What's new

Small business networking, data storing/sharing and backup solution

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

gobtron

Occasional Visitor
Hello,

I have a new job in a small office and I am in charge of the all the IT stuff at work. They currently use a 6-7 years old wireless router in the 10/100 mb class (+ a 10/100 switch). It is obviously a bottleneck for the file transfer around in the network. So they approved my decision to change it with more modern gear, and they also want a convenient rotation backup solution.

I must say that I am almost the only one feeling the bottleneck of the 100 mbps router, as I am a GIS analyst and I work with a large amount of data on the network. So I will be plugged directly into the router, without going through the switch. No need right now to replace the switch.

Right now, we have a computer running Window Server. This computer is used as a VPN server and for data storage/sharing. Data is stored on external USB drives. Backups are done everynight on smaller capacity disks, so only part of data is backed up.


I am thinking about different scenarios and I would like to have your input for the pros and cons.

Scenario 1:

- Get a new router with gigabyte ethernet and at least AC1900.
- Get 3 new 4 TB external USB drives (such as WD My Book) (One to store data, another one to backup data, another one with the backups, that we take outside the office).


Scenario 2:
- Get a new router with gigabyte ethernet and at least AC1900.
- Get a NAS to store data, plugged into the router (without going through the switch)
- Get a VPN router
- Use the Windows Server computer for something/someone else.


And there would be variants of those scenarios where I would replace the new router with a wired-only router coupled with a separate wireless access point. Each employee has their computer wired to the network, except for one occasional employee. Wireless is used for visitors or mobile phones... Wired performance are more important than wireless.

And with the scenario 2, I don't know how I would manage the rotational back ups... It would be nice to just backup, pull the drive drive out and put the new one in.

So I am looking forward for your inputs guys !

EDIT:

I should mention that there are maybe 2 to 5 VPN clients at a time. Maybe the VPN server can be handled by the router without much drawbacks
 
Last edited:
Scenario 3:
- New router (RT-AC3100 recommended for the 1.4GHz dual processor and 512MB ram and 4x 4:4 antennae/streams).
- New switch 10/100/1000 capable. Using the old switch makes no sense. Anytime anyone accesses the data through the old switch it will slow down the access for all on the network.
- Drop the USB drives as primary storage, continue to use them for backup, instead (see next point).
- NAS, (QNAP or Synology), with 4 drive bays or more.
- Continue to use the Windows Server computer as the VPN device (this will allow you to achieve closest to full ISP speeds possible).

The suggested router above will be a good investment for the next few years (for both anticipated ISP speed increases and as additional WiFi devices are increasingly used on premises). Buying an AC1900 class router today is a little short sighted, imo (when the budget can easily be expanded to include the latest generation of routers).

Using the old switch with 10/100Mbit capability is not an effective cost saving measure, imo. Even if the users currently don't think it's slow, they will see the difference with a 10x upgrade. :)

How much data are we talking about? 1TB? 10TB? A NAS is the recommended solution. With a four bay NAS, configure two arrays of RAID1 with the first array holding the NAS os. The second array will be for the data itself.

For NAS backups, a few appropriately sized USB drives can be rotated on a daily, weekly or monthly schedule as needed and possibly one or two always kept off site as well. Plug in the USB drive, perform a backup of the NAS and remove it.

Depending how critical immediate/daily access to the data is, I would recommend two identical NAS units backing up each other nightly and each capable of being used as the primary NAS as needed.

Don't consider using the router as a VPN server unless your ISP speeds, or your expectations, are very, very low. They don't have the resources (processor and ram) that is needed for a multi user VPN setup.

I think I covered all your points? :)
 
Wow thank you for such a complete answer! This is much appreciated. However, with such an answer rises more questions :p

I must mention that we are a Non-Profit organization, so we don't have a lot money. So my objective is to spend money that will be well invested, in a robust and "future-proof" solution that doesn't break the bank. So maybe compromises are need, where it can be.

- New switch 10/100/1000 capable. Using the old switch makes no sense. Anytime anyone accesses the data through the old switch it will slow down the access for all on the network.

It will slow down the access even for someone bypassing the switch? How..?

How much data are we talking about? 1TB? 10TB? A NAS is the recommended solution. With a four bay NAS, configure two arrays of RAID1 with the first array holding the NAS os. The second array will be for the data itself.

We have 2-3 TB of data. Why not a two bay NAS in which I would throw two 4 or 6GB hdd in RAID1? Is there a significant benefit to go with a four bay NAS? The OS really needs a separate array? I thought it was installed in some kind of internal memory.

For NAS backups, a few appropriately sized USB drives can be rotated on a daily, weekly or monthly schedule as needed and possibly one or two always kept off site as well. Plug in the USB drive, perform a backup of the NAS and remove it.

NAS like Synology do have some kind of incremental backup procedure, right (like rsync)?


Don't consider using the router as a VPN server unless your ISP speeds, or your expectations, are very, very low. They don't have the resources (processor and ram) that is needed for a multi user VPN setup.

My ISP is, indeed, not great. Speeds are around 15 mbps download and 2-5 mbps upload. People already have very low expectations on speed for remote work. They connect to the VPN to connect to their Remote Desktop afterwards and work on Word documents. Although it would be nice for the VPN server to handle an eventual ISP service upgrade. But anyway, I don't expect the service to be much more than 20 mbps in the next 2-3 years.
 
Wow thank you for such a complete answer! This is much appreciated. However, with such an answer rises more questions :p

I must mention that we are a Non-Profit organization, so we don't have a lot money. So my objective is to spend money that will be well invested, in a robust and "future-proof" solution that doesn't break the bank. So maybe compromises are need, where it can be.

You're welcome and ask any additional questions as needed. :)

NP on a budget, gotcha. Do you have a dollar amount on that budget? That would makes things easier to recommend or not.


It will slow down the access even for someone bypassing the switch? How..?

If someone is accessing the same data and one is on the 10/100 switch and the other is on the GbE switch, the GbE user will need to wait until that data has copied to the slower user (alternately) and that effectively slows down the user on the supposedly faster connection.

How many ports does this old switch have and are they all being used? A TP-Link 5 port switch is in the $15 range and an 8 port switch not much more. For $60 to $80 you're looking at a 16 port GbE switch.

As you can see from the above prices, saving money on a new switch is a false economy. Particularly when you'll be upgrading the router to GbE speeds too.


We have 2-3 TB of data. Why not a two bay NAS in which I would throw two 4 or 6GB hdd in RAID1? Is there a significant benefit to go with a four bay NAS? The OS really needs a separate array? I thought it was installed in some kind of internal memory.

You didn't answer how important the availability of that data is.

But with 2 to 3 TB of it, I'm guessing it is crucial to the daily operation of the business.

A two bay NAS has the theoretical capability of doing what you need, but the downside is that a NAS really is another computer and your data will not be available if the NAS isn't working. (That is why I recommend two identical NAS units backing each other up).

The benefits of 4 bay and higher NAS' is that the os can be installed on separate disks than the data. The NAS os is not (only) installed in 'internal' memory, it is mainly installed on the first disk or array that is created on the NAS (I recommend you install only the first two drives, setup the NAS at a preliminary level, then install the remaining drives in the bays and then complete the configuration of the NAS by creating shares on the data drives' array and assigning access to users, groups and administrators). This will ensure that removing the data drives does not impact the operation of the NAS itself).

On a heavily configured NAS system, trying to set it up again in the case of a drive or other failure (again its the 'other' failure that a second NAS should be considered) is not easy or fast. And if it impacts users access to it, it is the same as if it wasn't fixed at all.

The 2x RAID1 configuration of both the os and data arrays allows you to pull one (broken) drive from each array (if needed) and the NAS can continue to operate transparently to the users until you can replace the bad drives. It also allows you to put the data drive into any computer to get to your data too in cases of extreme emergency. Of course the performance will be lower with a disk removed (and even more so when it is rebuilding the array to a new drive), but that is a minor inconvenience compared to not having access to the data (and the working and complete NAS configuration) at all.

I would not consider a two bay NAS for a home environment, even less so for a business environment as the above points highlight. :)


NAS like Synology do have some kind of incremental backup procedure, right (like rsync)?

Yes. :)


My ISP is, indeed, not great. Speeds are around 15 mbps download and 2-5 mbps upload. People already have very low expectations on speed for remote work. They connect to the VPN to connect to their Remote Desktop afterwards and work on Word documents. Although it would be nice for the VPN server to handle an eventual ISP service upgrade. But anyway, I don't expect the service to be much more than 20 mbps in the next 2-3 years.


With such a low ISP speed, continuing to use the Windows Server may not be needed (the 'low' part is the upload speed).

An RT-AC68U connected to an RT-AC66U with even lower ISP speeds (and much lower processor performance than the RT-AC3100 router) works fine for RDP connections (with some of the bells and whistles turned off, like don't show desktop background, menu and window animations and desktop composition).

But the current Windows Server machine you are using now is exponentially better at serving multiple VPN clients (at your maximum ISP speeds) than any reasonably priced router you can buy today. :)
 
Last edited:
I agree with everything above except for using a consumer grade router - there are options that are more stable there...
 
I agree with everything above except for using a consumer grade router - there are options that are more stable there...


sfx2000, if the OP had your skills, he wouldn't be asking here. :)

The goal is low cost and high value for the long term.

Trying to learn a router os and utilizing it fully is not low cost in terms of time.

The RT-AC3100 is a router that has as many features as the OP needs and he can take advantage of them within 15 minutes of unboxing the new router too. :)
 
EdgeRouter's are pretty easy to set up... and reasonable cost for a small business...

The rest - which is more valuable - is the insight you've provided... nicely done
 
i dont think you're much of an IT person if you mix up gigabit and gigabyte.

For your VPN and backup solution under no circumstances should you get a VPN router, those actually suck as they're only good for VPN That is supported by hardware but they usually come with very slow CPUs.

First you need to analyse what you have. What upload and download speeds does your office have? This influences your choice of router in that ideally you want a router that can handle your WAN forwarding requirements + VPN speeds at your WAN speeds for the VPN you use be it openVPN or even L2TP/IPSEC. Getting one thats configurable is helpful and having a UTM or similar is important to protect your network.

For your local services at least consider a semi managed switch as that will do you a lot of good especially in the future when you start needing layer 2 features. People may think that 100Mb/s LAN is enough when they barely do LAN transfers and feel fine having things transfer around LAN the same speed as with WAN but if you have to transfer gigabytes worth of files around everyday the main question is do you do a batch transfer at night or must the network be available during the transfers. If the network is used during backups and file transfers you will need gigabit ethernet. There are many decent layer 2 semi managed switches such as from zyxel, netgear, cisco that are in the lower price range. I would suggest cisco though if you ever want to upgrade to semi managed switch.

Even with windows server at least you already have something decent to handle local tasks like backup up. All that matters is getting everything to work well together.

@Lazar colocation will make things worse if the business doesnt have the network infrastructure needed. They have 7 people and if most of their traffic is local and not always uploading local content than colocation will make things worse as everything will have to be done through internet.
 
i dont think you're much of an IT person if you mix up gigabit and gigabyte.

Indeed, I am a more hobbyist than professional. You should know though that mixing up 'gigabyte' with 'gigabit' for me is the same as mixing up 'than' and 'then' for you. We both know the difference between those words and sometimes we inadvertently mix them up. :)

That being said, thank you for your valuable input. I will have to read further on Layer 2 as it falls beyond my knowledge.
 
Indeed, I am a more hobbyist than professional. You should know though that mixing up 'gigabyte' with 'gigabit' for me is the same as mixing up 'than' and 'then' for you. We both know the difference between those words and sometimes we inadvertently mix them up. :)

That being said, thank you for your valuable input. I will have to read further on Layer 2 as it falls beyond my knowledge.
I forgot to mention you may want to think about network security such as introducing RADIUS authentication to your network. They can complain all they want but it will prevent some of he windows 10 security issues.
 
Indeed, I am a more hobbyist than professional.

If you're the IT manager - best decision you can make is admit you're in over your head - and bring in a consultant/specialist to help out - a good manager will know this and do it...

Do the wrong thing - and you'll be updating your resume/CV while you're on the job search...

Do the right thing - you'll get a pay raise - you're the manager, not the engineer - if you need to, either hire or outsource.
 
Definitely replace the 100 meg switch with a gigabit switch. Server should plug into switch. All users should plug into switch.
I'd not worry about a gigabit router, since you only have a 15 meg internet connection a 100 meg router is "not" your bottleneck. Matter of fact, you should plug your workstation into the 100 meg switch right now, you'll have better speeds 'tween you and the server. Plugging your computer into the router...which has a shared (and busy) single uplink to the switch, only slows down your transfers to/from the server.

Save up for a good UTM (unified threat management) firewall....to replace the router. One that does VPN...I'll get to that next. But I see zero sense in upgrading to a gigabit router...if all you're going to get, is another basic NAT router (not enough firewall for a business)....when your current 100 meg NAT router is only connected to a 15 meg pipe. The current 100 meg router is not the bottleneck on a 15 meg pipe.

VPN...I stopped doing Windows Server based VPNs back in the NT 4 server days. In no way, will I expose my clients servers RRAS service outside a firewall. Windows servers are not the best VPN performers either...especially since most IT guys (but not me)...use the same NIC as the LAN. Even back in the NT 4 days I'd use a separate/second/dedicated NIC for RRAS..but I'm extra anal and picky about performance, and security. I always use full biz grade firewalls that support VPN, or..on clients that have higher VPN needs (like many users, and need a super fast VPN connection) a dedicated SSL VPN appliance (separate from the edge router). Juniper/Pulse SA appliances rock for this!

...however, the OP states his staff connects for RDP anyways...so higher throughput isn't necessary. OP..what OS is your server? You can ditch the clunky VPN and if you're 2k8 or higher..just fire up the TSGateway role...have them come in on port 443 and SSL cert locked.

Wireless...if your office is small (just a couple of users)...having wireless built into the router is fine. But if you have more users, and/or a larger office....I much prefer dedicated access points sprinkled around the office.

Data storage. How many users on the server?
You want a fast disk system. Ideally you want SAS drives..10,000 rpm if a small office, I'd go with 15,000 rpm drives for a larger office.
Smaller office..RAID 1 (for the server OS) and RAID 1 for the data.
Larger office, RAID 1 for the OS, and RAID 10 for the data.

You can use a NAS instead of your Windows server...just keep the server for user authentication and other network infrastructure roles...folder redirection, hosting apps like accounting, print share role, etc. If you get a NAS, again, focus on disk performance (GIS = large files). I'd not even consider 2 bay, you want at least 4....setup a faster RAID with most disks, and use disk with larger amounts of cache and that work well with NAS RAID setups, business level hard drives...no 1 year warranty home computer junk drives.

Backup...what is your pain threshold for needing data back in case disaster strikes?
How many minutes/hours/days/weeks can you go without your data if disaster strikes?
This is what separates price points of backup.

You have basic file only backup....cheap. But can take a looong time to rebuild your whole network if something happens.
You have your disaster recovery backup....offsite for files, combined with some form of image based backup of your server(s)...so you can rebuild them "fairly quickly".
And you have your business continuity backup...if your server catches file and melts down, I can boot up the prior hours recent backup on an appliance on your network within 15 minutes, or spin it up in a cloud, within 2 hours. So you don't feel the pain of "no server". And we can take our time ordering your replacement server.

Non profit doesn't always mean you can't afford good IT stuff. First...I have lots of non-profit clients that love staying ahead in IT and have good budgets for that. Plus the board of directors often prefer to see their data safe, secure, well protected, so they bless the budgets for that. Plus many hardware and software companies give deep discounts for non profits....Microsoft gives very deep discounts to non profits (used to get them through a place called TechSoup but you can just bypass that now and get direct from MS). Lots of hardware manufacturers give deep discounts also....so you can afford good tier-1 servers, business class desktops, switches, etc.
 
If you're the IT manager - best decision you can make is admit you're in over your head - and bring in a consultant/specialist to help out - a good manager will know this and do it...

Well, after reading everyone here I realize that even a small scale network has the potential to become much more complex than I thought. But I think I can keep the network installation rather simple, as it is right now, but just modernize it.


Here is the plan I am thinking about:



For storage and backups:

- The NAS would be Synology DS916+ (8gb RAM) OR QNAP TS-451+ (8 gb RAM).
- Since our ISP is garbage (scored 10 mbps download and 0.8 mbps upload today) and that maximum 5 concurent users would be an exceptionnal situation, I would use the NAS VPN server for remote file access and RDP connections.
- I would throw in the NAS server 2x 6 TB WD Red in a RAID1 array for the data, and 2x 1TB RAID1 array for the system.
- I will re-use the 2x 2TB external USB drive that we currently use as the backup mediums. One that will stay plugged in the NAS, the other on that will taken off-site, with weekly backups. (so I think I cover the 3-2-1 backup rule)


For the network:

- EdgeRouter X SFP
- Ubiquiti Unifi AP-AC Lite (We don't use WiFi very much, and we currently have a 54 mpbs 2.4ghz router. It is mostly used for our own phones, and 1 or 2 laptops, occasionally)
- Switch to be defined...



Someone suggested to plug everything in the switch and use one port of the router. In that case, I would need a smaller router. I thought that the NAS would be direct into the router.
I don't think LACP would be much useful in our case, but why not. So I would need a managed switch.

Well... Everything would cost around 1700$ USD. MUCH more than I thought it would be, lol! But that way, the windows server machine (which is run on a desktop computer) is now useless so we have an extra computer laying around for the additional employee that will start next month.


So what do you guys think about it?
 
Last edited:
Everything should plug into the switch..the switch is the "center" of your network. You want to keep the majority of traffic going across its backplane.

The router is only used to connect one network...to another network. In this case...your internal network, to the internet. Traffic only goes through it if the traffic is destined to a network outside of the local subnet. In which case..it heads for the exit door..which is the gateway address, the router. Utilizing the additional LAN ethernet ports of a residential grade router...to connect to devices to a larger switch which is uplinked to that router, only hurts performance, hurts transfers. Because now traffic from your workstation (assuming it's plugged into the router)...has to "swim upstream"...against all of the "internet bound traffic" from all other devices which are going to the internet...to get to other resources on the switch (such as the server). You mix with other traffic on that uplink, and you lose the ability to connect at dedicated port speed which shares a much higher speed backplane of the switch.

Desktop hardware being used as a server...I won't even comment on that. Except to ask.."how important is your data, to your business?" Doing IT consulting/support for SMBs for over 20 years...it's what I do every day, and I occasionally run across this stuff, and see the emergencies created from it. So...ask yourself..."How important is my data?" "How much money is my time worth?" A desktop computer running as a server can't give fast performance to a bunch of workstations working with large files. Time is money! Having fast computers, a fast server, fast network...saves time. Time is money. Good performance is better employee morale. Higher productivity. Penny pinching ain't usually worth it! I see budget debates a lot, I often see businesses really try to skimp on the computers. Think of it this way though...next to employees...the computers are the next most valuable asset, and computers are responsible for productivity in addition to employees. They are a valuable tool, and they hold all the companies data.
 
Wise words. This is why I see the need to move to a more robust, convenient, scalable solution to adapt to the current time and to an eventual growth of the organization.

Time is money! Having fast computers, a fast server, fast network...saves time. Time is money. Good performance is better employee morale. Higher productivity.

Exactly! I feel the lag every minute of the day.
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top