Results 1 to 14 of 14

Thread: how to set up IT for a new SMB?

  1. #1
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,701
    Thanks
    1,839
    Thanked
    1,434 times in 1,057 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    how to set up IT for a new SMB?

    Does anyone on here have any experience setting up IT for a new SMB? Needing guidance on security, remote access, backups, setting up email server, pretty much the whole chebang. The insurance policy is pretty hot on requiring certain tech security, weekly backups, annually reviewed written policies etc. It's way above my level to assist with.

  2. #2
    Senior Member
    Join Date
    Feb 2008
    Posts
    925
    Thanks
    4
    Thanked
    161 times in 148 posts
    • smargh's system
      • Motherboard:
      • Gigabyte GA-EP45-UD3P
      • CPU:
      • Xeon E5450 with 775-to-771 Mod
      • Memory:
      • 16GB Crucial
      • Storage:
      • Intel X25-M G2 80GB/Adaptec 3405 4x 2TB Ultrastar RAID1 / 1x 6TB Hitachi He6 / Dying 2TB Samsung
      • Graphics card(s):
      • GTX 750 Ti
      • PSU:
      • Seasonic X-560
      • Case:
      • Lian-Li PC-A71
      • Operating System:
      • Windows 7 Ultimate 64bit
      • Monitor(s):
      • BenQ G2400WD
      • Internet:
      • Really Crap ADSL2 <3Mbit

    Re: how to set up IT for a new SMB?

    FastTrack.

    https://www.microsoft.com/en-us/fast...365/office-365

    Office365 with security baselines & exceptions where necessary. ASR rules, MFA, Windows Update for Business etc. Here's how to set up conditional access properly: https://www.youtube.com/watch?v=OfT2s5tW5bc

  3. Received thanks from:

    [GSV]Trig (13-02-2021)

  4. #3
    Senior Member
    Join Date
    Jul 2012
    Location
    By the sea
    Posts
    319
    Thanks
    27
    Thanked
    114 times in 72 posts
    • matts-uk's system
      • Motherboard:
      • Apple iMac
      • CPU:
      • Core i7 3.4Ghz
      • Memory:
      • 12GB DDR3
      • Storage:
      • RAID5 on the twin Xeon server I keep in the airing cupboard
      • Graphics card(s):
      • ATI 7970M
      • Case:
      • A lurvely slimline, all in one aluminium number.
      • Operating System:
      • OSX, Centos, Windows.
      • Monitor(s):
      • 27" LED (Apple), 24" LED (Apple), 2 x 20" TFT Dell
      • Internet:
      • ADSL rubbish

    Re: how to set up IT for a new SMB?

    Quote Originally Posted by ik9000 View Post
    Does anyone on here have any experience setting up IT for a new SMB?
    How many seats?
    Any regulatory/compliance/PCI to worry about?

    I've got a couple dozen businesses in the 5 to 50 bracket on my book.

  5. Received thanks from:

    ik9000 (13-02-2021)

  6. #4
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,701
    Thanks
    1,839
    Thanked
    1,434 times in 1,057 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: how to set up IT for a new SMB?

    SFAIK only 2 seats at first, plus a couple of free lancers sporadically so 5 max for the time being say, all in different locations (no office atm due to everyone wfh).

    re compliance forgive my ignorance, what do you mean? Obviously GDPR, beyond that I don't think there is any auditing as such (other than accounts which the accountant will sort out) until such time as they want to seek iso9001 or whatever that accreditation thing is. The insurance term they forwarded said this:

    ITS001 - Information Technology Security Requirement
    It is a requirement that You:
    a) have IT security procedures that include the operation of commercially licenced, purchased and supported firewalls and anti-virus software to protect against viruses, spyware or malware attacks.
    b) have a written policy that addresses information security that includes requirements to encrypt all sensitive and confidential data which is reviewed and communicated to all employees at least annually.
    c) back up Your critical and sensitive data at least weekly to a different secure location.
    Failure to comply with this requirement may result in Us not paying the Your claim
    edit they also need help setting up emails - and are wondering if they can do that with office 365 but without having to have a centralised server. They seem happy to go 365 for general office software so it does sound like they're buying into the MS ecosystem rather than apple or unix.
    Last edited by ik9000; 13-02-2021 at 07:11 PM.

  7. #5
    Senior Member
    Join Date
    Jul 2012
    Location
    By the sea
    Posts
    319
    Thanks
    27
    Thanked
    114 times in 72 posts
    • matts-uk's system
      • Motherboard:
      • Apple iMac
      • CPU:
      • Core i7 3.4Ghz
      • Memory:
      • 12GB DDR3
      • Storage:
      • RAID5 on the twin Xeon server I keep in the airing cupboard
      • Graphics card(s):
      • ATI 7970M
      • Case:
      • A lurvely slimline, all in one aluminium number.
      • Operating System:
      • OSX, Centos, Windows.
      • Monitor(s):
      • 27" LED (Apple), 24" LED (Apple), 2 x 20" TFT Dell
      • Internet:
      • ADSL rubbish

    Re: how to set up IT for a new SMB?

    First step is to write down the needs and priorities, then work up the requirement; high level bullet points rather than pages of jargon. Budget, is usually the first question. 'How much do you think it should cost?

    Microsoft 365 Business can cover a lot of the virtual team bases. Standard subscription includes an Exchange mailbox with spam and malware filtering. Each license come with a terra byte of OneDrive which can cover the offsite and file sharing. Month by month billing gives flex in licensing for short term staff and freelancers.

    SIP (voip) phone services can be very useful. Don't forget the DPO registration. Oh, and everyone needs good broad band too.

  8. Received thanks from:

    ik9000 (14-02-2021)

  9. #6
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,701
    Thanks
    1,839
    Thanked
    1,434 times in 1,057 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: how to set up IT for a new SMB?

    Quote Originally Posted by matts-uk View Post
    First step is to write down the needs and priorities, then work up the requirement; high level bullet points rather than pages of jargon. Budget, is usually the first question. 'How much do you think it should cost?

    Microsoft 365 Business can cover a lot of the virtual team bases. Standard subscription includes an Exchange mailbox with spam and malware filtering. Each license come with a terra byte of OneDrive which can cover the offsite and file sharing. Month by month billing gives flex in licensing for short term staff and freelancers.

    SIP (voip) phone services can be very useful. Don't forget the DPO registration. Oh, and everyone needs good broad band too.
    Does that exchange mailbox need a local server, or is it just a case of sending the domain email to make use of a cloud server?
    They want a file server they can remote into and have directories for each job, a store of technical and reference literature, a place to keep admin and accounts etc. Again is that feasible by cloud or is it necessary to set up a server with vpn access? Just using MS equivalent of dropbox might allow files to be shared but presumably lacks a filing structure or similar like you could do with a NAS or similar?
    Cost they've come back with "no idea how much it should cost, no more than necessary, but no cutting corners if it invalidates insurance etc. Cloud based ok so long as secure and complies with GDPR etc, and can be easily backedup to physical media as required so if cloud goes down/hosting company insolvent etc information is not lost." It sounds like they're trying to get a feel for the budget implications as well. (It's probably worth mentioning they're a start-up so no prior history to draw on.)

  10. #7
    Registered+
    Join Date
    Jan 2014
    Posts
    41
    Thanks
    2
    Thanked
    12 times in 9 posts
    • GuruNot's system
      • Motherboard:
      • Asrock X99 WS
      • CPU:
      • Intel Core i7 5930k
      • Memory:
      • 32GB Corsair Vengeance LPX
      • Storage:
      • 512GB m.2 NVMe, 1TB SSD, 2 x SATA HD
      • Graphics card(s):
      • ASUS TUF 6800XT
      • PSU:
      • Seasonic Prime Ultra
      • Case:
      • Phanteks Enthoo Primo Rev 2 Full Tower
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • AOC 27 1440p 165Hz FreeSync

    Re: how to set up IT for a new SMB?

    Quote Originally Posted by ik9000 View Post
    Does that exchange mailbox need a local server, or is it just a case of sending the domain email to make use of a cloud server?
    They want a file server they can remote into and have directories for each job, a store of technical and reference literature, a place to keep admin and accounts etc. Again is that feasible by cloud or is it necessary to set up a server with vpn access? Just using MS equivalent of dropbox might allow files to be shared but presumably lacks a filing structure or similar like you could do with a NAS or similar?
    Cost they've come back with "no idea how much it should cost, no more than necessary, but no cutting corners if it invalidates insurance etc. Cloud based ok so long as secure and complies with GDPR etc, and can be easily backedup to physical media as required so if cloud goes down/hosting company insolvent etc information is not lost." It sounds like they're trying to get a feel for the budget implications as well. (It's probably worth mentioning they're a start-up so no prior history to draw on.)
    Hi ik9000,

    The MX Record for the SMB's domain is simply pointed to the cloud O365 Instance and that is configured to accept email for the SMB domain. https://docs.microsoft.com/en-us/mic...o365-worldwide. There will be no need for an on-premise email server if you go with O365.

    Please note there are several versions of O365 for business use, O365 Premium includes policy management for defender which would cover off endpoint AV: https://www.microsoft.com/en-gb/micr...eading-hiatrep

    Some other food for thought:

    Use a good SMB firewall at the perimeter , ie https://www.broadbandbuyer.com/produ...hos-xs1z3csek/ , that one includes licenses for 3 years (TotalProtectPlus Recommended) just budget for the license renewal after the third year. There are other similar makes/models.

    Implement a Zero trust model, by default nothing should be allowed in. If remote access is needed then set up VPN on the firewall, all connections in to the network should be via VPN no exceptions. If you absolutley must host an internal WebServer and have to publish it to the internet, then make sure it is up-to-date , patched and then publish via the WAF on the firewall.

    Lock down the outbound traffic so that only required ports (ie HTTP, HTTPS, DNS, NTP) are allowed out and then only from the devices that need it. Beacons such as CobaltStrike can connect out to random defined ports, if the port is not allowed through the firewall it cannot be used. If you have a central DNS server (consider a sinkhole such as pi-hole), set DHCP to issue the IP of the central DNS Server and only allow DNS queries out through the firewall from the DNS Server.

    Malware will use HTTPS for traffic, but a sinkhole such as pi-hole with some subscribed malware lists and the web filtering capability of the Firewall (you can set policy to block Porn, Gambling, Malware etc) should protect the SMB as much as possible.

    With regards to file share data there a few options:

    1 - Putting an LTO drive in a fileserver and back up to tape. Make sure the tapes are changed daily/weekly (whatever data loss they can handle) and the "Directors" take the tapes home.
    2 - Have a file server and use something like Azure Backup / Veeam https://docs.microsoft.com/en-us/azu...s-applications to backup direct to cloud.
    3 - Sharepoint/OneDrive
    4 - Host your file share in Azure/Amazon and use the associate cloud backup solution to protect it.

    Anything backing up to cloud requires a good (fast if lots of data) Internet connection. Whilst cloud storage is generally quite cheap keep an eye on the costs and if you do go down the cloud route make sure access to the S3 Bucket/Storage Account is configured correctly. How often have you read in the news about an exposed S3 Bucket ? You really do not want that to be you.

  11. Received thanks from:

    ik9000 (14-02-2021)

  12. #8
    Registered+
    Join Date
    Jan 2014
    Posts
    41
    Thanks
    2
    Thanked
    12 times in 9 posts
    • GuruNot's system
      • Motherboard:
      • Asrock X99 WS
      • CPU:
      • Intel Core i7 5930k
      • Memory:
      • 32GB Corsair Vengeance LPX
      • Storage:
      • 512GB m.2 NVMe, 1TB SSD, 2 x SATA HD
      • Graphics card(s):
      • ASUS TUF 6800XT
      • PSU:
      • Seasonic Prime Ultra
      • Case:
      • Phanteks Enthoo Primo Rev 2 Full Tower
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • AOC 27 1440p 165Hz FreeSync

    Re: how to set up IT for a new SMB?

    When working with firewalls and O365 a good resource is: https://docs.microsoft.com/en-us/mic...o365-worldwide

    Allowing 80 and 443 out to the internet covers off most services, but there are a couple of additional ones such as the UDP ports for Teams that need to be allowed through as well.

  13. Received thanks from:

    ik9000 (14-02-2021)

  14. #9
    Goron goron Kumagoro's Avatar
    Join Date
    Mar 2004
    Posts
    3,147
    Thanks
    37
    Thanked
    170 times in 139 posts

    Re: how to set up IT for a new SMB?

    Box.com I have found to be a nice cloud storage system which integrated well with active directory and it's security groups. I assume you're are going to use a domain and all that jazz?

    Also something they need to consider strongly that will be largely over looked it a business record management system. By system I don't mean technological I mean organisational. While you can probably get away with not considering its structure, how it should be implemented and managed is worth thinking about. If they Willy Nilly create folders it will become a mess and that will carry on for decades.
    Last edited by Kumagoro; 14-02-2021 at 02:40 PM.

  15. #10
    Senior Member
    Join Date
    Jul 2012
    Location
    By the sea
    Posts
    319
    Thanks
    27
    Thanked
    114 times in 72 posts
    • matts-uk's system
      • Motherboard:
      • Apple iMac
      • CPU:
      • Core i7 3.4Ghz
      • Memory:
      • 12GB DDR3
      • Storage:
      • RAID5 on the twin Xeon server I keep in the airing cupboard
      • Graphics card(s):
      • ATI 7970M
      • Case:
      • A lurvely slimline, all in one aluminium number.
      • Operating System:
      • OSX, Centos, Windows.
      • Monitor(s):
      • 27" LED (Apple), 24" LED (Apple), 2 x 20" TFT Dell
      • Internet:
      • ADSL rubbish

    Re: how to set up IT for a new SMB?

    Quote Originally Posted by ik9000
    Does that exchange mailbox need a local server, or is it just a case of sending the domain email to make use of a cloud server?
    They want a file server they can remote into and have directories for each job, a store of technical and reference literature, a place to keep admin and accounts etc. Again is that feasible by cloud or is it necessary to set up a server with vpn access? Just using MS equivalent of dropbox might allow files to be shared but presumably lacks a filing structure or similar like you could do with a NAS or similar?
    Cost they've come back with "no idea how much it should cost, no more than necessary, but no cutting corners if it invalidates insurance etc. Cloud based ok so long as secure and complies with GDPR etc, and can be easily backedup to physical media as required so if cloud goes down/hosting company insolvent etc information is not lost." It sounds like they're trying to get a feel for the budget implications as well. (It's probably worth mentioning they're a start-up so no prior history to draw on.)
    No, you don't *need* a physical server. Yes, you point the MX record at the Microsoft 365 servers...But there is a whole lot more to it than that.

    When you buy into Microsoft 365 Business, you are buying a 'tenancy,' on Microsoft servers in Microsoft data centres, ready built to deliver identifable services to end users. It's not a million miles away from renting your own Windows VPS farm, installing Active Directory and server application software, then having a dev-ops team spend a couple years creating a web portal to integrate it all. You don't lose low-level access though as PowerShell still works. The service is extremely scalable from sole proprietor to large corporation.

    One of the identifiable services is e-mail, sold to end users as an Exchange mailbox. However, don't lose sight of what you are actually buying, access to an Exchange server with (virtually) the same functionality you would have running your own Exchange server.

    Another identifiable service is file sharing, in the form of OneDrive and SharePoint. Not perfect by any means but included in the subscription at no extra cost. Yes, you can have a folder structure. Granular permissions, not so much. For a 5 seat company it may be appropriate to simply dedicate a OneDrive account and share the signon credentials. End users mapping drives directly to VPN/NAS turns out to be, not that useful, not that reliable and less secure in practice.

    Cost they've come back with "no idea how much it should cost, no more than necessary, but no cutting corners if it invalidates insurance etc.
    Comes down to what they think they need. With respect to the insurance policy, I would think self-encrypting file-systems are more of a priority than a NAS. Does everyone have a device which supports BitLocker and is it turned on?

    A dispersed 5 seat start up should be embracing Cloud First, IMO. By which I mean forget everything you think you know and turn the on-premises model on it's head. There is no central office, there is no comms room, there is no permiter, there is no IT department on the payroll. For instance, don't save to a NAS and back the NAS up to the Cloud. Save to the Cloud and back the Cloud presence up to a NAS instead.

    My smallest 365 customers don't own anything as expensive as a NAS, even though I might like them to. All my 365 Business customers are subject to GDPR and a few have the more stringent compliance requirements of UKAS, FRC, SRA to worry about. Small companies servicing Government contracts may need Cyber Essentials certification and even if they don't, the checklist is a good place for any small business to start.

  16. Received thanks from:

    ik9000 (15-02-2021)

  17. #11
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,701
    Thanks
    1,839
    Thanked
    1,434 times in 1,057 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: how to set up IT for a new SMB?

    Quote Originally Posted by Kumagoro View Post
    Box.com I have found to be a nice cloud storage system which integrated well with active directory and it's security groups. I assume you're are going to use a domain and all that jazz?

    Also something they need to consider strongly that will be largely over looked it a business record management system. By system I don't mean technological I mean organisational. While you can probably get away with not considering its structure, how it should be implemented and managed is worth thinking about. If they Willy Nilly create folders it will become a mess and that will carry on for decades.
    Whenever I've looked at Box they seem to sell products for more than the going rate. I tend to treat them with suspicision as a result.

  18. #12
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,701
    Thanks
    1,839
    Thanked
    1,434 times in 1,057 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: how to set up IT for a new SMB?

    Quote Originally Posted by matts-uk View Post
    No, you don't *need* a physical server. Yes, you point the MX record at the Microsoft 365 servers...But there is a whole lot more to it than that.

    When you buy into Microsoft 365 Business, you are buying a 'tenancy,' on Microsoft servers in Microsoft data centres, ready built to deliver identifable services to end users. It's not a million miles away from renting your own Windows VPS farm, installing Active Directory and server application software, then having a dev-ops team spend a couple years creating a web portal to integrate it all. You don't lose low-level access though as PowerShell still works. The service is extremely scalable from sole proprietor to large corporation.

    One of the identifiable services is e-mail, sold to end users as an Exchange mailbox. However, don't lose sight of what you are actually buying, access to an Exchange server with (virtually) the same functionality you would have running your own Exchange server.

    Another identifiable service is file sharing, in the form of OneDrive and SharePoint. Not perfect by any means but included in the subscription at no extra cost. Yes, you can have a folder structure. Granular permissions, not so much. For a 5 seat company it may be appropriate to simply dedicate a OneDrive account and share the signon credentials. End users mapping drives directly to VPN/NAS turns out to be, not that useful, not that reliable and less secure in practice.


    Comes down to what they think they need. With respect to the insurance policy, I would think self-encrypting file-systems are more of a priority than a NAS. Does everyone have a device which supports BitLocker and is it turned on?

    A dispersed 5 seat start up should be embracing Cloud First, IMO. By which I mean forget everything you think you know and turn the on-premises model on it's head. There is no central office, there is no comms room, there is no permiter, there is no IT department on the payroll. For instance, don't save to a NAS and back the NAS up to the Cloud. Save to the Cloud and back the Cloud presence up to a NAS instead.

    My smallest 365 customers don't own anything as expensive as a NAS, even though I might like them to. All my 365 Business customers are subject to GDPR and a few have the more stringent compliance requirements of UKAS, FRC, SRA to worry about. Small companies servicing Government contracts may need Cyber Essentials certification and even if they don't, the checklist is a good place for any small business to start.
    anyone know any good guides on setting up sharepoint?

  19. #13
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,701
    Thanks
    1,839
    Thanked
    1,434 times in 1,057 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: how to set up IT for a new SMB?

    Quote Originally Posted by GuruNot View Post
    Use a good SMB firewall at the perimeter , ie https://www.broadbandbuyer.com/produ...hos-xs1z3csek/ , that one includes licenses for 3 years (TotalProtectPlus Recommended) just budget for the license renewal after the third year. There are other similar makes/models.
    Have you heard of Firewalla, are they any good? It looks like we'd be able to protect both sites for less than the cost of that sophos and no ongoing licenses to shell for either.
    https://www.techradar.com/uk/reviews/firewalla It needs a mobile phone to work it, which is a bit odd, but seems reasonably spec'd so far as my untrained eye can tell at least.

  20. #14
    Registered+
    Join Date
    Jan 2014
    Posts
    41
    Thanks
    2
    Thanked
    12 times in 9 posts
    • GuruNot's system
      • Motherboard:
      • Asrock X99 WS
      • CPU:
      • Intel Core i7 5930k
      • Memory:
      • 32GB Corsair Vengeance LPX
      • Storage:
      • 512GB m.2 NVMe, 1TB SSD, 2 x SATA HD
      • Graphics card(s):
      • ASUS TUF 6800XT
      • PSU:
      • Seasonic Prime Ultra
      • Case:
      • Phanteks Enthoo Primo Rev 2 Full Tower
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • AOC 27 1440p 165Hz FreeSync

    Re: how to set up IT for a new SMB?

    Quote Originally Posted by ik9000 View Post
    Have you heard of Firewalla, are they any good? It looks like we'd be able to protect both sites for less than the cost of that sophos and no ongoing licenses to shell for either.
    https://www.techradar.com/uk/reviews/firewalla It needs a mobile phone to work it, which is a bit odd, but seems reasonably spec'd so far as my untrained eye can tell at least.
    If you wont be publishing any internal web servers then you wouldnt need Web Server Protection and if your email is in O365 then you wouldnt need the Email Protection, that would reduce you to EnterpriseProtect or EnterpriseProtect Plus (with Sandstorm). You would need to assess what functionality you need.

    https://www.sophos.com/en-us/mediali...rewallflna.pdf

    Dont forget the Sophos Device is just an example, There are similar devices from other vendors such as Cisco, Watchguard, Fortinet etc

    With regards to firewalla I am afraid I do not know enough about it to comment. I did some quick searching and the Content filtering does not seem to be as comprehensive as other devices, family protect is simply using OpenDNS but the software does seem to facilitate wildcard domain allows which is essential for cloud resources. One other thing with firewalla is the support arrangements, which seem to be purely community based, there is no telephone support or Support SLA's, you should bear that in mind.

    Apologies that I cannot be of more help.

  21. Received thanks from:

    ik9000 (19-05-2021)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •