Consulting for a Small Construction Company
-
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@DustinB3403 said in Consulting for a Small Construction Company:
Why would you want to reduce cost, and implement Hyper-V and UEB?
Why not XenServer and Xen Orchestra for the Hypervisor?
I actually have no Xen experience...sadly...
Do you have Hyper-V experience? Jared feels Hyper-V has the lower learning curve. I feel XenServer does. I think even he would agree given your Linux background that XenServer would be easier for you.
Where I disagree with XS is when it needs to be managed by someone not versed in it in detail.
XS plus an XO subscription is simple along the lines of Hyper-V.
-
@thanksajdotcom said in Consulting for a Small Construction Company:
@Jason said in Consulting for a Small Construction Company:
This is insane.. Small contruction company? Yeah they don't need any of these. They don't even need IT. They can just buy their fresh books or whatever. And email and email service like zoho or office 365 plus cloud storage.
The biggest thing that I forgot in my OP was that they want to setup a software that uses a server-client model, but I don't see why we couldn't do that on a hosted platform.
There are huge reason that this software will likely not work. Most revolve around the fact that is was never developed with offsite servers in mind for its client-server communicaiton.
-
@Dashrender said in Consulting for a Small Construction Company:
@DustinB3403 said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@DustinB3403 said in Consulting for a Small Construction Company:
Why would you want to reduce cost, and implement Hyper-V and UEB?
Why not XenServer and Xen Orchestra for the Hypervisor?
I actually have no Xen experience...sadly...
It's the most simple Hypervisor out there.
yeah - no, I won't give you that!
most certainly not.
-
@JaredBusch said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@Jason said in Consulting for a Small Construction Company:
This is insane.. Small contruction company? Yeah they don't need any of these. They don't even need IT. They can just buy their fresh books or whatever. And email and email service like zoho or office 365 plus cloud storage.
The biggest thing that I forgot in my OP was that they want to setup a software that uses a server-client model, but I don't see why we couldn't do that on a hosted platform.
There are huge reason that this software will likely not work. Most revolve around the fact that is was never developed with offsite servers in mind for its client-server communicaiton.
He mentioned that the software in question could track in real time access of the techs in the field while the techs are interacting with the ticket system. This implies remote type access. But still, looking at a system that requires a server, instead of cloud product/hosted solution should definitely be re-evaluated assuming they didn't consider this before landing on this choice.
-
@Dashrender said in Consulting for a Small Construction Company:
@JaredBusch said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@Jason said in Consulting for a Small Construction Company:
This is insane.. Small contruction company? Yeah they don't need any of these. They don't even need IT. They can just buy their fresh books or whatever. And email and email service like zoho or office 365 plus cloud storage.
The biggest thing that I forgot in my OP was that they want to setup a software that uses a server-client model, but I don't see why we couldn't do that on a hosted platform.
There are huge reason that this software will likely not work. Most revolve around the fact that is was never developed with offsite servers in mind for its client-server communicaiton.
He mentioned that the software in question could track in real time access of the techs in the field while the techs are interacting with the ticket system. This implies remote type access. But still, looking at a system that requires a server, instead of cloud product/hosted solution should definitely be re-evaluated assuming they didn't consider this before landing on this choice.
To me, that means it has mobile ready access. Not that the fat client in the office will work across a WAN.
-
oh, most definitely.
-
@coliver said in Consulting for a Small Construction Company:
Why would you even consider a VPS for this? Office 365 or Google Apps will do everything you need. You should also talk them into looking at a modern ticketing/ERP system. Oodo has a hosted option that is generally inexpensive but honestly if they do office 365 they could just use a share point site. Most of the ticketing stuff us pre-built.
This software is built very specifically for the type of industry they are in. That's why they are looking to go with it.
-
@thanksajdotcom said in Consulting for a Small Construction Company:
@coliver said in Consulting for a Small Construction Company:
Why would you even consider a VPS for this? Office 365 or Google Apps will do everything you need. You should also talk them into looking at a modern ticketing/ERP system. Oodo has a hosted option that is generally inexpensive but honestly if they do office 365 they could just use a share point site. Most of the ticketing stuff us pre-built.
This software is built very specifically for the type of industry they are in. That's why they are looking to go with it.
Sadly I see this often. These packages built for an industry by people who have no regards for proper programming, security.
I'm dealing with that at a client now. The software they use simply will NOT run as a non local admin. I had to find a piece of software that runs the application fully as a different user to make it work.
A smart user can use this to their advantage to get more access than they should have, luckily, there doesn't seem to be a desire to do so.I'm going to these lengths to offer non admin access for the users when using the rest of the system, i.e. surfing the web, email, attachments, etc.
-
@thanksajdotcom said in Consulting for a Small Construction Company:
@coliver said in Consulting for a Small Construction Company:
Why would you even consider a VPS for this? Office 365 or Google Apps will do everything you need. You should also talk them into looking at a modern ticketing/ERP system. Oodo has a hosted option that is generally inexpensive but honestly if they do office 365 they could just use a share point site. Most of the ticketing stuff us pre-built.
This software is built very specifically for the type of industry they are in. That's why they are looking to go with it.
This is exactly what everyone not shopping around for good software or just ignoring common sense says. This pretty much tells us that the decision involved no comparisons and they are blowing you off.
-
@scottalanmiller said in Consulting for a Small Construction Company:
@thanksajdotcom said in Consulting for a Small Construction Company:
@coliver said in Consulting for a Small Construction Company:
Why would you even consider a VPS for this? Office 365 or Google Apps will do everything you need. You should also talk them into looking at a modern ticketing/ERP system. Oodo has a hosted option that is generally inexpensive but honestly if they do office 365 they could just use a share point site. Most of the ticketing stuff us pre-built.
This software is built very specifically for the type of industry they are in. That's why they are looking to go with it.
This is exactly what everyone not shopping around for good software or just ignoring common sense says. This pretty much tells us that the decision involved no comparisons and they are blowing you off.
But obviously they are a special snowflake.
-
"The solution you want, which is perfect for your needs, uses slightly out-dated technology, therefore please choose a different, inferior and more expensive solution"
Isn't that putting IT needs before business needs?
A client-server solution isn't necessarily crap, or insecure. There may be some additional overheads to consider, in terms of IT support, but these might be trivial. The immediate slagging off of any business that might consider buying a client-server solution is just hysterical.
One server, one Windows VM running the client-server application, one Windows VM running file and print services. Unitrends Free Edition to backup it all up.
-
@Carnival-Boy said in Consulting for a Small Construction Company:
"The solution you want, which is perfect for your needs, uses slightly out-dated technology, therefore please choose a different, inferior and more expensive solution"
Isn't that putting IT needs before business needs?
The two should be one and the same. And "slightly" outdated is totally missing the point. This is technology that was ridiculous to have been making since the late 1990s. Two decades of not bringing it up to date means that there is incredible business risk involved (based on averages.) This suggests that either we have unmaintaned code, a company that actively doesn't care about the needs of their clients or, most of the time, a company selling an old product that no longer has developers and they can't fix it if they need to.
You are making a wild assumption that this is superior or cheaper than modern, well made, supported software. I've never once seen that be true in a situation like this. What I've pointed out above is that companies that say that there is no other option (especially companies is super standard industries like this) is that they didn't look for options and just chose one bad one.
-
@Carnival-Boy said in Consulting for a Small Construction Company:
A client-server solution isn't necessarily crap, or insecure.
The architecture is inherently crappy and less secure than alternatives, though. Can it be made secure, yes, but it takes more work and can't get as good. But can it not be crappy? not really.
-
@Carnival-Boy said in Consulting for a Small Construction Company:
The immediate slagging off of any business that might consider buying a client-server solution is just hysterical.
You've totally missed the point being that they didn't check to see if better options existed, they are blowing off IT advice by making up obvious falsehoods to support their not being willing to look to see if better options exist.
-
What that part of the discussion would come down to, and if we want to discuss many would ask for a separate thread which is fine, is whether he should consult and give advice, or if he should just implement anything that the business asks for even if it is harmful.
There is a thread on this on SW right this moment where people are discussing what to do when the business demands RAID 0 for critical data. Do you just do it because they told you to? Do you refuse? Do you recommend something else and explain why?
-
Why is it less secure? What are the security risks?
-
@Carnival-Boy said in Consulting for a Small Construction Company:
Why is it less secure? What are the security risks?
It's not huge, you can secure it decently well. But the risk comes from the multiple connection points requiring the database to be more expose. And the much bigger risk is that it requires the database to be doing all of the security work, which databases are not designed to do and not good at, such as ensuring authentication, cleaning the data, etc. Having an application layer in front of the database that is server side provides a massive amount of security potential, including an air gap potential between incoming data and what hits the database.
Firewalls help, but only a little, for client server.
-
@scottalanmiller said in Consulting for a Small Construction Company:
And the much bigger risk is that it requires the database to be doing all of the security work, which databases are not designed to do and not good at,
What do you mean "not designed to do"? Security used by, say, SQL Server, seems pretty integral to the product? I've never heard of any risk arising from SQL Server security? What kind of risk is there? If anything, I'd have less confidence in the security provided by a small software house writing bespoke, industry specific applications, than the security provided by Microsoft's SQL Server developers. Is that wrong?
-
@Carnival-Boy said in Consulting for a Small Construction Company:
What do you mean "not designed to do"? Security used by, say, SQL Server, seems pretty integral to the product?
It's a tack on and very, very limited compared to what an application does. To do anything much, you have to start moving your application code into the database itself, which has been considered very problematic and a horrible design choice since databases were first invented.
You can do some, and you should have some security at the database, but the hefty, high level (meaning lots of knowledge of the data) should be in a front end application.
-
@Carnival-Boy said in Consulting for a Small Construction Company:
I've never heard of any risk arising from SQL Server security? What kind of risk is there?
It's actually pretty common. It's not SQL Server's fault in any way. It's just that it doesn't have the tools to really clean or validate the data. Things like SQL Injection attacks are the most common and can affect either kind of application (C/S or N Tier) but the later has way better potential for tools to combat it.
