So, you've decided to purchase and install a dedicated server. Whether it's a file and print server (the most common for small businesses), a web server, or an email server, setting up any server involves some of the same configuration chores. For advice on choosing a server, incidentally, see our guide to buying a server.
Once you’ve got your server, to begin with setting up a server is just like setting up a PC: Unpack everything, compare the box contents with the shipping list, connect the keyboard, mouse, and network cable, and plug in. With a server, however, location is an issue. You want a low-traffic location – a dedicated server room or wiring closet. Physical security is important as well. You can set up all the OS, application, and network security you want, but if someone can pick up your server and walk out the door with it, your precautions mean nothing.
A server environment should not only be safe, it also needs to be controlled for temperature and humidity. You'll need to mitigate or disperse the heat your server or servers put out. In addition, if your server is in a location you don't visit often or there's any environmental risk, you should consider using a monitoring device – for example, the APC Netbotz range. These sort of handy devices track temperature, humidity, motion, air flow, flooding, and more, and they can issue alerts when necessary.
Many servers have dual power supplies. Plug each power supply into a different UPS and plug those UPSs into two separate circuits. This way, if you lose a single circuit, one power supply will go offline but the other one won't.
If the server's operating system has been preinstalled, that will save you an hour or so. If not, you’ll need to install it yourself, obviously enough. Here are some guidelines for configuring your new server OS and software:
Install only what you plan to use. For example, if this is a straight file and print server, you don't need to install web server or email server software, and it's better not to. There are two reasons for this: The first is that extra software contains extra vulnerabilities; if it's not installed it can't be exploited. The second reason is that extra software takes up disk space and wastes CPU and memory resources.
Use a strong administrator or root password. Your password is the key to the kingdom. A strong password does not contain words that can be found in the dictionary, it is at least eight characters long, and it contains a combination of letters, numbers, and symbols. For more on password strength, see: Making sure your passwords are up to scratch.
Create usernames that make sense. It's fine that Jim in accounting wants his username to be ZippyLiverchunks, but how is that going to help you manage your server? Decide on a convention, such as “first initial.last name” for example, and stick to it. This isn't private email; it's a business environment. Create usernames in advance, assign proper privileges, giving users access only to the directories they need, and force users to change their password when they first log on and periodically thereafter.
Plan the server directory structure. Give each user a home directory in which to store his or her documents, then create specific directories for users to share documents, as well as specific directories to house applications. Assign user privileges appropriately, for example, allowing only a user and the administrator to have access to files in that user's home directory, and restricting department-shared directories to members of those departments. This planning will go a long way, as it will regulate user access to files and applications.
Have a backup process in place. Once you bring the server online, everyone is going to start saving files to it – that was the idea, right? The last thing you want to do is consolidate data storage onto a single point of failure and then not back it up. Don't wait for data to go missing or a server hard drive to fail: Get a backup system up and running.
Implement a network security policy that protects your server. If this is an internal server that doesn't have to be accessed externally, then configure your firewall to block all incoming traffic not originating from a server session (the server will still need to get out to download patches). If this is a departmental server, block network access from outside the department. This can be done with a firewall or by setting up a VLAN (virtualLAN), a network that uses the same physical network as everyone else but a separate address.
Monitor your server. Many servers come with utilities to monitor them. Check system resources such as CPU, memory, and disk use to make sure the server can do its job. The last way you want to find out that you need to add another processor is because applications are starting to crash. Also, it helps to know if the server goes down. Many monitoring programs, or an SNMP management console, have the ability to send an alert if the server goes down.
Don't neglect security software. You're running anti-malware, HIPS (host-based intrusion prevention systems), and software firewalls on your workstations – why not on the server, too?