Re: Small business thinking about backing up data, having a server and 2-3 users - is SBS2003 right for them?
- From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx>
- Date: Fri, 14 Apr 2006 23:18:20 -0700
USB harddrive.
Ixnay on the tape drive of any sort.
Leythos wrote:
In article <uQwpmdDYGHA.3448@xxxxxxxxxxxxxxxxxxxx>, 123123123123@.
123123123123.com says...
Hi Newsgroup,
I have been asked by a friend to find out what would be best for his
business so that they could do data backups of their single financial
application.
**** Company Info - Current Setup ****
Its a car workshop with 2-3 people in the office. They have Windows XP Home
on the 2 PCs in the main office. A 3rd PC is in a back office and is for
general use, email, and website surfing.
The financial application currently sits on the "Master" pc. The other pc,
"Slave", is networked to the Master with a crossover network cable. The
Slave pc slows down sometimes when accessing the financial application as a
client on the Master pc.
The financial application is installed as a Master/Client setup with the
Master on the Master PC and Client on the Slave pc. This seems to work ok
on the Master but there is noticable slowdown some times for the
Slave/Client when working on an invoice.
They dont do backups at present.
**** What they want ****
A - They are looking for an easy to use backup method which will be reliable
and straightforward.
B - They would like to be able to use the internet securely on any of the 3
pc's.
Bi - They also want any clients who come in to be able to connect to the
internet using a Wireless connection (delivery updates, email checking, web
browsing for customers to pass the time).
C - Remote access from home for the boss if he needs to do some work from
home.
**** My Suggestion ****
1 - Financial Application - Use a server for hosting the financial
application. Have the 2 main office pc's work as clients that connect to
this. Since this machine is a server is should handle the requests ok and
they shouldnt see any slowdown. Either use a WirelessLAN router or cables
(they are due to have major reburbishment in the next 6 months so wireless
would be very useful).
2 - Backups - Use a USB tape drive for backups. Full backup on a Saturday
with Differentials Mon-Fri. This data can include the financial
application, personal area or any other folders they would like included.
I can see an external TAPE backup, but not USB, get a SCSI DAT-72 or LTO drive, not USB.
3 - Secure Internet - In order to try to fit this in with the server network
I was thinking about 2 networks, both wireless. One would be properly
sercure (128bit, WPA hidden SSID etc) and used for the office data (server -
client network). The other network would just have the SSID hidden,
possibly some WPA security passphrase that was told to customers who were
allowed to connect. I have called these "Data WLAN" and "Internet WLAN",
just for the sake of this posting.
Get a real firewall appliance, with real LAN and DMZ jacks - setup two networks, one on the LAN for all the company services, the DMZ is where the "public" computer and the wireless router for guess access will reside. The DMZ has no direct connection to the LAN system - but you can VPN between the DMZ and LAN.
I'm a bit unsure about the 2 networks. My theory is that one is safe and
the other is risky, and I want to keep them seperate but I'm not sure if I
need to.
Right idea, don't let anyone tell you anything else.
How do I make the internet safer on the 2 client PCs if they connect to the
internet? Should they use the financial app/data server for their internet
access or should they connect to the internet using the Internet WLAN? If
they are up to date with patches and anti-virus and only visit sites they
trust, I "guess" they should be ok. But is there a better way of doing
this?
Most real firewall appliances have HTTP and SMTP proxy services that allow you to remove crap from HTTP sessions in real time, not to mention web-blocking features. As an example, almost all users in our clients lan have a VERY restricted HTTP connection, do files can be downloaded, not active-x, etc... Some special cases have full access, but that's by workstation IP or user authentication with the firewall. SMTP inbound is filtered for attachments and other bad things by the firewall BEFORE it reaches the Exchange server.
You can do the same in the DMZ systems.
4 - Remote Access - I expect he can use IP web login onto the server, or
some sort of VPN tunnelling, and do any work that way. Is that possible?
Simple PPTP or firewall VPN client software into the public IP and then create firewall rules based on the user as to what they can access.
How big a job is this?
Other than setting up the new server, the rest is simple (if you've been there).
Firewall, WatchGuard X700, optional Web Blocker service, includes Client VPN software. About $2000 + Web Blocker option (extra).
Is it possible for me to do this myself with remote assistance (phone/remote
access) from a friend who used to teach Windows Server stuff?
I bet not, as most Windows Instructors I've run into are completely lost - that's why they teach, they can't make enough money designing and implementing solutions. MCT's only need to pass the a test, not actually have any experience.
When it comes to the security, hire it out, it will save you many mistakes and hours of getting it wrong. They can teach you enough in 1 hour to make the rest possible for you to understand.
Server - well, if you've not already setup SBS 2003 several times, don't understand roaming profiles, group policy objects, redirected my documents, network shares (login scripts).... Hire it out too.
- Follow-Ups:
- Prev by Date: Re: Exchange Orgainsation Name
- Next by Date: Re: Why cant I use ENTERPRISE options for Project Server?
- Previous by thread: Re: Small business thinking about backing up data, having a server and 2-3 users - is SBS2003 right for them?
- Next by thread: Re: Small business thinking about backing up data, having a server and 2-3 users - is SBS2003 right for them?
- Index(es):
Relevant Pages
|
