What should be the structure of the IT system of a small company / view from the director of the company /
The experience of creating and operating an IT system of a company consisting of approximately 10 employees is given. And some arguments on the topic: where to develop our IT system further.
This is a view from the director of the company, not an IT specialist, without going into technical issues of practical implementation.
The peculiarity of our business, which predetermined the decisions made, was and remains the inadmissibility of data loss. Those. if short interruptions due to IT system failures are undesirable, but not fatal, then any data loss is a termination of the business.
')
The task of creating our own IT system was set by us and solved in 2011. The past time fully confirmed the correctness of the decisions made then.
The main requirement, as already noted, was: achieving the highest possible reliability of the company's data storage. Those. required that the information is never lost (never - this is of course only the goal).
The main software used in the company is an ordinary office suite, 1C accounting. What then was not required, so it: own mail server, IP telephony.
The naturally chosen solution was compared primarily with a conventional peer-to-peer network.
As a result, a structure with a terminal server (on OS WINDOWS), organized on a simple specialized server (not self-assembly), was chosen.
Additional conditions:
1. Disk data storage with hardware implementation of RAID 1 array.
2. Separate network storage for backups of basic data, including the OS cast on the server, with automatic (scheduled) archiving.
3. To exit to the outside world, a separate router switch was used.
4. The server was located locally, in the same building where the employees' workplaces are located.
The launch of the system and the subsequent maintenance of the terminal server was immediately entrusted to a specialized IT company. Initially, they refused from “their system administrator”.
The following condition was brought to the staff: the company is fully responsible for the safety of the data on the terminal server, but the company is not responsible for the safety of the data stored on the local machines (with some exceptions).
This made it possible to immediately orient people, where it is possible and necessary to store their data. And accordingly, almost all the work of the company's employees has been and is now taking place in the terminal mode.
Since that time (already 5 years) there was only one serious failure when, after changing the physical channel of access to the Internet due to the mismatch of the speeds of the equipment of the provider and our router, the Internet disappeared. Cured by updating the firmware in the router.
The advantages of this solution, confirmed by operating experience, can now be formulated as follows:
1. In fact, it is really ensured at reasonable starting costs high reliability of data storage.
2. The system is suitable for professional remote support.
3. If necessary, it is relatively easy to move to another office - all that is required is to transport the server and local machines and plug it all into the transport network of the new office (of course, it’s even easier with the cloud, but everything is relative).
4. Local machines can be of any type and cheap, no special requirements are imposed on them.
At the same time, over time, the relative disadvantages of this solution also began to appear:
1. Data protection is not as high as possible, which is already quite achievable in modern conditions. In particular, the system is not protected from serious physical damage to the server (conditionally - a fire in the server).
2. The terminal server is not well adapted to work with heavy or numerous WEB applications.
3. Due to the initial rejection of virtualization on the server (solely for reasons of economy), we were forced to put up with the potential interruption of work (of course without data loss !!!) for up to 2-3 days with serious problems on the server.
4. In the past tense, cheaper solutions with roughly the same characteristics based on cloud solutions (PaaS, SaaS, IaaS) have appeared.
In this regard, the structure of our IT system was supplemented as follows:
1. The access to the Internet directly from the terminal server was fundamentally limited. In the case of operation, for example, using the Bank-Client system, only data was stored on the server, and the Bank-Client program itself was started from a local machine that accessed the data on the server, which in this case played the role of a file server.
2. To solve the problem of physical data protection, additional storage of current and archived data in the cloud was organized.
This is our experience. Further reasoning will go.
Why and when you still should not completely abandon your server and go to work only with the cloud, despite the attractiveness of the relevant proposals.
In theory, when working in the cloud, everything is just fine. But.
At the same time, your company becomes completely dependent on the IT company that provides the corresponding cloud service. And even if you first chose a super reliable company over time, it can (alas, this is life) slowly degrade, and your data is all with her. And you cannot even move to another cloud without the support of the first IT company specialists.
Critically important is the Internet channel. And according to the law of meanness, just when you need it desperately, problems happen to it.
If it is important for you to ensure the confidentiality (privacy) of the data, then you must either conduct some independent technical audit of the cloud service to be used, or still focus on your own local server. The fact is that some technical implementations of cloud technologies allow mixing of the rights of users from different companies, as a result of which employees of one company operating in the cloud can access data from another company operating in the same cloud.
In general, in our opinion, this option of the IT system can be considered relatively safe (subject to data confidentiality clauses):
Terminal server in the cloud with the simultaneous organization of its own additional network storage (local file server) to store current, current copies of all your data.
At the same local server, you can store the current data cache, which will reduce traffic on the external network and increase speed.
And the next step in the development of the company's IT system logically looks like this - switching to a virtual desktop system located on its own server or in the cloud (DaaS technology). At the same time, you should have an independent data warehouse (located physically elsewhere and served preferably by another service IT company).
Plus, if you work with the cloud, the server for local caching of current data is desirable.
This is a view from the director of the company, not an IT specialist, without going into technical issues of practical implementation.
The peculiarity of our business, which predetermined the decisions made, was and remains the inadmissibility of data loss. Those. if short interruptions due to IT system failures are undesirable, but not fatal, then any data loss is a termination of the business.
')
The task of creating our own IT system was set by us and solved in 2011. The past time fully confirmed the correctness of the decisions made then.
The main requirement, as already noted, was: achieving the highest possible reliability of the company's data storage. Those. required that the information is never lost (never - this is of course only the goal).
The main software used in the company is an ordinary office suite, 1C accounting. What then was not required, so it: own mail server, IP telephony.
The naturally chosen solution was compared primarily with a conventional peer-to-peer network.
As a result, a structure with a terminal server (on OS WINDOWS), organized on a simple specialized server (not self-assembly), was chosen.
Additional conditions:
1. Disk data storage with hardware implementation of RAID 1 array.
2. Separate network storage for backups of basic data, including the OS cast on the server, with automatic (scheduled) archiving.
3. To exit to the outside world, a separate router switch was used.
4. The server was located locally, in the same building where the employees' workplaces are located.
The launch of the system and the subsequent maintenance of the terminal server was immediately entrusted to a specialized IT company. Initially, they refused from “their system administrator”.
The following condition was brought to the staff: the company is fully responsible for the safety of the data on the terminal server, but the company is not responsible for the safety of the data stored on the local machines (with some exceptions).
This made it possible to immediately orient people, where it is possible and necessary to store their data. And accordingly, almost all the work of the company's employees has been and is now taking place in the terminal mode.
Since that time (already 5 years) there was only one serious failure when, after changing the physical channel of access to the Internet due to the mismatch of the speeds of the equipment of the provider and our router, the Internet disappeared. Cured by updating the firmware in the router.
The advantages of this solution, confirmed by operating experience, can now be formulated as follows:
1. In fact, it is really ensured at reasonable starting costs high reliability of data storage.
2. The system is suitable for professional remote support.
3. If necessary, it is relatively easy to move to another office - all that is required is to transport the server and local machines and plug it all into the transport network of the new office (of course, it’s even easier with the cloud, but everything is relative).
4. Local machines can be of any type and cheap, no special requirements are imposed on them.
At the same time, over time, the relative disadvantages of this solution also began to appear:
1. Data protection is not as high as possible, which is already quite achievable in modern conditions. In particular, the system is not protected from serious physical damage to the server (conditionally - a fire in the server).
2. The terminal server is not well adapted to work with heavy or numerous WEB applications.
3. Due to the initial rejection of virtualization on the server (solely for reasons of economy), we were forced to put up with the potential interruption of work (of course without data loss !!!) for up to 2-3 days with serious problems on the server.
4. In the past tense, cheaper solutions with roughly the same characteristics based on cloud solutions (PaaS, SaaS, IaaS) have appeared.
In this regard, the structure of our IT system was supplemented as follows:
1. The access to the Internet directly from the terminal server was fundamentally limited. In the case of operation, for example, using the Bank-Client system, only data was stored on the server, and the Bank-Client program itself was started from a local machine that accessed the data on the server, which in this case played the role of a file server.
2. To solve the problem of physical data protection, additional storage of current and archived data in the cloud was organized.
This is our experience. Further reasoning will go.
Why and when you still should not completely abandon your server and go to work only with the cloud, despite the attractiveness of the relevant proposals.
In theory, when working in the cloud, everything is just fine. But.
At the same time, your company becomes completely dependent on the IT company that provides the corresponding cloud service. And even if you first chose a super reliable company over time, it can (alas, this is life) slowly degrade, and your data is all with her. And you cannot even move to another cloud without the support of the first IT company specialists.
Critically important is the Internet channel. And according to the law of meanness, just when you need it desperately, problems happen to it.
If it is important for you to ensure the confidentiality (privacy) of the data, then you must either conduct some independent technical audit of the cloud service to be used, or still focus on your own local server. The fact is that some technical implementations of cloud technologies allow mixing of the rights of users from different companies, as a result of which employees of one company operating in the cloud can access data from another company operating in the same cloud.
In general, in our opinion, this option of the IT system can be considered relatively safe (subject to data confidentiality clauses):
Terminal server in the cloud with the simultaneous organization of its own additional network storage (local file server) to store current, current copies of all your data.
At the same local server, you can store the current data cache, which will reduce traffic on the external network and increase speed.
And the next step in the development of the company's IT system logically looks like this - switching to a virtual desktop system located on its own server or in the cloud (DaaS technology). At the same time, you should have an independent data warehouse (located physically elsewhere and served preferably by another service IT company).
Plus, if you work with the cloud, the server for local caching of current data is desirable.
Source: https://habr.com/ru/post/303860/
All Articles