Office IT management

[gabada]

Hello guys,

I am going to serve a little office so I need your suggestions to build a complete automated system. I want to maximize system to support remotely and wasn't needed to get there often ( or ever ).

Here is what we got there :

2 ISP ( to backup network fails ) with their silly routers Huawei HG8245H .

Cisco SG350-28 switch.

2 DELL EMC with Windows server 2016.

9 UNIFI AP.

50 user.

 

1) I should have access on all 50 users PC at anytime to solve any problem fast.

2) Want to monitor and control network and have control on Cisco ports to QoS any port. ( I thought to use Zabbix or Nagios )

3) Both servers should backup automatically on 7pm everyday. ( Want to buy 1 NAS and backup on it from LAN )

 

I hope I wrote this clearly.

 

Thanx for any suggestions in advance.

[2FA]

Get a UPS, preferably two if possible to provide battery power to at least the servers. Run the networking equipment off them as well if possible. That way the equipment can cleanly shutdown in the event of a blackout and prevent possible damage from brown outs.

 

QoS can and should be configured on the switch and routers, especially if using a VoIP system.

 

LibreNMS is a very good and free monitoring tool you can setup.

[gabada]

1 hour ago, 2FA said:

Get a UPS, preferably two if possible to provide battery power to at least the servers. Run the networking equipment off them as well if possible. That way the equipment can cleanly shutdown in the event of a blackout and prevent possible damage from brown outs.

 

QoS can and should be configured on the switch and routers, especially if using a VoIP system.

 

LibreNMS is a very good and free monitoring tool you can setup.

Thanx for suggestions.

I forgot to say, there is 16Kw UPS to last long.

And what about QoS, than I better change routers yes ? ( I am familiar with Mikrotik and prefer )

Also any idea about remote control ? ( I thought to use Anydesk but I don't like it )

 

[phoenixflower]

Anydesk is a particular bad product, it was a great idea but sadly falls short.  NoMachine (Nx 4) based on the Nx protocol is pretty good.  If you wanted to use a completely open source product you can use X2Go (Nx 3).  You can also use RDP although I would recommend choosing a port other than the default port.

 

Mikrotik is great except for the fact that they suffer from a legion of security vulnerabilities.  Their software is also quite complicated so kudos for learning how to manage a Mikrotik router.  They provide great performance, I just find it hard to trust their software.

 

I've always been a fan of Pfsense because it's based on FreeBSD which is the backbone of enterprise.  If you want a more industrial choice.  Sophos is pretty good all around.  Both can be installed on random hardware.  Be sure to include AES-NI in your build specification to fully take advantage of hardware feature sets.  If you want a recommended built specification I can provide one, just specify how much traffic is going through it and what feature sets you want to turn on such as VPN traffic, Snort, Surricata, QoS, etc.

 

If you want a NAS, FreeNAS is great because it's literally based on TrueNAS and uses FreeBSD (again, the backbone of enterprise).  It also has integration with Backblaze for NAS offsite backups.

 

For monitoring I recommend the following

https://pulse.alphametric.co

 

NetData (

)

 

 

I hope you find the info helpful

 

 

 

 

 

[jake9000]

have a look at Remote Management and Monitoring platforms. NinjaRMM, Comodo One, Connectwise Automate, Pulseway. 

These aren't just remote access, they also have automation and can resolve alerts on their own based on rules that you set up. They are what managed service providers use to manage companies with no on-site staff. 

 

For backups, take a look at Veeam or Datto. both are solid. 

Do you not have a firewall? If you also dont have AV arranged grab Cisco firepower + Cisco AMP. Put the ISP gear in passthru mode that stuff is no good. 

[tech.guru]

use an citrix netscaler 

      1 ) secure your web applications with l7 firewall

        block sql injections and other flaws

      2 ) use a single unified gateway for all your applications

          use a single public ip, certificate and domain name saving costs

          use content switch to redirect to application

      3) provide secure remote access

             preform epa scans for devices

                   provide full vpn access for trusted devices

                   limited access for untrusted devices such as BYOD using clientless vpn

      4) use ssl offloading to proxy and secure applications on the internet

 and many more

.

 if i were you if this was a small office i would consider using an ipsec tunnel and connect that remote office back to a central one using ipsec and limit the services you need to place there.

 

see, https://www.citrix.com/blogs/2015/09/04/how-to-connect-one-datacenter-to-another-with-netscaler-cloudbridge-connector/

 

also consider hosting vdi in your central office for those 50 remote users. as a added side benefit they will also get remote access to the desktop from anywhere using the netscaler

[BloodKnight7]

I know this might be in the basic side of things... but dont forget to enable iDRAC in both of the Dell R730. It can be pretty useful to have even ssh access (bare minimum) to it.