged into $2 USB hubs, which are then plugged into a $20,000 Nortel phone system; unused KVMs; etc.

Reinstall (0)

Anonymous Coward | more than 2 years ago | (#40729761)

Windows seems to get more unstable with age. I'm not sure how your server is set up, but we used a small drive for the os and a 4 drive raid-5 for the information. We made an image of the os once it was solid and just reimage when it gets flaky. A dedicated option like you mentioned above is probably easier if this isn't your dedicated job. Make sure to get a x86 system then you could add/develop plugins more easily if you wanted more out of the nas. Just be careful not to overload the system.

A mixed approach might be worth considering (1)

tenchima (625569) | more than 2 years ago | (#40729801)

Having used various Synology NAS devices over the years, I can recommend them. Although if you buy any of their devices that can have a memory upgrade, I recommend following their requirements to the letter. We have had an instance where using memory that on paper was identical, turned out to by slightly different and bricked the whole system (Synology, to their credit, replaced the system at no cost).

As with any device on site, backups that go off-site are very important. If you don't do this, then the cloud option as a backup is a good idea. If you choose the cloud option as a primary, remember that all devices that get you to the cloud (Local switch, Firewall, router, ISP feed etc) are all now single points of failure that can cause you to lose access to your data for a period of time.

Software that needs a server? (1)

Anonymous Coward | more than 2 years ago | (#40729829)

Almost every law office I can think of that I've worked with over the years has had some software package that needs a "server" pc to run it. Many of the firms I work with use timematters, quickbooks, softpro(which you could get by with just copying the files to a network location once it is installed), etc. A single 2008r2 server running active directory with redirected desktops and documents could be a good option. It can handle internal dns, gives you plenty of backup options including the built in image based backup and gives you the option of installing apps that need installing. Sure if you use something like quickbooks or peachtree you can have a computer in the office host it but then you start running into issues of remembering which services you need to reinstall if you replace it or when issues come up. Maybe ever server essentials although I haven't used it.

Areca (0)

Anonymous Coward | more than 2 years ago | (#40729843)

Server for storage? For a law firm? Get an Areca 5040 or better. You want something on an enterprise level for performance, features and durability. The Areca line has it in spades. Don't confuse enthusiast hardware with professional/enterprise hardware. Actually you should concentrate on SAS hard drives as well. While the 5040 is SAS capable, Areca has higher end units on the SAS side that are also SATA III capable, which also means the units are later designs.

Collect your specs first (3, Interesting)

Anonymous Coward | more than 2 years ago | (#40729857)

Find out what you need to do, first, I just spent a disastrous contract job with a company that said "get us bids, then we'll write the specs". And all the groundwork that was necessary for *whichiver bid they accepted*, including storage integration cleanup and getting formerly neglected projects onto backup, met tooth and nail resistance and insistent project review from the current IT staff who had *no idea* and couldn't be bothered to know what their current system did, they were "too busy". They had enough time to complain bitterly about how their old debris was better, when it didn't meet the most basic requirements of reliable backup, recoverability, or supportable technologies.

For someone being paid hourly and who was smart enough to write in the inevitable support calls as billable time, it made me a lot of money, but they made themselves unhappy because they acted like Java programmers. There's an unstated, unstable, never documented API, and they'd just throw it over the wall in one of their endless meetings of people who have nothing to do with the work, to someone in their group who didn't get to go to the meeting, and toss it out to me. "And Then A Miracle Occurs." And boy, did I make miracles occur behind the scenes!!! I'm looking forward like hell to when these clowns go to the Cloud. I am going to make *so much money* translating their last rounds of ill-conceived fractureware practices into the sort of large-scale, but limited API features that the Cloud is actually good at.

In your case, if I had time to take on the job, I'd separate security functions such as VPN from the storage system. Assess if you're an all CIFS storage shop, how much you need, and what your backup and archival storage requirements are. (In a law firm, that archival storage requirement is critical.) Assess your database and email storage backup requirements. (Again, as a law firm, your email storage requirements are important.) And assess ease of recovery of lost data versus the risk of having material your clients would prefer did not show up in a subpoena. (Lawyer/client privilege is vital, so is having only *half* the material show up in the subpoena, the half that makes your client look guilty, without the evidence that clears them.)

NAS's work very well: most of them are Samba behind the scenes, and many of them do NFS as well as CIFS. Don't do that: the privileges for CIFS access and NFS access are very, very different and had to resolve in real life. NAS's also work great for off-site backup: simply swap backup storage devices and take one offsite, then swap regularly.

Think hard about that VPN technology. All Windows boxes support PPTP built-in, and despite the great cries of "oooohhhh, IPSEC is so much better" I've seen no reliable reports that there's a genuine performance or security improvment. The big risks are that the software won't work (which is extremely common with IPSEC and peculiar Windows flavors still in use), and that people will leave themselves logged in with their screens unlocked or their remote systems rootkitted. (VPN's do nothing to address this: good firewall management of the VPN connection does, and this has *nothing to do* with the underlying VPN technology.) IPSEC supports lots of expensive RSA key technologies that you can spend a lot of money for, and which most clients *HATE, HATE, HATE* because they lose those damn funky keychain fobs, which could have been designed better by a bunch of random number generators taking a Java garbage collection break from writing Hamlet.

What skillset do you have? (3, Informative)

Melakh (2670043) | more than 2 years ago | (#40729875)

Since you want to be the IT admin guy off the side of your desk, the short answer is - can you manage it on a NAS? If not then stick with what you know and focus on your day job - the first time you have to spend 2 days fixing or configuring something that's new you'll have blown any cost savings from getting a server anyway. I run what you're describing, though I let the router handle VPN access. If you stick with Windows Server, everything you want to try and do will have a solution you can find in 2 mins on Google, if you go onto a proprietary NAS you will end up working around a lot of things to get them how you need them - Offline files for your users will be a little bit cranky, how you do backups will be limited to the NAS' interface, if you want your security settings 'just-so' (presumably important in your industry) you'll need to make sure the NAS software can cope with that.

Re:What skillset do you have? (2)

rawket.scientist (812855) | more than 2 years ago | (#40730475)

At this point, I've flushed about two days of what would otherwise be billable hours in trying to nurse our old server back to health, and now I'm here on Sunday trying to figure out where to go next. You're right that the process would have been worse if I hadn't been able to look up and quickly decipher a few key error messages online, but I regard a certain amount of time as the price of doing business.

With Windows, I'd call myself a power user, but I'm no full fledged network admin. I'm not intimidated by a CLI and a bit of a learning curve, but I don't have commands memorized, either. With *nix, I'm only slightly more skilled than a monkey banging on the keyboard at random.

No clouds ! (0)

Anonymous Coward | more than 2 years ago | (#40729877)

Legal precedence has already been established that if you do not control your data...then you lose control of it.

Meaning that Google, MS, DropBox, NextFlyByNightCloudService, etc now have rights that you gave away by not fully reading, now you know why, any T&C.

The MegaUpload also should how easily you can lose your data, much less any cyber-snooping that may happen.

I hope as a lawyer [may different types] that you google and nexus this issue before considering it.

Last thought: what is a VPN tied to a NAS box but YOUR CLOUD. [yes, there are free linux cloud server box apps]

Windows Server lets you get old file versions (0)

Anonymous Coward | more than 2 years ago | (#40729887)

I don't know if you (or any of your staff) have ever used this feature, but your Windows file server allows you to get previous versions of the files stored on the server. This has come in handy a couple of times when we changed something and wanted to look at an older version of the same file. I don't think this feature is part of a standard NAS. (We use a Windows Server for the ordinary tasks, and a Synology NAS for backup and long term storage.)

If your Windows Server software is not an OEM version, you can just buy new server hardware and install the same software on that. Nowadays you can get really cheap well performing brand name servers. This means that you don't have to struggle with learning how to manage a new version of Windows Server or a completely different NAS.

Thecus (1)

iamgnat (1015755) | more than 2 years ago | (#40729943)

You might look into Thecus [thecus.com] . I've had the N7700 for about 3 years now on the recommendation of someone who has a N5400 (and had it for a few years before I got mine) and (after I got mine) got his sister to buy a N7700PRO that he manages for her. There is no built-in DNS or VPN support, but some quick Google searches show that someone built a DNS module and it looks like there might be a VPN module too (I haven't used either so I can't speak to if or how well they work).

I did have my motherboard die 2 months out of warranty, but their replacement cost was reasonable, they took care of it fast, and they upgraded it to the new N7700PRO board for me.

When I initially set mine up I know they natively supported a Windows format, ext3, and xfs (experimental at the time). If I recall correctly it supports SMB, NFS, AFP, and iSCSI for remote connections. I set mine up using iSCSI so I could format it to a different format (which means my client systems have to talk to the server that manages it rather than directly to the Thecus itself).

3 years ago their interface was horrible, but it's seen a lot of improvements over the years and is much nicer now.

They might work for you (2)

proxima (165692) | more than 2 years ago | (#40729953)

I'm more familiar with Synology NASes (albeit on the consumer side) and Dell servers (instead of that NAS). Coming from a Linux sysadmin background, I was impressed with how the Synology combined pretty easy GUI management while not preventing you from doing stuff on the back end Linux side. You can play around with Synology's web interface yourself online [synology.com] . It's pretty cool what they can do with a bunch of javascript.

These things are built for file serving, and it's about as easy as it gets to set up. They also package all sorts of stuff as add-on services, though I don't personally use DNS. My complaint with the home-designed versions in the past is that they skimped on RAM, making them less useful for any kind of real server application. The higher end models like the 1512+ do better, and for just DNS and file serving it should be more than sufficient. Don't expect it to compete with a $1500 server in terms of computational performance, obviously, but it should be able to pretty much max out the drives' performance.

I had a drive die on my personal NAS, and the process went exactly as it should: it emailed me saying there might be problems; I did an extended SMART test via the GUI to double check it; I obtained an RMA for the drive and installed it; it restored to the new drive without incident.

Re:They might work for you (1)

wkk2 (808881) | more than 2 years ago | (#40730391)

Make sure your service agreement allows you to destroy a failed drive, for credit, instead of doing an RMA.

Business Case for Upgrade (1)

David_Hart (1184661) | more than 2 years ago | (#40729955)

I'm curious as to what the business case is to replace your current server? You say that it is on it's "last legs" but didn't say exactly what this means. Is it end-of-life, running out of room, running slow? End-of-life definitely means replacement but the other two are solvable.

There are fundamental questions that you need to answer before deciding to select a replacement using different technology. For example, have you factored in the replacement for any add-on software (i.e. anti-virus, encryption, backup, etc.)? Are you willing to spend time and resources to learn how to operate, maintain, and manage a new system? How well is the vendor support rated and are they available on weekends, after-hours?

Microsoft Server may not be the most efficient OS for file serving, but it is the easiest to support.

I would definitely recommend buying a piece of hardware that has out-of-band management, assuming that you have remote access (i.e. VPN) to your office. This allows remote access to the hardware when the OS is not working properly. Saves having to run into the office to troubleshoot a problem.

Why not just an ubuntu box? (2)

StormyWeather (543593) | more than 2 years ago | (#40729989)

I haven't seen it here, but you could pick up something like a dell optiplex 755 for dirt cheap on ebay, put a raid card in it, a couple 1tb hard drives, and put linux on it, and make shares using samba. That's exactly what we do at our IT shop, and it works fine for us. We install windows servers all the time, but we just don't need it, and our email is gmail, our web services are VPS servers at a host. If you are worried about replacement parts you could just order two of the exact same machine and keep one dark :)

My suggestion no matter what people here say is to then do a backup to the cloud using Jungledisk as a client, and Amazon or Rackspace as a storage provider. If you generate your security keys and opt not to give them to Jungledisk the keys to store for you then I'm not exactly sure how they are going to cough up your data to the "wrong people." The only people that could legally get them to turn over data would be the feds, and that would be your dream since it would mean they invaded your client attorney privilege thus pretty much self destructing any case they might have had. If they were going to get your data from a cloud service, it would be a lot easier to just bust into your office, but that doesn't happen at least by the government as it's self defeating.

Re:Why not just an ubuntu box? (1)

Voyager529 (1363959) | more than 2 years ago | (#40730351)

Single best answer I've heard here, if it's specifically storage space that's needed. If I can be a bit pedantic though, I don't think an Optiplex 755 would be the best unit to use though, simply because those towers invariably only have space for two hard disks, so you'd need a new case. Even if you transplanted the case, you'd all need a new PSU since those things are basically custom wired for that case, so now you're replacing the power supply, so you're basically buying an Optiplex for the mobo/CPU/RAM, and those mobos can get a bit weird when running purpose built *nix distros. Then again, they're so widely available that getting an Optiplex and a custom case and new PSU might be cheaper than buying a CPU and mobo from Newegg anyway.

To add a bit to this, there are several different ways to do samba on a machine like this. Turnkey Linux has a file server distro that is excellent and very simple. OpenFiler, FreeNAS, and Nas4Free are also very good distros for small volume stuff and you don't need an expensive RAID card to make them useful...but you do need a huge quantity of RAM for decent performance, whereas a simple Samba distro is much leaner in that regard.

I also agree with "put a solidly encrypted data blob on an Amazon S3 instance"; Jungledisk is a great tool for it for the reasons you stated.

Cloud? Really? (1)

Shoten (260439) | more than 2 years ago | (#40730053)

Everyone's saying "cloud, cloud," but I don't think that's necessarily a great idea. Why? Latency, for one...being a law firm, I assume your primary application for users is Microsoft Word. So, imagine that you have a Word document open, not on the other end of a switched 100MB or 1GB link, but at the other end of a 30MB connection that you share with everyone else in the office. You double-click on the document, and wait while it is downloaded. Now, mind you, you also have to think about the autosave feature, but you can set that to save locally to avoid any issues with this problem. But each time you hit 'save,' that document goes back up to the server.

There is enormous potential for trouble here. Word is not network-aware in ways that will help manage this latency and slow activity...and the user experience will suffer. I've done IT work for law firms, and trust me...as you must already know, lawyers are not usually accepting of things like Word seeming to lock up for several seconds every time they open, close, or save a document. And this doesn't even take into account the issue of making your entire infrastructure beholden to that one Internet link...if it goes down, you lose access to everything. That's not good.

I do wonder why you would drop a centralized point of authentication (which is what you have, running Windows Server), which gives you the ability to have role-based access and easy resetting of passwords as needed (again, I have worked with a lot of lawyers in my time). If I were in your shoes, I would go the other way, keeping the server going and making more use of what it has to offer (like some very helpful Group Policy settings). But I don't know your exact situation, skillset, or requirements, so that may be off base. I would definitely NOT use cloud as your primary storage, however.

Thecus NAS (0)

Anonymous Coward | more than 2 years ago | (#40730069)

At my office, I set up a Thecus 4-bay NAS as our server. The boss is just too damned cheap to buy a real domain server or "professional" OS workstations. Configured as 2X 1TB WD RE4 series RAID 1. I back up the data across the network to another station that has an external HDD. The NAS device also has a neat scheduled power on/off feature to give it a rest when people aren't at work (our last one didn't have the scheduled power option and blew up after about a year of always-on). I schedule it to power down Friday night & come back early Monday. I think when all was said and done, the unit plus HDD's ran us around $700-800.

We are a civil engineering firm with 10 (at one point 25) employees. We handle pretty damned large files with Autocad, and the NAS seems to handle that pretty well.

Get professional advice (2)

kellymcdonald78 (2654789) | more than 2 years ago | (#40730071)

I'm a full time IT consultant and run the legal department for our admittedly small firm. We've recently been sued for breech of contract and was wondering if you could suggest the best approach to defend ourselves. Hmm, maybe not don't you think? I probably don't need to tell you that records and files are a critical asset to the success of any legal firm. Your requirements for security, confidentiality, recoverability are core to your business and each of these need to understood before selecting the right solution for your firm, and to be honest that requires the someone with the appropriate knowledge and expertise to advise you. I'm sorry to say, that in my experience, doctors and lawyers are the worst offenders for not bringing in outside expertise to advise them on technology issues. It's frustrating because they, more than anyone, know the value of professional expertise. Spend some money to obtain professional IT advise (just like you expect people to spend money on legal advice). It's better than having to explain to the partners how someone hacked your "secure" FTP server and posted all your client records to Wikileaks.

Active Directory... (0)

Anonymous Coward | more than 2 years ago | (#40730101)

...what are you going to do for that?
I'd replace Server 2003 with Foundation Server, SBS Essentials, or regular Server 2008...
End of the day, no NAS can replicate Active Directory and Group Policy...

Synology Rocks (0)

Anonymous Coward | more than 2 years ago | (#40730127)

As a small business, my Synology was the best IT purchase I ever made. It has never once failed to deliver in every way – from disk failure to remote management via browser, iPhone or Nexus 7. It stores all my data and the DSM software comes with a lot of apps. It's simply a feature-rich product with solid performance.

It's weird, cause I rarely can mark a computer product 5-stars but I really can't think of a real reason I don't absolutely love my DiskStation.

Bottom line: Buy One.

You should be using Active Directory (1)

Nimey (114278) | more than 2 years ago | (#40730133)

it's a great way to configure all your Windows machines without having to go and physically touch each computer.

That said, there's nothing wrong with using an AD domain controller for that purpose and then having a NAS for file storage, especially if the NAS can integrate with AD so you can get the permissions set easily.

Take a look at W2K12 File Server and SMB 3.0 (2)

thetrom (2690091) | more than 2 years ago | (#40730151)

I suggest taking a look at Windows Server 2012 File Server role - W2K12 - deduplication is an in box feature
- SMB Multichannel - better performance uisng 4 TCP channels
- Storage Spaces - SAN like features with no special hardware (this is not dynamic volume)
- Thin provisioning - using Spaces, Windows can create TP LUNs
- NFS 4 server - in box role in W2K12
- Resilient File System (ReFS) - high degree of compatibility with the most common NTFS features, but has resiliency and scalability features that go beyond NTFS
- Windows Server Backup - now supports backup to the cloud (in box feature)
- Support for Hyper-V VMs - now Hyper-V supports running VMs using a file server and SMB 3.0
- Scale-out - with more than one server, File Server can be configured in a scale out mode for better scalability

Sources:
http://www.windowsnetworking.com/articles_tutorials/Overview-File-Server-Role-Windows-Server-8-Failover-Clustering.html [windowsnetworking.com]
http://www.windowsitpro.com/article/windows-server/top-ten-windows-server-2012-storage-enhancements-143157 [windowsitpro.com]
http://blogs.technet.com/b/windowsserver/archive/2012/03/28/microsoft-online-backup-service.aspx [technet.com]
http://blogs.technet.com/b/bettertogether/archive/2012/07/21/windows-server-2012-part2-virtualization-enhancements-scalability-amp-flexibility.aspx [technet.com]
http://www.microsoft.com/en-us/server-cloud/windows-server/2012-editions.aspx [microsoft.com]

Full disclosure: I do work for Microsoft. I am a senior program manager on the Virtual Machine Manager team. I work on Storage Automation using SNIA SMI-S/ My blog is: http://blogs.technet.com/b/hectorl [technet.com]

Re:Take a look at W2K12 File Server and SMB 3.0 (0)

Anonymous Coward | more than 2 years ago | (#40730295)

A better file system, now (stable enough for me to use it with backups), or wait for it to go stable (or at least for Oracle to include it in its next release, if it's stable enough for them...): BTRFS

The best of both worlds, an Areca 8 bay file server (5040 or better) with a BTRFS file system. With the Areca and BTRFS, you can easily start with two, 2TB drives, and add a single 2TB drive to expand storage easily as you need to. And with this setup, you can easily add 3 and 4 (and 5?) TB drives when they reach a cost-effective price point. Or better yet, for your purposes, you should really stick with SAS drives for performance and durability.

Depends... (1)

darkmeridian (119044) | more than 2 years ago | (#40730161)

It depends on what you use the system for. If it's only for simple file sharing, then a NAS would be fine. But if you want to use the server to manage updates and backups, which you should, then consider a Windows SBS 2011 Essentials server. It is a bit pricey but it pulls backups from all of your systems, and you can set up a WSUS server so you only have to authorize updates once--then each system will pull the update from the server when it's time to shut down. It definitely makes life a lot easier compared to individually managing ten systems.

Just look at a buffalo NAS (0)

Anonymous Coward | more than 2 years ago | (#40730205)

Just look at a buffalo NAS.

Really easy, straight forward, reliable and cheap.

Samba and SFTP (1)

SgtChaireBourne (457691) | more than 2 years ago | (#40730209)

This is a fairly clear case where Samba [samba.org] would be of use for LAN access. It's quite simple to set up and runs very reliably on top of your favorite distro.

For remote sharing, SFTP would be the way to go. SSHFS [linuxjournal.com] is a clever trick for very user-friendly remote access.

You can, but should you? (1)

DigitalSorceress (156609) | more than 2 years ago | (#40730315)

I have a Buffalo TeraStation that I use just for a NAS to store backups on, but I did notice it has quite a few powerful features that made me think, "hey, I ~could~ use this along with a decent router to pretty much meet the needs of a SOHO"

I certainly think you ~could~ go this route, but honestly, I don't think you should. Here's why: those NAS units are pretty chill and the good ones have some kind of self-healing/recovery option ... like my TeraStation's Raid5. I've had a drive fail and it was a fairly painless but also quite LONG process to repair. Drive died, bought replacement, slammed it in... the work was simple, but it was nearly 24 hours before it was all green and fully up to speed.

Had that been my main server, I wouldn't have been too happy with that long of an outage.

However, in my situation, the NAS was just a backup, my WIn2008 server was on-line and fully available and working the whole time.

If this were an actual office, I'd have had a second win2008 server as a secondary domain controller and would have the important data set up on a DFS and that would handle file sharing. The NAS would be used as backup.

How many days could your office reasonably go with your main shared drives off-line for repair/reconstruction - even if you eventually got all your data back, it seems like lost time in a law office would be a BAD THING.

Can I Ask A Business Question? (0)

Anonymous Coward | more than 2 years ago | (#40730371)

"I'm a full time lawyer and part time nerd doing most of the IT support for my small (~10 person) firm.

As a full time lawyer, I would expect your hourly bill rate to be far in excess of even the most expensive IT consultant. Why then, are you doing ANYTHING other than legal work and growing the firm's business? Why are you wasting time/money on IT matters, no matter how much you enjoy them?

Is this your firm or are you an under-supervised, salaried associate? What practice area? What geographic area? All of the successful law firms that I have dealt with have had founders and senior partners drumming up new business on a near full time basis, triaging new client matters and handing the work off to junior partners or associates and paralegals that are working 12 hour days(at least) and billing 16 hours(at least).

In exchange for an in depth answer, I'll offer some free IT consulting. Stick with a server. Assuming that you replace with a NAS of equal performance and redundancy levels, the server will not be much more expensive. But, the server will offer far more features. Features, that even though you don't use now, you will likely need in the future. Another likely requirement for a server is practice management software, your firm's size is on the cusp of needing such software and they will require a Windows server.

Finally, don't look at IT cost as something to be cut or feared. Most firms would be completely incapable of functioning without IT these days. So treat IT as an important cost of doing business. For a firm your size, an annual budget equal to that of a minimally waged intern or law clerk, will get you top of the line tech and support. Now get back to lawyering.

Re:Can I Ask A Business Question? (1)

PPH (736903) | more than 2 years ago | (#40730519)

That all depends on your response time requirements. And what fraction of the problems are h/w related (can't fix remotely and require a service call). Sure, you could hire an IT support outfit. And when something breaks, you call them. And wait. What is 10x your billable rate if everyone in the office is twiddling their thumbs?

If you do go the outsourced route, you'll want to include documentation and a comprehensive set of HOWTOs for your system so you can patch it while waiting for the Geek Squad van. Trouble is: many IT firms either won't touch this kind of deal. Or they'll run your bill up through the roof when they finally arrive, supposedly to "fix" all the things you "broke" while patching the system.

Re:Can I Ask A Business Question? (0)

Anonymous Coward | more than 2 years ago | (#40730743)

That all depends on your response time requirements. And what fraction of the problems are h/w related (can't fix remotely and require a service call). Sure, you could hire an IT support outfit. And when something breaks, you call them. And wait. What is 10x your billable rate if everyone in the office is twiddling their thumbs?

First the cost would not be 10X his billable rate. The associates, paralegals, clerks and interns each have lower bill rates. But, you're right, there is a cost for all the entire office going down.

In my area, there are three reputable IT consulting firms, that I'm aware of, that do exactly this type of support work. They provide remote and onsite support with maximum 4 hour guaranteed response times and no contracts. But, if you get a support contract with regular maintenance or monitoring, the likelihood of the event you describe is sufficiently low that the savings(IT services versus lawyer providing in-house support.) easily mitigates the risk.

But, let's assume that there is indeed a requirement for in house onsite support. It is still a better business scenario for the firm to hire and even train an in-house IT tech or contract for a full time tech from the IT support company than to have a lawyer doing the IT work. Even at 25% utilization, a lawyer is still going to bill far more than the full time in-house tech will ever cost. It's bad business to have valuable billable hours spent on low cost tasks. And, as I alluded earlier, if the hours aren't being utilized as billable, they should be spent growing the client base.

Foundation Server (0)

Anonymous Coward | more than 2 years ago | (#40730401)

Instead of a Nas I would go with a windows server foundation set up. can be had for the same price as a quality Nas device and you get a full 2008r2 server minus Hyperv and a max of 15 concurrent users. You still have AD,DNS,DHCP a install-able platform for office software Quickbooks, backups and what not. Plus never discount the value of a extra system in the office you can remote to if there are problems.

everyone these days is cloud this and cloud that well internet still goes down services have issues if you need your data and you control the hardware you always have options. office burns down restore your backups in the cloud move your server COLO etc. In the are way or the highway of the cloud options are gold.

My Suggestion (1)

fast turtle (1118037) | more than 2 years ago | (#40730481)

The first thing is to Blow the dust out before doing anything else then as you've already got Sunk Cost into the server, I'd look at it from the cost perspective of Repair/Replacement before doing anything else. Personally, I suspect that the real problem is that the drives are reaching the replacement point and though they're expensive right now, I'd suggest looking at at least a 1TB model such as the Samsung F3 or WD Black for reliability. On the software front, if you've been using Windows for a while, you're pretty familiar with it, so I'd stick with that instead of trying to learn something new unless your reasoning is to move to something with less admin needs, then a good NAS is viable. This also works if you're looking at saving money on power as a NAS should use far less then the server does.

If you want something new to play with, repair/replace the failing hardware - probably the drives/psu - and install either Free or OpenBSD on the server. Otherwise for reduced admin/learning curves stick with the known Windows as you've already learned most of what's needed.

Do this. (0)

Anonymous Coward | more than 2 years ago | (#40730517)

HP DL 160 refurb with a 3 year, should set you back $2k tops with 2, 160GB Drives in it.

That gives you active directory, event logging and e-mail alerts if say someone has disk errors on their machine so you can catch a drive failure early, actual document security, encryption, etc all in one machine.

Then buy the cheapest 2-drive E-sata NAS you can find on Newegg and toss your data onto it in RAID1.

You don't need to blow $600/drive for enterprise storage but FFS, whatever you do don't get rid of the Windows 2k3 server just because it's old. 2K8 has a lot of things that your office may find REALLY handy and having a server may enable you to do cool things like install VOIP software and record all conversations.

DO NOT think "I have X requirements, how can I do them cheaply".

Think 'I have X Requirements, but know of Y, Z, T, B, N, and M and out of a few of those some would be easy to set up, reliable, and save massive amounts of time. So how do I do THAT cheaply?"

Re:Do this. (1)

ericdano (113424) | more than 2 years ago | (#40730789)

WTF......a Synology DS1512 will set you back about $1000 for 3 2TB drives. You also get Active Directory, VPN.

Way way cheaper. Or he could get a smaller Synology unit (like a 2 or 4 bay one) and save even more.

Synology or QNAP... I've done this Server - NAS (2)

Midnight_Falcon (2432802) | more than 2 years ago | (#40730535)

Question to OP: Are your workstations joined to the domain and using the 2K3 server as a login server? Are login scripts, group policy etc used on the ten computers? Or are they all standalone?
If they are standalone, replacing the 2K3 with a NAS I'd say is a very good option.

On a consulting basis I've converted a couple Windows SBS environments over to using a NAS. Users have been very happy with the change and these devices have performed well and been able to take over the function of the SBS provided they weren't using Sharepoint/Exchange.

I have to say, the QNAP and Synology are very effective, and easy to setup appliances. A typical slightly tech-savvy person could set this up without a problem -- it's little more difificult than a home router. The interface is very intuitive.
I've found the QNAP is a bit more robust in its feature set, and if you go with the Pro+ models (starting at like $400-$500 w/o disks) based on the intel Atom processor. This is like getting a linux box with an x86_64 architecture. The thing can run a mySQL server/webserver etc.

After the initial setup, the NAS appliances need little/no maintenance. It can handle its own backup, or you can plugin an external disk and copy the array to it, alert you via-email if there's a drive/SMART issue,

Now, if you do already have a domain/ADS environment, you'll have to bring in some slim little machine to replace the 2K3 server as a Domain Controller. Both QNAP and Synology can join a domain and use AD logins and groups as credentials, making login seamless if the computers are domain members (no prompt for login/password etc)
Otherwise, you'd have to unjoin all the computers from the domain and make them standalone, and then migrate profiles back to local etc -- quite an IT expedition.
If this is your situation, I'd recommend going ahead and upgrading to a 2K8 R2 server on a slim machine, and perhaps just using that rather than a separate NAS appliance.

Re:Synology or QNAP... I've done this Server - NAS (1)

rawket.scientist (812855) | more than 2 years ago | (#40730749)

It'd be fair to say we're underusing ADS. We have it, and we use it for our basic login credentials, but we don't really have any need to segregate our internal users into groups.

Advantage of a "real computer" (1)

fa2k (881632) | more than 2 years ago | (#40730723)

With a generic OS you can do full disk encryption to protect the data in case the server is stolen. Truecrypt works on windows, probably even with software RAID, but I haven't tried it with RAID. If you do this, remember to encrypt the backups as well (in fact, even if you don't encrypt the main server, it's important to encrypt the backups as they can be easily stolen). Overall, I don't know what to recommend. A NAS box is easier to manage, but less flexible. If you only access a couple of GB of data frequently, you can add enough RAM to fit all the frequently accessed files, for better performance (e.g. prevent delays when opening a file).

Re:Advantage of a "real computer" (1)

ericdano (113424) | more than 2 years ago | (#40730803)

Though of course you'd want a UPS on that......would it really matter? He's a lawyer. Law documents. I don't think they'd need a cache.

NAS all the way (2)

ericdano (113424) | more than 2 years ago | (#40730767)

A huge old Windows 2003 machine is sucking power like a highly paid prostitute. And you aren't using exchange? Why did you even consider Windows 2003 when you could have built/bought a Linux/Unix based server for quite a bit less. I mean, the license per seat of a Windows server is probably upwards of $1K for about 10 people. Isn't it? I know Dell and others were selling non-Windows servers over 10 years ago.......

I'd wholeheartedly recommend getting a NAS. I have a Synology DS1512 that I got in April, upgrading from a ReadyNAS NV that I had for 5 years. Nothing against ReadyNAS/Netgear, that unit was robust and I never lost a single byte of data even though a few hard drives failed on it (gotta love RAID5). It is now serving as a backup device for my Synology unit.

Anyhow, the Synology unit is LIGHTYEARS ahead of the Netgear stuff in terms of software and hardware. They have a whole line of stuff from 2 disk units to like 16 disk units. All of them run the same software. They are easy to configure, and maintain. You can easily set it up to be able to share files over a VPN with it. Or your can log in via the web and get documents. Or have it stream music and videos over the internet for you. Macs, PCs, whatever can hook up to it. They even have iOS/Android apps to monitor or access files from it (like a streaming audio app, video app, etc).

The software and hardware is sound. I had a flakey DS1512 initially, buying it like the day after it was available. Some sort of ROM patch was needed. Synology was fairly good about providing me with a replacement (I did have to complain a lot to their support people). And the current 4.1 beta of their software is causing random crashes on my unit......but it is BETA after all. The release version is rock solid (DSM4). My DS1512 was running that since I got it and it never had any issues at all.

I'd say that hands down, when I was researching a replacement to my aged ReadyNAS NV, the Synology software and hardware was the winner. And it has proven so far to be true. And I still have two more drive bays to fill on it......;-)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>