Security Server

[Amitojc]

I have a small business with a few employees at the time, ~5. I want to set up a server system that is secure. I was looking into different ones and was wondering if anyone had experience with these. There is SAS secure server or just doing a windows 7 secure server. Also the main goal of having this server is to have some sort of guard for internal and external access. Thanks. Hope to hear your guys input.

 

[theevilsharpie]

"Security" isn't a product you can buy and install.

If you told us what this server is actually supposed to do, we could assist you more effectively.

 

[Amitojc]

Thanks. I want clients to access it remotely and be able to check out their accouts. I want to be able to give access to certain accounts to some employees and not others. Lets say I have two clients, A and B. I want A to be able to log into our server and check out his/her information and not have access to B. And Vice Versa. I am new at this and just trying to look around, thank you for your help. I was told that there is software you can put on the server, lets say we get a windows server that can assist with that.

 

[Paperlantern]

This is still in a very vague state of affairs. A typical small business should have at the very least some sort of Firewall in place, then BEHIND that firewall a Server of some nature. What exactly are you serving? Will you have a database backend that people can log into to check order statuses? Will there be a website that your clients access? Are you looking for these clients to actually have access to your system through some sort of terminal services where in they can actually get on the "server" and interact with it like a user would if they were sitting at it? We need a few more details to be able to offer any type of possible solution.

A typical Server 2003 or 2008 setup with a few terminal licenses installed would allow A to see "thier information" whatever that may consist of, but again without knowing this suggestion may be completely un necessary.

 

[Amitojc]

I am sorry for being vague. I want to have a database for people to log into a check their order status. I want it to be private so that A can only check As information and B can only see Bs information. This is similar to amazon secure server. What kind of firewall do you recommend. I want to have it so that we have clients that are able to check out their order status, and that employees here certain ones have access to it for example access to only As for employee 1 and employee 2 has access to B. Does that clear some issues up. I can stress enough that I am appreciative that you will take the time to stiff through my vagueness.

 

[Paperlantern]

What kind of interface is the DB? Web? MS Access? Some other program that the user has to have access to? How are they viewing this information?

 

[JackMDS]

@Amitojc

Most of what you described is Not a Security server. It is the function of a regular Server OS (as oppose to a Win 7 client OS that is used as a file server).

Given the size of your operation the new Windows Small Business Server Essential that is going to be released to the public in few weeks will do.

http://onlinehelp.microsoft.com/en-us/sbs2011essentials/default.aspx

However you are talking about online client accounts. Given your level of knowledge and that your finance as well as your clients are involved, you should take a consultant to help with such project. Otherwise the money that you will save now will be spend on a lawyer later on.

 

[Paperlantern]

@Amitojc

Most of what you described is Not a Security server. It is the function of a regular Server OS (as oppose to a Win 7 client OS that is used as a file server).

Given the size of your operation the new Windows Small Business Server Essential that is going to be released to the public in few weeks will do.

http://onlinehelp.microsoft.com/en-us/sbs2011essentials/default.aspx

However you are talking about online client accounts. Given your level of knowledge and that your finance as well as your clients are involved, you should take a consultant to help with such project. Otherwise the money that you will save now will be spend on a lawyer later on.

Not even entirely sure how you recommended even that much based on what we know...

 

[JackMDS]

Not even entirely sure how you recommended even that much based on what we know...

OP description is typical to usage of server in small business.

Since the OP mentioned ~5 cals., the new SBS Essential goes up to 25 cals. (the regular "old"SBS is up to 75 cals.) is good enough.

Which application (like SQL) to add to a server is a secondary issue.

The main unknown in the OP is the Secure access through the Internet.

That is usualy done (regardless of the type of software the Server OS) with the Routing via stand alone SOHO security appliance that can also include VPN End-point.

However, whatever I post here, is just a general description. If One is Not expert in these issue One should get someone that knows what to do.

 

[Amitojc]

Thanks for your help.
Don’t know those answers. We may need to start with understanding my needs.

• Internal (to the company) file storage with user name/password login.
• ability to track, limit access for various levels of users
• file/system backup
• External access for users
• External access for clients
• Administrate document control approvals (electronic signatures included)

My current ISP provider for web hosting is www.1and1.com, and I have the “Home” package. I have contemplated moving up to the Small Business package, though not sure if I need the additional services. This is what I want to do, and I was wondering how it is was possible with my current train of thought. Thanks.

 

[mfenn]

Instead of trying to frame the requirements from a technical point of view, let's do it from the business side. What are you trying to accomplish in terms of workflow?

 

[flexcore]

Agree @ mfenn. But it sounds like need of Win 2003/2008 AD DS server to control user/ client access to resources. Right?

 

[mfenn]

Agree @ mfenn. But it sounds like need of Win 2003/2008 AD DS server to control user/ client access to resources. Right?

Perhaps. He might be just fine with a single server solution like SBS. I imagine that there will be some web server component involved, but who can say at this point?

 

[DaveSimmons]

It might even make sense to have two separate servers, one for internal use and a web server for customers, perhaps with some one way copying of a subset of database data to the web server. That way the internal server can be made more secure and if the web server is hacked it won't have any access to private files.

But we need more information about what is being kept internal and what is being shared with customers and why.

 

[Paperlantern]

But we need more information about what is being kept internal and what is being shared with customers and why.

This is what I'm talking about, we can't make recommendations about server type, how to configure it, what OS to use, nothing, based on the information we have so far. We know he wants it to be able to securely provide employees and customers with access to "thier information".

Though, looking at the most recent post it does look like at the very least, some sort of AD role on a 2003/2008 server would be good to start with, its extremely expandable and as long as he sets up a decent scheme in the beginning, he should have no problem growing the business to even hundreds of employees. You can restrict file access on file shares with security groups and permissions. That will take care of that side of it. A VPN solution, such as SSL VPN or the like, can take care of the employee access from the outside in to see thier stuff. What we dont know is the nature of what the clients need to see. Is this a web site they are placing orders on and they are seeing order statuses? Are you a break fix computer shop and you are serving a web interface to let customers see thier repair tickets? in these cases, yes a second server would probably be ideal to house any data necessary to be provided to the clients, and of course serve the website that will provide such data. For more security, and depending on the data, the web server can do only that and connect to a database backend to provide the "information". We just have no clue of the nature of what you are trying to show your clients.

 

[mfenn]

What we dont know is the nature of what the clients need to see. Is this a web site they are placing orders on and they are seeing order statuses? Are you a break fix computer shop and you are serving a web interface to let customers see thier repair tickets? in these cases, yes a second server would probably be ideal to house any data necessary to be provided to the clients, and of course serve the website that will provide such data. For more security, and depending on the data, the web server can do only that and connect to a database backend to provide the "information". We just have no clue of the nature of what you are trying to show your clients.

Yep, this really hits the nail on the head. The "client" side could be anything from access to a document share, to some standard CMS installation, to a full blown custom web app. We really don't know at this point.

 

[Amitojc]

I am thinking of making a server and running SBS 2007 on it. I think that should be able to run everything that I am trying to do. I want clients to access information on a secure server and I want to internal employees to have the chance to access programs. As well I want everything to back up, which I believe SBS 2007 or 2011 gives you.

 

[mfenn]

As long as you're going to keep being vague about what exactly "access information on a secure server" means, then we can't help you much more than we already have.