A (non) Profitable Journey–Part 2

As promised, this is the second post in a series of posts about work I’m doing at the Swan Lake Christmas Hill Nature Sanctuary in Victoria.  As you may recall from my first post, I said that I would document the good, the bad and the ugly!  Well, here we go with some of everything!

First off, SLCH is live on Office 365, at least for email.  And they are reaping the benefits … phones connect, easy remote access (OWA), lots of configuration options (they are already leveraging the daylights out of Resource Calendars).  Of course, a lot of this was available to them through their older SBS system but it had been misconfigured and many things simply didn’t work.  O365 has made it simpler and cleaner for them AND there are no worries about the backend.  Win #1.  Shortly they will start to leverage SharePoint and OneNote and Yammer.  It’s all baby steps, but steps in the right direction.

I just completed a server migration and have moved them off of Server 2008 R2 Hyper-V and SBS2011 VM to Server 2012 R2 Hyper-V and a combo of two Server 2012 R2 VM’s.  One VM is the DC/fileserver and the second is a RDS server to house certain apps that don’t “play nice” across the Internet (SLCH has two buildings connected by VPN).  The DC has the “Server 2012 R2 Essentials Experience” role installed and we will be leveraging it to provide some friendly management tools (a la SBS) as well as friendly remote access to internal machines (again, a la SBS).  The really big benefit, though, is the integrated management link with O365 that provides many of the benefits of DirSync without having to actually install and configure DirSync (or the newer versions such as AADconnect).  The overall goal is to make most of the day-to-day management functions “easy” and accessible to SLCH management staff without burdening them with the backend IT role.

Now you may be wondering  why I went ahead and built a fileserver when they have O365 and all of the cloud storage goodness that goes along with it.  The biggest single reason is they have gobs of data and most of it is “cruft” that shouldn’t go up to O365.  Best to keep it local while they figure out what goes up to O365 and what should stay behind.  Also, there are things that need to stay local (accounting backend, for example).  In other words, they are like many other organizations that will need to run in a hybrid mode for sometime to come.  I have no doubt that over the next year or so there will be a sea-change in how they look at their data and how they manage it.  Having SharePoint and OneDrive and OneNote (backed by O365 storage) available will be total game changers and will allow them to change many of their processes which will change the way and the place they store data.  I’ll d my best to document how they leverage these tools.

Like most non-profits, SLCH has “zero” budget available so I’ve had to get creative in order to provide some “safeties” in other areas.  If you’ve followed my blog you’ll know that I am a Sonicwall “guy”, they are my firewall of choice.  As there is zero budget available I’ve had to look at other alternatives to Sonicwall as I really, really want to have gateway anti-virus and some of the other features of a UTM class firewall in place at SLCH.  As there were available “surplus” PC’s I turned to the opensource community for a solution – the Endian Community Firewall.  While it isn’t perfect by any means (what is?), the ECF provides a decent feature set including gateway a/v, some intrusion prevention capabilities, “screened” web proxy access (screens for viruses and does block a number of really bad websites) and decent VPN capabilities (we need site-to-site VPN).  So, SLCH now has two ECF firewalls in place.  It took a little bit to figure out the proper way to set up the site-to-site VPN but, other than that, it was a simple process to install and set up the firewall.  I’d still like to have Sonicwall’s in place but the ECF’s are way better than the Linksys/Cisco firewalls that were previously in service simply because of the scanning capabilities.  If you are strapped for funds and need firewalls, you could do worse than pick Endian.  I’ll also post updates on our experiences with these puppies.

I’m also playing with backup for the Hyper-V boxes.  SLCH had Altaro Free installed (backs up two VM’s, no cost) and I did reinstall the latest version of Altaro on the rebuilt Hyper-V host.  Nice, simple interface and backups run reasonably fast.  However, the free version does not allow for file-level restores so I am probably going to switch over to Veeam’s free edition as they apparently do allow for file level restore.  I’m just waiting on confirmation form Veeam.  Backup is critically important and being able to recover the VM in case of disaster is a major priority.  But it is also critically important to be able to recover files, as well.  Stayed tuned for more on this.

So there you have it, major movement on a number of fronts.  There will be lots more in the weeks and months ahead so keep checking back for updates!

2 responses to “A (non) Profitable Journey–Part 2

  1. Hi there Robert. Sorry to hear about Sam!

    Regarding backups, did you think in turn on Shadow Copy in the file server to provide fast file recovery without have to deal with backup restores? I know it will not substitute backup, but will increase restore time.


    1. Hi, Valdecir!

      Thanks for the sympathy about Sam, there is still a big hole in my heart!

      Yes, I do have Shadow Copy turned on but thanks for raising the point! I think a post on Shadow Copy is in order as it is not well understood by a lot of organizations. I appreciate you pointing it out, there will be a post on this soon.



Comments are closed.