This is an automated archive.
The original was posted on /r/sysadmin by /u/jdrzejb on 2024-01-20 22:08:16+00:00.
Hey,
I had a meeting with a prospect that is in dire needs of some IT support. They never had proper counsel, just break-fix computer salesman. I was refered to them by my current client, because they wanted to get their invoicing system on owners laptop and their usual guy was not returning the calls.
They are quite small wholesaler, currently with one POS system. It turns out that whole company MSSQL database (around 600mb of transaction logs, inventory data) lies on this one 11 year old Dell Optiplex 9020 (Windows 10). There are no passwords on computer, db and invoicing program. An offsite backup is setup, but it has been erroring out for past 3 years (!), as nobody was doing any monitoring for that. Employees use this computer for personal stuff, like online shopping, email.
The network is in equal shape. There are multiple TP-Links WR841N placed around the shop, with no indication which is the main one with WAN connection. They are just chained (each of these has some device connected - I did not have time for full investigation to untangle this).
I talked with owners, I explained to them that this situation is no bueno and is exposing them to a lot of risk. Especially that they told me that that whole company might be on a brink of existence in case something happens to the data on main machine where they have everything.
They asked me to take care of this, having in mind that they are expanding the company and will be opening a new location later this year, along with new hires. They will need to have this db accessible in both locations (warehouse inventory management). They also asked to be onboarded as my permanent client where I'll be taking care of everything on regular schedule, not only when there is an issue. I am to send them an initial plan and quotes next week. They are aware that there might be some cost involved at the beginning, having to replace/buy some of the devices and pay for my work. They seemed to be more than ok to do this.
I've been building a plan in my head and I have following insights/action points:
- I do not trust this network, thus I will not open the MSSQL server for the laptop, until I know each other device that could potentially access it. The idea is to bring a proper firewall with dns filtering, dpi/dps, smart queues (pfsense or uxg-lite - I do have controller for some customers already). Also necessary switches and access points to cover the area.
- I need to decentralize the MSSQL server. It might be hard to squeeze a racked server into current building, thus I was thinking of moving the sql to Azure.
What I worry is that the internet speed might be a blocker: they only have a radio one with around 25/10 speeds. Only the new location, around half a mile away will have a fiber connection (we might use radio to transmit this link between buildings and bring proper speeds, but that's not a solution for today). Is a fully cloud based solution with VDI a good idea, or should I find a place for this on-prem server anyway? On-prem is how I usually do this with this kind of business and this very specific software that needs this type of db. 3. I need to set up a proper backup solution. I usually went with Synology ABB + Backblaze B2 for setups this size, but given the possibility of full cloud setup, is this a good idea? Veeam free (up to 10 endpoints) could also cover some of the requirements here. 4. The Optiplex is too old to be reliable in the long run, so we need to replace it sooner or later, especially that they need a second POS - I can get them matching ones. 5. Because they actually need a proper company email (they've been using free online service, which has TONS of spam) and Microsoft Office, I wanted to get MS365 BP for whole team, as it also includes Intune, Entra and Defender for Endpoint. 6. Last, but not least: document everything I do, let them know whatever I do take care of, will have a proper piece of note attached.
Do you have any other thoughts or suggestions on what I should focus? Does my plan sound ok, anything you'd add? I'll appreciate any input here.