Looking for advice on this job I just got asked to fix for a law office?

[One Stop Tek Shop]

So I Just got the job to out fit a new law office with file server and a three year service contract also they have apple and windows systems and want a dropbox style file system that is remotely accessible along with a DC and they have voip phones one cat 5 port per office. Attached to phone currently. current equipment is a D-Link DIR-850L, a Motorola - Arris Surfboard 600 Series, a linksys switch 10/100 8 port for voip. Need to build a server most likely linux so i can use owncloud for file sharing and syncing. What is the proper equipment that i need to get for the networking side of it and is ubuntu server the best choice for server os? The original job was left half done and server was never configured to share files plus server was running windows server 2003 so we are starting server new. Also need this to be able to connect to a satellite office they are opening in about 18 months so hopefully will be able to set this up with that in mind.

 

[OaksLabs]

The first question I would ask is what laws apply for PII (eg. anything like HIPPA or FERPA or SOX, etc...). When you mention DropBox like features, I see a data leak in progress.....Anyways, a few suggestions:

1. Future Proof: Upgrade everything you can to Gigabit networking. Stability is priceless.
2. Remove one platform: While it is possible to run Mac and Windows computers on the same network, I don't recommend it. [Think about sharing a printer from a linux server to Mac and Windows clients....you'll be suggesting printers based on driver compatibility, not the features they want/need.....and then you'll be looking for a frankenstein fix...]
3. Remove the domain controller: Unless you're using roaming user profiles, for an office of 10 users or less a domain is an unneeded layer of complication.
4. Get good backups going: That's one thing I don't see in your post (how they do backups). If they lost data (like a bad lightning strike took out the server and some workstations), I think they'd be up a creek without a paddle. A good NAS would do the trick (and something like NAS4Free/FreeNAS could probably do your file sharing/remote access work too....).
5. Setup a good network edge device that can do VPN: I recommend Untangle, but this device will both ensure security and allow you to join the remote offices. Again, use quality equipment. Stability is worth the money (Untangle is a free OS btw...).

 

[One Stop Tek Shop]

One guy is set on his mac stuff and windows most everyone has windows except their researcher/investigator uses a linux distro on a chromebook. Their is a total of 5 lawyers two legal assistants and one investigator. at this office and will double over next three years. They currently aren't using a backup solution but I host all my legal clients backups at my office in a secured room. Thats where I'm planning on the main backups being it is weather and theft protected with the three is two rule in place. We are going to set up a nas at the owner's house for a second back up. along with raid 5 on server for drive failure I have a asus 2u server that I just bought that I was going to use for their hardware. I usually don't deal with macs on business networks hence why I'm asking for advice normally use win server 2012r2 and set up file sharing through that. the domain is to track access to folders and limit access to confidential access to those not allowed to it and monitor any shady activity of the support staff they bring in lots of interns from law school. Also by law they have to track who accesses what file for chain of custody reasons.Printers are local to each lawyer I don't agree with that choice but they like it that way so printers aren't shared with office just the client pc needs to work with printer. When i said drop box like the file syncing,undelete, web viewing of document, and the single save file that they save document to sync it with server. mostly the no vpn log in for lawyers to sync and view files simplicity of dropbox.

 

[rojinkm]

Cant you setup WORKFOLDERS in server 2012?

 

[One Stop Tek Shop]

And share them with mac windows and an linux OS. The issue I've always had with 2012 is getting it to play nice with mac and linux systems connecting with it particularly remote log in

 

[Markverhyden]

Sounds like O365 might fit the bill. But I'm not sure about the Linux compatibility.

 

[One Stop Tek Shop]

O365 is not local install its a cloud service and I need a locally hosted option. O365 also does not meet the legal requirements.

 

[OaksLabs]

It sounds like you have a very messy situation. Followup questions:

1. This NAS at the owner's house: can you monitor it? If it fails, when will you know (finding out that it has been unplugged for a month when your server dies is not what you want).
2. Have you tried to hook a *nix machine to a domain? It can be done, but it's a it of hoop jumping to do it.
3. You say you host all your legal client backups.....are these backups encrypted (in transmission and in storage)? You might have a plausible deniability nightmare otherwise (especially if you have data for competing law firms!!). The only way you are covered is if you have no decryption keys for that data. [The situation becomes sticky if you or your clients are required to disprove the existence of a decrypted copy of the data...].
4. With the NAS offsite, remote file access, offsite backups, and a branch office, this is starting to sound like a rabbit hole maze of VPN technologies. VPN is a wonderful technology, but it decreases performance, and especially in a AD environment with multiple users, things can get complicated.

Suggestions:

1. Go with a cloud based backup: A NAS sitting in the customer's house, backups sitting in your office, and whatever your client saves to USB drives will be a rebuild nightmare WHEN the time comes to do a restore. A service like BackBlaze or CrashPlan offers encrypted backups that are offsite, and they have the higher end features (like shipping you a HDD with all your data on it if needed).
2. Streamline the in-house stuff. AD is meant to control everything. To do a proper setup, every PC, printer, NAS, etc. should be added to the domain. Setup GPOs for user groups, assign users to groups, and your maintenance is slick. A hybrid conglomeration of domain and workgroup devices will not be a fun thing to work with.
3. Your dropbox-like thing: I have not worked with anything that does this, but if it is a local server, tie it into the domain. As with any tool that might be handling PII, make sure everything is encrypted. Also, enforce strong password policy if you can (it's a breeze on the domain.....).

 

[Markverhyden]

O365 is not local install its a cloud service and I need a locally hosted option. O365 also does not meet the legal requirements.

If your specification requires a local solution so be it. But O365 is HIPAA compliant amongst other things.

http://www.microsoft.com/en-us/health/products/office365/default.aspx#fbid=5N1IeAshHOR

 

[One Stop Tek Shop]

@OaksLabs let me answer your questions first
1) Nas will be added to my monitoring software so yes I'll be able to monitor it.
2) Never have set up nix as domain figured I could run virtual machines one linux to use one cloud and other win server 2012 for AD
3)So the way its set up is each law firm 3 encrypted VPS total one for original data two for redundancy. Also server access is always a two party access to open any vps All traffic goes through encrypted tunnel. The Key situation is we each have our own but takes both keys to decrypt. So yes I'm protecting. Backup is encrypted prior to being sent through the vpn tunnel and then encrypted at my end with my key. so to restore I first have to decrypt then on other end it gets verified for integrity then decrypted.
4) This is a rabbit hole and not really a job I would normally take but the lawyer is helping with my divorce.

 

[WillieEverlearn]

O365 is not local install its a cloud service and I need a locally hosted option. O365 also does not meet the legal requirements.

From what I am reading, almost nothing is meeting legal requirements. A NAS at a private residence?
This is a ticking time bomb.

 

[WillieEverlearn]

The first question I would ask is what laws apply for PII (eg. anything like HIPPA or FERPA or SOX, etc...). When you mention DropBox like features, I see a data leak in progress.....Anyways, a few suggestions:

1. Remove the domain controller: Unless you're using roaming user profiles, for an office of 10 users or less a domain is an unneeded layer of complication.

I disagree with this thinking. I have DCs deployed in businesses with as little as 5 users. What if Bob needs to share a folder with Sue? Do you create additional local accounts on each machine?....besides, why yank it out if it is already in place?

 

[OaksLabs]

I disagree with this thinking. I have DCs deployed in businesses with as little as 5 users. What if Bob needs to share a folder with Sue? Do you create additional local accounts on each machine?....besides, why yank it out if it is already in place?

Try sorting out a small network after the DC has gone rebel. If you loose the DC, you can't just swap it out with another one, you're going to have trust issues at the workstation end. I agree that DC's are very useful and very powerful, but if you properly plan out a small network, you certainly don't need one -- and it's hard to justify the expense of the server OS, the maintenance, proper backups, and power consumption of a server when a NAS that is properly configured and some quality setup can do the same thing [unless you're making you money from this type of upsell, but I have objections to overselling clients].

 

[fencepost]

I'm torn on the small office DC question - for not that much more than the cost of a good 4-6 bay NAS, you can get a small Windows Server 2012R2 Foundation or Essentials server with a similar number of drives (hot-swap available but not required). You can set up automated dumps of system state, use your choice of backup solutions that may not be available on the NAS, etc.

 

[Knightsman]

@OaksLabs let me answer your questions first

4) This is a rabbit hole and not really a job I would normally take but the lawyer is helping with my divorce.

uhhhh.

 

[One Stop Tek Shop]

uhhhh.

Right these are my attorneys handling my divorce and so Normally if Clients want to used this multi operating system environment and not really concerned about using technology to Simplify their workflow I wouldn't get involved but the guy that was doing it was a joke who watched youtube and thought it would be easy way to make quick money. So it's a nightmare tech situation from all the retarded solutions he tried to offer them. It has improved quite a bit and I have saved them many hours of work by simple training and moving them all to windows for the office computers and all using clio software solution.

 

[One Stop Tek Shop]

So the solution we went with was a ubuntu server running several virtural machines one with freepbx for phone system, one with a custom built owncloud that was integrated with the Clio software for the cloud storage, Also one that handles the A/V storage and software. All Backed up to the off site nas and a local nas that runs a secure vpn. All backups are encrypted on site before being routed to my office to encrypt again prior to then sent to off site nas and local nas to restore data It requires me to first decrypt the file prior to them being able to get access to files on the nas to open or get access to unencrypted data.