Two homes for very disabled adults, about 20 miles apart. Same company runs both homes, but there are offices at both locations.
There's a lot of confidential data involved... perhaps nothing too special but because these people can't speak for themselves that makes it special. Data cannot be backed up to the cloud.
There are no more than 8 total computers in use. Two Macbooks, three new PCs I just built and deployed, and some older PCs.
There is almost no backups taking place, and management recognizes this as a problem but is hesitant to spend too much on it. They need a backup solution that is easy to maintain and keep running.
On any given day, it's unlikely that these two offices create more than 10mb of new data. It's just Word, Excel, Quicken, that sort of thing.
One office maintains a microwave link for the Director, who lives in a location with no broadband, but this should not enter into the equation too much. She does very little work from home.
Existing 10/100 network is not quite adequate for everything, so I'm adding a couple switches... no big deal there.
First question: I need to create a VPN. I think both sites currently have cable broadband. What's a good resource or walk-through that will help me get this done with minimal fuss?
I think I want an NAS at each site. I was originally thinking I wanted the two NASes to be synced so that the two offices would backup locally then sync at night... this would create the redundant backup that is needed, at separate sites. Now I think that is way more difficult than I thought it would be.
So, I'm thinking one NAS will be the backup and the second NAS will simply be the the backup of the backup. Does that make sense to you? Will the small amounts of data involved mean that incremental backups to the other office be no big deal?
Lastly, what two NASes are needed? Soft budget of $450 includes two switches and some Cat 5e, so let's just say a soft budget of $400.
First what types of gateway / border devices are you using? I'm assuming some cheap SOHO routers?
If their DD-WRT compatible you can reflash them with DD-WRT supporting OpenVPN and use that to create your encrypted VPN tunnel. I'd choose OpenVPN over IPSEC due to simplicity coupled with security.
Next is the infrastructure of the sites themselves. It looks like your using a mixed environment with both Windows and Mac's, will this environment be semi-secure or are you allowing people to log in with admin privileges? This really sounds like something you want to run with MS Home server on a small Mini-ITX box that has large HDD's attached to it. This would create a central DNS / authentication mechanism and make backup's easy. Don't know if your budget allows for that, you might be stuck burning DVD's. I personally rarely support commercial "NAS" box's because their slightly cheaper then a small Mini-ITX server and provide less functionality.
I was wondering about the routers. I'll have to go check on those. Probably both Linksys. I have used DD-WRT before but that was a while back.
As far as admin privileges go the macs are still a mystery to me. The other machines all have separate admin accounts.... However, wireless access is given currently for general staff internet access. Laptops and smartphones, etc.
Pretty sure redundant backups are needed... what if I threw together an older Pentium 4 machine for one site and then backed that up to an NAS at the other site? There is an SBS 2008 license... I believe.
If you have access to a SBS license then don't bother with anything labeled "NAS" unless you have zero experience with running a windows server. Attaching a large HDD to a windows server and sharing it out constitutes a "NAS", they really are a rip off for price vs value. And the bonus is you can use NT Backup to backup your data to either removable media or some USB device. If you don't want NT Backup you have dozens of free opensource available options that all run on Windows.
I was recommending DD-WRT because it will have everything you need to create a permanent encrypted tunnel between the sites. It may require you to get very familiar with static routing and how to manage multiple subnets.