Synology or Windows Server Essentials?

[timeshifter]

Which one do you like for a very small business install and why?

I recently picked a Synology DiskStation DS412play for a small business with about 5 users who share some files. They had been using an old HP HomeServer (the original Windows Home Server before WHS 2011). It still worked mostly OK.

I like the recent Essentials flavors of Windows Server, especially the backup for the client machines and the server itself.

For this recent install I considered both, but ended up with Synology. What I like about the Synology:

Inexpensive
Simple
Low power
More secure than Windows
Easy to configure
Lots of free optional add-ons
Cloud Station Backup - backup PCs to Synology, Synology backup to B2 cloud for $5 / TB per month

A Windows Server Essentials box was considered, but:
Hardware seemed to get expensive more quickly
Windows complexity
Don’t want a domain and have to join each PC and migrate profile
Patching and updates more critical on Windows for security
Cloud backup to B2 requires a separate license $119

I do miss the backup of the Essentials. A real Windows server would be better in situations where you need to run some kind of Windows app on the server, like sharing a QuickBooks file, or some other database or other application.

What are your thought?

 

[phaZed]

If it's small and the scope of the office is simply to share files I would go the Synology route. It's hard to compete with that for basic (and somewhat advanced) file sharing and basic network services.

If you want to provide Domain services, login credentials or other services found in the Windows Server line - then go with a Win server... but it sounds like the Synology fits the bill, IMO.

 

[Mick]

Is your Synology going to let you remote into the client workstations? That could be a real time and money saver (for you, I mean) as time goes by. I've heard stories of folks struggling with this using a Synology instead of a proper server, and having to learn and install stuff like Guacamole, which seems a real pain when Anywhere Access on an Essentials server is so easy to set up.

 

[timeshifter]

That's a good consideration Mick. I've got a handful of Essentials-using customers now. But I've never turned up that feature. Part of the reason is my ignorance of how it all works and partly due to security fears.

One of my clients had a ransomware attack that we think came through a Remote Desktop hack / intrusion. (No, I did not set that up, their software vendor had put a lot of stuff in place). Recently heard that in another part of town with a particular ISP if you had RDP open on your router you were breached, regardless of password strength, username, etc. This was from a knowledgable IT person I respect. I think the victims were running port 3389, so there's that.

Anyway, I do have one install where they're interested in remote access. Is the remote access in Essentials safer than traditional RDP?

 

[Mick]

I think it probably is, even if only because the bad guys have had more time to figure out RDP's weak spots, but this adds a layer on top. Certainly, I'd never leave it running through the default port. I don't think any remote access is risk-free, but I haven't heard that Access Anywhere is any worse than anything else. Not very helpful, I know. As with most of these things, the biggest risk element is the end users - you know, getting their browsers to 'remember' passwords etc, so that if someone nicks their laptop, Firefox or whatever obligingly punts the thief straight into your remote site the moment they fire up the URL.

 

[YeOldeStonecat]

You should learn the Essentials remote setup...it's pretty slick. Do a proper SSL certificate, open/forward only port 443 (never..ever...do port 80)...and if you have a good biz grade firewall do geo blocking for inbound https.

The essentals/remote web workstation of later SBS versions and Essentials runs on TSGateway. TSGateway is an RDS role...the terminal servers we setup and deploy run on TSG, we don't do plain port 3389 anymore.

Windows public facing SSL is pretty tight and secure. Not 100%...but, a LOT more than port 3389 RDP. You can control who gets access much better, and to what they get access to. And lock the authentication to higher levels, not "auto negotiate".

Doing random external ports for RDP forwarding (instead of default 3389) isn't really any more secure these days, the sniffing/scanning/grinding tools they use fingerprint check all ports they detect and will find an RDP session listening on whatever port you stick it on.

 

[YeOldeStonecat]

Back to subject....don't have too many "workgroup only" clients....but we have a handful where there's just a NAS.
Often they start out that way, and then they grow to a point where they need a server, something to run SQL, or hosted accounting apps, so we put in a server, and re-purpose the NAS for server backups.
As for the remote part...we use our RMM (N-Able) to remote to clients workstations. Many of our clients also use that...we just add a "remote" user account for them in our N-Central.

 

[fencepost]

we just add a "remote" user account for them in our N-Central.

We have a few folks doing that, is it something you're simply providing or are you charging for it? We haven't firmed it up since we only have (I think) 2 people using it, but my inclination has been to make it a monthly charge or included on a top-end MSP plan.

 

[YeOldeStonecat]

We have a few folks doing that, is it something you're simply providing or are you charging for it? We haven't firmed it up since we only have (I think) 2 people using it, but my inclination has been to make it a monthly charge or included on a top-end MSP plan.

I've done it for AYCE MSP plan clients....without adding a charge.
I wouldn't offer it for "free" for clients not on any MSP plans, without charging them something....I'd do it for a remote-only MSP client...only takes me 2 minutes to setup and a couple of minutes to show them how to use it.

 

[AndrewFergus]

We just recently quoted a Synology NAS to take over from a SBS2011 server that has reached the end of the road. Exchange to 365 & then file store on the Synology. Only issue we have found is the customer database they are running that they told us is on the cloud is actually a local SQL database.
We have never done a Essentials install before as all our customers with servers need multiple VM's etc so Standard is a better fit. Those that have done a Essentials install - where did you go for information before you started the project? We are trying to work out a list of pros/cons between standard & essentials we can present to the customer with the main goal being to keep costs down while still providing the right fit server.

 

[YeOldeStonecat]

W
We have never done a Essentials install before as all our customers with servers need multiple VM's etc so Standard is a better fit. Those that have done a Essentials install - where did you go for information before you started the project? .

A great resource, Mariette used to do a lot of good SBS guides/faqs/blogs...and how she has a great Essentials server/O365 site. Highly recommend you join up, you get regular newsletters/guides from her.
https://www.server-essentials.com/

You can virtualize Essentials as a guest. The license doesn't include a hyper-visor install but I have many clients that would have another member server so I'll use the license from that Standard CAL to install the hypervisor and then next Essentials a guest.

You can also add the Essentials role to Server Standard...I frequently do that so I can use the o365 connector to sync passwords and just manage things easier. If you use the Remote function of it on server standard you do need to purchase RDS CALs.

 

[Slaters Kustum Machines]

https://www.server-essentials.com/s...om-sbs-2011-to-windows-server-2016-essentials