Readers' choice: What every small-business sysadmin needs
The essential toolkit
That personal touch
An Anonymous Coward would like to know about my personal recommendations.
"Trevor, for the small-business space (where there are fewer economies of scale to be had unless you already have a plethora of clients) are there any specific recommendations you would make? I know of a couple of small-business owners who I know for a fact have jack all in the way of backups, little to no protection from anything (intrusion, virus, spam etc) and free-for-all Windows setups (isn't full admin so much easier?).
"I am thinking of perhaps introducing a small server unit such as a HP Microserver hosting CentOS/ClearOS or similar hosting proxy, files and other monitoring services to try and get a little more resilience. Cost is always a key function here as we are talking <10 employees at present. Anon because with their setups they need to be too."
As this is a direct question about my personal preference and usage I am going to put aside any pretense of neutrality or objectivity.
The only thing worse than having to do a task is having to do it twice
Let me preface my response with the following caveat: I am incredibly, incredibly lazy. The only thing worse than having to do a task is having to do it twice.
That being so, I have learned over time that no matter how desperately impoverished my clients are, or how miserable the licensing is for small businesses, you pays your money and you use the tools that make your life easier.
So at the end of the day, what do I trust my business to?
Many small businesses in my stable (including my own) are work-from-home type affairs. When you get more staff members this can lead to a dozen or more sites for a company with as many people.
In this world, "cloud computing" extends as far as email and website hosting and people use Dropbox for backups. After I am done slapping their wrists, I set them up with KineticD for backups. It is the perfect company's first backup solution, and having talked to the folks in charge I trust them – absolutely critical for a cloud backup company.
My customers want Dropbox-like functionality, but I am not so keen. Brushing Dropbox's outrageously tone-deaf moves under the rug for a moment, I am not okay with a cloud storage company that can peer into my storage enough to remove files under DMCA requests.
So I use Sync.com. It encrypts at rest and in flight. It stores the data in Canada, has a minimal (company front-end website is on AWS) American legal attack surface and – critical once again – after doing my due diligence and talking up the brass hats there, I trust the company.
If my clients have a setup large enough to be hosting virtual machines then I lean heavily on Veeam. The software is decent and it employs great people like Rick Vanover. The support I have received from the company makes it absolutely without question worth every penny it asks, and more.
Step up in scale and I am reliant on Unitrends for backups. Its appliances just work, and it does application-aware backups quite well.
Katie Drucker can always be found on Twitter or on the Spiceworks forums, and whenever there is a problem this lady and her team make it go away. Normally I would praise support staff but here it is the social media team that solves the problems, and solves them quickly.
Perimeter defences are a bit trickier. For all the poo that gets flung at consumer equipment vendors, Netgear has stood out for me as having the best "stack".
Netgear has a unified threat management device that does exactly what it says on the tin. It serves as an IDS, incoming mail scanner, HTTP virus scanner, application layer gateway, VPN box and so forth. It isn't as awesome as a Palo Alto networks unit but it is perfect for the target market.
The Netgear box can store its logs and so forth on a Netgear NAS. The company's Wi-Fi routers integrate with the system as well and when you put it all together you get a setup that is reasonably secure, assuming you don't do stupid things like "open the management port to the WAN".
While most of my clients use Google Apps for email, several prefer to host their own. Those with data sovereignty concerns rely on either the above-mentioned Netgear UTM for mail filtering or a Barracuda Networks Spam Firewall. Those without the data sovereignty concerns use Symantec's Mail Security for Exchange.
I refuse to build another Linux-based mail scanning virtual machine so long as I live. The appliances are good enough and proper email scanning – or hosting – is cheap enough that anyone can afford it. Pay the tithe and move on.
I am in many ways dependent upon Synology. Microsoft murdered Small Business Server, and I will be damned before I legitimise its SMB-hostile business practices by paying octuple the cost of running your own widget just so it can get a cloudy subscription fee. The closest replacement that doesn't make me want to go play in traffic is a Synology Diskstation.
Nearly everything I wanted out of Small Business Server I can get from a Synology Diskstation, with the exception of decent email. Google or Zimbra can provide that and off we go.
The majority of the Synology units I have out there are five-disk 1513+ boxes. This is critical because I can pair them in HA with an ioSafe 1513+ and have highly available storage where one node can literally take a bullet and one can survive being burned alive.
What's more, I have tested it – quite literally – to destruction. I know this setup works, and works well.
I use GFI LanGuard for my semi-annual "you haven't been patching and I can prove it" wrist-slapping, and ever since I have tested its GFI Cloud endpoint management solution, I have been increasingly deploying that too.
On the virtualisation side of things: VMware, VMware, a thousand times VMware. SCVMM is the single most frustrating product I have ever used. I don't care about the marketing crap about "Hyper-V is free"; Hyper-V is a pain in the ASCII to manage unless you have a team of nerds doing it at scale.
VMware Essentials Plus is cheap enough for just about anyone and when you add CloudPhysics to the mix you can manage vSphere instances from a lot of different companies in a proactive fashion.