Home Forums Discussions General Discussion From P2P to Client/Server for less than $699.00

Well, I will absolutely not have an IT dept. in-house so I do need the easiest server. I definitely will be paying for a service pack and hope that will help. Up to this point I have really only used my computer as access to email, scheduling and banking so this is all new to me. I appreciate your advice and will try again tonight to configure a server that I can afford. Again, thank you very much for your continued responses and your patience with a novice.

Absolutely not true. Ferdinand, some of what you say makes sense, but a lot of it is very misleading. I'm sorry.

First of all, it is free. Of course, you pay for the OS, whether is is Windows Server 2000 or SBS 2008. I was referring to the fact that Exchange Server and SQL 2005 are included in SBS and SQL 2008 is included in SBS 2008 Premium, where you must buy them separately with the non-SBS server. And, while CALS are a little more expensive with SBS, they are CALS for the OS, SQL and Exchange. And, if you need to add a CAL it is added for all three again. That is a huge advantage.

Yes, redundancy is important, but how is Small Business Server not redundant. It is built around the same core architecture as Windows Server 2008. The redundancy is mostly due to the type of hard drives and the RAID you use. In fact, the different RAIDS are chosen due to whether you are looking for more space, more redundancy, faster reads or faster writes or any combination thereof. Reliability is measured in a lot of different ways, but I can't recall the last time I had to reboot my server or that it ever went down.

First of all, Dell doesn't even make a 2900 anymore. It has been replaced with the T series. I do agree that two Mirrored 146 Gig hard drives are a good choice, but she will have to pay $700 just for 146 GBs of space if she goes with the 15,000RPM drives.

I also don't understand only purchasing four GBs of memory. Part of the biggest advantage of the 64-bit OS is you no longer have the 4GB limit, which as you know, is basically 3.2GB. I would highly recommend moving up to eight GBs of memory. Memory is the singly most inexpensive way to improve performance in a computer.

All of these are choices, but more and more computer users are backing up to hard drives and even RAID systems via NAS or local external drives. Tapes can be very expensive and the backup software is rather expensive as well. Again, this is personal preference. And, a buy doctor may forget to change the tape.

I am not sure why I would recommend Windows Server 2003. Windows Server 2008 certainly has its advantages and will be supported long after 2003 is not.

I am not sure if others on here are not true IT guys and you are. I do not see how you can be a true IT guy and do consulting when you make a statement that SBS ALWAYS comes on a low end system with one hard drive. That is the single most false statement I have ever read about servers. It is simply and completely not true. First, any OS can come with a server. And, almost all can be purchased separately. SBS can be ordered when you configure your server (Dell in this case) just as Windows Server 2008 can. There are no restrictions on the RAID or number of hard drives. You do NOT have to use only one hard drive. I would almost argue that a server with one hard drive isn't even a server, which technically, of course, it is. And, you can certainly purchase it separately and install it on as robust a server as you choose. Its only restrictions are number of total users, one domain and no other SBS on the domain and a few other minor things that are above the scope of this post for the questioner.

She will have to make up her own mind as to RAM, number of hard drives or space, type of RAID and OS, but to state that SBS only comes on low end systems with one hard drive will unfairly convince her to not consider it. I happen to think it will meet her needs much better, but I can't say that Windows Server 2008 will not work for her.

SBS 2008 Standard Edition SP2 is around $899 installed after the mail in rebate of $200.00

http://www.viosoftware.com/SBS+2008...?osCsid=634cf4e5a33f3b4f64b46553fc7652aa

It can be purchased here for $899.00. It can probably be found somewhere cheaper in the full version if you look around.

A couple of articles on SBS.

http://www.microsoft.com/sbs/en/us/compare-features.aspx

http://en.wikipedia.org/wiki/Windows_Small_Business_Server

As to the actual server, I lean towards Dell, and I would recommend the T610 which is the equivalent of the 2900. The top of the line is the 710, but I don't think you need that much server and would you would be OK with the 310, but I wouldn't go any lower than that.

Wow! Appreciate the article. I have concerns that the capabilities of the OS far exceed my own computer capabilities. Due to time constraints of seeing pts, running my own practice, and hoping to see my kids occasionally, I cannot aspire to dealing with my own website or email server. I think that I would prefer a third party (hopefully updox or similar) to host email, etc. I already outsource my billing and payroll. That said, It looks like most of the abilities of the sbs are wasted on me. All of my employees have the same access to the computer with the same limitations. I no longer have an office manager because she was arrested and sorry, can't trust someone with that again. So I am the administrator and all other users are equally limited. I want the server to speed function of the 4 computers and also to be able to do VPN. After speaking with the person who assisted me with my current network, he actually suggested just putting windows 7 on the server for now. If I later wanted to upgrade to a higher level, I could. We are thinking about RAID10 so that I would have mirrored hard drives. (If I understand that correctly.) Also, agree with the 8 gb memory.
I hope I like AC because I haven't even downloaded the demo as I try to get the hardware ordered!
THANK YOU! THANK YOU for all of your continued insights.

I apologize for not getting back to you in the PM. I had promised to go over the virtues and advantages of the media capabilities of SBS which will make your office more secure and save you money in the short run, not the long run. This is so frustrating. I guess I will give it one last shot. Not to convince you to do it my way, but at least to educate you as to the advantages.

I do not have time to do my own website. I do not have a website. I may one day and embarrassed to admit I don't, but many will tell you it does not take that much time. But, Sharepoint is NOT a website. It is a intranet site. It is called Companyweb. It is difficult to understand how helpful it is unless you use it. Basically, it allows you to have a home page (if you want it as a home page, but that is the best place to put it), so that the first thing your staff does is open Internet Explorer or Firefox and their it is. It makes everything centrally located, secure and extremely easy for users to add files and folders. For instance, the average Companyweb would contain pages for Documents, Forms, Contacts and Calendar. You can add as many as you want. So, by adding a file or a folder it is now accessible for everyone. Sure, you can share out folders from your server, but then every computer has to browse to that file and ultimately the connection will be broken and you will have to show them how to browse to it again. What used to be used instead of Sharepoint was Public Folders in Exchange. Sharepoint has become so popular, Public Folders are being phased out.

Let's say, your MA decided she wants every VIS in one folder that is accessible to every MA or whomever. She clicks on the Documents which has a list of folders, she makes a folder and names if VIS, and copies and pastes them into the folder. Done. Now, within two minutes it is done. What would she/he have to do if she wanted to do that without Sharepoint? She would have to go to the system administrator (maybe you or your IT guy -- I would hope you wouldn't have to pay $25.00 for your IT guy to set up a shared folder on the server) and ask that they add a folder called VIS to the server, share it out, set up the correct permissions and then make sure everyone knows it is there. Don't get me wrong. There will be many data folders on the server and a few you will need to share out. But for this type of situation, it is awesome to have it there (in alphabetical order). Now, you decide to have forms you want to pass out to your patients or your receptionist wants all the demographics forms in one place. She opens the forms page and puts all the files in a folder called Demographics. Done. Or, maybe your want an Excel spread sheet of your Medicaid formularies. You set that up as a separate page. Would take all of one minute. It would automatically make two versions or 200 versions in case you screw it up.

We have over 450 contacts on one page. You can sort by category or any other way. It is completely searchable. When I ask for a new doctor, they always add it in. Sure, you can have other places for contacts, but this way EVERYTHING is in once place.

You can put announcements on the home page. As soon as you add an annoucement, it is automatically emailed to everyone so when they open their email, they know their is a new annoucement.

You can many other things with it. If you ever used it, you would not be able to live without it. I forgot, if you put a website link to the CDC on it, now EVERYONE has the link. You don't have to put it on every web browser.

UpDox is NOT an email server. It is a program that can interface between your ISP and AC. An email server is like Roadrunner or Yahoo or Gmail or your local ISP, which you then access via POP3. You don't have to use Exchange. But, for you all that would happen is that instead of Outlook on each individual computer going up to your mail server to check for mail, Exchange goes up and checks for mail. So, the only difference is that the mail is downloaded to one site on your server. It is seamless. Exchange then automatically distributes the mail to your users. You wouldn't even know it is there. There are many, many advantages down the road, but you don't have to use them. You don't use notepad because you don't want to manage Word. I click on Word and type a letter. I don't use the other 5,000 features. Exchange also allows all internal email to be private. And, when, HIPAA or the new healthcare package decides to make doctors' offices do the same thing banks and other businesses do, e.g. maintain all email, you can do that with Exchange. You can't do that with your ISP.

I am not sure I completely understand this, but I can guarantee you that Sharepoint and RWW will not be wasted. I am not sure what you mean that they all have the same access. But, you are not going to be even close to have the same security with WIN7 that you would have with either Windows Server 2008 or SBS. Without a domain, you have a lot less security.

Remote Web Workplace is incredible. It is the safest way to remote into your computer there is. Safer than LogMeIn or GoToMyPC or RDP. Plus, it comes with SBS. With Remote Web Workplace, you are at home and you enter either your domain name or you IP address in your web browser. You are taken to your login page. You log in to RWW. You now have access to your server and all seven or all 75 clients. You do not have to log in separately. You also have access to your email online. You can administer things on the computer. You can also in five minutes allow Staff member 1 access to her computer, 2 to three other computers she needs access to, 3 to no computers and no one to your computer or the sever. RWW is great, and you don't have to worry about all the questions on here about how to remotely log in. And, obviously, it can be done from anywhere you have Internet access.

I completely do not understand putting WIN7 on your server. First, upgrading later, will be a nightmare. They have whole books on server migration. You can't just upgrade and install over. You would have to completely redo the server.

I have not researched all of this but depending on whether you use software RAID or hardware RAID (better), you may or may not be able to do RAID10 or find the right drivers. You do understand that you must have a minimum of four hard drives to do a RAID10 as it is two mirrors that are striped. Great RAID, just need to know what you are getting into. With two drives, you are limited to RAID0 (no redundancy -- I nor would any IT person recommend that) or RAID1. You could do RAID5 with three drives or more.

If you use WIN7, you can never have more than 10 connections, where as with the others there are practically no limitations for an office your size. You can also not run a domain (why get a $3500 server and not have a domain. Once you install SBS, you have a domain -- once your attach the clients. After that you won't even know you are using it except you will get all the benefits. Drivers will be limited. And, there are many other limitations. With all due respect to your IT person, and you ultimately probably need someone local, but the ONLY thing you gain by using WIN7 is it costs less. And, given SBS is only $500 more, after configuring your server ask Dell for a discount, which they may very well give you.

I simply don't understand putting WIN7 on a server, which now means you are running P2P essentially. The server is just another computer (albeit more expensive and more powerful) in your network that has all your data. Not to mention that SBS2008 and I believe Windows Server 2008 as well comes with a fairly robust backup, although it could be better.

You certainly have to make your own decision, and there is a lot to be said about having those who will help you make those decisions. But, I am more than happy and willing to spend as much time as you want going over this on the telephone.

Anyway, I will bow out now. Sorry, if I am being overbearing, I just don't want to see you start off on the wrong foot. Being able to set up a network from scratch, get the right hardware and software and start with AC fresh is something a lot of users can't do.

Coming in late - but to answer some specific issues, first HIPAA compliance.

The first things to do to improve your compliance is to ensure that all users have non-admin accounts for regular use, and do not have access (in general) to admin passwords. This protects the practice and the machines, as both internal and external attacks are limited if the user does not have admin permissions.

Second is to understand that you have to protect info at rest, in use, and in transit.

At rest - strong passwords are your friend, in the event of theft, disk/full-disk encryption give you the piece of mind that the the bad actor has an expensive paper-weight/boat anchor.

In use - if each user has their own credentials, and they don't share, then in the event of a staff change you just deactivate one account. Don't leave a computer logged in as a practitioner without locking the screen.

In transit - encryption is the name of the game. Disk encryption for drives/tapes in transit, and for info going over the wire, encrypt the message or the container. There are email encryption tools, but both practitioners and patients don't like wrestling tech, so I suggest something that is re-assuring to the patient, but transparent - there are several portals out there now - I believe that Updox offers one that has some AC integration.

FYI - NV enacted law governing the encryption of electronic transfer of private info with hefty fines, more states will follow; so choose a tool that works for your practice.

Bottom line is that compliance is a combination of preventative measures (mostly common sense), processes that protect the data (a la shredding, locking screens), and awareness of what has to be protected.

On the other hand, FEAR comes from the unknown, and the folks who make their living selling into that FEAR, or doing compliance audits.

YMMV.

Great advice, Indy! Good stuff. Just a couple of questions.

I am assuming you mean local admin. Of course, you would never give a regular user a domain account. I know I got a rootkit virus that had the user been logged in as a non-local admin, it probably wouldn't have taken hold. I did have all my users as non admins, but it can get frustrating when you want to quickly do something that requires admin rights (local) and their is no Run As option. But, it is the safest way.

Are you referring to logging into the domain and authenticating with the server where users can be activated, deactivated or deleted?

Thanks.

You are correct - accounts with admin permissions,[machine or domain] should be not be the normal user accts, but specifically used to administrate the machine/network. It requires some new habits to begin thinking that way, but worth the effort.


If the network has a domain control, or in the case of independent computers, it means disabling the account on each machine where the account was created.

Let me use a client practice as an example of a similar approach.

Each exam room has a computer, and when the patient is "roomed", their chart brought up, their vitals entered, etc., and when the MA leaves the room, they lock the screen using a password/account in common for exam rooms. This keeps patients from having to resit the urge to poke around the application.

The practitioner knows the password, so they unlock the computer as soon as they come in.

Overall, a natural flow. They are moving to a monthly revolving password, which will require a bit more effort the first day of each new month, but naturally deals with any turnover issues, and a gentle reminder that there is a reason to protect that private data.

Two other subjects that come to mind as possible alternatives that I'll mention, and answer in more detail if there is any interest.

One is the issue of data/drive redundancy, and how that often drives up the minimum hardware price. This is a low(er) cost solution that a couple of clients are testing now with good results so far: http://www.drobo.com/products/drobo.php

You choose the size drives you want, attach the device to your machine, then load the raw drives that you will use to make up the array.

I have clients with 100's of GIGs of data, so they can either un-mount the array and 1)take it off-site, or even 2)eject a drive in mirror and take it with them. Another client runs a weekly tape job from the array, and takes that tape off-site on Friday.

Related subject, if money is tight for the practice, a Linux server running Samba can network share NTFS or FAT32 disk space, (and a wide variety of other features/services as well) such that the Windows machines never know the difference. With the latest version of Unbuntu, I'd say that ease of use of server features is about the same.

The last may get me called out a heretic, but for someone trying to bootstrap a small practice, it has the potential to skip the software costs associated with bringing up a file server.

This is what I figured/hoped you would say. While one can log into their own computer when not on a domain, when you are on a domain, you don't log into the local client, you log into/authenticate with the server. The server then knows "who you are" so it can assign permissions and allow you to access what you need to access. You never log into the local machine. This is difficult to conceive after years of logging into one's own computer. In fact, when one has to take the client off the domain and change it back to a workgroup computer in order to reattach it to the domain, after months of logging into the server, you can actually get locked out of the local computer so you are unable to do anything except completely reformat. (Of course, there are many tools out there for changing the username and password.

But, the point is if you use WIN7 on your server, you now can only have a workgroup and no client can log into the server. This gives you infinitely less security and options. No user groups, no group permissions, no GPOs, etc. etc. And, you won't have all of your users on one machine. If you use a true server OS on the server, you could still run a workgroup P2P, but always have the option to change to a full fledge client/server domain at anytime.