Sign in with
Sign up | Sign in
Your question

File server for small business

Last response: in Networking
Share
May 6, 2010 4:09:44 AM

Hello guys,

One of my friend recently asked me to look into setting up a office file server for him, and I need some advice and direction please, thanks.

Requirements:
1) Host files in at least RAID 1, 250GB is suffice, 500GB preferred for future use
2) Hosted files should be accessable from within the LAN (Office A) and WAN (home and Office B)
3) Hosted files should be secured. Automatic full backup (per day up to 30 days, or per week up to 6months etc)

Number of concurrent user: 5 via Lan(Office A) and <15 via WAN (Office B)

Additional, but not essential requirements:
1) User authentication, files access control
2) Remote administration (server maintainance etc)

Budget: approx $1000 - $2000 USD

My understanding:
As far as simple file server goes, I know any modern Desktop with Win 7 Pro is good enough (say cheapest desktop from Dell with Win 7 Pro). This will host files and I can (somewhat) schedule backups, config RAID (provided I have RAID-enabled MB or RAID controller).

If I want to complicate things, I can use Ubuntu on any standard desktop, setup file sharing, and maybe config some accounts for access control.

The problem is not in LAN, LAN is simple and secured.

How do I make a simple "LAN file server" accessible from WAN is a bit tricky, I thought, I can install Apache Tomcat on it and register a free (or even paid) Dynamic DNS service to get a static URL to the server, but security and user accounts and performance start to worry me.

I should mention connection: Broadband 1000mbps downstream and unknown upstream, at least 8mbps I guess. With only maximum 20 concurrent users, 8mpbs should be too bad as most of the times its just text documents and small photos stored on the server, nothing huge like hi res video/graphics.

I am planning to use this connection for WAN access.

I am not worried about hardware, $1000 should get a decent machine with good storage facilities no problem. $2000 would provide huge capacity and higher level RAID and offer higher backup frequency.

There are so many ways of doing this and I feel a bit lost.

OS: Windows 7 Pro would work, I know theres Windows Server and it would probably be more suitable for 24/7 operation. However should I go Linux?

The company current has registered a domain, but no hosting. Would it be wise to purchase hosting and host everything in their server? But the sacrifice performance compared to accessing via LAN.

They say better question better reply, sorry for including so much in this first post, I hope someone would be kind enough to help me out and offer some advice. Thanks a lot.

May 6, 2010 4:24:38 AM

For WAN access I'd HIGHLY recommend using a VPN type of solution. I'm a huge fan of the Cisco ASA with SSLVPN based Anyconnect. There are plenty of cheaper VPN options out there, including some from Cisco as part of their "Small Business" offerings... I'd stay away from the IPSEC based VPN and use SSL though... much easier to traverse firewalls with it. If you go with a Cisco ASA you'll need to be ready to invest some serious time in learning how to configure / maintain it... it's NOT designed for your average Joe to pick up an instantly understand, but it's worth knowing. Either way no matter what solution you go with... the internal network MUST NOT be one of the stupid common ones that everyone uses at home like 192.168.1.0/24 or 192.168.0.0/24... if these overlap with a connecting client then the connecting client won't be able to access the remote resources once connected. (Your client will route packets locally instead of through the VPN) Look up RFC1918 for more information on other private address space that you can use that's less common. I like subnetting out a 24 bit network from the 10.0.0.0/8 address space personally.

Regarding the file server why not just get one of those stand alone NAS boxes? They have a nice web based gui, RAID, file shares accessible via SMB, AFS, NFS, and even HTTP on some of them... and you could EASILY accomplish what you're looking for under $500 bux with one.

Regarding "domain" you can do whatever you want there... if you want to host a web server it MUST be seperate from the file server and the normal private network. DO NOT USE THE DMZ FEATURE on most routers.... it's not the same. You need two seperate networks... one private, one dmz.
May 6, 2010 5:25:01 AM

Brian_tii said:
For WAN access I'd HIGHLY recommend using a VPN type of solution. I'm a huge fan of the Cisco ASA with SSLVPN based Anyconnect. There are plenty of cheaper VPN options out there, including some from Cisco as part of their "Small Business" offerings... I'd stay away from the IPSEC based VPN and use SSL though... much easier to traverse firewalls with it. If you go with a Cisco ASA you'll need to be ready to invest some serious time in learning how to configure / maintain it... it's NOT designed for your average Joe to pick up an instantly understand, but it's worth knowing. Either way no matter what solution you go with... the internal network MUST NOT be one of the stupid common ones that everyone uses at home like 192.168.1.0/24 or 192.168.0.0/24... if these overlap with a connecting client then the connecting client won't be able to access the remote resources once connected. (Your client will route packets locally instead of through the VPN) Look up RFC1918 for more information on other private address space that you can use that's less common. I like subnetting out a 24 bit network from the 10.0.0.0/8 address space personally.

Regarding the file server why not just get one of those stand alone NAS boxes? They have a nice web based gui, RAID, file shares accessible via SMB, AFS, NFS, and even HTTP on some of them... and you could EASILY accomplish what you're looking for under $500 bux with one.

Regarding "domain" you can do whatever you want there... if you want to host a web server it MUST be seperate from the file server and the normal private network. DO NOT USE THE DMZ FEATURE on most routers.... it's not the same. You need two seperate networks... one private, one dmz.


For future reference, Brian_Tii realise that you may not talking to a professional network administrator. Please keep the technical jargon to a minimal until you have an understanding of, well, what the askers level of understanding is.

The problem with the ASA appliance is that the new ISR's do alot of the same thing, so it ends up being redundant. If you get the K9 Security IOS you have alot of the same features as far as I can tell, including 3DES encryption. The problem also with using SSL over IPSEC is that it is also not as secure, and for somethings you really do need that extra security. Also realise that the equipment your suggesting is well above the stated budget, your talking about enterprise equipment for a small business. When you start talking about DMZ and such also realise that he did not mention anything about a website.

I do agree about the NAS box though; QNAP makes an excellent one that would take care of your file server needs, does everything you mentioned you needed.

For your needs, I would suggest that while you do use VPN, use one thats more affordable to your needs. A Linux or Windows 2008 Server based solution would probably be the most affordable, utilizing any old box that may be laying around. Said box, can also take care of your routing needs should the current hardware be insufficient. You could make this a file server as well, but I would advise against it.

What is their current router/firewall equipment? This information will allow us to help you take the best approach. A significant challenge I see is not only the upload speed of the connection (important information to find out), but also the fact that the connection your trying to establish a WAN connection/VPN over an internet connection which has a dynamic IP, which makes things harder.
Related resources
May 6, 2010 6:42:09 AM

sk1939 said:
For future reference, Brian_Tii realise that you may not talking to a professional network administrator. Please keep the technical jargon to a minimal until you have an understanding of, well, what the askers level of understanding is.



[#0005ff]Seems a little unfair, sk1939 - my first thought when I read the OP was that the poster had quite a level of knowledge in this field. There's always a fine line betwen appearing patronising and going over the head but I thought Brian_tii struck the right chord.

All I'd chip in to this is that I use Linux Suse 9.3 on a fairly old IBM X225 server with only 500Gb of hard disk space and it serves 47 boxes running XP Pro quite nicely. The clients save all their data into the server and there are no company data retained on the 80Gb hard disk in the Windows systems at all. My choice of Linux when I was given that contract was purely because I knew I could leave it running for a year and a day without it wanting to shut down for reasons of security updates and the like. Sitting behind the router's firewall is more than adequate protection and the clients all have the Windows software firewall turned on anyway.

I would let the hosting go out to a specialist and stick to serving the networks internal needs. Horses for courses, as they say.
[/#000ff]
May 7, 2010 1:20:18 AM

sk1939 said:
For future reference, Brian_Tii realise that you may not talking to a professional network administrator. Please keep the technical jargon to a minimal until you have an understanding of, well, what the askers level of understanding is.

The problem with the ASA appliance is that the new ISR's do alot of the same thing, so it ends up being redundant. If you get the K9 Security IOS you have alot of the same features as far as I can tell, including 3DES encryption. The problem also with using SSL over IPSEC is that it is also not as secure, and for somethings you really do need that extra security. Also realise that the equipment your suggesting is well above the stated budget, your talking about enterprise equipment for a small business. When you start talking about DMZ and such also realise that he did not mention anything about a website.

I do agree about the NAS box though; QNAP makes an excellent one that would take care of your file server needs, does everything you mentioned you needed.

For your needs, I would suggest that while you do use VPN, use one thats more affordable to your needs. A Linux or Windows 2008 Server based solution would probably be the most affordable, utilizing any old box that may be laying around. Said box, can also take care of your routing needs should the current hardware be insufficient. You could make this a file server as well, but I would advise against it.

What is their current router/firewall equipment? This information will allow us to help you take the best approach. A significant challenge I see is not only the upload speed of the connection (important information to find out), but also the fact that the connection your trying to establish a WAN connection/VPN over an internet connection which has a dynamic IP, which makes things harder.


I agree that an ASA isn't for beginners, hence the warning and mentioning he could look for some of the small business options as well. The original poster also didn't state their level of experience, or if they wanted to learn new / useful skills as part of this process. Regarding SSL vs IPSEC... I'd agree that there are advantages and disadvantages for each, but SSL is easier for most end users, and good enough for the vast majority of situations. You're right that the ISR will do same type of job, but he stated a preference towards security and not advanced routing protocols, so I suggested a security product... as I stated there were plenty of other products that would do the job. The Cisco ASA however is NOT outside of his stated budget, the 5505 starts at ~$400 for base licensing which would do almost everything he listed minus the possible cost of additional VPN licensing, which I believe he could get away with a AnyConnect Essentials license (See below for pricing links). I don't think buying a small server + Windows 2008 license would be any cheaper than that, and an ASA (or ISR) will be a lot more reliable since it doesn't have the hard disks to fail, a 5505 doesn't even have fans...

Regarding the DMZ topic, I was confused when the OP was asking about his customer's registered domain. I thought he meant he was considering hosting the site in house, after re-reading I can see how I was mistaken.


ASA Pricing:
http://www.cdw.com/shop/products/default.aspx?EDC=10650...

AnyConnect Essentials:
http://www.cdw.com/shop/products/default.aspx?EDC=19221...

SmartNet:
http://www.cdw.com/shop/products/default.aspx?edc=11860...
May 7, 2010 4:22:38 AM

Brian_tii said:
I agree that an ASA isn't for beginners, hence the warning and mentioning he could look for some of the small business options as well. The original poster also didn't state their level of experience, or if they wanted to learn new / useful skills as part of this process. Regarding SSL vs IPSEC... I'd agree that there are advantages and disadvantages for each, but SSL is easier for most end users, and good enough for the vast majority of situations. You're right that the ISR will do same type of job, but he stated a preference towards security and not advanced routing protocols, so I suggested a security product... as I stated there were plenty of other products that would do the job. The Cisco ASA however is NOT outside of his stated budget, the 5505 starts at ~$400 for base licensing which would do almost everything he listed minus the possible cost of additional VPN licensing, which I believe he could get away with a AnyConnect Essentials license (See below for pricing links). I don't think buying a small server + Windows 2008 license would be any cheaper than that, and an ASA (or ISR) will be a lot more reliable since it doesn't have the hard disks to fail, a 5505 doesn't even have fans...

Regarding the DMZ topic, I was confused when the OP was asking about his customer's registered domain. I thought he meant he was considering hosting the site in house, after re-reading I can see how I was mistaken.


ASA Pricing:
http://www.cdw.com/shop/products/default.aspx?EDC=10650...

AnyConnect Essentials:
http://www.cdw.com/shop/products/default.aspx?EDC=19221...

SmartNet:
http://www.cdw.com/shop/products/default.aspx?edc=11860...


Your right, the 5504 is within his budget...I'm too used to clients who order the 5520 or better. OP, do note that should you go with the 5504, you might have to move up a model if there are more than 10 people connecting at the same time. There used to be a time Anyconnect was bundled but I guess it isn't anymore.
May 7, 2010 5:11:17 AM

Haha, I hear ya... it's amazing how expensive they get... and even a 5510 is no where near the 5505 in pricing.

If you needed more than 10 concurrent users you'd just need to upgrade the license, not the hardware. Fully licensed though the 5505 is rated for 4000 connections per second and 25,000 concurrent... so it's got plenty of room to grow if they ever needed to. AnyConnect is still included, just only 2 concurrent users, hence the link to the other. Again, it may not be his BEST option, but the feature set might work really well for them if the OP wants to figure it out... which shouldn't be outside the realm of possiblity since the 5505 ships with a default "linksys like" config (plug it in and it "just works") and ASDM... which makes things at least a little easier for someone new.
May 8, 2010 4:52:06 PM

As you say the LAN portion is easily setup with file sharing as there are only 5 users you are under the limit of 10 connections. Have you looked at Easy File Sharing Web server for the WAN portion? It is simple to set up and cheap, around $50.
It let's you set up SSL connections, create certificates, access rules. You need to run it on the hosting computer or give it access to the share, set up user ID's and away you go.
The only thing I noticed was that unless you purchase a certificate from a trusted microsoft vendor, web browsers get the dreaded "Unknown certificate" error message when navigating to the URL, so if you want to avoid that, purchase a cert from Verisign or someone.
You may also need to find a free SMTP hosting site if you want to use the automated email password reset option as you likely can't set up a smtp mail server inside your LAN since you are not hosting.
May 8, 2010 4:56:45 PM

For the backups, you can use the Winzip command line processor and set it up in the task scheduler to run incrementals on any schedule you want. Just connect a USB Sata drive and force the drive letter to always use a specific letter with "USBDLM" freeware. Then set up Winzip archive command line to backup to that drive.
!