In the land of all the self hosted solutions. What are your best practices / options for business and general admin tasks?
So far we are thinking of setting up a NAS, Paperlessngx for document scanning, FreePBX for phone system, they have accounting software and employee time tracking software. Planning to use nextcloud, running on Proxmox including backups to NAS, with tailscale for 2 people to get in from outside, photoprism for photo storage, portainer.
The goal is a simple, clean, hands off, ways to cut down, centralize the general business work flow. This is a from scratch build and start. All options welcome, the point is to explore ideas. Full production environment for a small business. 1 or 2 office people, 1 to 10 employees. Using a gaming rig mid high end specs which is way overkill for this setup but it might grow depending on this post.
I am looking to FOSS-ify a local business. It’s a service based business, that also does manufacturing which is growing rapidly to overtake the service side it seems this is their goal anyhow.
This is our time to shine! To show how far we have come and what we can now do! An exciting project.
The comments seen to be going of in tangents. For a small business self hosted solutions are great, provided you have backups.
Here’s my 2 cents: Install proxmox or another hypervisor, as it will provide snapshot based auto-backups directly to your NAS nfs share. You may additionally configure an additional vm for testing other things/docker images.
Also configure your NAS to auto backup to a third location for backup snapshots.
You may configure additional vms for the accounting and time management software.
I would recommend separate vms for enterprise/commercial solutions and self hosted ones, as the support for enterprise solutions WILL blame you for anything that goes wong with their software (your XYZ software did abc and broke our product, so no support for you).
Dedicate 1 VM for self hosted products and as far as possible use docker, as it provides another level of segregation between services. Docker compose would further help you with internal networking and volume management.
On the docker VM, I would recommend postgres, NGINX Proxy Manager, Uptime Kuma on the same docker network.
I haven’t had the time to implement LDAP & SSO myself yet but it would ease your life in the long run to set it up at the beginning.
Good luck.
A gaming rig is a waste of money because you don’t need a fast gpu on a such a server. You want a boring server box and even better one with built-in “ilo” remote management.
I don’t see anyone talking about the human side so I’ll ask - what is the appetite for change? I can see you yourself are motivated and that’s great. How do you feel the attitude is with the others there? Migrating a company that’s been working analogue for decades sounds like a big change programme regardless of the tech choices you ultimately make. This sounds like process change as well as technology change and that requires using another set of skills to wrangle the people.
I would advise to pick a small area first that’s causing the most pain but also very amenable to common tech most people are already familiar with and is only a small change to existing processes. Get an early visible success.
The photo management might be a good start as we all are used to these apps on our phones and the tech is mature and easy to find in FOSS.
Everyone loves Immich though it has some big warnings on its github page about its own maturity. Maybe something simpler: just file/photo synching and a shared gallery? It can always be upgraded in future. Syncthing is solid, some kind of NAS and one of the older/mature galleries running on top. Get your backup process nailed down and run a real recovery process before too many photos are at stake.
Anyway it sounds exciting and kudos to you for looking to FOSS. Good luck!
Infrastructure is also easier to change. A TrueNAS local server with external backup using Borg should be a no brainer for users. You could also setup Syncthing to get users something close to OneDrive.
I think the thing with self hosting is that it’s a hobby, and when it goes wrong, it’s part of the hobby to figure it out. But in terms of business, then it becomes a risk. By all means try and use FOSS to improve solutions. I use a self hosted dropbox / file delivery to clients as it can saturate my 1Gbps fibre which is faster than most cloud file shares, but only because if it goes wrong one day, it’s a 2 min job to use a cloud solution instead (temporarily) and email clients with the alternative solution. But I would never build something up that only ever worked via one system.
Don’t just have data backups, have service backups. And in that regard, you may decide it’s just easier to do as others have said and use enterprise solutions from the start.
If using a self hosted Office suite, have all files duped into a single Google Drive account for example. That way you’re only paying for one Google account and have an emergency backup solution in place. EDIT: I’ve just recently degoogled and use Infomaniak in Europe for my office suite backup as its free for the 1st user. Experimenting with other non-Google/Microsoft solutions might be part of your journey.
You may decide the savings aren’t worth the effort in what you’re trying to achieve. EDIT: but I want to add that this is all part of the fun of what we do: thinking outside the box!
Although I agree that if it’s a small business, it’s better to outsource it to an established business but if you’re serious about doing it yourself, check out OpenDesk/OpenCode. Also, why use your own hardware? A VPS is much more reliable.
For business? What’s the value to the business over services like Office 365?
Personally, unless there’s a very good reason for it, I strongly recommend against this. I used to work for a company that did business IT, and there were far too many times we got called in to take over for a guy that did it himself and got in over his head, left the company, or just plain died, and it ended up costing the company much more in the long run.
Noted. What are some closed source ideas? Give me better solutions or anything over negativity. I am helping a local business.
The value they seek is to privatize their own data, run their own software free of subscription services and pricing, being bound by all the usual constraints of big corporations. Its a small business.
The value in those products is that it takes much less management, brings much greater reliability, and support teams if you have issues. If your dinky NAS shits the bed, the company’s data is gone, the company is kaput, you are all out of a job.
Of course there is a middle ground. I know there are plenty of open-source hosted products. They’re still subscriptions, but that monthly expense probably comes out cheaper than the time and effort building and maintaining your custom systems.
If you still really want to host it yourself, make sure you run through your disaster and recovery scenarios. You will have to have a 3-2-1 backup system. And remember because shit will go wrong, two is one, and one is none. That includes you personally, in the event you get hit by a
buslottery.I would recommend an actual Dell tower server with idrac for remote management, and with prosupport for when something blows up (sometimes literally, I had one PSU go bang on a server under my desk at one point). Fill it with enough disks for redundancy and data growth for the next few years, but leaving room for expansion. Put your favorite hypervisor on it, set up some vms or containers to run those services, test backups, and document everything so that a semi-trained monkey can follow it.
But don’t host your own email. Getting each individual email server to not consider you spam is a Sisyphean task.
Are you providing a support contract long term? Are you backed by multiple people in case you’re away and their business is down? I say this more figuratively than specifically you, this could also apply to their internal IT guy who wants to do this.
I’d strongly suggest deferring to a local business IT services company, unless you’re an active partner in the business. They should find a company they are comfortable with and trust, then use the products they recommend and are comfortable with.
I work at the business. In the office. Got a role change. This is on me entirely for now. Nothing I can’t back out of. That being said the point is to streamline and to simply the business workflow. It’s all analog and papers scattered and stacked everywhere for over 2 decades.
There are plenty of document management solutions. What is the actual problem you’re trying to solve? Not just “it’s a mess” because I can solve that with a trash can. What are the needs of the users?
Well the entire business has been ran analog for 2 decades. The problems I am trying to solve are the entire business workflow. Intake to outflow. They use Sage50 for accounting, vericlock to integrate into sage for time tracking software. Beyond that gmail for email. Nothing is connected, integrated.
Everything else business wise is up for grabs. The NAS and paperless was to start scanning in papers and mail and organizing it into something that isn’t piles of paperwork and a mess. Photoprism/immich was for hosting all the businesses pictures of projects, portfolio photos.
We need inventory management for tools to supplies. VOIP phone service which was planning to us FreePBX. They pay for a service Ooma but it’s terrible and 30 a month.
The goal is to establish a work flow for a manufacturing business. From scratch.
I think you’re seriously underestimating the size of this job. This is the work of 4-5 people over several weeks to even upwards of a month. PBX alone is a real PITA to get setup and to manage. Then you actually have to train your people on how to use the infrastructure you just setup for them.
Like you said, they’ve been operating one way for two decades and now you’re completely uprooting that on top of having to setup and manage everything.
You’re underestimating this.
Thank you for the feedback. This seems to be the general consensus. What tech stacks would be good given the circumstances I’m now finding myself in. Personally I dislike Google and all that. But this is business. People need to survive and eat.
If you have a Google workspace, use that for IDP.
Sage might have a connector for that, then when looking for anything to run or saas. Check if they have any IDP connectors, openID or SAML.
Also, why not start scanning all your stuff into your Google workspace, make shared drives for teams/groups of users.
You could do something like nextcloud to solve a lot of issues, but I’d still hesitate to recommend on-prem hardware and managing hardware yourself. It really comes down to the business tolerance for outages though, maybe the computers being down for a day or two doesn’t matter.
FreeIPA and Keycloak will give you directory management (LDAP and Kerberos), identity management, and single-sign on (OIDC and SAML) which if all your computers are running Linux as well, will give you centralized management of users.
You can then set other FOSS business management/productivity applications like NextCloud, Oodoo, Seafile, OnlyOffice, LibreOffice, CryptPad, etc. To use Keycloak as its authentication mechanism.
A lot of this will depend on what kind of work the business does.
You’ll also want to look into log management and SEIM for security monitoring, Wazuh, Graylog, and others. This is especially true if the business has any data compliancy responsibilities in the country this is in.
Is there a reason you aren’t using standard enterprise stuff?
I think you will quickly find that a lot of those pieces of software aren’t scalable
If the business grows tenfold, it’s still only 120 people. They can’t handle that in a gaming rig?
Depends on the workload, really. 120 users using small services? probably. 120 users sharing large files or bandwidth heavy stuff? Doubt it. Also a lot of enterprise hardware is about reliability. Multiple PSUs, NICs, more robust hardware for constant load/network traffic, etc.
Sure, a gaming rig can handle it until it can’t. Another question is what happens when the box crashes? Is the business down until a new PC is built and restored from backups?
A small business can probably afford two PCs, but scaling up and up eventually becomes a lot of trouble and space.
I haven’t tried it, but onlyoffice docspace looks like an option. It’ has hosted and self hosted options.
https://www.onlyoffice.com/docspace-enterprise.aspx
Edit: onlyoffice workspace might be a better fit if the company has the funds.
I think a concern for the business is whether other people can help maintain the system. As such don’t go too custom and roll your own. Take things like nextcloud and see if you can fit the requirements by bolting on a few docker services. Keep it simple by using “appliances” where it makes sense (dedicated NAS?).
Yup. I’ve worked in big multinational companies where a local department would roll their own solution (a database and a web page, usually), and then the people that built it moved on or retired and now no one will maintain the thing. A small business has much less resources to deal with this kind of thing.
The closer the stuff is to off the shelf, the better. Reliability and maintainability are paramount and should trump feature set when deciding.
Right now the admin team is 2 people and mostly myself. The labor side is growing as work flows in. The whole reason I took this job is the stake in the company. Its been around for nearly 3 decades very well established and deep roots in the community. The key players are still in the business and industry tied. They have assets and a good crew. But no real internal structure and infrastructure.
The whole reason I took this job is the stake in the company
Man I was suppressing the red flags up until now; this is the straw that breaks the camel’s back. You are going to get shafted at this job. It might be because someone is embezzling, they’re committing fraud in their manufacturing processes, or one of the owners is going to cut and run and leave the rest of you holding the bag. Maybe one day you’ll just show up and the doors are all locked.
You need to do absolutely everything by the book, document, document, document, CYA, and in a way that when shit goes south you’ll still have that documentation. And always have an exit plan.
Everything is by the book. It’s a family business. I have documentation of every single move that’s happened since my arrival, I’m in the financials and business customer and vendor relations. None of what your saying holds any water at all. You simply have misjudged the situation. Likely due to my poor explanation.
I see people who are showing concern borne of experience, and with marked consensus. If you’re confident they’re wrong about your situation, it still may be worth reflecting on what they’ve learned and to limit your ambitions - or at least, consider building things on a more conservative timeline than you were imagining. Have big dreams, but start with biting off an amount you can certainly chew.
Absolutely and this post has done just that. Which is exactly why I made the entire post to begin with.
I have a set of problems and wanted to try to solve them as resource friendly, open source, as possible. I will consider all tools for the job. Open, closed, what have you. At the end of the day the best tools for the job always wins.
