The amateur sysadmin

Notes on being an amateur sysadmin - one of the unpaid army of crazed enthusiasts who spend a small piece of their lives keeping the world's small networks of PCs and their users in shape.

This item is here mostly as a note to me on how I do things. But while I was writing it, I realised it might be usefiul to other amateur sysadmins runing small networks of PCs.

What - or who - is an amateur sysadmin? It's anyone who spends an hour or three a month keeping in line a small network of PCs and their users. It might be a home network, or a network of three computers in a small business. "Sysadmin" is the industry term for "systems administrator", the person who overseas a computer system. Amateur sysadmins are often professionals, and frequently highly paid - but to do other work, like management or law or accounting. They don't have computer science degrees or years of full-time sysadmin experience.

Being an amateur sysadmin often looks economically irrational. Brad Bond and Paul Adler at the Melbourne PC services firm Invizage note that amateur sysadmins are some of the most expensive PC administration labour around. In one sense, I would be better off if I stopped futzing around with DHCP settings and paid a crowd like Invizage to administer it all for me. But I - and countless thousands of others like me - do it anyway. A lot of us do it because it's kind of interesting. You learn about technology, and you learn about disciplined thinking. Blokes have another motivation: systems administration is what we do because we don't have a garage with an old Ford in it.

Trouble is, there's not much out there that sets out how to be an amateur sysadmin. The Internet is full of sysadmins talking to each other, but they mostly take the basic ideas for granted.

I learnt a bunch from Dave the Veteran Sysadmin (a.k.a. long-time Melbourne systems administrator David Brown) during my years at the online finance firm eChoice, and more from other tech-savvy friends; I've gleaned other bits from the Internet.

Step 1: Decide your network set-up

I use the classic network set-up:

"Amateur" doesn't have to mean "disorganised". Here, have a diagram of a typical small home network - mine:

A typical home network

Step 2: Put the structure together

The router

People used to cannibalise old PCs for this job, and you still can. But plummetting prices on dedicated hardware router/firewall combinations make them the most attractive tool for the job. (In a PC Magazine reliability survey, users voted heavily for the Linksys brand: http://www.pcmag.com/article2/0,1759,1733165,00.asp.)

The file server

The file server can be an old box as long as it has RAM, a fast hard drive and Windows 2000 or XP Professional. For years I've been using a 1997 Pentium II-266 with 384MB of RAM and a succession of drives, running Windows 2000. The only fancy add-on it needs is a good uninterruptable power supply (UPS) - basically a big battery with enough of an electronic brain to instruct your file server to smoothly shut down if the power goes off.

Windows 2000 and XP Pro both let you easily and cheaply manage three to 10 PCs as a collection called a "workgroup". These operating systems provide built-in Internet Connection Sharing (which is just what it sounds like) and a "DHCP" component which supplies crucial IP addresses to all the PCs in the workgroup.

Now, if you have more than ten PCs in use, you may want to run Windows Small Business Server or even Windows Server 2003 on your file server. These operating systems allow more than XP Professional's maximum of ten concurrent connections to the file server. They also let you establish what's called a "domain" and set up a lot of users' settings remotely. For an amateur sysadmin, they're overkill. But installing Windows server means learning about Microsoft's Active Directory, which is probably more hard work than you want. And Linux? It's a wonderful thing in the right hands, but for a network with Windows clients it's crueled by the complications of the SAMBA system which lets Windows clients use drives on a Linux server. Leave Windows Server and Linux to the professional sysadmins; we're amateurs here. 2000 or XP Pro is enough.

Setting up a workgroup network, Internet Connection Sharing and much else is explained at Practically Networked, http://www.practicallynetworked.com/. Australians may find much more detailed information from the prolific OzCableGuy, Darren Stribning, at http://www.ozcableguy.com/; I used Darren's magnificently clear instructions to set up my first home network.

Note that in a small or home office, you can also use this machine for Word, email and other computing tasks. Just don't put a fancy screensaver on it which will chew up all it's processing power when you're wanting files out of it.

Note, by the way, that there's a new generation of dedicated file server boxes coming out like Buffalo's LinkStation and Kuro Box and Linksys's NSLU2, all designed to make much of this task easier and cheaper.

The client PCs

The client machines should be bog-standard Windows 2000 or XP (you don't have time to teach users or yourself Linux, and the Windows 9X operating systems introduce too many complications). The hard drives don't need to be huge, because all the big data files will go on the file server. Windows XP leaves you with minimal set-up work:

The directory structure

I pinched this simple structure from Dave The Veteran Sysadmin and adapted it. Variations have been going around for decades. It's based on a simple principle: keep users' data in a location that everyone knows, and from where it can be backed up.

Every Windows computer on the network should look basically the same. When you log on, they will all have:

Depending on the user, they may also have:

Here's the sneaky bit. You set your users' "My Documents" folders up (right-click on "My Documents" for each user and choose "Properties") so that it always points to the J: drive - that is, you see exactly the same things when you click "My Documents" as you do when you click "J: drive". This way, users can use their "My Documents" folder happily - important, since a lot of programs make this the default place for users to put data.

Step 3: Install core programs

These are the basic programs that I put on every new PC. Again, this is mainly a note to myself and my friends; the programs are listed in order of importance. (You do need a firewall, anti-virus protection and XP Service Pack 2; you probably need a spam filter; you may need office software; you probably don't need Windows XP themes.)

Step 4: Test your system

Run an audit to see whether your PCs are secure. The most detailed set of audits comes from SecuritySpace at https://secure1.securityspace.com/smysecure/index.html; their swag of pricing schemes includes a number of free options.

Step 5: Make backups

Most serious creators of computer files eventually get serious about backing up data. Usually, this occurs just after they lose a whole bunch of data - through hard drive failure, catastrophic fire or mistimed click of the "delete" key. I once talked with a small business owner who explained quite matter-of-factly that she had "almost lost her business" when a hard drive failed.

The ideal backup solution

The ideal backup solution:

Now, in the world of systems administration, backup solutions are an art. You spend money and time creating them and testing them. In the world of small offices and home offices with busy amateur administrators, the sysadmin approach doesn't always work. There's a higher premium on reliability: you want to be able to see that something is working, because you don't have time to test it. And there's a higher premium on time: the system should be able to work without you doing anything much. There's also a lower premium on completely recreating systems: most of your software is off-the-shelf, and you'll just repurchase and reinstall it after a burn-to-the-ground catastrophe. All you need is the software codes and original proof of purchase.

The right compromise

Instead of achieving perfection, this backup system achieves a satisfactory performance at low cost in time and money, and it's transparently obvious that it's working. It relies on three key points:

Back up files according to a few simple principles:

Three types of backups

We run three types of regular, scheduled backups.

Two of these are controlled by batch files and scheduled using Windows' Task Scheduler: at a scheduled time (in the early morning) we copy certain files from one drive to another, or from our network to the remote server via FTP. Mostly we rely on built-in windows tools, including the command-line FTP function that almost no-one uses anymore. The third backup relies on someone - that would be you - actually sticking DVDs into a PC and copying files from the file server onto a disk.

Here are the backups:

  1. To a removeable hard drive or a bunch of DVDs, every six months - a "complete backup". This includes all our data.
    • This backup is thorough, but probably not recent.
    • This isn't automated, so it's the one most likely to fail.
    • What's this for? So that when the computers are stolen or the house burns down, we have a reasonably complete copy of all our data from the not-too-distant past.
    • What's in it? All our data, from crucial essays and databases to emails to software installation files to MP3 files of our CD collection.
    • Assorted thoughts:
      • A proper sysadmin would not call this a complete backup, since when the drive fails we won't be able to recreate it exactly as it was. But remember, we only really care about data, not about restoring all our applications instantly.
      • In an ideal world, you use a removeable hard drive - maybe an old 8Gb drive placed in a $A70 sleeve.
      • In a less perfect world, you make two identical sets of back-up DVDs and give one to a mate to keep off-site.
      • In the real world, you only create one set of back-ups, you don't always do this every six months, you store the disks next to your server, and the disk corrupts anyway.
      • Seriously, in the current state of the technology, DVD burning produces more errors than seem safe for a decent back-up solution. Get the removeable hard disk and give it to the neighbour when you've done the backup.
  2. To a hard drive location on another drive, every night - a "nightly backup". This includes important data.
    • This backup is recent, but not thorough.
    • It's easily automated via a batch file or the simple backup software mentioned above.
    • What's this for? Mostly, it's to prevent us losing critical data if the file server hard disk decides to fail, as they eventually tend to do.
    • What's in it? In a home set-up, this will include most of the material in users's individual J: drive directories, plus some material in the shared drive e.g. documents in the J:Household directory.
      • Material in "Archived" is an exception: it only gets the six-monthly complete backup. If users move a whole bunch of material into "GSArchived", they should ask the sysadmin to back it up ASAP. Make really sure users know that material in "Archived" only gets the six-monthly backup. And ask them to help you by putting appropriate material into their Archived directory. Discourage people from leaving large photo files, MP3 collections and video in the main area of their J: drive.
    • Assorted thoughts:
      • You'll be safer from theft if the second drive is on a different PC - but that relies on the second box also being on. On the other hand, even if you only leave the second PC on one night in three, you'll have a pretty recent back-up.
  3. To a remote directory at the Dreamhost account, every month - a "critical Web backup". This may include only special defined material that is critical - the draft of that book, details of insurance policies and tax records, and the like.
    • This backup is neither recent nor thorough - but it is a long way away.
    • It's also easily automated via a batch file or the simple backup software mentioned above.
    • What's this for? Mostly, it's to prevent us losing really critical data we might want if the building (home or office) burnt down and we couldn't even get a recent copy of the DVD with the complete backup on it.
    • What's in it? In a home set-up, this will be mostly material in users's individual J: drive directories, plus some material in the shared drive e.g. in a home network, documents in the K:/Household directory. We'll use an exclusion list for each user to keep the file size from getting too huge.
    • Assorted thoughts:
      • This option looks more attractive than ever before. Hosting firms like Dreamhost will give you 2GB of server space for less than $US10 a month. On a big Web back-up, the biggest cost of the system may be the extra charges from your ISP.

This may seem complicated, but it's the best system I've found. When you combine this with the monthly critical Web back-up, you end up with most of your data safe. With this system, come the disaster, the data you're least likely to have is also the data you're least likely to need.

Too hard? You still need a good backup, so think about shelling out $15 or so a week: Offsite Backup at http://www.offsite-backup.com.au/ will come in and automate the whole process for you.

Step 6: Considering email ...

Thunderbird?

The open source Mozilla Thunderbird is the email and RSS feed equivalent of the Mozilla Firefox browser. It's caught up to Microsoft's Outlook in most respects, with features including the powerful Bayesian filtering anti-spam technique. If users aren't wedded to Outlook, it's the amateur sysadmin's best choice.

Outlook?

Microsoft Outlook is used by more business people than any other email client. Your users may be used to it. My own view is that it's a nice personal information manager, and Outlook 2003 has enough security to make it at least a candidate. But it remains the most vulnerable major email client, partly because it uses the Internet Explorer engine to display HTML email. Even if your users like it, you should seriously consider alternatives, notably the open-source Mozilla Thunderbird.

Now a pet gripe: running Outlook across a network doesn't work like you'd think. Outlook's PST data files - the files that Outlook reads to display messages and contacts and everything else - are built on Microsoft's standard database engine. That database engine supports multiple concurrent connections. So you should be able to put a PST file anywhere on the network and connect to it from as many computers as you like, right? Wrong. Outlook will complain if you try to have two PCs access the same PST file at the same time. Microsoft goes further in a slightly hilarious Knowledge Base article at http://support.microsoft.com/?kbid=297019, explaining at length how its staff never intended that PST files be used on a network (and intent is what matters, right?). Indeed, Microsoft list the horrors that will befall you if you go against the intent of Microsoft's programmers by putting a PST file on the network and accessing it there:

Microsoft's suggestion? Buy a copy of Exchange Server, their large and complicated solution for administering email. On the other hand, I've been running PST files over a network for years without problems. Users just need to remember not to open two copies of Outlook on different PCs at the same time. If this solution doesn't suit, it may be time to investigate Microsoft Small Business Server, which gives you Exchange Server.

Outlook has one other bizarre characteristic: although it has those PST-file databases easily to hand, it stores configuration information all over the file system. You could try to back this stuff up, but frankly it's more trouble than it's worth. Just make sure the PST file is on the user's J: drive (a separate folder is a good idea) and leave it at that.

If you're using Microsoft Outlook, add these two tools:

File locations for email programs

Program

OS

Default Email file name(s)

Default Folder Location

Outlook

Windows 95/98/ME

outlook.pst

c:\windows\local settings\application data\microsoft\outlook

Windows 2000/XP

outlook.pst

c:\windows\documents and settings\\application data\microsoft\outlook

Notes

Outlook stores all of its data and settings in a single "pst" file.

Outlook Express 5.x/6.x

Windows 95/98/ME

*.dbx

c:\windows\application data\identities\

Windows 2000/XP

*.dbx

c:\Documents and Settings\\Local Settings\Application Data\Identities\\Microsoft\Outlook Express

Mac OS 8/9

Notes

Outlook Express 5/6 creates a "dbx" file for each email folder you create. You need to backup the entire "Outlook Express" folder.

Eudora 3.x/4.x/5.x

Windows

*.mbx

c:\eudora

Notes

Eudora for Windows creates a "mbx" file for each mail folder you create, and stores all of these files in the same folder with the Eudora program and its key settings.

Mac OS 8/9

varies

System Folder:Eudora Folder

Notes

Eudora for Mac creates a file for each mail folder you create, and stores them in the Eudora Folder file, separate from the Eudora program.

Entourage

Mac OS 9

varies

Documents/Microsoft User Data/Office 2001Identities.

Notes

Entourage creates a folder for each person at the location noted above. Entourage creates a file here for each mail folder you create.

Mac OS X

varies

Users/[username]/Documents/Microsoft User Data/Office X Identities

AlienCamel et al

I can never remember why he called it AlienCamel - no, wait, it's an anagram of "clean email" - but my friend Syd Low runs a total clean-email service that costs a little ($US15.99 per email address for six months at time of writing) but delivers a lot:

Syd is an ultra-smart guy (former Apple software development entrepreneur turned McKinsey management consultant turned successful dot-com entrepreneur) who lives and breathes this stuff. Not much gets through his systems. For amateur sysadmins needing to protect a couple of small office or home user accounts, this is the ultra-safe option: http://aliencamel.com/

As an alternative for amateur sysadmins who need more email accounts, the ultra-reliable Valueweb Web hosting service offers 20 email addresses with high-quality BrightMail anti-spam filtering for $US19.95 a month at time of writing in January 2005. (I'd still be with them if they'd offered MySQL databases in their basic package back in 2003; as it is, Dreamhost was a little more attractive, and now I'm settled.) Buying this package will also give you somewhere to send large backup files - plus, of course, a Web site if you want one. Link: http://www.valueweb.com

Step 7: Educate users

A few simple rules:

Previous     
All material copyright 1998-2006 Shorewalker DMS except where otherwise noted.
Home  |  Contact  |  Privacy  |  Terms

This item first filed on Thursday, January 06, 2005 and last modified on Monday, May 08, 2006