Feeds

Readers' choice: What every small-business sysadmin needs

The essential toolkit

Internet Security Threat Report 2014

That personal touch

An Anonymous Coward would like to know about my personal recommendations.

"Trevor, for the small-business space (where there are fewer economies of scale to be had unless you already have a plethora of clients) are there any specific recommendations you would make? I know of a couple of small-business owners who I know for a fact have jack all in the way of backups, little to no protection from anything (intrusion, virus, spam etc) and free-for-all Windows setups (isn't full admin so much easier?).

"I am thinking of perhaps introducing a small server unit such as a HP Microserver hosting CentOS/ClearOS or similar hosting proxy, files and other monitoring services to try and get a little more resilience. Cost is always a key function here as we are talking <10 employees at present. Anon because with their setups they need to be too."

As this is a direct question about my personal preference and usage I am going to put aside any pretense of neutrality or objectivity.

The only thing worse than having to do a task is having to do it twice

Let me preface my response with the following caveat: I am incredibly, incredibly lazy. The only thing worse than having to do a task is having to do it twice.

That being so, I have learned over time that no matter how desperately impoverished my clients are, or how miserable the licensing is for small businesses, you pays your money and you use the tools that make your life easier.

So at the end of the day, what do I trust my business to?

Many small businesses in my stable (including my own) are work-from-home type affairs. When you get more staff members this can lead to a dozen or more sites for a company with as many people.

In this world, "cloud computing" extends as far as email and website hosting and people use Dropbox for backups. After I am done slapping their wrists, I set them up with KineticD for backups. It is the perfect company's first backup solution, and having talked to the folks in charge I trust them – absolutely critical for a cloud backup company.

My customers want Dropbox-like functionality, but I am not so keen. Brushing Dropbox's outrageously tone-deaf moves under the rug for a moment, I am not okay with a cloud storage company that can peer into my storage enough to remove files under DMCA requests.

So I use Sync.com. It encrypts at rest and in flight. It stores the data in Canada, has a minimal (company front-end website is on AWS) American legal attack surface and – critical once again – after doing my due diligence and talking up the brass hats there, I trust the company.

If my clients have a setup large enough to be hosting virtual machines then I lean heavily on Veeam. The software is decent and it employs great people like Rick Vanover. The support I have received from the company makes it absolutely without question worth every penny it asks, and more.

Step up in scale and I am reliant on Unitrends for backups. Its appliances just work, and it does application-aware backups quite well.

Katie Drucker can always be found on Twitter or on the Spiceworks forums, and whenever there is a problem this lady and her team make it go away. Normally I would praise support staff but here it is the social media team that solves the problems, and solves them quickly.

Perimeter defences are a bit trickier. For all the poo that gets flung at consumer equipment vendors, Netgear has stood out for me as having the best "stack".

Netgear has a unified threat management device that does exactly what it says on the tin. It serves as an IDS, incoming mail scanner, HTTP virus scanner, application layer gateway, VPN box and so forth. It isn't as awesome as a Palo Alto networks unit but it is perfect for the target market.

The Netgear box can store its logs and so forth on a Netgear NAS. The company's Wi-Fi routers integrate with the system as well and when you put it all together you get a setup that is reasonably secure, assuming you don't do stupid things like "open the management port to the WAN".

While most of my clients use Google Apps for email, several prefer to host their own. Those with data sovereignty concerns rely on either the above-mentioned Netgear UTM for mail filtering or a Barracuda Networks Spam Firewall. Those without the data sovereignty concerns use Symantec's Mail Security for Exchange.

I refuse to build another Linux-based mail scanning virtual machine so long as I live. The appliances are good enough and proper email scanning – or hosting – is cheap enough that anyone can afford it. Pay the tithe and move on.

I am in many ways dependent upon Synology. Microsoft murdered Small Business Server, and I will be damned before I legitimise its SMB-hostile business practices by paying octuple the cost of running your own widget just so it can get a cloudy subscription fee. The closest replacement that doesn't make me want to go play in traffic is a Synology Diskstation.

Nearly everything I wanted out of Small Business Server I can get from a Synology Diskstation, with the exception of decent email. Google or Zimbra can provide that and off we go.

The majority of the Synology units I have out there are five-disk 1513+ boxes. This is critical because I can pair them in HA with an ioSafe 1513+ and have highly available storage where one node can literally take a bullet and one can survive being burned alive.

What's more, I have tested it – quite literally – to destruction. I know this setup works, and works well.

I use GFI LanGuard for my semi-annual "you haven't been patching and I can prove it" wrist-slapping, and ever since I have tested its GFI Cloud endpoint management solution, I have been increasingly deploying that too.

Spiceworks is obviously my network monitoring tool of choice, and I would be lost without TeamViewer.

On the virtualisation side of things: VMware, VMware, a thousand times VMware. SCVMM is the single most frustrating product I have ever used. I don't care about the marketing crap about "Hyper-V is free"; Hyper-V is a pain in the ASCII to manage unless you have a team of nerds doing it at scale.

VMware Essentials Plus is cheap enough for just about anyone and when you add CloudPhysics to the mix you can manage vSphere instances from a lot of different companies in a proactive fashion.

Beginner's guide to SSL certificates

Next page: Horses for courses

More from The Register

next story
Docker's app containers are coming to Windows Server, says Microsoft
MS chases app deployment speeds already enjoyed by Linux devs
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
'Urika': Cray unveils new 1,500-core big data crunching monster
6TB of DRAM, 38TB of SSD flash and 120TB of disk storage
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
SDI wars: WTF is software defined infrastructure?
This time we play for ALL the marbles
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
Oracle hires former SAP exec for cloudy push
'We know Larry said cloud was gibberish, and insane, and idiotic, but...'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.