Improve IT Infrastructure

pts.
Tags:
Business/IT alignment
Implementation
IT architecture
Networking
ROI & cost justification
Security
Tech support
xDSL
Dear All, I need your contribution to help a small enterprise. The new Finance Officer (a friend) ask me to audit is Infrastructure and make proposal for immediate implementation in order to improve security and company equipment performance. Here is the actual infrastructure: -1 IT help desk sstaff -1 ADSL 128up/1024down (alcatel speedtouch 150) + dHCP -1 server P3/256Mb RAM/ 40Gb HDD/ win2k/ofiice2k exch2k/symantec antivirus server/ file and print (2 network printers)/ DAT drive/ shared quickbook files -10 client PC - P3/64Mb ram/20Gb HDD/ win98/ office2000/ symantec antivirus/ mail file on local -Quickbook on 3 PCs utilisation of ISP DNS; no WINS; active directory configure. - mailfile locate on ISP server for webmail - no consistent backup regime (occasional user files on server) NEEDS: - more secure access to Internet (spyware?, adware?) - remote access to files - log Internet activity ... Thanks in advance for your help. With regards

Answer Wiki

Thanks. We'll let you know when a new response is added.

Where to start?! I work with several small doctor offices with the same type of equipment setups. If they are willing to spend the money here is what I would suggest.

First, I would upgrade the DSL speeds. I use Yahoo SBC DSL in TX, and for less than $50/month I can get the Pro version which features 1.5mbps download and 384 upload.

Second, upgrade the router. Since they want remote access you would need one that supported VPN connections. Router should also have a firewall included. These types of routers will probably run a couple hundred bucks or better. I found a Netgear for about a $100 that supports 5 vpn connections, with NAT, DoS, ect.

PC’s at least need to be upgraded to something newer. Dell has pretty good deals that are hard to beat, especially when you add 3 year service. Check into business lease.

Server I wouldnt worry about since it is used as a file/print server. A new server would be wasted for that.

I would also run either a third party or WinXP personal firewall on the pc’s. For antivirus, there are plenty of choices out there. For Spyware I personally use the Yahoo anti-spy program and it works pretty good. I am also very careful about where I go and what I download from the internet.

I believe this would be a good start for you. Small offices usually try to upgrade as few times as possible, so you want to do it right and get the best bang for your money.

Discuss This Question: 10  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • MrWizard
    My best advice for you is to get a professional in there to get a expert opinion. Actually, I would recommend more than one. Believe it or not, you can probably get it done for free. Of course the professional is counting on getting you business. If you decide to go it alone, here's my 2 cents... 1. As noted previously, see if you can upgrade your DSL circuit. 128k bandwidth is not a lot for VPNs. 2. Get a new server loaded with Small Business Server 2003. There are 2 version: standard and premium. The basic difference is that standard doesn't have ISA with it. Make sure the hardware fits your needs. for Instance, you can get a Dell 1800, Windows SBS Standard, 3Gb Xeon processor, 1Gb memory, Dual 80Gb SATA drives (RAID-1), 72Gb Tape Backup unit, Veritas Backup software, 15" flat panel monitor, and 1500 VA UPS. Cost about $4000 3. Upgrade your desktop OS to Windows XP Pro. Also upgrade the memory to at least 256Mb. Cost about $2000 4. Install a good VPN/Firewall/Router. For instance, the 3COM OfficeConnect VPN Firewall. Cost about $300 5. Use Active Directory! Once you learn it and use it, you'll wonder how you ever got along without it. 6. Server-based Anti-Virus and Anti-Spam. Recommend Symantec Antivirus Corporate for the desktops and server. Recommend GFI MailEssentials and MailSecurity bundle for email-based threats/spam. Cost about $3500 There may be other things that come up during a full assessment, but this will get you started. If properly installed and configured, the above will give you a network that is secure, stable, and scalable for aroud $10k plus taxes, shipping, and labor. FYI, I am not affiliated with any of the above companies (other than being a Microsoft partner). These are just some of the products that I commonly use for my clients.
    0 pointsBadges:
    report
  • Khilving
    I suggest you first focus on the two key reasons for the FO request - security and performance. Both of these must be addressed as business requirements before any accurate technical assesment. Security - know what information is necessary for the business, how it is used, who needs access to it, and the risk to the business if lost or compromised. Rule 1 - if you don't collect it, you don't have to protect it. Same applies to the performance aspect. If you don't have a handle on what the business requirements are, and what the user functions are in terms of business (not technology), how can you possibly deliver tools (technology) to make the people more efficient? Once you have the above, you can take a real look at how technology can best support them. Do they need remote file access, or simply remote access to information? Do they all need email? Who needs what from an accounting perspective? Who has a need for general Internet access to accomplish their tasks? How often are backups necessary to protect critical information that has changed? Don't forget to include specific legal requirements up front. SOX for publicly traded businesses, HIPAA for medical and insurance, Section 508 for government agencies and possibly NGO with federal funding, etc. These are all business requirements first, and only in that context have any impact on technology. Along with the security aspect of over collecting, there is a simple process aspect. Before you build logs, know why you need them and what you will do with the data. Reports are also tools, even though many of us seem to think they are work products.
    0 pointsBadges:
    report
  • Dantekcs
    Here is what I would do on my server 1. Upgrade to a cisco pix firewall. comes with a web based configuration utility 2. Goto a novell netware small business server 6.5 or maybe 7 Border Manager is good for internet security Netstorage will get you access to files remotlely Novell is more secure then microsoft Upgrade the machines to dell optiplexs that are running xp pro. Get ca etrust antivirus and antispam server based edition
    0 pointsBadges:
    report
  • Dantebrown
    There are quite a few things that need attention: In addition to security and performance, they have no backup strategy. In the event of a disaster, it sounds like the company is screwed. I would personally stress that the most with security. Use the DAT drive and outline a backup procedure. To address security next. You could use MS SBS2003 server for improved management and security of this small network. Also, ISA will satisfy most of your requirements in terms of access control, logging, internet access, and web caching/proxying. ISA 2004 also allows you to easily configure it as a VPN server for your external clients. The only thing though is that you'll need a static external address for your network unless you're providing dial-up RAS or something of that nature. Most of the utilities you need are free such as Adaware (spyware), windows firewall, etc. Use MSBA (MS Baseline Security Analyzer and SUS server as part of your patch management strategy. Both of these are also free and will benefit your network. I don't understand the email situation though. "mail file locate on ISP server" Do you have a hosted email solution? Hardware improvements (Performance): If users are complaining about their PC performance or speed, increase the memory on the worksations at a minimum. You should really get them to upgrade to XP though. The server could probably also do with at least 512MB RAM. IF using SBS, get a gig (1GB). Memory is really cheap these days. Also look at the sharepoint services for windows 2003. Collaboration services always come in handy, and it's also free. Oh, I almost forgot. It would be good to increase the file storage on the server and configure clients to keep their documents/profiles there. If the server starts backing up data on a schedule, the office worker's information will also be archived. Having said all of this, SBS2003 server might be an excellent solution to your problems. Good Luck.
    0 pointsBadges:
    report
  • Smarler
    Just a quick note on your needs for antivirus and spyware. The best spyware solution I use is Spybot search and destroy, secondly do NOT download adware, this is a fake that actually opens your systems to virus attacks. You need to install Ad-Aware. As far as anti-virus I stick to Norton. All these are available from cnet or any link you can find on google. Be aware that WinXP sp2 has a huge security problem and it is not allowed to be used within my company's network, 2,600 employees.
    0 pointsBadges:
    report
  • Habiru
    My two cents. Number one upgrade your wan connection to the best you can afford. Research connectivity problems that may be associated before you purchase from a company. Some have very poor records of service. DNS, mailserver problems ect. Your server looks pretty good with the exception of how much traffic it handles during the day. You might want to consider upgrading the ram or processor depending on traffic. MS has a chart detailing loads. Look into it and make a decision based on observation, then build in some headroom for later. Either get a decent backup on the server, or better yet, build a fail over server and add hard drives for backup, or do both. Hardware is cheap these days and using Dat drives is a little archaic in my opinion. I like Acronis products due to the fact that they work, period. Have the clients backup to the server as well at alternating periods during the day or evening. You could have it run during the later hours and put the computers on a shutdown routine after they have backed up to the server. Dump the win98 machines and get a secure OS on the client machines. Having these old machines just adds to the help desk load and they compromise security. Consolidate the software that you use on the clients and dump what you don't need and replace what is required. Make sure you audit the software before you start! Interview each client before you build on paper. Management tends to overlook the user requirements and its best to get this from the horses mouth, then discuss with management. On the router. Make sure that you research what you buy. Don't just buy the cheapest piece of dung on the market. Check for software vulnerabilites BEFORE you start. Check performance specs and ease of use and security. The router is the gatekeeper. :-) Make sure it supports all the protocols you'll be required to use ie VPN requirements. Make sure that it can forwared properly and is easy to setup and maintain. Make sure that it can filter by Mac address and IP. Since you are at the border for client machines, purchase decent server software. Small business server is great or you can go with server 2003. I don't like having all my eggs in one basket though. Setup an internal domain and get everyone on AD. You can handle mail one of two ways, you can purchase an external domain and handle your email through there. I like this approach since it seems to work best for email during high load periods when some ISP's mail servers seem to bog down. This way you won't miss any of those sales leads if you have sales people depending on them. You also admin your mail from anywhere which is also important. I have a domain with 5000 email addresses for on 30 per year. I can add and delete users to my hearts content. Canaca supplies all our needs here and is an outstanding company. Use a proxy on your server! I like the proxy since it adds security to the server/client deployment and it allows you to monitor your clients webaccess very easily. This is useful for enforcing company policies since it gives you the added advantage of having a record of what PC's have been where. This will also fulfill your logging requirements. :-) On spyware. To keeps costs down and performance up, you need a reliable network aware product that can actually do the job. The same goes for antivirus. I use NOD32 with the enterprise console for Antivirus, this allows you to remote control all your clients and deploy . The clients can download updates from either the server or the net. Using the server keeps wan traffic down and the updates unlike many products out there are small. The performance of the product speaks for itself. I recommend Counterspy by Sunbelt software since it also comes with a console allowing you to remotely manage your spyware solution. Before you start, it would be a wise choice to make sure all your client machines are clean! I really mean clean!The you have a clean slate to start with! I can't stress this enough! Use a firewall on the server and the client. For clients you need a fairly simple solution since most users don't care to learn about new products and some firewalls defy logic. MCAfee firewall for clients should suffice in this respect since your main goal is to prevent propogation of malware through you lan should an infection actually make it past your defences. McAfee firewall is dead simple for even new users and it will effectively work in this scenario. A one hour class on its purpose and operation will suffice. You must impress upon the users that if something new pops up on the firewall and they don't know what it is, they must contact help/security before letting it pass. Policies need to be in place before you start. Sit down with management before you start your network infrastructure diagram and hash out network policies. Are there any client machines that should not be contacting the internet? Are there any client machines that require special protocols? Are there any special security requirements such as company secrets that could be disseminated over the network if the machine is compromised. Are games allowed, P2P, casual surfing, etc? All the questions need to be addressed and a policy setup BEFORE you begin your infrastructre diagram. Finally, when you have talked to all the users, management at all three levels and discussed policy and requirements, then build your infrastructure on paper. Come prepared with equipment costs, availability, integration costs and requirements, wan/lan with subnetting including printers,protocols,software changes and recommendations, and policies to be implemented in the network and how security will be addressed using software,firewalls, protocols and policies.
    0 pointsBadges:
    report
  • TedRizzi
    There are currently on two enterpise leve anti spyware solutions out there, that have a proven track recored, spysweeper by webroot, and pest patrol by CA. these two products can be remotely installed and managed from a central console on a server, CA also has an excellent anti virus product called Etrust antivrus, it also can be managed and installed from a central managment console. ETrust is far quicker to release signtures than norton, we get 2 or 3 updates a day sometimes. Trend Micro also has an excellent enterprise level anti virus product. A simple way to implement a vpn for remote file access, is with microsofts RRAS solution.
    0 pointsBadges:
    report
  • Tcornia
    improve security and company equipment performance are the two objectives. First thing, have you talked to the Helpdesk IT person? Why are there backups inconsistant? I would make sure you have the right person for the job there as whatever you implement, he/she will be asked to support. As far as security, you need to find out what their fears are for security. Is it data theft? Is the fear external or internal? If it is internal, policies for access to certain areas on the server need to be implemented. I went through this last week with a freiend with a small company. He asked me to set up the server so everyone in their 10 person company could access every spot on the server, project manager can access accounting, accounting can access executive managment, etc. If the concern is with external threats, a firewall is needed. Most firewalls have vpn access. I implemented a cicso pix 501 for about $400-$500 and that comes with a vpn client for 5 users. As far as performance, where do they feel they are slow? Is it when they access the server, or when they access the internet, or when they access email, or when they access a particular database? Answering that question will let you know what you need to do. I would guess the bottleneck is with you DSL line and I think you can get near T1 speed for under $100 per month. Depending on what phone system they have and how many lines they have coming in, you might be able to get a T1 and segment it out to provide your phone service and data service depending on how many extensions they have and outgoing/incoming lines they need.
    0 pointsBadges:
    report
  • Glennp7777
    I note that all responses, so far, were Microsoft solutions. If Linux knowledge is an asset you hold, why not consider Linux solutions? You could re-utilize EVERYTHING within the network now as opposed to having to upgrade every peice of equipment on the network to suit Microsoft hardware requirements? Though, the network bandwidth upgrades are good suggestions.
    0 pointsBadges:
    report
  • Synwave7
    Can't add much more to the already great advice. One thing you have in your favor however is that the CFO is asking for this. He's either a tightwad or sees the impact that IT has on the business and is ready to do something (spend money) about it. I did want to say however first and foremost get some kind of backup strategy in there. The business is the data and if the data goes where does the business go? Right! Down the chute. Theres nothing backing up the file server! The mail files are on the local client PC's! This is just the start. There asking for disaster. There are lots of great cheap backup scenerios you could go with. Get on the Internet and google all these things mentioned. Then security and then upgrades where moneys will allow. As you can see you have recieved many different answers as I suspect you were waiting for. Again, whichever way you go get the data backed up first then tighten security, then worry about the rest. Good luck maybe you can respond with what way you went! Syn
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following