Infrastructure

Interests \ Computing \ Infrastructure

Servers, Networking and Infrastructure

Servers and Server Platforms

I've lost track of how many server systems I've used going right back to mini-computers like IBM's AS400 and Prime.

My PC server life started on Novel Netware and finished at around version 3.12. I then jumped to Windows and the rest is history. We're still using some Windows 2019 servers but a lot of our infrastructure loads have been moved to the Azure cloud and to services rather than servers.

Cloud billing is a problem in itself and managing Azure billing can easily become a full time job. Everything is charged and if you have copious notes, you can easily lose track of them. Microsoft doesn't cancel services for a long time but when they do, it's impactful. For small businesses, staying with a hosted provider is more economical.

Workstations (PCs and Laptops)

In my working life, I've mainly been on PCs. We found that Macs are not economical to run because office software is usually written for PC. This means that macs more often than not still have to have some form of emulation or other services such as a second operating system in place. This has improved since applications started migrating to the cloud but it still has a long way to go.

These days we mainly use Microsoft Surface PCs but we also have a fleet of Lenovo Chromebooks which we use when external participants come in for meetings and need a device.

Switching and Routing

I've used a lot of different brands of infrastructure equipment particularly Netgear, D-Link and Cisco. These days we're almost entirely on Cisco Meraki cloud switches, routers and firewalls but that doesn't mean that they're the best for every situation. They're over-engineered for small offices and they have high maintenance costs. That said, they're good for medium to large business.

One of the key things to remember about smart switches is to manage your billing. Cisco have a habit of turning them off it you don't pay on time.

Recently, we've been moving off Cisco and onto Fortigate.

Security and Firewalls

There are three key areas that you need to secure in your systems

  • Devices: All USB ports, settings, administrative rights and local firewalling should be controlled on all devices including PCs, Phones, Tablets and Servers by a web-based security system with centralised reporting and management. The recommendation here is Crowdstrike.

  • Mail: Mail is a big enough hole that it deserves a whole section of its own. All of your mail services inbound and outbound, need to pass through a central scanning service. We use Mimecast.

  • Web: All internet services on all PCs, Phones, Tablets and Servers should pass through a cloud-based web security proxy. We have selected Netskope for this task.

Additionally your systems and procedures need to be audited and tested (including penetration testing) annually, you need to provide several levels of security training to all staff by qualified people and you need to adhere to an IT Security Framework such as ISO/IEC 27001 or NIST.


Backup and DR

Over the years, I've used a lot of backup systems starting with reel to reel tape and moving through cartridges to cloud storage. For cloud storage, I recommend CloudAlly or Veem as the backup system for Office 365 and Azure. It makes sense to add to Microsoft's built-in backup by backing things up to the Amazon cloud. For PC Backup, there are several good options, including Easus Backup and Restore but realistically, no data should be stored only on PCs. If you are going to have unique data on your corporate devices, including phones and tablets, you'll need to back those up too.

Still to discuss on this page in future updates.

  • Business Continuity Plans

  • Disaster Recovery Plans