Time to ditch the workgroup and take it up a notch?
April 1, 2011 11:01 AM Subscribe
Need input on upgrading from a hodgepodge workgroup-based small office network to something more centrally-managed.
We're a small business (retail store, service department, copy shop) with 15 workstations and a dozen printers of varying types. Our network is currently a hodgepodge of assorted desktops of varying age, all running WinXP Pro. Most are Athlon-era, with 256MB RAM. The current demands on all but a few of the workstations are minimal, all they do is run our aging telnet-based (yeah) POS software.
It is a basic workgroup-based network, we have no server and no domain controller, though we do have one XP Pro box acting as a sort of smart NAS, and running nightly backups.
At the first of the year, we will be doing a major upgrade of our Point-Of-Sale (POS) software, which has significantly steeper system requirements. This is an ideal time to do some major housekeeping, and instead of having 15 completely unique deal-of-the-day workstations, we'll finally have some uniformity.
I'm thinking this is also a prime opportunity to set up a file and print server, and go to Server 2008, for ease of management as well as ditching XP's 10-connection limit. As it is now, we have user accounts and passwords replicated across many of the workstations, and doing basic maintenance like updates, antivirus upgrades etc. is a real pain. I would really like to have more centralized user management and be able to push updates and remotely manage problems. I'm also considering Exchange, as right now we have a dozen or so of the workstations all with their own e-mail accounts from our ISP, all using Thunderbird. So, a user has to be on "their" PC to be able to check their e-mail. I'd like to make the e-mail more centralized, not only for management but for backups and archiving as well.
So, to boil it down to bullets:
•I would like centralized user management instead of duplicating things on several workstations.
•When users log in to their account, their documents, e-mail etc. should be available to them, whatever PC are currently using.
•I would like to be able to push mass updates out to all the workstations, not only for Windows updates but for Office, and for whatever antivirus flavor we go with as well. (Right now it's individual AVG licenses; these expire at year end so I'm fine with changing.)
Assuming a pool of new and capable Win7 Pro workstations and a well-built server running Server '08, will I need additional software or hardware to cover my three main bullets above?
Contracting this out is just not an option; it's going to be like squeezing blood from a stone just to get the hardware upgrades as it is. I have set up Server 2003 at home, though I have not done anything quite of this scale before. I am planning to make the purchases several months in advance, and do a small test rollout to learn and get familiar before fully deploying at year-end.
We're a small business (retail store, service department, copy shop) with 15 workstations and a dozen printers of varying types. Our network is currently a hodgepodge of assorted desktops of varying age, all running WinXP Pro. Most are Athlon-era, with 256MB RAM. The current demands on all but a few of the workstations are minimal, all they do is run our aging telnet-based (yeah) POS software.
It is a basic workgroup-based network, we have no server and no domain controller, though we do have one XP Pro box acting as a sort of smart NAS, and running nightly backups.
At the first of the year, we will be doing a major upgrade of our Point-Of-Sale (POS) software, which has significantly steeper system requirements. This is an ideal time to do some major housekeeping, and instead of having 15 completely unique deal-of-the-day workstations, we'll finally have some uniformity.
I'm thinking this is also a prime opportunity to set up a file and print server, and go to Server 2008, for ease of management as well as ditching XP's 10-connection limit. As it is now, we have user accounts and passwords replicated across many of the workstations, and doing basic maintenance like updates, antivirus upgrades etc. is a real pain. I would really like to have more centralized user management and be able to push updates and remotely manage problems. I'm also considering Exchange, as right now we have a dozen or so of the workstations all with their own e-mail accounts from our ISP, all using Thunderbird. So, a user has to be on "their" PC to be able to check their e-mail. I'd like to make the e-mail more centralized, not only for management but for backups and archiving as well.
So, to boil it down to bullets:
•I would like centralized user management instead of duplicating things on several workstations.
•When users log in to their account, their documents, e-mail etc. should be available to them, whatever PC are currently using.
•I would like to be able to push mass updates out to all the workstations, not only for Windows updates but for Office, and for whatever antivirus flavor we go with as well. (Right now it's individual AVG licenses; these expire at year end so I'm fine with changing.)
Assuming a pool of new and capable Win7 Pro workstations and a well-built server running Server '08, will I need additional software or hardware to cover my three main bullets above?
Contracting this out is just not an option; it's going to be like squeezing blood from a stone just to get the hardware upgrades as it is. I have set up Server 2003 at home, though I have not done anything quite of this scale before. I am planning to make the purchases several months in advance, and do a small test rollout to learn and get familiar before fully deploying at year-end.
Best answer: Sounds like Small Business Server would be perfect for your needs - it's basically a domain controller with a cut down version of exchange and a relatively friendly GUI for managing your users and their mail.
WSUS will take care of OS, Office and AV updates for you, it will run on SBS quite happily, though you will need to do some reading to get your head around it. Group Policy is not really a good choice for the deluge of updates that MS push out. Alternatively, you can just set each workstation to keep themselves up to date, though this will use considerably more bandwidth.
Agree on Security Essentials. There's no need to buy a 3rd party AV any more, though I'd keep Malwarebytes handy for browser security.
You can get an eval of SBS from MS
posted by nicktf at 12:30 PM on April 1, 2011
WSUS will take care of OS, Office and AV updates for you, it will run on SBS quite happily, though you will need to do some reading to get your head around it. Group Policy is not really a good choice for the deluge of updates that MS push out. Alternatively, you can just set each workstation to keep themselves up to date, though this will use considerably more bandwidth.
Agree on Security Essentials. There's no need to buy a 3rd party AV any more, though I'd keep Malwarebytes handy for browser security.
You can get an eval of SBS from MS
posted by nicktf at 12:30 PM on April 1, 2011
I am going to get hated on a bit, but for something that size, consider a mac based office...
Mac mini server for the out of the box stuff - open directory, etc.
Remote Desktop to manage workstations.
Google apps for domains for the email.
I believe it will be cheaper, simpler and more centralized than an equivalent windows installation.
You really don't need to do exchange...and you're not doing a lot of directory stuff today.
posted by iamabot at 12:33 PM on April 1, 2011
Mac mini server for the out of the box stuff - open directory, etc.
Remote Desktop to manage workstations.
Google apps for domains for the email.
I believe it will be cheaper, simpler and more centralized than an equivalent windows installation.
You really don't need to do exchange...and you're not doing a lot of directory stuff today.
posted by iamabot at 12:33 PM on April 1, 2011
Response by poster: Thanks for the input so far. :)
Mac is not an option; the new POS software is .NET-based, and does not work with Mono. (It frustrates me to no end that this stupid software that we are married to is the only thing keeping us from being 100% Linux.)
The main reason I was considering Exchange (and perhaps I'm taking the wrong approach here) was for easier access to e-mail and for better archiving of old messages. As it is now, we have Thunderbird installed on several workstations, setup with IMAP accounts from our ISP. Using Small Business Server, can I set things up so that when a user logs into their account, from any computer, when they open Thunderbird (or, if necessary, Outlook or another e-mail client) it opens up with their profile, account info, messages, folders etc? If so, that'd satisfy me.
posted by xedrik at 1:18 PM on April 1, 2011
Mac is not an option; the new POS software is .NET-based, and does not work with Mono. (It frustrates me to no end that this stupid software that we are married to is the only thing keeping us from being 100% Linux.)
The main reason I was considering Exchange (and perhaps I'm taking the wrong approach here) was for easier access to e-mail and for better archiving of old messages. As it is now, we have Thunderbird installed on several workstations, setup with IMAP accounts from our ISP. Using Small Business Server, can I set things up so that when a user logs into their account, from any computer, when they open Thunderbird (or, if necessary, Outlook or another e-mail client) it opens up with their profile, account info, messages, folders etc? If so, that'd satisfy me.
posted by xedrik at 1:18 PM on April 1, 2011
Best answer: SBS is the way to go here, you are the perfect use case. Active Directory, Group Policy Management and WSUS will solve a lot of your problems very nicely. Keep in mind it only comes with 5 CALs out of the box, you will need to purchase 10 more.
Regarding email, Exchange\Outlook will get you the functionality you want, however there is licensing cost involved (for Outlook or Office) and it also means you need to start being responsible for the uptime of your mail server. From your comments it doesn't sound like this will be a cost effective solution. Instead, consider Google Apps (the free version). Everyone knows how to use Gmail already, so migration is fairly painless, and you don't need to worry about backups and loss of productivity due to down time. This also achieves your goal of user mobility for email. If you have users with Android smart phones you can also deploy 2 factor authentication very easily and for free, so that's very nice as well. Your only real responsibility is to ensure connectivity, which is easily done by just having two WAN links (say, cable and DSL) and a dual WAN router with failover (if buying a router like this is problematic, be aware you can make one pretty easily out of your spare hardware and some know how).
Regarding AV, I like MSE too, but you should know that you can only have a maximum of 10 PC's running it in a small business. And besides MSE does not achieve your goals of centralized management\reporting. Reporting is key. When a computer you manage gets pwned or doesn't get updates, you have to know about it quickly so you can remediate and isolate. When someone downloads a trojan exploiting a Windows zero day that tries (and hopefully fails) to spread across your infrastructure, then you will know and appreciate why this is important. I recommend Sophos Anti Virus, the client is lightweight and the management console is easy to use. The package I've linked is for the AV only, no firewall, but you can easily get by with the Win7 FW and GPOs to manage. But whatever you do, do not buy Symantec Endpoint Protection 11. Do not. You will regret it.
One bit of advice from an IT guy who is used to having not a lot of money. Beware of just having one server that does everything, because it becomes a single point of failure when all your users are depending on it for shared documents, authentication services, etc etc. Backups are very important, but even more important (I think) than backups is availability. Don't just ask yourself how you would recover from a server failure. Ask yourself how fast can you do it. Your RTO (recovery time objective) depends on how much risk the business is willing to tolerate and what your work environment is like, so that's a discussion for you and whoever controls the budget to have, but definitely have it.
posted by tracert at 5:26 PM on April 1, 2011 [1 favorite]
Regarding email, Exchange\Outlook will get you the functionality you want, however there is licensing cost involved (for Outlook or Office) and it also means you need to start being responsible for the uptime of your mail server. From your comments it doesn't sound like this will be a cost effective solution. Instead, consider Google Apps (the free version). Everyone knows how to use Gmail already, so migration is fairly painless, and you don't need to worry about backups and loss of productivity due to down time. This also achieves your goal of user mobility for email. If you have users with Android smart phones you can also deploy 2 factor authentication very easily and for free, so that's very nice as well. Your only real responsibility is to ensure connectivity, which is easily done by just having two WAN links (say, cable and DSL) and a dual WAN router with failover (if buying a router like this is problematic, be aware you can make one pretty easily out of your spare hardware and some know how).
Regarding AV, I like MSE too, but you should know that you can only have a maximum of 10 PC's running it in a small business. And besides MSE does not achieve your goals of centralized management\reporting. Reporting is key. When a computer you manage gets pwned or doesn't get updates, you have to know about it quickly so you can remediate and isolate. When someone downloads a trojan exploiting a Windows zero day that tries (and hopefully fails) to spread across your infrastructure, then you will know and appreciate why this is important. I recommend Sophos Anti Virus, the client is lightweight and the management console is easy to use. The package I've linked is for the AV only, no firewall, but you can easily get by with the Win7 FW and GPOs to manage. But whatever you do, do not buy Symantec Endpoint Protection 11. Do not. You will regret it.
One bit of advice from an IT guy who is used to having not a lot of money. Beware of just having one server that does everything, because it becomes a single point of failure when all your users are depending on it for shared documents, authentication services, etc etc. Backups are very important, but even more important (I think) than backups is availability. Don't just ask yourself how you would recover from a server failure. Ask yourself how fast can you do it. Your RTO (recovery time objective) depends on how much risk the business is willing to tolerate and what your work environment is like, so that's a discussion for you and whoever controls the budget to have, but definitely have it.
posted by tracert at 5:26 PM on April 1, 2011 [1 favorite]
I know that you mentioned Mac OS X is not an option due to a POS system, but...... if it's at all a possibility that you could switch POS systems (since you're going to do a major upgrade anyhow it appears), take a look at the new SQL-based "EVO" point-of-sale system from POSIM. I chose it for our new retail store and it was functioned flawlessly for 6 months now - even during a beta period that I volunteered up for to get a nice upfront discount for being a guinea pig. It comes in both Windows and OS X flavors, but I can only vouch for the OS X version.
Again, I only mention this because of your comment that Macs were not an option due to the POS issue. If there is a way to influence thinking on the POS, then iamabot is spot on re. going the Mac route. We've love our business Macs. Also, take a look at the new Apple "Joint Venture" program for small business. I think it's fair to say that Apple is on the cusp of making big inroads into the business market.
(No, I don't work for Apple or the POS company - just a very satisfied user of both).
posted by webhund at 8:27 PM on April 1, 2011
Again, I only mention this because of your comment that Macs were not an option due to the POS issue. If there is a way to influence thinking on the POS, then iamabot is spot on re. going the Mac route. We've love our business Macs. Also, take a look at the new Apple "Joint Venture" program for small business. I think it's fair to say that Apple is on the cusp of making big inroads into the business market.
(No, I don't work for Apple or the POS company - just a very satisfied user of both).
posted by webhund at 8:27 PM on April 1, 2011
Response by poster: Thanks all, this gives me a lot to work with. :) You make some good points, tracert, and putting all our eggs in one basket server-wise is a concern that has been on my mind. I'll likely wind up splitting it up. The Google route isn't something I'd considered, but I will look into it. We are already on a dual-WAN router (Cable & DSL) because our daily operations are already utterly dependent on internet connectivity.
Thanks for the tip, webhund, but despite its many shortcomings, the system we're using (ECI/Britannia) is nicely tailored to the office products industry, and does what we need very well. We have tried some of the competing products, and this really is the best fit for us.
Now to go digest all of this! :)
posted by xedrik at 3:59 PM on April 2, 2011
Thanks for the tip, webhund, but despite its many shortcomings, the system we're using (ECI/Britannia) is nicely tailored to the office products industry, and does what we need very well. We have tried some of the competing products, and this really is the best fit for us.
Now to go digest all of this! :)
posted by xedrik at 3:59 PM on April 2, 2011
This thread is closed to new comments.
Some combination of Roaming Profiles and Folder Redirection gets user configs and data between machines.
Group Policy can do software installation, but it's not what I would call pleasant. If you are determined, and want to spend the time, many applications can be managed through group policy installations.
For anti virus/malware: go with Microsoft Security Essentials, while there isn't central management and verification of runs, it is free.
posted by fief at 12:05 PM on April 1, 2011