I'm the de-facto system administrator for a small law office. I'm looking for help to setup the network in a good way. Here's the basic layout/requirements:
Windows based.
The Server: A headless windows vista machine accessed by VNC from my workstation. Every workstation needs to be able to access, edit and delete the files stored on this server.
The Workstations: From WinXP to Win7, about 6 computers throughout the office.
Access from Home: It would be nice, but not necessary, to be able to securely access the files on the server from home. Does anyone know a good piece of software for this? Assume a very low level of competence in the users. They are smart, but not tech savvy, and not easily trained.
Back-up: The files on the server are critically important and cannot be lost. I'm looking at using StorageCraft's ShadowProtect Desktop for an incremental back-up scheme. Any advice on how to set this up for optimal space, effort and protection would be great
That's it. It's a simple network. I'm asking here if anyone has any pointers and/or warnings about pitfalls that I might run into that I'm not currently anticipating. Do you advise using anti-virus software on the workstations? etc.
Any advice will be appreciated. Just throw me what would come to mind for you if your job was to administer this network.
Thanks!
edit: A number of the comments are warning against using a desktop computer as the server. Why? I had a sense of trepidation about it, but (with my very limited system administration knowledge) I can't think of a reason why it's bad. Can someone explain to me what the dangers and downfalls are?
For what it's worth, here is my advice:
Don't use a PC as a server. Neither the hardware nor the OS is suitable for the job. If that office is always going to be small, get yourself a smallish tower server and a license for Windows Small Business Server. If the office is going to get larger over time or is a satellite office to a larger company, then consider a normal Windows Server 2008 Edition with half a dozen client access licenses (CALs). You will need DHCP and DNS: these can be provided by the server or by your gateway device (read more below).
For access from home, I would recommend OpenVPN. There is a Windows appliance available from here, you can use self-generated keys and the clients work like a charm (there are clients for Linux, Windows and Max OS X). We have several dozen people on it, and I never hear anything about it. It just works. We use keys and the clients build a SSL tunnel to the office network. That's effectively the same security you have on a HTTPS website. As far as I know OpenVPN also supports IPSec/IKE tunnels, if you prefer that.
For backups I would probably use bacula, but that's because I am mainly a Linux man. There are tons of suitable packages. The most important thing is that the backups are automated and that you have off-site backups. This can be done by spooling the backups onto a USB drive and taking the drive home, or multiple USB drives (I am trying to come up with solutions that won't cost you an arm and a leg). If money is not a problem, go for a small tape drive in the tower server.
Now for some more general advice. A lot of small companies set up their internal LAN on 192.168.0.x/24, because that's sort of the default. Don't do that. Use any other number, such as 192.168.10.0/24 or 192.168.13.0/24. Makes life a lot easier when you have to connect to supplier/customer networks, as most likely they are not using the same IP range and you don't have to do any fancy footwork with NAT.
Get yourself a decent switch. Doesn't have to be fully managed, but if you can afford to spend around £200, you already get switches with web interface, for monitoring, and fault detection.
Use decent quality cable and connectors. Or insist on them if contractors do the wiring. And make them check out every single connection. I have spent hours doing fault finding on new cabling, only to find out that the contractors used lousy hardware or got their wiring schemes mixed up.
Rather use 1 good quality networked printer than half a dozen cheap ones. You'll have much less trouble that way. Plus: you actually get to enjoy lower print costs, since the cost per page on the bigger printers is generally better. My personal favourite is HP, but Xerox and Brother also make very decent printers. Stay away from Lexmark, nothing but trouble.
Spend a bit of money on a decent gateway device that does firewall, routing, and the like. NO need to spend hundreds of pounds there, but don't use the cheap shit from PCWorld and the likes, that stuff is made for SOHO, but in reality it breaks if you keep it running 24/7/365. For around £100 pound you can get some decent stuff. If you are happy to explore other avenues, you could use a Linux box and put smoothwall or monowall on it (but don't do that if you are not comfortable with Linux).
Can't think of more, but I am sure you have questions. Just fire away.
My advice:
If the files on the server are critical as you say then its worth the extra money for a server class system to ensure their availability and improve your options for things like remote access, volume shadow copies, backing them up, etc.
One advantage of a server OS is that it isn't just best practice for its own sake, in general it makes meeting best practices in a variety of areas (e.g., auditing, centralized authentication, scalability, recovery, etc.) easier as you set up your network. Most of these are things that can be done without the server OS, but the process and result will generally not be as easy, reliable, or maintainable.
It's also worth noting that you'll probably want to look into the regulatory/compliance requirements for your industry and locale, and keep those in mind as you build even a small network. Any such rules or requirements would likely overlap to a large degree with best practices, but this will be worth paying attention to up front.
Apart from that, I agree with the OpenVPN recommendation, and if you use pfSense as your gateway/firewall it has an OpenvPN server built in. pfSense is very feature-rich, has very low hardware requirements -- runs on most any old beige box you have lying around, is incredibly easy to install and configure, and has a very intuitive web interface. Best of all, it's free.
The main reason I'd hesitate using desktop-grade hardware for a server in a business is that most desktop-grade hardware is not really suited for 24/7 operation and tends to fail quickly in such an environment ("quickly" here is in the 9-18 months span, whereas I'd expect 3-5 years of useful life out of server-grade hardware). It's mostly disk and PSU issues, rather than CPU/motherboard/RAM that I've seen problems with in the past.