Readers' choice: What every small-business sysadmin needs

The essential toolkit

Reducing the cost and complexity of web vulnerability management

That personal touch

An Anonymous Coward would like to know about my personal recommendations.

"Trevor, for the small-business space (where there are fewer economies of scale to be had unless you already have a plethora of clients) are there any specific recommendations you would make? I know of a couple of small-business owners who I know for a fact have jack all in the way of backups, little to no protection from anything (intrusion, virus, spam etc) and free-for-all Windows setups (isn't full admin so much easier?).

"I am thinking of perhaps introducing a small server unit such as a HP Microserver hosting CentOS/ClearOS or similar hosting proxy, files and other monitoring services to try and get a little more resilience. Cost is always a key function here as we are talking <10 employees at present. Anon because with their setups they need to be too."

As this is a direct question about my personal preference and usage I am going to put aside any pretense of neutrality or objectivity.

The only thing worse than having to do a task is having to do it twice

Let me preface my response with the following caveat: I am incredibly, incredibly lazy. The only thing worse than having to do a task is having to do it twice.

That being so, I have learned over time that no matter how desperately impoverished my clients are, or how miserable the licensing is for small businesses, you pays your money and you use the tools that make your life easier.

So at the end of the day, what do I trust my business to?

Many small businesses in my stable (including my own) are work-from-home type affairs. When you get more staff members this can lead to a dozen or more sites for a company with as many people.

In this world, "cloud computing" extends as far as email and website hosting and people use Dropbox for backups. After I am done slapping their wrists, I set them up with KineticD for backups. It is the perfect company's first backup solution, and having talked to the folks in charge I trust them – absolutely critical for a cloud backup company.

My customers want Dropbox-like functionality, but I am not so keen. Brushing Dropbox's outrageously tone-deaf moves under the rug for a moment, I am not okay with a cloud storage company that can peer into my storage enough to remove files under DMCA requests.

So I use Sync.com. It encrypts at rest and in flight. It stores the data in Canada, has a minimal (company front-end website is on AWS) American legal attack surface and – critical once again – after doing my due diligence and talking up the brass hats there, I trust the company.

If my clients have a setup large enough to be hosting virtual machines then I lean heavily on Veeam. The software is decent and it employs great people like Rick Vanover. The support I have received from the company makes it absolutely without question worth every penny it asks, and more.

Step up in scale and I am reliant on Unitrends for backups. Its appliances just work, and it does application-aware backups quite well.

Katie Drucker can always be found on Twitter or on the Spiceworks forums, and whenever there is a problem this lady and her team make it go away. Normally I would praise support staff but here it is the social media team that solves the problems, and solves them quickly.

Perimeter defences are a bit trickier. For all the poo that gets flung at consumer equipment vendors, Netgear has stood out for me as having the best "stack".

Netgear has a unified threat management device that does exactly what it says on the tin. It serves as an IDS, incoming mail scanner, HTTP virus scanner, application layer gateway, VPN box and so forth. It isn't as awesome as a Palo Alto networks unit but it is perfect for the target market.

The Netgear box can store its logs and so forth on a Netgear NAS. The company's Wi-Fi routers integrate with the system as well and when you put it all together you get a setup that is reasonably secure, assuming you don't do stupid things like "open the management port to the WAN".

While most of my clients use Google Apps for email, several prefer to host their own. Those with data sovereignty concerns rely on either the above-mentioned Netgear UTM for mail filtering or a Barracuda Networks Spam Firewall. Those without the data sovereignty concerns use Symantec's Mail Security for Exchange.

I refuse to build another Linux-based mail scanning virtual machine so long as I live. The appliances are good enough and proper email scanning – or hosting – is cheap enough that anyone can afford it. Pay the tithe and move on.

I am in many ways dependent upon Synology. Microsoft murdered Small Business Server, and I will be damned before I legitimise its SMB-hostile business practices by paying octuple the cost of running your own widget just so it can get a cloudy subscription fee. The closest replacement that doesn't make me want to go play in traffic is a Synology Diskstation.

Nearly everything I wanted out of Small Business Server I can get from a Synology Diskstation, with the exception of decent email. Google or Zimbra can provide that and off we go.

The majority of the Synology units I have out there are five-disk 1513+ boxes. This is critical because I can pair them in HA with an ioSafe 1513+ and have highly available storage where one node can literally take a bullet and one can survive being burned alive.

What's more, I have tested it – quite literally – to destruction. I know this setup works, and works well.

I use GFI LanGuard for my semi-annual "you haven't been patching and I can prove it" wrist-slapping, and ever since I have tested its GFI Cloud endpoint management solution, I have been increasingly deploying that too.

Spiceworks is obviously my network monitoring tool of choice, and I would be lost without TeamViewer.

On the virtualisation side of things: VMware, VMware, a thousand times VMware. SCVMM is the single most frustrating product I have ever used. I don't care about the marketing crap about "Hyper-V is free"; Hyper-V is a pain in the ASCII to manage unless you have a team of nerds doing it at scale.

VMware Essentials Plus is cheap enough for just about anyone and when you add CloudPhysics to the mix you can manage vSphere instances from a lot of different companies in a proactive fashion.

Reducing the cost and complexity of web vulnerability management

Next page: Horses for courses

More from The Register

next story
Wanna keep your data for 1,000 YEARS? No? Hard luck, HDS wants you to anyway
Combine Blu-ray and M-DISC and you get this monster
US boffins demo 'twisted radio' mux
OAM takes wireless signals to 32 Gbps
Apple flops out 2FA for iCloud in bid to stop future nude selfie leaks
Millions of 4chan users howl with laughter as Cupertino slams stable door
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
Students playing with impressive racks? Yes, it's cluster comp time
The most comprehensive coverage the world has ever seen. Ever
Run little spreadsheet, run! IBM's Watson is coming to gobble you up
Big Blue's big super's big appetite for big data in big clouds for big analytics
Seagate's triple-headed Cerberus could SAVE the DISK WORLD
... and possibly bring us even more HAMR time. Yay!
prev story


Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.