Bigger, Faster, Cheaper: Open Source In The Small Business

I’d been speaking with a colleague about the products and services that he sold. His experience had been mostly with installations of small business servers. We were talking about all of the really cool and useful things that you can do with Microsoft products. What we really wanted to know was the answer to these questions: “What can you do with Open Source that you can’t do with proprietary solutions?” and “What can you do with proprietary solutions that can’t be done with open source?”

Gartner Technology fully supports the latest and greatest Microsoft Products. In fact, as a registered MS partner, we have access to a large volume of software including Servers (Windows Server 2012, Exchange 2013, MSSQL Server, Web Servers, etc.) and workstations (Windows 8, Windows 7,  etc.). We use Microsoft in house for 30% of our day to day operations with around $500.00 – $600.00 in operating system and office suite applications for marketing, email management, etc. per desktop. Microsoft also offers a pretty nice collaboration suite called Office 365. The tools that are built in to it are integrated even better when used with Exchange Server.  It’s a very scalable and flexible set up, but that’s the not within the scope of this article so I’ll save it for another time. We’re going to focus on proprietary network service software packages that are commonly used and integrate them with some of their Open Source counterparts. Microsoft Small Business Server 2011 supports up to 75 users or devices. The majority of our customer base falls within this realm.

In this illustration, we’ll have the administrative office of a small industrial manufacturer with 15 users 10 workstations and 8 printers. They work together transparently with common phone and email directories, calendars and schedules visible to all but editable by few! They even use the markup feature in Word to display other peoples input on documents emailed to one another, or accessed over special types of network shares. Data that is vital to the companies day to day functioning is stored in a centralized location to facilitate a consistent and verifiable backup that is brought off site every night. Storage needs will be discussed a bit later when we talk about the sometimes significant differences between open source and proprietary software when it comes to hardware requirements.

Software List
Small Business Server 2011 with licenses for 10 users. This a typical installation costs around $1500.00 just for the software:

  • Domain Controller to facilitate secure network resource access (individual user login)
  • Exchange Server for incoming and outgoing email and collaboration tools. We’ll add Open Source spam & anti-virus protection a bit later.
  • Web Server with decent and secure remote access for email and other network resources
  • Centralized printer management
  • Very specific & centralized control over user permissions

Anti-SPAM/Anti-Virus Gateway
These are the products that we’ll focus on because they can be easily integrated into existing Small Business Server installations. Here, we need to look at the cost of the software and the labor involved in setting everything up. For a proprietary solution, I’m not going to pick on one particular product. Suffice to say that they all have similar pricing structures. We’ll figure the cost for proprietary anti-SPAM/anti-virus software at around $500.00 per year per 25 (or less) mail boxes and around $1000.00 for labor, based on 12 to 15 hours. The Open Source cost for the software is $0.00 with no limit on users and no recurring subscription fees and around $1500.00 for labor based 15 to 20 hours. The yearly maintenance on either installation, for patch installation and monitoring should only take 8 to 10 hours per year, except in the event of a major upgrade. Keeping this in mind, proprietary and open source solutions for spam and virus control do the following:

  • Unsolicited Commercial/Bulk Email, or SPAM (representing 2.52% of incoming email) is removed with 95.47% accuracy.
  • Viruses and other malware get removed before they ever get to the users inbox. Properly configured, this can prevent potentially dangerous security openings on your internal network by quarantining them before they ever reach your desktops and workstations.

Hardware Considerations
Three years ago, we built a Microsoft Server 2015 with no spam and antivirus filtering for in house use. The machine consisted of the following:

  • 1 AMD Athlon XP 2000+ (1.66 GHz) Processor
  • 2 GB Memory
  • 800 GB of storage in a software RAID 0+1
  • Gigabyte motherboard
  • Keyboard, mouse, monitor, etc.

From spare parts, the machine cost us nearly $1000.00. Not a beast of a server, by any stretch of the imagination, but it was better than the recommended minimum hardware requirements. It ran great for about a year and a half. Then, the Service Packs came. At first, processes would start locking up and you would have to reboot the machine to get them all to play nice again – and then it could take literally 10 minutes to reboot.

Let me point out that services can be tuned to reduce occurrences of these types of issues. When hardware gets overworked by resource intensive services, it can start locking up. This usually means throwing a little more money at the hardware in the form of upgrades and labor for some fine tuning, and all is fine again. But, being a small business, we had no money to throw.

We only have 6 computers and 3 printers on the network at any given time so we really don’t need a domain controller. If you don’t know what a domain controller is, just keep in mind that it’s something that controls access to all files, printers, and programs on a network. A properly managed domain can reduce overall administration overhead as all computers on the domain can be centrally managed and configured. [2] We parsed our list of needed services and added a few options that previously weren’t cost effective. These are some of the things we considered important:

  • SPAM and Antivirus filtering (we even get anti-phishing protection) [3]
  • POP3 incoming Email Server for multiple domains
  • The ability to fetch emails from other places and put them in the proper inboxes
  • Web Server with multiple domains (i.e.,, etc. served one machine)
  • Secure ftp access (LAN only)
  • Database server
  • Secure remote access for administration
  • Flexibility and scalability
  • Patch availability and ease of deployment
  • Low maintenance “hands off” administration

POP3 was easy. We have over 400 POP3 servers and alternatives to choose from in the Open Source world, so we are sure to find exactly what fits our needs. We’ll go with Postfix for this particular setup. FreeBSD(a Unix derived operating system) has a huge ports collection. Ports are Open Source software libraries. This collection has everything from scientific programs and statistical analysis packages, to web applications, CRM software, Content Management Systems, and more – literally thousands of high quality programs to choose from. We have a ton of system utilities too so we can monitor the systems health. I get daily, weekly, and monthly reports emailed to me by the system that allow me to monitor patches and updates, email server statistics, web site usage statistics, etc. I get just enough information to allow me to see problems before they become major, but not so much that I don’t even bother to read the reports. I can also use server traffic to gauge response to our marketing efforts through landing pages and referrer information, and even search terms used to find our web site. If we need a domain controller for all of our Windows based desktops that’s not a problem. We can even have company wide network shares on the serve that are accessible to our user desktop systems.

Putting it all Together
As I’ve said, I like the tightly integrated management functionality between Windows server products and the end-user desktop applications, such as the Office suite, and the operating system itself. I don’t want to sacrifice that functionality to save a buck. I also would like the functionality of email being checked for SPAM and viruses before it gets to our end user. How much productivity is sacrificed in the name of picking through a hundred emails to find the ones that we actually want? We use the Open Source email gateway with SPAM and Anti-virus as a front end server. We then configure our Exchange server to get its mail from the gateway. The gateway is set up not to blast any emails into oblivion. Instead, it marks them in a way that we can tell the Exchange Server to look for. If it is garbage, it goes to your “Junk Mail” folder; otherwise, it goes straight to your inbox. Having all of the internet facing services like incoming email, web services, etc., on this front end gateway also adds an extra layer of needed protection by keeping the internal network, where all of our valuable company data is, safely behind the firewall. Proprietary and Open Source systems can compliment one another in this way while increasing overall productivity and helping, not hindering, your bottom line.

[1] Based on 22,303 incoming emails with 8,652 SPAM and 189 viruses and phishing scams blocked by Spamassassin and ClamAV (Open Source SPAM filtering and Anti Virus software) with only 4 verifiable false positives over a 7 month period.
[2] This assumes that all desktops are running Windows 10 Professional or better.
[3]Phishing scams are used to trick a user into giving bank account information and/or financial account login information through a cleverly worded email and a fake website that looks like the real deal.