
Ask HN: The perfect 20-50 people office network setup? - perssontm
Lets consider this situation: 
A business with between 20 to 50 employees all heavily using email, calendar, documents and working with general office work.<p>What is the perfect office network setup for this? Keeping in mind that the following points are important:<p>- minimal onsite hardware<p>- convenient fileshareing through a network drive<p>- calendar shareing<p>- webbmail/imap access<p>- some central point of administering users<p>- support for windows, osx and different linux flavours<p>- all machines must be fully usable outside the office<p>- bonus for beeing able to monitor clients for patches software/updates<p>- bonus for pushing updates/software to them<p>Is this business network utopia?<p>Current situation is using google apps, but that fails miserably on the network filesharing point.<p>What else is there? A large IT company pitched me a full windows setup(Active directory, exchange, sharepoint and the whole shabang), but that feels like vendor lockin-mania(and at least 2 servers onsite), we will probably never get another chance of doing this right.<p>All my google-findings seems to solve parts of the problem but not all.<p>Thanks in advance, I'll summarize results and report back.
[edit: formatting]
======
TomOfTTB
I'll give you my suggestions based on a mini version of the configuration I've
been using for a couple years (except for the dropbox part which I just
started using this year). This is only for Windows but most works on Mac and
Linux...

1 Windows Server for Authentication, DHCP and DNS. Unless your users will be
off campus for extended periods of time (30+ days) you don't need to worry
about a VPN (since the local system will authenticate their account
disconnected)

Dropbox for Teams on all systems. On Windows systems you can move the Desktop,
Pictures, and Documents folders right into the Dropbox folder to sync and
backup all files (Box.Net is an option with more features but I had massive
problems with it to the tune of 80% of users and the company didn't seem to
care)

Faronics DeepFreeze is a program that freezes the system files for Windows
systems. By creating a separate partition for files you can freeze the whole
system and avoid problems (just create a files partition and move dropbox and
the users files to there). You can also set times for unfreezing for updates
(I set it for Sunday at 1am and have the auto updates run at the same time).
Macs and Linux can ususally take care of themselves on the security front

Patch Management with GFI Languard is cheap and doesn't require a whole
infrastructure to work with. For updating software you can used a Powershell
script and a shared "Updates" folder in dropbox to distribute MSI files

On E-mail I use Rackspace's hosted exchange because my users were used to an
Exchange server. But you could just as easily get by with Google Apps.

AntiVirus I just use Trend Micro's corporate version but it does have a fairly
small server footprint. It could easily run on the one Windows server you
have.

Hope it helps. Feel free to e-mail if you have questions

~~~
perssontm
GFI languard looks really good, it all adds up though, but looks good
pricewise as well.

Thanks for the tip!

------
bungle
1\. Google Apps for Business \- No onsite hardware \- Calendars with sharing
\- Webmail / imap access \- Can be a central point of administering users, if
the other apps integrate to Google Apps (e.g. the Apps from Apps Marketplace)
\- Supports Windows, OS X and Linux \- All machines are fully usable outside
the office

Now you are almost there. Forget that MS stack. It's costly, vendor-lockin,
and feels like a thing from a past.

2\. Central Management of Users with Single Sign-on capabilities. \- Look at
<http://www.okta.com/> and <http://www.symplified.com/>

3\. Network File Sharing \- Google Docs (and there is a change that Google
finally introduces Google Drive / Google Files)

If that is not enough, then look at:

\- Egnyte: <http://www.egnyte.com/> (Hybrid solution, Dropbox-like sync-
client, Client Backup, Local office sync server / NAS, FTP (includes secure
connection) access, WebDAV access with Drive mapping capability, browser
access etc.) \- Box: <http://box.com/> \- Dropbox for Teams:
<http://www.dropbox.com/teams>

If you are interested in backups, look at: \- Backblaze:
<http://www.backblaze.com/>

Remember that with Google Apps, you already get very nice features, like: \-
Single sign-on on every Google's service (for example: Google+, Google Voice,
and you get services like Postini, Mobile synchronization with support for
Active Sync, etc.)

If you are going to MS stack, you are going to tie your hands. It's easy to
implement MS stack, but it's damn hard to exit their system.

~~~
perssontm
This have been my intention, but the filesharing is becoming more and more
frustrating with google. I've looked at third-party solutions to the missing
webdav/drivemapping part of google docs but it doesnt seem good enough.

Also, I'll miss out on security policies which can be nice. As it looks now,
we will go with a minimum active directory machine handling local filesharing
and logins and gpos.

I hope I'll be able to keep away from sharepoint and exchange, but i'll just
wait and see.

------
Spearchucker
You don't mention security (1) or compliance. I'm guessing these don't
feature? What does "file sharing" mean to you (could SkyDrive do it, or cloud-
based SharePoint)? Speaking of SharePoint, have you considered Office 365?

I know it's fashionable to do everything in the cloud these days, but my
personal preference is to have control over my digital assets, so I like to
keep everything(!) in-house. For 20-50 -strong team,
AD/Exchange/SharePoint/ForeFront setup would be mostly accepting defaults (2),
and keeping everything running won't take much effort.

1). An AD is not neccessarily a bad thing. You could create accounts locally
and push them into Office 365 automatically (ditto for Exchange accounts). You
could use DirectAccess to meet the remote use requirement, although someone
who knows more about the Linux/Mac world would need to comment on whether that
will with DirectAccess.

2). Depends on how far you want to go with your file share - you could spend
ages on an information architecture, if you're so inclined/have compliance
requirements.

~~~
perssontm
Good point about security, as for compliance the business is waiting for
another legal case which will make it more clear.

The most important thing about the fileshare is for it to be a network
attachable storage, mounted as a drive on the computer, so all software can be
used on files. We have some pretty bizarre ones, and also utilizes a lot of
images so thumbnails are a must for it.

------
caw
You probably want to get a real live sysadmin to set this up, rather than DIY.
Best practices go a real long way in getting the environment healthy and
compatible with whatever stuff you want to add later (been there, done
that...)

With 20+ people you definitely want centralized authentication.

I'd go with Windows for this setup. \- Relatively few boxes needed. 2 for AD,
it does your DNS and DHCP stuff. A 3rd box for your Exchange (I have 0
experience with Exchange, I suppose you can always keep your google apps), and
if you want to do file serving in house, 1-2 boxes.

\- Monitor clients with WSUS. It's easy to set up, and it'll tell you which
clients aren't up to date. There are other paid solutions available, but this
one is free.

\- Push software with GPO so long as you like your .msi's or .bat scripts.

\- Permissions get messy with shared Windows and Unix files. Separate the
shares, or get some other service to handle it for you (the previously
mentioned Dropbox)

\- Lots of Windows consultants available if stuff breaks.

You can always separate out services later to Unix hosts if needed. DNS is
kind of tricky because you'll either have to manually add all your Linux
boxes, add certificates to the machines, or turn off secure updates in AD. Or
you're stuck running SMB on all your hosts to get them in to the domain.

Frankly I think the easiest solution is all *Nix or all Windows. Anything else
eventually runs in to compatibility issues because whatever tool you're
running just isn't cut out for multiplatform. Or if it is multiplatform, it
probably doesn't integrate as well as the single platform solutions.

Using machines outside the office - I'd guess remote desktop or something
through a VPN. I'm not familiar with this because at my last job all the Linux
hosts were on public IP space, so you could SSH in to it so long as you were
in the allowed hosts.

~~~
perssontm
Yes, I will let someone else experienced do this, I'll be buying it and
setting requirements though, thats why I'm trying to get a feeling of the
directions.

------
dholowiski
I am the IT guy for an office right in the middle - 30 users. As much as most
people don't want to admit it, Microsoft owns this space, and Microsoft small
business server paired with Office is an excellent solution here. Sure, you
need a dedicated server, but SBS is very wizard based almost to the point
where a receptionist can administer it. Sharepoint is the logical next step, a
step we're going to take this year, probably.

Specifically, look at MS Small Business server, which includes about 30 user
licenses, exchange server, file server, dns active directory and just about
anything else you need, and is made to run on one server (most versions
include a second server license too, for virtualization or backup).

------
Mamady
The microsoft stack does work quite well, but usually for 50+ staff. For less
than 50 the cost of administration becomes a disproportional overhead.

I take vendor lock-in with a grain of salt... if the solution works well, the
lock-in (almost) doesn't matter. When it comes to mission critical business
systems, most companies have vendor lock-in, whether it's with Microsoft,
Google or some other company.

I think most startups stick with Google Apps. For network filesharing have you
tried Dropbox? If large files are an issue - you will need to setup a
fileserver in your office something as simple as a samba server could do the
trick.

You could also trying to get an invite for AeroFS.

~~~
perssontm
Whats the big hurdle with administration? It sounds easy to add user, is there
anything else? Or is it the administration of the entire solution that is
timeconsuming?

I looked at dropbox teams, but that felt expensive at the time and didnt offer
any good groupwide sharing capabilities. But price-wise it will probably be
cheaper than the proposed ms-setup.

------
rhizome
There's nothing inherently wrong with Windows Server and Exchange, which will
give you just about everything you ask for. You probably wouldn't need
Sharepoint, which is a cash cow for implementers.

~~~
perssontm
No, nothing wrong perhaps, I just kind of wished the world gotten further. :)

------
toomuchtodo
Google Apps and either Dropbox/Box.net (Dropbox is cheaper, Box.net has more
features). I have this setup in production for ~68 users, some who are in the
office, but most who are mobile.

------
tommi
Seems like with network filesharing you'd be happy with Google Apps. So what's
keeping you from just buying filesharing from another vendor?

~~~
perssontm
Not much, I've implemented a temporary solution for that, but would like
something centrally managed which utilizes the same accounts etc. And the
current setup doesnt give us any domain controller(for machines). DOH! Sounds
like I just have to give up and get that boring ms-setup. :)

~~~
bungle
With ~50 users, you don't need central management in my opinion. Yes, from
sysadmin perspective it would be nice and professional, but on the other hand,
it costs, and adds administration. Is it worth it? I'm not sure.

I really hope, that there were a good alternative for MS setup. Currently I
feel that only a network file sharing, centralized directory for users (AD),
and printer sharing are about the only things a little bit problematic without
using MS stack. It's shame that so few file sharing / collaboration services
integrate with Google authentication.

~~~
perssontm
I agree, perhaps not worth the hassle. Although I stated it as a requirement
because I feel its sane to expect that would "just work", but apparently not.

I was thinking about some sort of auth-proxy for authenticating against google
apps, and in case google apps doesnt respond it would use whatever happened
last time, as a cache. And that proxy could be used for PAM, network login,
filesharing etc. But its not in the scope for this project to develop that.

------
protomyth
What OS are you using for the clients?

