{"id":171,"date":"2007-06-22T11:53:21","date_gmt":"2007-06-22T11:53:21","guid":{"rendered":"http:\/\/dalelane.co.uk\/blog\/?p=171"},"modified":"2007-06-22T14:43:55","modified_gmt":"2007-06-22T14:43:55","slug":"it-infrastructure-for-a-growing-charity","status":"publish","type":"post","link":"https:\/\/dalelane.co.uk\/blog\/?p=171","title":{"rendered":"I.T. infrastructure for a growing charity"},"content":{"rendered":"

As Solent Youth Action<\/a>‘s resident geek, I guess it’s inevitable that I get sucked in to anything I.T.-related. <\/p>\n

Over the last few years, our I.T. resources have grown in an ad-hoc way – primarily driven by needing more PCs as we have grown our staff, and limited by how much money we have at the time! <\/p>\n

In our last trustees meeting, we decided that we’ve grown to the point where we need to be more organised about our approach to I.T. Ideally, we want a roadmap which outlines not only our current I.T. needs, but identifies what we will need to meet where we see SYA growing in the future. <\/p>\n

I wanted to bounce my ideas off friends, so thought rather than sending it round in an email it might be easier to put my ideas here, open it for comments and pass a link round. <\/p>\n

So here goes… here are my first few ideas about what I think we need to do… please feel free to point out where I’ve said something stupid! \ud83d\ude42<\/p>\n

<\/p>\n

\n

Where are we now?<\/h3>\n

We’re a small organisation – eight members of staff, currently based in three rooms we rent in ECS House in Eastleigh. <\/p>\n

We’ve now got eight Windows XP desktop PCs<\/b>, all networked together (some with ethernet, some over Wi-Fi, using our own router). We went for Wi-Fi because one of our three rooms is separated from the other two – and I didn’t fancy running network cables through a building. <\/p>\n

We’ve got a couple of printers<\/b>, one in one room on it’s own, one in the two rooms next to each other. Each is connected to a single PC, and shared to let the other staff send stuff to it.<\/p>\n

We have a portable USB hard-drive<\/b>, normally connected to one PC, which shares the drive on the network. This is our “shared filespace”, and is where the staff store finished files and documents, making them accessible by all staff.<\/p>\n

Our records about young people are stored on a MySQL database<\/b>, accessed via a bunch of custom PHP forms<\/b>, hosted from one of the PCs using the Uniform Server<\/a> bundle of the Apache\/MySQL\/PHP stack for Windows. <\/p>\n

Increasingly, the staff are working regularly from outside ECS House – working from local schools, colleges, Students’ Unions, and other youth centres, such as Connexions<\/a> centres. When doing this, they use our ISP’s webmail<\/a> to keep in touch on email, a pay-as-you-go mobile for phone calls, and large A4 ring binders with everything else that they might need while out of the office. <\/p>\n

\n

What are the problems with this?<\/h3>\n

The SYA network can’t be accessed outside of ECS House<\/b>. Carrying folders of forms and paperwork and binders with our current volunteering opportunities on a regular basis is far from ideal.<\/p>\n

The network filespace is not accessible when the computer it is connected to is switched off<\/b>. It is portable, so the staff can always physically go and get the drive and plug it in their own machine, but this feels a little clunky. And I’m not sure I like our primary store of data and documents living on a portable drive that is regularly moved around. <\/p>\n

Similarly, printers are not accessible when the PC’s they are connected to are switched off<\/b>. <\/p>\n

Most of the PCs are running Windows XP Home (because it’s cheaper) which means that we’ve had many problems with the number of staff who can connect to networked resources<\/b> like the filespace at any one time. This never used to be a problem when we had fewer than six computers, but as we’ve grown, we’re starting to bump into it more often. <\/p>\n

The MySQL database of young people is not accessible when the PC it is hosted on is switched off<\/b>. And it is not available outside of ECS House<\/b>, meaning that staff will often resort to printing out large sections of the database when needing to working at partner sites. I really don’t like us carrying around personal information outside of the building in printed form. <\/p>\n

Our backups process is manual<\/b> – with an administrator responsible for dumping the MySQL database from one computer and burning it to CD with the documents from the portable USB hard-drive. <\/p>\n

\n

What should we do?<\/h3>\n

Idea 1 – Central file and print server<\/h4>\n

Replace the portable USB hard-drive with a Linux fileserver. Connect all of the printers to it, and also use it as a central print server<\/b><\/p>\n

Why?<\/h5>\n

Linux does not have the limitation of six connections that Windows XP Home has – so some of the scaling problems as we grow beyond six members of staff would go away.<\/p>\n

A powered file and print is always accessible – not needing any particular PC to remain on. <\/p>\n

Linux is free – so it saves us needing another expensive Windows license. <\/p>\n

Linux is better suited to supporting automated backups – we could use something like a cron job on it to kick off a backup task.<\/p>\n

How?<\/h5>\n

I’m thinking that CentOS Linux<\/a> is the best option – because I like RedHat but don’t want to have to pay for it! And Fedora Core is a bit too bleeding edge for what just needs to be a solid file server.<\/p>\n

We’ve got a cheap, donated PC which should be adequate to run it. Although I’m thinking that we’d better start off with new hard-drives – not sure I want to rely on hard-drives in an unknown condition of an unknown age for our data. <\/p>\n

We don’t have massive storage needs, so I’m thinking that it might be a good idea to put our money towards two smaller drives, and use RAID to give us some fault tolerance from disk errors and single disk failure. (Is two enough? Would it be overkill to go for a parity-based approach like RAID 5?<\/i>)<\/p>\n

Idea 2 – Virtual Private Network<\/h4>\n

Allow computers not in the ECS building to access the SYA network<\/b><\/p>\n

Why?<\/h5>\n

We could allow staff to access stuff while working remotely from schools, colleges, Universities, etc. <\/p>\n

It would also allow me to remotely control desktops in SYA to carry out I.T. support tasks from home or work. At the moment, if something goes wrong with one of the computers or one of the staff need help doing something, I need to find time to go to the office, ideally when the staff are there. This isn’t easy and can sometimes take me several days. If I could remote-desktop in on a lunch-break, then my typical response time could become hours instead of days.<\/p>\n

Looking further ahead, we are working on plans to expand to office-space in other local towns in the medium term. Being restricted to working in Eastleigh was a good place to start, but is starting to become a limiting factor, and it seems likely that we will need a presence of some sort outside of Eastleigh in the coming years. <\/p>\n

How?<\/h5>\n

Eek… this is the question. This needs to be done *very* carefully, to ensure that access remains limited to SYA staff. <\/p>\n

I guess there are two main options:<\/p>\n

VPN<\/b> – install a VPN solution on a Linux box in the office. I’ve heard good things said about free solutions such as Hamachi<\/a> but I’m sure there are others out there. (Such as the ones listed on Daily Cup of Tech<\/a>‘s recent post on freeware security software.)<\/p>\n

‘Roll your own’ security using SSH tunnelling \/ port forwarding<\/b> – As we have our own router, we can specify some specific ports to forward on to a “VPN” Linux box which can access the SYA network. <\/p>\n

Is one better than the other? <\/p>\n

I guess the software solution approach would be simpler to configure… but then the SSH tunnelling approach probably wouldn’t be all that complicated anyway. <\/p>\n

Do we need a dedicated machine for it? Instinctively, I’m thinking that it may be insecure to use the same box for this as for the fileserver I mentioned above. But practically, is it that much of a risk?<\/p>\n

For remote desktop, a friend has recommended NoMachine<\/a>‘s free remote access solutions as being worth a look particularly when using slower connections, and at first glance it looks quite powerful. <\/p>\n

Stepping back a bit, is this really necessary? Am I over-engineering things? Would a bunch of USB memory keys and some approach to syncing with the office network be simpler? <\/p>\n

Or maybe moving to an online approach – use WebMail for all email, Google Docs for all documents, pay for some online storage for non-Office docs like images and so on, and host our MySQL database externally… Perhaps then the need for an internal network goes away? This could make things like backups easier…. depending on how much we trust our online providers!<\/p>\n

This leads me on to…<\/p>\n

Idea 3 – External database hosting<\/h4>\n

Transfer database of young people to an externally hosted server<\/b><\/p>\n

Why?<\/h5>\n

Externalising database makes it easier for staff to access it when working off-site. It also opens up the opportunity for young people to access (and update) their own information. Why not let them update their own phone number when they get a new mobile? <\/p>\n

This could also give us a more formal rigorous approach to backups, including off-site backups, depending on the provider we go with. This gets us into the whole realm of Service Level Agreements, and needing to decide what we need – how long could we cope without access in the event of a problem? 1and1<\/a>, who I’ve used in the past, offer MySQL hosting for £9.99 a month with a 99.99% uptime ‘guarantee’. At first glance, this looks like it’d be good enough.<\/p>\n

How?<\/h5>\n

We can’t put the current PHP front-end to the database online. To start with, they are not at all secure – as we have always relied on the fact that access to the database was physically secured in the building. In addition, they are also a little quirky and clunky. Put it this way – the staff have just about figured out how to use them, but I don’t fancy the chances for any young person trying to figure it out! <\/p>\n

I’m thinking of transferring the database to a drupal<\/a>-powered system. Not only would this give us a more secure and reliable front-end to the database, but from what I’ve read about drupal it scales very well, which could become important if we open up access to our thousands of young people. The wealth of other drupal modules available would also allow us to roll out new features in the future that could foster the sort of online community that we’ve talked about wanting… content management for the website instead of the current static HTML, a blogging engine, discussion forums, and lots more. <\/p>\n

It shouldn’t be that hard to script something which dumps the data out of the current MySQL database, maps it, and imports it in a new drupal MySQL database. <\/p>\n

Not sure how much work it would be to get the basics up-and-running : port across the static HTML content, and setup the stuff needed for user profiles… and as it is gonna fall to me, whether I can block out a day or two to do it is gonna be a factor… but it feels like the right direction to go in. <\/p>\n

\n

Anything else?<\/h3>\n

So what do people think? Any comments on my ideas? Any suggestions or other ideas? Please feel free to comment here, or email me separately. Thanks!<\/p>\n","protected":false},"excerpt":{"rendered":"

As Solent Youth Action‘s resident geek, I guess it’s inevitable that I get sucked in to anything I.T.-related. Over the last few years, our I.T. resources have grown in an ad-hoc way – primarily driven by needing more PCs as we have grown our staff, and limited by how much money we have at the […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,3],"tags":[],"class_list":["post-171","post","type-post","status-publish","format-standard","hentry","category-charity","category-tech"],"_links":{"self":[{"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=171"}],"version-history":[{"count":0,"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/171\/revisions"}],"wp:attachment":[{"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dalelane.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}