Case Study: A Small Non-profit Infrastructure Rebuild

At a small non-profit I consult with, we were able to take an office in the depths of chaos and confusion due to an unstable and unreliable technology foundation and rebuild it into a productive and flexible environment based on simple technology that repaid itself in under a year. The benefits to productivity and morale were also very tangible, though not measurable in financial terms.

In late 2008 I was asked to take on the IT support of a small non-profit. When I joined them they were using Microsoft Small Business Server 2005. This one server provided email, firewall, file serving, groupware collaboration, print services, domain services, web site hosting, virtual private network and email lists. They also had a number of desktop computers running various versions of windows and each configured differently. Some were on the domain, others were not. Wireless internet access was confused and various bits of hardware sat around showing that people had come in trying to resolve the issue through the addition of hardware like a home-grade network file server. The users of the network were confused about what services existed, how to safely and securely use them and when their problems were issues of their own making and issues of stability with the server. The server hardware had experience trauma in the move from another office space and had become unstable. I was also concerned that the infrastructure of a SBS server was simply overkill for their small office space and presented a single point of failure for the entire organizations operations.

Problem Discovery and Diagnosis
When I first arrived, it seemed like they had several small problems, but as the situation grew clearer with greater levels of participation, I began to realize drastic measures needed to be taken. The problem wasn't just flaky hardware or lack of training, but also a total mismatch of technology to need. Previous efforts had been made to train the users, but they reported that the training was not in line with their daily needs. Some steps were already being taken to move the website off the server onto services being provided by a supporter of the non-profit. This still left a number of pain points that caused daily productivity loss and general chaos and confusion from the state of technology.

I called a meeting in February to try to get a handle on their needs. We discussed how they worked, what they would like to be able to do, what they did that they'd like to do differently, what they didn't need to do and how that might change in the future. I also talked about potential solutions at a high level to try to get a feel for how they would respond to the technology. What I discovered was that they had little understanding of what the server was doing and that they were not using many of the features. These technologies could simply be cut-out or simplified. The overwhelming frustration with the state of technology led them to be more comfortable with a major change than would be traditionally expected. The general consensus was, "We don't have anything to lose."

Armed with the results of this meeting I wrote a proposal calling for a total revamp their back end infrastructure which included labor, parts and air travel for me from Pennsylvania to their offices in California. All of this was accomplish for under $5,000. They provided housing and meals for a week to dramatically reduce the expense of my stay. The proposal required me to be on site for a full week. I would fly in on a holiday weekend, spend the three days that they were out of the office backing up their files, configuration and important infrastructure, replacing the old hardware with the new and reconfiguring their workstations to the new infrastructure. The first three days back in the office would be 1/2 day of training on the new system and then time to return to their desks to keep up with their daily work needs, but more importantly use what they learned to help make sure they understood. The final day of the week was for cleaning up the unavoidable leftover needs that come with dealing with technology.

At first, the clients were concerned about the price associated with the new infrastructure. After looking at the numbers, they began to see how this would actually save them money. In the first four months of the year, they spent almost $3600 in services related mostly to dealing with the frailty of the server and getting it to perform to their needs. This was time totally out of their control and meant they were restricted from spending that money on contacting me for smaller, training related issues. There was no improvements for the organization in that expense, just maintenance. They saw that they would spend the $5000 either in one month or in the next 6 months. If they chose the next 6 months, they wouldn't have anything to show for it in the end.

So in May, they pulled the trigger and their overall expenses in May were $5000.

A Great Success
In the 8 months following the major upgrade, this non-profit used $1,800 worth of my services. They went from spending nearly $900 each month, to spending $225. This saving of $675 per month pays for the $5000 investment in seven and a half months. For Christmas of 2009, this non-profit received the gift of payback on their investment in solid technology.

The benefits in productivity and morale were also clear. When I receive calls from them now, they ask for clarification on training issues or help adding new workstations to the office, hooking-up new printers and things that amount to improvements in their ability to do their business. The frustration and tension that existed in each call prior to the change are now gone and the calm expectation that what they need to do can be done now stands in its place. They are much happier, they can do their job and they know they can. It's hard to put a price tag on this, but I can feel it and it is very valuable to me. It is how I know I've done my job right.

Technical Detail
This case study wouldn't be complete with some explanation to how the results were accomplished. The primary objective was simplicity on the parts of the users and the administrator without sacrificing security. I'm confident that I've accomplished this through recognition that the needs of a small non-profit are perhaps exactly opposite that of a large corporation. The complexities of Small Business Server do not recognize this and end up giving a small business, a large Corporation's headaches without the budget and staff in a single box that only has to fail once to take the entire organization with it. In my mind, there is little worse technologically that a small non-profit can experience that their one and only server being unusable. They are left without the ability to function at all. Therefore, the solutions below were designed to mitigate the single point of failure issue as a means of adding simplicity and stability to the non-profit's operations.

Email and Groupware
We started with a conversion to Google Apps for non-profits. This removes the dependency on the server for email and groupware services. It also increases their flexibility in a number of ways. They now manage their own users on this system, are able to better integrate with their Mac users and are able to scale to meet their needs without an increase in hardware investment. The spam filter improvement that came with Google Apps has also been a huge point of pleasure. They also no longer need to pay for maintenance and gain the assurance of a security team of the likes that only an organization of Google's size can provide.

Firewall, Network and VPN
Upon arrival, the hardware in the office began to change. I put in place an entirely separate firewall appliance to provide increased security. The prior environment integrated the firewall needs into the same server as everything else. This meant a single breach of security on that server provided access to everything the organization had to offer. Additionally the server did not sit between the rest of the Internet and the non-profit's network. It was possible for the firewall to be entirely skipped. By putting the firewall all by itself we were able to use hardware that is highly dependable with no moving parts. We chose a device that ran FreeBSD on a solid state hard drive in a small black box. The physical size means it takes up little space and can be tucked into the closet without concern for environmental issues and out of sight. It also now sits directly in the path of traffic. It is physically impossible for access from the Internet to the non-profit's network to occur without going through the firewall. An additional benefit of the firewall we chose was the third network interface. This meant an entirely new network that was also completely separate from the non-profit's private network was able to be setup. Since they often have visitors who they like to provide Internet access to, they were able to do this without concern for the security of their private information.

The firewall also came with Virtual Private Networking capability. Using this, employees are able to securely access their files from anywhere with Internet access. This is particularly useful for the several road warriors that they employ. I also setup separate keys for each user so that, in the event that a laptop is stolen, the entire organization doesn't need to get new security keys. I am able to revoke the stolen key and simply issue another to just the person whose key was stolen.

A new VLAN capable switch was critical to extending the separation between the private and public network. Certain public areas with network jacks and their wireless network were able to all be on the same network while the office spaces remained separate. A simple firewall rule allowed the sharing of a printer to the public network.

The File Server
Instead of a traditional file server, a business-class Network Attached Server device was chosen. This device provided 4-disk RAID 5 stability, USB backups, and, like the firewall, the assurance of an operating system on a solid state drive. Only file storage occurs on the hard drives. USB backup can be performed by plugging in a USB hard drive and pressing a button on the front of the device making off-site backup trivial. User accounts and group are setup on this file server to allow the restriction of access to certain files.

Ease of Administration
The firewall, NAS and switch are all managed remotely through VPN access and their web interfaces. As a backup to the potential of VPN problems, another remote access service is setup to be able to take control of any workstation on the network and then access the web-interfaces of these devices through that system. Remote administration becomes so easy that fast service and response to problems becomes trivial. I can respond to problems just as fast as if I was physically located at the office.

Other Services
Email list services were moved to a service provided by their website host as they had some excellent services at a very reasonable price. It was determined that the domain service simply added complication that was not worth the benefit for an organization their size. Print services went out along with domain services. It is simply more stable and dependable to connect directly to the printer from each workstation in an environment where quotas and other usage can be monitored acceptably by simply watching people go to the copier like a small environment permits.