Is a NAS box a viable alternative to a Windows Server?
January 11, 2011 3:33 PM Subscribe
Could/should a tiny NGO abandon the Windows server model (which is probably overkill for our simple needs) and just go with a NAS box for file sharing?
I work for a small non-profit that has finally funded a much needed IT upgrade. We have been running a now-faltering Windows server for many years, and were planning on just following the same model by getting a new server and upgrading our workstations.
Today, however, I was chatting with a friend in a similar organization that just did an IT overhaul last year. Instead of spending lots of money on a server, his NGO instead uses a NAS box for file storage/sharing (with RAID 5, a UPS, and with rotating external hard drives for backup, together with a cloud backup solution). He says they love it - it was a lot cheaper than buying a new server, and that it's also a lot easier to manage.
Thinking about how we work, I can't really think of anything that the server does for us that a robust NAS couldn't do. I really like the idea of less complexity, so it's an idea that really resonates with me. We'll be hiring an IT consultant to help out no matter what we do, so I will of course bring this up with them as well. I am just looking for experiences with making this switch, and/or thoughts about the security/viability of this approach.
Misc Relevant Info:
- 3 staff, 2 interns. (Max # of staff ever = 7.)
- Staff turnover is nonexistent, but we do get new interns each semester.
- Using Google Apps for email, don't foresee needing to switch to in-house email (nor to an in-house web server).
- No applications running off the server, it's being used exclusively to store and share files (Office documents, PDFs, pictures, etc. )
- Server does provide centralized management of options for anti-virus/anti-malware (so users can't turn off scanning)
- Will need to provide different levels of access to files, based on user or group (e.g. staff vs interns).
Thanks!
I work for a small non-profit that has finally funded a much needed IT upgrade. We have been running a now-faltering Windows server for many years, and were planning on just following the same model by getting a new server and upgrading our workstations.
Today, however, I was chatting with a friend in a similar organization that just did an IT overhaul last year. Instead of spending lots of money on a server, his NGO instead uses a NAS box for file storage/sharing (with RAID 5, a UPS, and with rotating external hard drives for backup, together with a cloud backup solution). He says they love it - it was a lot cheaper than buying a new server, and that it's also a lot easier to manage.
Thinking about how we work, I can't really think of anything that the server does for us that a robust NAS couldn't do. I really like the idea of less complexity, so it's an idea that really resonates with me. We'll be hiring an IT consultant to help out no matter what we do, so I will of course bring this up with them as well. I am just looking for experiences with making this switch, and/or thoughts about the security/viability of this approach.
Misc Relevant Info:
- 3 staff, 2 interns. (Max # of staff ever = 7.)
- Staff turnover is nonexistent, but we do get new interns each semester.
- Using Google Apps for email, don't foresee needing to switch to in-house email (nor to an in-house web server).
- No applications running off the server, it's being used exclusively to store and share files (Office documents, PDFs, pictures, etc. )
- Server does provide centralized management of options for anti-virus/anti-malware (so users can't turn off scanning)
- Will need to provide different levels of access to files, based on user or group (e.g. staff vs interns).
Thanks!
IMHO, if all you're doing is sharing files, a NAS server should be enough for you. Where I work, we've had up to 15 workstations loading and saving images constantly, all day long, to a not-top-of-the-line NAS with little trouble. I believe the only issues we had were with user permissions in a Windows domain, which are pretty high-level stuff that you probably aren't implementing now.
You can provide different levels of access by having separate shares with different login criteria; it depends on the NAS for how to do it, but it should be relatively trivial and not require a full server to handle.
The antivirus thing might be an issue, though; you might need to find a different way of handling it.
posted by AzraelBrown at 4:35 PM on January 11, 2011
You can provide different levels of access by having separate shares with different login criteria; it depends on the NAS for how to do it, but it should be relatively trivial and not require a full server to handle.
The antivirus thing might be an issue, though; you might need to find a different way of handling it.
posted by AzraelBrown at 4:35 PM on January 11, 2011
Yeah, a simple NAS box would be able to do all of the above except for the group policy stuff that enforces your antivirus scanning. One running Windows Embedded Server might be able to, though.
posted by zsazsa at 4:47 PM on January 11, 2011 [1 favorite]
posted by zsazsa at 4:47 PM on January 11, 2011 [1 favorite]
You can get a really good NAS which runs Windows Home Server for about $400. It only comes with a single drive for that price, but extra drives are cheap and easy to install. I've got this one, and it's extremely nice.
Mine is no longer sold; this is the successor product. Add something like this drive, and you get the benefit of redundant storage. (It isn't RAID; it's handled at the level of the OS.) That's a total of about $500, which I hope won't break the bank.
What this means is that you don't have to give up the benefits of having a Windows Server, in particular the automatic backup feature.
posted by Chocolate Pickle at 5:31 PM on January 11, 2011 [1 favorite]
Mine is no longer sold; this is the successor product. Add something like this drive, and you get the benefit of redundant storage. (It isn't RAID; it's handled at the level of the OS.) That's a total of about $500, which I hope won't break the bank.
What this means is that you don't have to give up the benefits of having a Windows Server, in particular the automatic backup feature.
posted by Chocolate Pickle at 5:31 PM on January 11, 2011 [1 favorite]
Mr. Zephyr's opinion:
In some ways, you've already answered your question.
Don't ever think for a second think that, "We have to do it this way because it's cheap." Instead, think of the requirements your organization needs and then think carefully about the best way to fill them. Don't look at the solution first if you don't even know what the problems are to begin with. Doing it the best way won't always be the cheapest, but it will cause the least amount of headaches and strife down the road. From there, develop the "Golden Egg" which will give your organization everything you want and need and then only after you have delivered your proposal and mentioned to everyone what it can do, then consider making compromises. Ultimately, a cheap solution which needs to be replaced because it doesn't fit the needs of the organization anymore equates to the more expensive solution which should have been implemented in the first place to begin with.
In any small organization, you will want these services:
- Centralized Anti-Virus / Anti-Malware Management (As you've mentioned before)
- Active Directory for authentication, file permissions control, auditing and quota management
- Domain Group Policy Enforcement
- File and Print Services
- Localized DNS, DHCP, Time services and perhaps even a local Wiki
- Data Backup capabilities
Unfortunately, a local NAS can't really provide any of the services above. Since a NAS is raw file storage, you will have issues trying to manage permissions on it, especially if you have different security requirements for different employees or interns.
When I started with the company I work with now, we had 14 employees and it was very necessary to have all of the basic services above. Without them, things will quickly degenerate into havoc and mayhem.
Windows Server (As expensive as it is) is incredibly powerful and extremely granular. You can control things which are completely unheard of if you know what you are doing. (That's the key trick.)
More to the point, let's say that an intern accidentally deletes 50 GB of files on your shared storage. How do you find out who did it, when they did it and how do you recover those files? If you had just a NAS, you'd be pretty much hooped. I can say, "Hey Alan, why did you delete 50 GB of files yesterday afternoon?" then I can simply recover them using Shadow Copies, which is near instant. Even if I wasn't using Shadow Copies, I can still use the built-in Backup software to recover the files from yesterday afternoon.
While you say you are a non-profit which won't grow, Murphy's law says you will. It's always good to design your IT infrastructure with a strong foundation from the get go instead of using a kludge which will work for the meanwhile and in the present, but will fall down as soon as you need it to scale.
FYI, as convenient as a NAS is, most "Prosumer" grade NAS's handle limited I/O and don't scale well. As soon as you hit the I/O limit on a NAS, everyone will start complaining about it. (All it takes is one user to slow everything down for everyone else.) It can be very difficult to find out what is causing the I/O and even more difficult to stop it. It's a lot easier to find out on a Windows server.
One other thing. If the NAS falls over and dies, who fixes it? The solution is to send it back to the company for warranty repair. (If it's still under warranty) Do you think your organization could live without it's NAS for four to six weeks? Again, it comes down to thinking about the organization first before the pocketbook.
All of the major server vendors offer an 8x5xNext business Day warranty or if you pay for it, a 24x7x4 hour response that you just simply can't beat. I've had a friend whose servers were taken out with lightening strikes, his UPS was a pile of smouldering junk and Dell had replaced all of the hardware in his servers by the next business day.
My advice is, get a new brand-name (ie. HP, IBM or Dell) server with a supportable on-site warranty and put a copy of Windows Server 2008 Standard on it. Buy the necessary licenses and consider it necessary. You won't regret it and the management will be happy with you because it just won't go down. (Or if it does, it won't be for very long.)
posted by Calzephyr at 6:00 PM on January 11, 2011
In some ways, you've already answered your question.
Don't ever think for a second think that, "We have to do it this way because it's cheap." Instead, think of the requirements your organization needs and then think carefully about the best way to fill them. Don't look at the solution first if you don't even know what the problems are to begin with. Doing it the best way won't always be the cheapest, but it will cause the least amount of headaches and strife down the road. From there, develop the "Golden Egg" which will give your organization everything you want and need and then only after you have delivered your proposal and mentioned to everyone what it can do, then consider making compromises. Ultimately, a cheap solution which needs to be replaced because it doesn't fit the needs of the organization anymore equates to the more expensive solution which should have been implemented in the first place to begin with.
In any small organization, you will want these services:
- Centralized Anti-Virus / Anti-Malware Management (As you've mentioned before)
- Active Directory for authentication, file permissions control, auditing and quota management
- Domain Group Policy Enforcement
- File and Print Services
- Localized DNS, DHCP, Time services and perhaps even a local Wiki
- Data Backup capabilities
Unfortunately, a local NAS can't really provide any of the services above. Since a NAS is raw file storage, you will have issues trying to manage permissions on it, especially if you have different security requirements for different employees or interns.
When I started with the company I work with now, we had 14 employees and it was very necessary to have all of the basic services above. Without them, things will quickly degenerate into havoc and mayhem.
Windows Server (As expensive as it is) is incredibly powerful and extremely granular. You can control things which are completely unheard of if you know what you are doing. (That's the key trick.)
More to the point, let's say that an intern accidentally deletes 50 GB of files on your shared storage. How do you find out who did it, when they did it and how do you recover those files? If you had just a NAS, you'd be pretty much hooped. I can say, "Hey Alan, why did you delete 50 GB of files yesterday afternoon?" then I can simply recover them using Shadow Copies, which is near instant. Even if I wasn't using Shadow Copies, I can still use the built-in Backup software to recover the files from yesterday afternoon.
While you say you are a non-profit which won't grow, Murphy's law says you will. It's always good to design your IT infrastructure with a strong foundation from the get go instead of using a kludge which will work for the meanwhile and in the present, but will fall down as soon as you need it to scale.
FYI, as convenient as a NAS is, most "Prosumer" grade NAS's handle limited I/O and don't scale well. As soon as you hit the I/O limit on a NAS, everyone will start complaining about it. (All it takes is one user to slow everything down for everyone else.) It can be very difficult to find out what is causing the I/O and even more difficult to stop it. It's a lot easier to find out on a Windows server.
One other thing. If the NAS falls over and dies, who fixes it? The solution is to send it back to the company for warranty repair. (If it's still under warranty) Do you think your organization could live without it's NAS for four to six weeks? Again, it comes down to thinking about the organization first before the pocketbook.
All of the major server vendors offer an 8x5xNext business Day warranty or if you pay for it, a 24x7x4 hour response that you just simply can't beat. I've had a friend whose servers were taken out with lightening strikes, his UPS was a pile of smouldering junk and Dell had replaced all of the hardware in his servers by the next business day.
My advice is, get a new brand-name (ie. HP, IBM or Dell) server with a supportable on-site warranty and put a copy of Windows Server 2008 Standard on it. Buy the necessary licenses and consider it necessary. You won't regret it and the management will be happy with you because it just won't go down. (Or if it does, it won't be for very long.)
posted by Calzephyr at 6:00 PM on January 11, 2011
I'm running 120 school workstations without centralized antivirus management, using Panda Cloud Antivirus. It works fine. Unusually for a freeware AV tool, its licence terms allow a non-profit to run it on an unlimited number of machines.
I do run a Squid proxy that means we're not downloading 120x as much signature update data as we need to, but I'd be doing that anyway with 120 web browsers in the school. Any kind of NAS that has Linux under the hood should be persuadable to function as a Squid proxy, for what that's worth. With three users I wouldn't bother.
We're still using Windows Server 2003 to serve files, mainly because it supports the nice NTFS access control model and lets me do stuff with Group Policy that I don't know how to do with Samba. But I look at it sideways a little more every year (it's virtualized, so I'll never have a hardware-driven need to replace it).
Most NAS boxes do use Linux or BSD under the hood, so they implement a Unix-like permissions model that's nowhere near as flexible as the one NTFS gives to a Windows server. OTOH, I'd be very, very surprised to learn that a <10 user org needs more permission control than the Unix model makes easy.
Have you considered kicking Windows in the head entirely and just going Linux top to bottom? Not only would this completely obviate the need for any kind of antivirus, it would save you a little over $100 per workstation in Windows licences, which would probably add up to enough to pay for your NAS.
I've never really understood why it makes sense for a small NGO to pay a huge corporation for the same lack of support they could get for free.
posted by flabdablet at 12:05 AM on January 12, 2011
I do run a Squid proxy that means we're not downloading 120x as much signature update data as we need to, but I'd be doing that anyway with 120 web browsers in the school. Any kind of NAS that has Linux under the hood should be persuadable to function as a Squid proxy, for what that's worth. With three users I wouldn't bother.
We're still using Windows Server 2003 to serve files, mainly because it supports the nice NTFS access control model and lets me do stuff with Group Policy that I don't know how to do with Samba. But I look at it sideways a little more every year (it's virtualized, so I'll never have a hardware-driven need to replace it).
Most NAS boxes do use Linux or BSD under the hood, so they implement a Unix-like permissions model that's nowhere near as flexible as the one NTFS gives to a Windows server. OTOH, I'd be very, very surprised to learn that a <10 user org needs more permission control than the Unix model makes easy.
Have you considered kicking Windows in the head entirely and just going Linux top to bottom? Not only would this completely obviate the need for any kind of antivirus, it would save you a little over $100 per workstation in Windows licences, which would probably add up to enough to pay for your NAS.
I've never really understood why it makes sense for a small NGO to pay a huge corporation for the same lack of support they could get for free.
posted by flabdablet at 12:05 AM on January 12, 2011
Please, stop paying Bill extra $$$. He doesn't need any more money and you probably can't afford to pay it anyway.
The deal with purchasing the right NAS is that all your investment can be put into purchasing the right hardware. Your budget might be $5K. That will buy you a pretty fancy NAS with all the bells and whistles. You then don't need to budget $xK for the latest Windows Small Business Server plus 7 access licenses. In fact, here is a nice NAS for only $500. Your IT consultant should be able to help you with the right sized NAS for your needs. And you're saving money already!
Yes, having a server does give you the benefits of centralising things like AV and security, but for a 7 person shop this really isn't necessary. For example:
1) Printers can be set to print directly to a TCP/IP port. No need for a print server.
2) Higher-end NAS can be set to have enough perms that no one who "shouldn't" be accessing files accesses them. The NAS I recommended above has just that function.
3) With only half a dozen PCs in the shop, centralised AV monitoring is overkill. Just get a good AV product (Avira springs to mind) and let each user manage their own - not hard, Avira will pretty much manage itself once it is set up. And if you don't trust your users, you can always password protect the settings and keep the password secret!
4) DNS and DHCP can be provided to you courtesy of your internet modem/router. Even the cheapest nastiest modem/router will do this.
5) As you've mentioned, cloud backup is a good idea. There are many different services available.
One thing to consider when hiring IT consultants - a lot of them will *insist* on the Windows server route. I would ask three or four to visit you and have a look at your environment, and draw up a proposal. Be pretty insistent on the fact that you don't want a server, but want to run with a NAS. On second thoughts, ask your friend with the NAS to give you his IT service providers' details, and just go with them.
Best of luck!
posted by humpy at 5:31 AM on January 12, 2011
The deal with purchasing the right NAS is that all your investment can be put into purchasing the right hardware. Your budget might be $5K. That will buy you a pretty fancy NAS with all the bells and whistles. You then don't need to budget $xK for the latest Windows Small Business Server plus 7 access licenses. In fact, here is a nice NAS for only $500. Your IT consultant should be able to help you with the right sized NAS for your needs. And you're saving money already!
Yes, having a server does give you the benefits of centralising things like AV and security, but for a 7 person shop this really isn't necessary. For example:
1) Printers can be set to print directly to a TCP/IP port. No need for a print server.
2) Higher-end NAS can be set to have enough perms that no one who "shouldn't" be accessing files accesses them. The NAS I recommended above has just that function.
3) With only half a dozen PCs in the shop, centralised AV monitoring is overkill. Just get a good AV product (Avira springs to mind) and let each user manage their own - not hard, Avira will pretty much manage itself once it is set up. And if you don't trust your users, you can always password protect the settings and keep the password secret!
4) DNS and DHCP can be provided to you courtesy of your internet modem/router. Even the cheapest nastiest modem/router will do this.
5) As you've mentioned, cloud backup is a good idea. There are many different services available.
One thing to consider when hiring IT consultants - a lot of them will *insist* on the Windows server route. I would ask three or four to visit you and have a look at your environment, and draw up a proposal. Be pretty insistent on the fact that you don't want a server, but want to run with a NAS. On second thoughts, ask your friend with the NAS to give you his IT service providers' details, and just go with them.
Best of luck!
posted by humpy at 5:31 AM on January 12, 2011
This thread is closed to new comments.
You may want to consider going completely to the cloud with Dropbox or similar. I'm getting less and less enamored with on-site servers as time goes on. Of course, your requirements and your internet connection may not allow a complete cloud solution, but it sure is nice outsourcing that stuff.
Whatever you do, remember that you are not terribly interested in backups--it's recovery that's really important. Test your backup setup by regularly trying to recover files, not just seeing if the backup task completed.
posted by RikiTikiTavi at 4:33 PM on January 11, 2011