It started with a dare:
“I bet you can’t create a complete office environment using nothing but open source software!”
Short answer: I won.
Once I took my dare, I decided on a few things upfront:
- All software must be open source and must be able to run on hardware laying around already. No fancy million-dollar hardware just to save a buck on software!
- All installed software must be free to use but offer commercial support so it could be used in a real office environment. I could not use open source software that nobody supports!
Now, let me define what my version of an open source office would use, and why.
The key components in this office will be:
- The workstations. After all, ya gotta DO something all day.
- The firewall. We can all agree that internet access is mandatory now. Monitoring internet usage would be required as well. Who knows what Karen in accounting is up to lately?
- The domain controller. This is the server that will maintain all the usernames and passwords for the employees to log in every morning.
- The NAS. This means, “Network Attached Storage” and it’s a fancy term for “a place to store files”
- A database engine. Databases are everywhere now, and your company might need this right away or it might not but it’s a good idea to build this right at the beginning.
- Scanning and printing
- Backups, the necessary evil
- A crazy surprise for the time your business takes off and you are growing HUGE.
NOTE: additional articles will be written for each of the listed software packages. As those articles are written, you will see their links here:
Establishing internet access with free firewall software from pfSense.
Installing free Active Directory with Ubuntu Server and Samba.
Great, we have defined the pieces of our network. Now we can move on to which software will be used for each piece of the puzzle.
For this piece, we will be using Ubuntu workstation. Ubuntu has been making open source software since 2004. At the time of this writing, version 20.04 is the latest and greatest. It is the most used Linux workstation operating system available and has great support if you should need it. Keep in mind this is just the operating system that we will load (soon) and we still need physical hardware to load it on. For that, any old workstation will work fine.
Most users are accustomed to upgrading when Microsoft tells them that a new release of Windows is coming out and their current machine won’t work with it. This is not the case with Linux. Linux places much less load on a computer than Windows does, so it will run on older hardware just as well as the newer stuff. Linux doesn’t place limits on you.
While any old workstation will probably run Linux (Ubuntu, specifically), I would strongly urge you to replace the hard drive in the machine. Hard drives are devices that run all day, every day. They are mechanical devices that wear out and when they break, your workstation is dead. A solid-state drive is a great way to speed up an old computer as well.
Now that the workstation has Linux on it, it’s time to load “office”. I am not talking about Microsoft Office. There is a fantastic open source version called, “LibreOffice”. It is fast, free, and looks fantastic on the screen.
Before Microsoft switched to the monthly subscription model ($8-$20/month), They charged $400 for the professional edition. If the computer needed to be reloaded, it took time and effort to deactivate the old license and activate the new computer. With LibreOffice, just download it again and reinstall it. No license key is needed!
It is worthwhile to note that LibreOffice comes with features that you would normally need Adobe Acrobat for, so we will skip the loading of PDF software entirely.
While Linux has long been considered immune to viruses, it is just resistant, and antivirus might be something to consider. Here is a review of 5 top antivirus packages for Ubuntu ranging from free to paid subscriptions. You get what you pay for with this so you might want to consider what you get for a recurring subscription.
Great, we have the workstations covered, lets move on to the firewall.
Internet access was nice until a few years ago, now it is mandatory. It is so important that most company functions are cloud-based. “Cloud” just means it is running on somebody else’s computer. You could run down to the local big-box store and grab a firewall with Wi-Fi built-in for $50 and call it good. This is a bad idea for a business. I will explain why:
Once you get that little unit set up and functional, you will never touch it again. What about security updates that should be running regularly? More hacking incidents take place due to unpatched equipment than for any other reason.
What happens if you make a change in the company that requires a change to the firewall? With the cheap units, a person must come out and physically touch the unit or you need to make a long phone call to a vendor that might not offer support for your firewall anymore. Now you are reinventing the wheel.
What will you do when your internet slows to a crawl? You might pick up the phone and call your ISP (internet service provider) but they might tell you that your circuit is working fine, you just have a ton of data flowing in and out. Is Karen in accounting doing something bad again? Without monitoring in place, you will have no idea what is happening with your internet.
“PfSense” to the rescue!
There is a company called, “PfSense” that makes open source software. What is interesting is that they have also partnered with a company, “Netgate” that makes a prebuilt unit. You can download the software and build your firewall (free) or you can buy a commercial firewall with hardware and software support. The choice is yours!
With PfSense, you will continue to get updates long after you install your firewall. Companies around the globe support this software in case you don’t want to be bothered. If something in your company changes (maybe a phone system or hosting your website) you can simply make a phone call and a professional that specializes in PfSense will have your firewall configured in a matter of minutes.
The real beauty of PfSense is that it is truly an enterprise-grade firewall. If you need to connect your office to another remote office with a VPN, you can do that easily. Do you need to know how the firewall is being used? You can have a Grafana dashboard set up in no time.
Great, internet access is handled. Let’s set up a login server (domain controller).
The domain controller
Company life would get ugly quickly if you had to add a new user account to every computer in your office every time you hired a new employee. That is where the concept of a “domain controller” comes into play. For a long time, Microsoft was the only way to get a server that provided a single place for user accounts.
Linux now has an open source alternative called, “Samba” that allows it to hold a virtually unlimited number of user accounts and allows all the workstations to use this list of user accounts. Samba effectively acts as the domain controller that only Microsoft could provide in the past. Best of all, you use the same server management tools that you would use if you had a real ($) Microsoft server onsite.
Microsoft offers “workstation” and “server” operating systems with different costs. Under the hood, they are the same, but with artificial limits put in place to prevent you from using a workstation as a server. With Linux, you choose exactly what you want, without concerns about licensing.
In the open source world (Ubuntu included) you can download the workstation and you get a very robust graphical interface for your users. You can also download their server version and it does not include the graphics, to ease the burden on the hardware. The server version also offers some pre-defined choices for server roles to make setup even easier.
While you can get away with ordinary hardware (a workstation, for example) I would suggest getting some type of server for this part. You can pick up a relatively robust older server from eBay for a few hundred dollars. This will include RAID which makes hard drive failures a thing of the past and it will generally make your infrastructure more reliable.
You say, “But older hardware isn’t under warranty. If it breaks, it will leave my business unable to operate.” Hold on to that thought until the surprise at the end.
Great, you have workstations up and running, you have internet access, and your entire network has unified logins. Where do you store data? Enter trueNAS…
The NAS (trueNAS)
TrueNAS, a dedicated NAS or Network Attached Storage device.
With trueNAS , the most popular open source storage solution, you can have a single machine that holds all your company data. All your spreadsheets, PDFs, and any other documents that your company needs to operate.
Why not just store the documents on each computer? If a user moves to another machine, those documents won’t follow him or her to a different machine.
If Karen in accounting accidentally deletes a document, the document can easily be restored in minutes with a feature built-in called, “snapshots”. This feature takes a snapshot of ALL your data at an interval that you define. In addition to helping Karen, many companies have been getting hit by ransomware in which every document in the company gets encrypted and can only be recovered by paying a ransom to criminals.
With TrueNAS, if your company suffers from ransomware (with proper preparation, it won’t), you simply tell the trueNAS to go back to the point right before the ransomware attack. Karen in accounting might lose an hour or so of work (the snapshots feature can run as often as every 5 minutes!).
Another way your company could benefit from a NAS (trueNAS particularly) is disaster recovery. TrueNAS can be configured to replicate all its data to either another trueNAS box (onsite or at a remote location) or it can replicate to a cloud service like AWS. You would be covered for almost anything from accidental file deletion(Stop picking on Karen!) to a hardware failure of the NAS, to a devastating earthquake that renders your company temporarily closed due to destroyed offices.
The database engine
This might seem like a daunting task but adding a database server is as simple as running a single command on a Linux server. This role can be added to the samba server that is already running or if it’s going to be used a lot, it can run on its hardware. Remember, you aren’t paying to license per server anymore!
The “MYSQL” database engine is open source and free. It scales well and is easy to set up and use. It is considered the “go-to” engine for internet usage and websites.
Well, setting up databases was easier than we thought! Now let’s protect all that data.
Scanning & Printing
Linux is known for being flexible when it comes to printing. You can use almost anything you like from a cheap inkjet printer to a full-featured color laser printer.
For scanning documents, nothing beats a sheet-fed scanner that sends them to a network folder. Remember that fancy NAS that we set up?
In a nutshell, backups should protect:
- Company files
- Server data
- The servers themselves
Workstations are easily backed up using software called “urbackup”, an open source software package that consists of a server where all the data is stored and the agent that runs on the workstations. The server piece can run as a “jail” (a virtual machine or container) on the trueNAS machine but if you have a lot of workstations to backup, a dedicated server with lots of slow, inexpensive drives would be a better place to store all the data.
Even though you are only backing up the workstations themselves, you would be shocked at how much space would be needed. We recommend keeping a very recent backup (in case of a hardware failure) and a backup from one week ago, and one month ago. 3 Backups per workstation at a minimum.
Backing up the company files (the trueNAS data) can consist of several steps:
- You can create a second trueNAS and configure the first machine to replicate to the second. A complete machine failure only takes a few minutes to recover from.
- Install a backup solution like “duplicati” to send data to another storage medium (never forget the 3-2-1 rule!).
- Ensure you have snapshots turned on so you don’t need third-party software to recover from a simple file deletion.
To backup server data, you would use duplicati again to pull databases, files, and other configuration information.
To back up the servers themselves, you would use the “urbackup” software and do “bare metal” backups just like a workstation. Many people forget to back up the entire server but imagine your server has physically died and you need to build a new one. You are already under stress because your company is at a standstill.
It is much easier to connect a thumb drive with the urbackup software on it, run the restore, and point to the server backup that you want to restore. Wait a few minutes (or an hour for a large server) and reboot. Everybody can get back to work, and Karen in accounting can get back to creating chaos.
Remember, no backup is useful if the restore process hasn’t been tested!
We are done, right? We have workstations with internet access. The documents are stored on a NAS. The servers are running. The data is backed up. What happens if the company grows and needs 24/7 uptime? Having a physical server means downtime if the server fails. Even brand-new servers have been known to fail from time to time. Proxmox to the rescue!
Proxmox is an open source virtualization platform. We have all heard the term, “virtualization” which simply means running a machine inside another machine. Proxmox does this and you can run many machines on one physical server. Nothing new there.
How do you benefit from this? With virtual servers running on a physical machine, backing up a virtual server is as simple as copying a single (very large) file. Restoring the server due to disaster or corruption is as simple as restoring a single file. This reduces the stress involved with recovering from a disaster or failure and decreases the time needed as well.
Where Proxmox can outshine its competitors is by taking virtualization to the next level: HCI. HCI is short for, “Hyper-Converged Infrastructure” and this is geek-speak for a cluster of servers acting as one giant machine.
With Proxmox HCI, you take the single physical machine and add at least two more. With three servers acting as a single large machine, you can have many more virtual machines and they “float” on all the servers. You can take any single physical server offline and continue to run your workloads. Downtime is now measured in minutes per year.
To run Proxmox, you download the same software for free, install it on a single machine (or three or more) and then create the virtual machines. You can even convert existing servers to run on the new Proxmox HCI cluster, so you don’t have to reinvent the wheel.
Backing up the servers is still a simple process and can be scheduled to run any day of the week or multiple days of the week. You will get an email after the backup runs, letting you know if the backup failed or succeeded. While this software is free to download, you can get free community support, or you can pay for commercial support with guaranteed response times. The cost for support is based on how many machines you have and what type of response-time guarantee you want.
I hope this article has been informative for you. Interon has now set up many “open source offices” and the economic benefits for our clients have been immense. If you would like to learn more or hire us to implement any or all of the technologies discussed feel free to call us or use our CONTACT US page to request more information!