Suggestions for a revised "Storage Topography" for a client

[britechguy]

I am breaking this out into a new, separate topic because I don't want the contentiousness that's developed on the topic I started regarding a OneDrive error.

Synopsis of current situation:

- 4 client machines, 2 are CAD-CAM workstations, 2 are general purpose machines in the office.

- 1 Windows Server 2003 instance, being used as nothing more than NAS, and where the entire data store is significantly less than 1TB (there are actually 2 machines, but one is a backup in case the first dies, and both are years old - I want this entire component out of the picture). For all practical intents and purposes, this is where all the data for the business lies, with the exception of the QuickBooks database, which does end up being backed up on to this server.

- QuickBooks currently in use in single-user mode on one of the office computers, want to get to multi-user mode across both office computers.

- an ioSafe SoloPro (2 TB capacity) has been in use backing up the data on the Windows Server.

- Microsoft Office (older versions) was in use but there is no current M365 subscription that involves Office applications. I have them using SoftMaker Free Office as all they really use is a word processor and a spreadsheet, and these handle all the material that was ever created using older versions of Office with ease and grace.

- Total of 6 employees, and will probably never get past this, or if it does it would be a glacially slow climb in number over many years.

- No one other than those in the Office (2 people) will likely ever be using a word processor regularly, nor a spreadsheet, and the couple of odd spreadsheets used "in the shop" can definitely be handled by any third-party office suite you can name. They're just dirt simple, mostly for conversions of various sorts, and are a "fill in and toss, not save" affair.

My thinking:

1. the ioSafe can stay, no matter what, as having yet another backup is not hurting anything

2. Not quite sure, yet, about what may or may not need to be done in regard to QuickBooks and multi-user mode

3. The Windows Server needs to be replaced with cloud storage that can be treated as NAS for all machines, and no matter who is logged on to those machines, as this is what they do now with the Windows Server. If it's possible to conveniently control "who has access to what" on the replacement, all the better, but it's not absolutely essential. I'd prefer that, though, as I hate wide-open access unless it's needed, and in this case, it's really not. Certain staff really have need only to get at certain material that's on the Windows Server, but at present they can access any of it due to how things were set up years ago. I'm not married to any given service provider for this component, so suggest away.

4. In the end we may have the 3, 2, 1 backup rule in place, but 2 of those 3 would be local, and one would be the cloud storage itself. It's possible that it would boil down to 2, 1, if the cloud storage is used as the Windows Server currently is, as the central data repository that everyone uses, that would also be backed up locally (and, depending on the cloud solution, maybe with files synced locally to machines that use them).


The two "big issues" are deciding on a cloud storage solution that meets the above noted needs/wants and getting multi-user mode of QuickBooks functioning so "the boss" can handle things directly from his machine on the days when the administrative assistant is out. As things stand now, he's had to use her machine, and since they have a multi-user license it makes sense to use it. But since QuickBooks does not allow a networked file to be "the primary database" I'm not quite sure how they arrange multi-user access, and I know that there are plenty of QuickBooks users here who are likely already doing this and can tell me "just how simple" getting that set up will be (or, heaven forbid, just how hellish).

Thanks for any insights you can offer.

 

[nlinecomputers]

Quickbooks needs multiple licenses for each user that requires simultaneous access. As you are doing away with the server one workstation will need to have the network version installed and the files hosted there. The remaining users are installed in client mode and point to the “server” workstation. You need as many licenses as people connected at the same time. But clients can be installed on all computers. You have 6 computers but only 2 regular users then you only need 2 licenses. If a third user needs access one of others must log off.

As for online storage. Microsoft 365 business premium. Even if they don’t use all the features,like email, economicly its the best bang for the buck and it can give security rights to the users that need access and block those that don’t and then you can use. You might be able to use the ioSafe with Backblaze as a local M365 backup.

QB can’t live on a OneDrive share but you can place the backups there.

 

[britechguy]

This client has been with QuickBooks for decades (literally) and I believe he already has 2 licenses, but has never had anyone set this up. It sounds as though, from what you've said and what @Sky-Knight has said, that getting the pieces in place for this for just those 2 users should be a relatively easy exercise.

His prior tech retired relatively recently and, for reasons I'll never understand, made decisions that really don't make any sense given the business context. Even if you go back 15 years, using Windows Server rather than a simple NAS in a context such as this one never, ever made sense. But that's what this guy knew, so that's what he did.

Just curious, but why would I need BackBlaze in the mix to create a local backup copy of the M365 content? As that content is all user data (or even if it weren't, and contained system images) why could I not use any one of a number of backup utilities (or, although this is NOT my plan, even something like SyncToy) to keep the cloud drive content backed up to the local ioSafe drive? I actually thought of Restic as a possible option or maybe UrBackup, which I think might be even better, as the backup solution across all the machines. If I used UrBackup, one machine would be the in-house backup server, also having a client for itself, and the rest would just have clients. I have a soft spot for well-established open source software of all types. Of course, I could be missing something here, hence the reason I ask, but with my current thinking explained.

 

[Sky-Knight]

@britechguy

My "ultimate" tiny business setup, is M365 Basic / Standard with a rather specific online configuration to enforce MFA. I setup a team per LOB app that's on premise.

The owner's desktop is the "server", it hosts the LOB apps like Quickbooks. His account gets access to the Quickbooks team. I sync each team to the local machine, and configure Quickbooks to put backups in the local team folder so OneDrive can send things off.

The company gets a general team automatically that's a public share, but at times they'll need another Team or two for more private stuff.

Once all that's sorted out, I sell a small Synology that is installed in an isolated VLAN on premise with the office, it backs up the entirety of the M365 environment. Alternately, the customer is given the choice of a 3rd party cloud service to do the same. Capital vs operating costs being what they are, that's a business choice.

The Synology in this case is 100% a backup of offsite assets, and as such needs no backup itself. Though I do have one client that is so paranoid they wanted more. So I plugged that Synology into Backblaze.

In this case the client has Sharepoint versioning along with the rest of M365 services to handle the day to day. The Synology on premise to backup things, and a replicate data set of the Synology in Backblaze. If M365 loses it, and the Synology is dead... they have to buy a new Synology to restore the data to from Backblaze before they can get at it.

That's some serious edge case bonkers risk mitigation for pennies all things considered. They'd have to have M365 go away, or an account compromise fry something important in M365 at the same time the Synology was lost in a facility fire to even need to get at the data in Backblaze. And all of it is self patching once it's deployed.

 

[nlinecomputers]

@britechguy

My "ultimate" tiny business setup, is M365 Basic / Standard with a rather specific online configuration to enforce MFA. I setup a team per LOB app that's on premise.

The owner's desktop is the "server", it hosts the LOB apps like Quickbooks. His account gets access to the Quickbooks team. I sync each team to the local machine, and configure Quickbooks to put backups in the local team folder so OneDrive can send things off.

The company gets a general team automatically that's a public share, but at times they'll need another Team or two for more private stuff.

Once all that's sorted out, I sell a small Synology that is installed in an isolated VLAN on premise with the office, it backs up the entirety of the M365 environment. Alternately, the customer is given the choice of a 3rd party cloud service to do the same. Capital vs operating costs being what they are, that's a business choice.

The Synology in this case is 100% a backup of offsite assets, and as such needs to backup itself. Though I do have one client that is so paranoid they wanted more. So I plugged that Synology into Backblaze.

In this case the client has Sharepoint versioning along with the rest of M365 services to handle the day to day. The Synology on premise to backup things, and a replicate data set of the Synology in Backblaze. If M365 loses it, and the Synology is dead... they have to buy a new Synology to restore the data to from Backblaze before they can get at it.

That's some serious edge case bonkers risk mitigation for pennies all things considered. They'd have to have M365 go away, or an account compromise fry something important in M365 at the same time the Synology was lost in a facility fire to even need to get at the data in Backblaze. And all of it is self patching once it's deployed.

This is what I was referring too.

 

[britechguy]

@nlinecomputers and @Sky-Knight,

Thank you, gentlemen.

 

[Markverhyden]

FYI. Based on feedback from my customers recently QB Desktop is now a mandatory subscription. Based on what they've been told is if they don't renew at the expiration of the license term Intuit can't "guarantee" how long it'll run. Smells like a planned obsolescence to me.

On the server backup is it an image? If so has a recent image been tested? If there's no Domain/AD I'd not worry about starting with an image. Just make sure they have the data in two locations and tested occasionally. On QB I do just as @Sky-Knight mentioned. Host it on a workstation shared out as needed.

 

[Sky-Knight]

FYI. Based on feedback from my customers recently QB Desktop is now a mandatory subscription. Based on what they've been told is if they don't renew at the expiration of the license term Intuit can't "guarantee" how long it'll run. Smells like a planned obsolescence to me.

On the server backup is it an image? If so has a recent image been tested? If there's no Domain/AD I'd not worry about starting with an image. Just make sure they have the data in two locations and tested occasionally. On QB I do just as @Sky-Knight mentioned. Host it on a workstation shared out as needed.

But interestingly enough... only in the US.

But in the US not only is QB desktop a subscription offering only, but it's also only available in the Enterprise flavor. Pro / Premium are both dead and gone.

 

[Markverhyden]

But interestingly enough... only in the US.

But in the US not only is QB desktop a subscription offering only, but it's also only available in the Enterprise flavor. Pro / Premium are both dead and gone.

From what I understand they "merged" Pro and Premium resulting in Premier Plus, which is also offered. I have a hard time believing they'd only offer Enterprise for Desktop. At least for the foreseeable future. Based on what I've heard the web version is still seriously lacking in many features that exist in the Desktop version.

 

[britechguy]

I'll look at the specific QB version, etc., the next time I'm on the client site. I really fail to believe that what they have is an Enterprise version and I doubt he'd be able to pay for an Enterprise version.

 

[YeOldeStonecat]

I'm not on the computer too much today...but a quick rundown of my first choice...

1) Microsoft 365 Business Premium, 4x licenses assuming those 4 computers are 4 different people. (forgive me if I missed user details above).
Computers to be Windows "Pro"....any Windows "Home" can be upgraded for 60 or 70 bucks via Microsoft 365 Business Premium special license upgrade. Computers joined to AzureAD. The 5th/6th users can get 365 Business Basic licenses if they just need email. Dropsuite for 365 backup. DNS Filter on all computers for added protection. Data reviewed and put into Teams...possibly broken up in separate Teams and or channels depending on access needs (who needs access to what, who doesn't need access, etc)

and a not first choice method...but could work...
2) For a more low budget setup, could skin this with M365 Business Basic for all 6 users (just $6/user/mo) I do recommend added Defender P1 for added security, and then Dropsuite for backup. Leave computer profiles as they are. Same organization for Teams/data.

Either way, Quickbooks for now can stay "on prem". Export daily backup in a QBak folder created in the hosts OneDrive folder.

A question of the size of the CAD files, and happiness with "files on demand" function of OD. Can always set the folder holding all the CAD stuff to "stay on this machine".

 

[Sky-Knight]

Defender P1 is subordinate to Azure AD Premium P1.

M365 Business Basic + Azure AD Premium P1 is my minimum, since security defaults cannot be trusted long term. Defender P1 is nice, but honestly I'd rather see them buy Defender for Cloud first. Defender on the desktop is good enough alone.

But that's the fun part, picking and choosing what the minimums are. Or you can do the easy answer of Premium and get all of this and more built in and not ever have to think about it.

 

[britechguy]

My guess, if we end up going M365, is that it would either be M365 Business Basic or Standard.

It would be great if one person could have a Business Standard subscription, with the other 3 having Basic, but all able to access the same Teams storage.

But unless I'm reading something wrong, you cannot "mix and match" in that way. If we can, that would be ideal, as it's not the standalone installed Office applications we're after for all but one person in the office. The rest would be fine using web versions. The core need is cloud-based storage that can be treated as a "virtual Windows Server" for everybody, and Teams does appear to allow that.

It also appears that M365 could take GoDaddy out of the picture, as I believe the only "real reason" they have GoDaddy is for their business email, and if the existing addresses can be "ported over" to M365 that frees up those funds, which would be nice.

Shoestring budget is at work here.

 

[Sky-Knight]

The only difference between Basic and Standard is the on premise Office applications. The cloud features are identical, and yes, you can mix and match those all you want as far as Teams / SharePoint / OneDrive are concerned. And yes you can mix and match subs... I do it all the time. It takes more work to ensure you've got your feature bases properly covered but that reality is one of the reasons to use the platform.

Godaddy has actually destroyed this conversation at the start...

You see that email with Godaddy? It's ALREADY M365, and if it isn't... it will be soon. And worse? Thanks to that you cannot get them into the M365 ecosystem properly without some tooth pulling. One of the things GoDaddy does? Sell M365... then cut your access to the features that make M365 actually worth using... while charging full price for it. The sheer hubris that company displays while screwing its own clientele... it's astonishing.

Shoestring + business do not belong in the same sentence.
Godaddy hosting + business do not belong in the same sentence.

Shoestring + Godaddy + Business = RUN FOR THE HILLS all support professionals... lest you wind up in a dark pit of shame and pain while you get screamed at by a former client.

Seriously, that's the modern day pit of bad decisions festered into a Lovecraftian horror... run.

But yes, Godaddy should be the domain registrar, and perhaps a web host / SSL certificate provider. It's also effective at DNS hosting. I use them a ton in these spaces, I'm moving people into CloudFlare for all of this though, easier... cheaper... more secure... company actually cares... etc. But all of these things have 100s of options so pick your poison.

M365 is the hosted Exchange, so no need to continue spending on email from Godaddy.... but see above... there are dragons there.

P.S. thanks to CAD being involved, wherever those files live "needs to be local", "needs to be kept on this device" or bad things will happen. So each CAD system needs enough hard disk to store 100% of what's in the CAD team.

The solution does work well, but it does have that huge catch so don't forget it.

 

[britechguy]

Seriously, that's the modern day pit of bad decisions festered into a Lovecraftian horror... run.

So helpful. Many of us walk in to circumstances not of our own making, particularly those of us in the "break fix" business. I am not responsible for any of the current situation, it's what I was handed.

Now I'm trying to figure out how to "cut out the garbage" (of which I suspect GoDaddy is a big part) and tidy things up.

If I can do that by just dumping GoDaddy and going M365, then that would be great. I really think the only "real thing" that has occurred via GoDaddy is the creation of the business email addresses (of which there are, count 'em, two). I have, in the distant past, helped people change domain name registrars and I can't imagine it's any worse to change from GoDaddy providing what they provide to Microsoft doing so (plus more).

And, if I may say, you really have no connection to the real world if you think "shoestring + business" don't belong in the same sentence. Most mom and pop businesses I know of, and I know of many, have been exactly that, for years to decades. Again, your arrogance about what should be versus what most assuredly is, in large numbers, is on display. You just don't get that the real world is not going to conform itself to your requirements. Get real.

 

[Sky-Knight]

@britechguy Shoestrings break, and the business fails.

I've made a living helping mom and pop, that doesn't mean terrible investment decisions.

So you want to save them? Ok...

1.) Audit the Godaddy account to determine exactly what services are purchased.
2.) Probably find out the hard way they're already paying for M365, just not being able to actually use it because Godaddy sold it to them.
3.) Go through the mess of defederating their M365 tenant from Godaddy.
4.) Apply proper M365 subscriptions to replace the ones you just nuked.
5.) Show the client how to use the Teams / Sharepoint they've been paying for all along but denied access to because Godaddy...

Now... all of the above is about $1000 in work to perform. Does your shoestring include that? If so? Send them my way! I'll happily sort them out. But if you think that's anything less... you're the one that's deluded.

In fact.... the fact that you're here right now being unaware of how the above is performed... on these forums... when multiple others have already walked this path WHILE YOU WERE COMMENTING IN THE THREADS... really says far more about you than it does me.

And no... you cannot "just move" from Godaddy M365 to Microsoft M365 because M365 will not let you put a domain in a tenant that's on another one... and forcing Godaddy to let go of a configured domain IS AN UGLY WELL DOCUMENTED PROCESS. Do some googling... they could be without email FOR WEEKS if you screw that up.

I really should send you a bill for all the time I put into your questions... the value I've type up in this thread alone... I could have saved this place myself by now, it'd have been easier.

 

[britechguy]

We clearly have different concepts of what constitutes "shoestring."

$1000 would not be out of the question, by any means. By shoestring I don't mean "doesn't have 2 pennies to rub together" but "doesn't have tons of extra money to throw around."

I've written to the business owner, even before your last message, in the opening attempts to do what you list as number 1. I can tell you that M365 is involved, because when we used the work/business address for setting up the owner's computer, when you land on the Go Daddy branded Microsoft account login page M365 is prominently plastered there.

I agree that whatever it is that they have through Go Daddy is not M365 in any form in which I'm familiar with it. See post #3 from the OneDrive topic. And note all of what I said there.

If you paid attention to what I have said, I have professed abject ignorance on certain pivotal aspects of this mess, and it's why I've been asking asking here.

For certain things I have asked, you have usefully answered with what amounts to a most useful, "No (Yes) you can't (can) do that." But that's been the minority. You've spent most of your time lecturing me for presenting what the person hiring me wants, and telling me that I must convince them otherwise. That is supremely unhelpful. If it cannot be done, then it can't, but the from your high horse lectures about things that I have no control over, and how horrible it all is, does nothing for me, my client, and I daresay you (as I suspect your blood pressure is spiking as much as mine is at times in these exchanges). It advances nothing, least of all understanding.

 

[Sky-Knight]

@britechguy Ahh that explains a ton.

No I'm shutdown because I have people that get into the above mess and when I say... ok give me $1000 and I'll sort it out I get laughed out of the room.

So shoestring to me is a code word for never invests properly, and it's time to leave. If I hear that word come out of a business owners mouth it means he's not spending... period. And he'll be making my phone ring at 2am for the privilege of his $50.

So you're saying you've got Exchange Online Plan 1 from Godaddy? Interesting... And yes! I do see them on Godaddy's site!

They must either have been forcibly migrated into, or purchased Microsoft 365 Email Essentials. Which is a plan below even Exchange Online Plan 1 that only Godaddy can sell. The features and price of Microsoft 365 Email Plus directly correlate with Exchange Online Plan 1.

My assumption is either of those products will list as you're seeing. And you'll need to defederate... details here: https://tminus365.com/defederating-godaddy-365/

Once they're free from that, if they have no desire for on premise office applications you'll need to apply Business Basic subscriptions to all the users at a minimum to maintain the features of Exchange Online Plan 1, as well as add the Teams / Sharepoint stuff to do the things you were referring to in the other thread and here.

With an annual commitment, Exchange Online Plan 1 is $4 / month / user.
With an annual commitment, Microsoft 365 Business Basic is $6 / month / user.

6 users of Business Basic prepaid for a year will run him $432.
6 users of Exchange online plan 1 is probably already costing him $288 / year. An annual expense increase of $144 to not have to buy a NAS is a no brainer...


So you can see why most of us that work in this space don't bother to use Exchange Online Plan 1 much... if ever. I have TWO in service in my career. Both are mailboxes for websites to access and utilize not people, machines. People need the toys that come with that extra $2.

If the user needs on premise apps, they get Standard.

The PROBLEM with this at present is the way M365 does MFA enforcement via security defaults is buggered. So for now you just continue to use the O365 Single User MFA feature. Details are here: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates But also there are details on why this is a bad idea... namely Microsoft replacing the feature... and unless they change course it means enforced MFA will become a paid feature costing an additional $6 / user / month come September. That's Azure AD Premium P1, an entitlement that's part of Bushiness Premium.

This is a huge risk... and one business owners shouldn't have to accept. Another situation that makes me want to drive up to Redmond and start smacking kneecaps with a baseball bat. This is why I get on the soap box! Because darn it, I'm tired of watching good people lose their homes and livelihoods because of poor investment and understanding. I don't get to pick what Microsoft does, but we're stuck in a world where they have the only objectively good game in town. But to play that game, we play by their rules... and their rules are DESIGNED To hurt SMBs until they pay. Which is why many shops quickly get to the buy Premium or leave us alone stance... I'm not entirely there myself honestly, but I DO understand it! Painfully well...

Just please make sure none of the users, ESPECIALLY the owner's accounts aren't admins in M365 when you're done. Make and secure a specific account for that, make yourself a backup, and provide one to the client to file away against a future need. Running as a global admin is foolish at best, doing so without Conditional Access keeping a configured eye on things is downright suicidal.

To see why, take a peek at the sign-in logs once you have access to them... it's not pretty in there!

 

[britechguy]

@britechguy Ahh that explains a ton.

No I'm shutdown because I have people that get into the above mess and when I say... ok give me $1000 and I'll sort it out I get laughed out of the room.

So you're saying you've got Exchange Online Plan 1 from Godaddy? Interesting... And yes! I do see them on Godaddy's site!

They must either have been forcibly migrated into, or purchased Microsoft 365 Email Essentials. Which is a plan below even Exchange Online Plan 1 that only Godaddy can sell. The features and price of Microsoft 365 Email Plus directly correlate with Exchange Online Plan 1.

Well, we're already over $5000 in to all of this, but it's a very carefully considered $5000. The reason I went with custom build computers was because we could get exactly what we needed at significantly less expense than all other options I explored. Around half of that is for the hours I've put in to getting everything setup. Shoestring means respect for the limited funds the business has and knowing that, as a less than 10-person business, I can't walk in and just say we're starting 100% from scratch and doing what I want to do. I need to do everything I can reasonably do to minimize expense while, at the same time, not cutting corners for essential needs. So far, so good.

I am not sure if Go Daddy came into the picture with the now retired tech, or whether the business owner brought them in. Now, not to cause your blood pressure to rise, and I'd prefer a simple answer, but what is it that's wrong with what Go Daddy is branding as M365 Business Professional, here: https://www.godaddy.com/business/office-365? Perhaps mixed with what they call Essentials? It strikes me that if it's not essential to extricate Go Daddy from the picture, this looks to be the direct equivalent of Microsoft's own offerings, but under Go Daddy's branding. I am asking that this not turn into a side loop about the horrors of Go Daddy. I'm just looking at whether their offerings might be something that could be used while getting rid of the need to defederate.

 

[Sky-Knight]

@britechguy

The sole problem with Godaddy in this case is they prevent your access to the actual M365 admin panel, and the features that come with it. They sell "hosted email", and limit the functionality to M365 harshly to fit within that sales model, and they do so because they do not want the support costs associated with the additional features.

And after they've gutted the functionality from the M365 product, they've made it very difficult to migrate to the full product AND they charge you full prices while delivering this wonderful nightmare.

In short, it's a program designed to extort small businesses... and it upsets me greatly. If they'd just resell M365 normally I'd not have a single problem with it... It'd be a wonderful thing to leave them in charge of tenant recovery and security, because they're large enough to fill that void without a huge effort, and the client gets Godaddy's superior support relative to Microsoft.

But that's not how it works... if it did... I'd not be so upset about it.

Even shorter... the Godaddy version of M365 is so curated it's not M365 anymore.