Church Tech Matters Forum

[TimGolden]

Server/Infrastructure recommendations (best practice for small sites)

I’m looking for a server recommendations (not a manufacture per sea) but a best practice/guidelines

I work with many “small” nonprofit orgs and a common theme I hear is “we are not big enough for X or Y” and/or “we just don’t have the funds to support X or Y”.

My goal/question with this post is to use my client as a “case study” to help determine ‘baseline” best practices that will help future “small” organizations in their decision making.

Let set up the scenario:

• The org is stable enough to stay around for the next 3-5 years or longer
• The org has NO infrastructure currently except DSL, and wireless router.
• The org has no annual IT budget
• The number of staff is less than 10
• There are NO standardization of computers(older/donated mix/match)
• The org has rotating/fluid volunteers
• The org allows volunteers to use their own computers to access shared data
• The org requires to share data across all user types (domain vs. guests)
• The org requires some data to be protected (i.e. confidential/personnel)
• The org requires some data to be accessible outside their internal network

One solution is to buy a large NAS device, set up shares and permissions around the shares.

Another solution is to buy a server, set up LDAP (i.e. Active Directory), network shares, and assign permission.

So presented with this information what would be the better solution? Or are there other solutions that would make more sense.

[paschott]

Sorry for the delayed response, Tim.

I'd probably go the server route, myself. A copy of Windows 2008 server (perhaps 2 in case they want a backup DC) would give them a lot of these benefits. Get at least a RAID 5 set for disks and redundancy. Set up users/shares/etc. This would give you pretty much everything you need. File server, shared data, ability to lock down data, ability to set up remote access (use something like dyndns and set up an alias for that w/ your DNS host), and Windows 2008 server also allows installing apps and sharing them in a manner similar to what used to require Citrix. I've set that up for a friend and it was relatively painless. That gives people the ability to use internal apps externally without too much trouble. For churches running a local ChMS instead of a hosted one, this can be really helpful. Even better is that you can set up an off-site backup from the server pretty easily so important files are backed up for a reasonable cost.

Drawbacks - it probably requires a decent server guy to set up the thing and give them some basic training. There's an additional cost for server/licensing, though it can still be purchased pretty cheaply.

In this case, I think that the pros of a server outweigh the cons. A NAS can do a lot of this, but you don't have remote access to apps as easily. Any remote app that requires accessing data on the NAS will run really, really slowly if it runs at all.

Of course, this is just my opinion. I've set up the server for a small business and it worked really well. Other may have different experiences.

[ChrisDuckett]

I have build a server 2008 box that simply acts as a file server at church. nothing complicated(used an old computer that was being retired and re-purposed it) it doesn't have redundancy or anything just a centralized place for storage. i setup users with a couple different levels of access but mostly the media team login(generic) has main access as we mainly use it for moving powerpoint's for sermons, backgrounds, and videos around the network through it. our network is so mismatched it would be hard to find a much different solution. it's basically though a NAS with permissions set. only other thing that you mentioned was remote access. that can be done through terminal services and server 2008 does that just fine. you just have to program your primary router to forward any remote port requests to the server and let permissions on the server take over from there.

It's pretty simple but I did that on purpose because I'm not full time and needed a basic centralized storage solution for our church that wouldn't break down or need major management. only thing I have to do every 6 months or so is go in and manually set passwords again as most of the users are on macs and can't do a domain password reset like you can on a windows machine.

[Angela]

not my area, but is this something google apps could be used for?

[paschott]

Probably not in this case. When you're looking for a file server for the church, it often has to do multi-duty in not only serving the files as they're needed, but also hosting things used day to day by the church. Often the files need to be edited on the fly or in a near-real-time manner and download/re-upload to Google Docs probably wouldn't help much there. It doesn't sound like there's a local ChMS system in place by the description or at least not one based on a server-side DB. If that's in the mix, it only adds to the argument to have a server of some sort. I recommended a Windows 2008 server just because it's pretty easy to configure and manage for the most part and once it's running you'll be okay for the most part.

If ALL they are doing is docs/spreadsheets/powerpoint, Google Docs may be a good match.

[Stuart]

The org has NO infrastructure currently except DSL, and wireless router.

Shouldn't be a problem. Parts for cabling up Cat5 are (in the UK) cheap and easily available. Last time I purchased these things I bought a hand crimper for £15, a drum of cable for £40 and faceplates, end connectors, etc in packs of 10 for less than £0.30p per faceplate.

Actually cabling then is fairly simple though time consuming task. Just remember your max distance of 100m to include cables at either end. Cost will ramp up if you want / need ducting because you can't hide it. We have an ancient solid brick building and still managed to run cabling relatively easily. Failing that, go with a wi-fi based lan.

Cheap no name switch can be grabbed for £20, adding VLANs, etc will make it more costly.

The org has no annual IT budget

Welcome to my world (song there somewhere). They'll need to find money to purchase initial supplies, etc but beyond that an official budget is not a prevention - just a hurdle.

The number of staff is less than 10
There are NO standardization of computers(older/donated mix/match)

No deal killer yet. My church is 10 staff with approx half full time and the others part time with volunteers, etc. They also have church business and a business to cater for.

The org has rotating/fluid volunteers
The org allows volunteers to use their own computers to access shared data

Ouch. Let me say that again - OUCH!

The rotating volunteers is not so much of an issue. Create volunteer accounts and insist they run a check sheet so they know who is using which account when for some form of accountability. Personally I'd want individual logons and have argued and persuaded my church to the validity of this.

The use of their own computers is (to me) a big no. However, as it's their business / call who am I to argue. In which case ensure each machine has had a full virus / malware / health check and that auto updates of said software is on and working properly. Also ensure they have a software firewall and more to the point that they know how to use all of these.

The org requires to share data across all user types (domain vs. guests)
The org requires some data to be protected (i.e. confidential/personnel)[/*]
[*] The org requires some data to be accessible outside their internal network [/*]

Boggle. Why would someone want to have confidential data but then leave the route wide open for someone, and not necessarily deliberately, to access said data?

This just doesn't make sense to me. I would encourage anyone in this situation to ensure they've been talked through why it isn't wise, the dangers, etc ...

One solution is to buy a large NAS device, set up shares and permissions around the shares.

Hmmm. If you're talking less than 10 users then shares would work. How you manage each random machine brought in though could be interesting - especially as I'm going to presume they don't have any dedicated or regular IT support.

Another solution is to buy a server, set up LDAP (i.e. Active Directory), network shares, and assign permission.

This may be an initial headache but to me is far preferable to a workgroup setup. At least you can assign security with some confidence, manage users, profiles, policies, etc ... and with the advent of SATA RAID it's a straightforward (and cheap) approach to setup a RAID 5 system. Your choice of server OS is up to whomever has the skills to support it and I certainly wouldn't rule out using Ubuntu Server.