Context / need
An accounting firm grows from two to five or six people. The file server in place is about ten years old and was configured for the original team: a single Windows account shared by everyone, so the same access to every folder for each person, no traceability, and a “backup” that amounts to a copy on the same single disk. Hiring makes the issue urgent: individual accounts, role-differentiated permissions, a real backup, and protection against power outages.
Constraints
- Data stays on premises. Client files of an accounting firm: sensitive data the owner wants physically on site.
- No business interruption. The firm works throughout the transition; the switchover must be invisible to the team.
- Non-technical users. Day-to-day work must stay identical: log in, open your folders, work.
- An existing network to respect. The site already has its firewall and subnets: understand what exists before plugging anything in.
- Controlled hardware budget: about 1,000 euros total.
Options considered
- Extending the existing server: ruled out from the start. Ten years old, a single account impossible to compartmentalize, a single disk.
- The cloud (an office suite and storage such as SharePoint or Drive): presented to the client in the interest of transparency. Ruled out: the data would leave the premises, and the firm uses none of those suites day to day; the whole team would have had to change habits for a service less suited to actual use.
- An on-site NAS: quickly chosen. Data on site, fast local access, native accounts and permissions, built-in backups and monitoring.
Decision & why
A Synology DS225+ NAS, two mirrored 4 TB disks (SHR), protected by a UPS (APC Back-UPS 950VA). The installation starts with an audit of the existing network: identify the subnets behind the firm’s firewall and choose where to connect the NAS so every workstation can reach it.
The access model is the core of the project:
- One account per person, and role-based groups: management, staff, with specific permissions on certain folders. Least privilege replaces the shared account.
- Nothing is exposed to the Internet. Employees access the shares only from the firm’s local network. Remote administration (and only that) goes through the zero-trust private network (tailnet): SSH and shares stay invisible from the outside, and the vendor’s “cloud” services are disabled.
- Backups following the 3-2-1 strategy: local versions and an encrypted off-site copy.
Accepted tradeoff
Consumer-grade hardware, at the scale of a small firm: no high availability. If the unit dies, the way out is the documented restore. Accepted compromise: at this scale, robustness comes from the disk mirror, the UPS, the tiered backups and a maintained restore runbook, for a budget that remains that of a small firm.
Outcome
- Reliable: tolerance to a single disk failure, a UPS against power outages, backups with an encrypted off-site copy, a migration completed with no loss and no downtime.
- Maintainable: readable accounts and groups, the NAS’s built-in monitoring, an operations and restore runbook kept up to date.
- Secure: least privilege by role, traceability (knowing who changed what, which did not exist before), zero public exposure, remote administration confined to the private network.
The ten-year-old server is unplugged. For the team, nothing changed beyond new credentials: that was the goal.
Migrating the legacy
Preparation first: an audit of the existing setup, mounting the old server’s share read-only, then transfer with rsync: about 640 GB and 190,000 files in under 18 hours, zero errors. The physical installation happened on a Saturday, with the office closed; accounts, groups and shares were configured next, then the switchover cut access to the old server.
The pitfalls encountered, noted for next time: residual SMB sessions on the source server to purge before remounting the share, and Windows authentication heading for a nonexistent domain (the server was in fact not domain-joined): the local account had to be forced explicitly.
On the team side: everyone received their new credentials and entered them on their workstation. No perceived downtime.
Permission model & operations
The permission model follows a simple matrix: groups (management, staff) and specific permissions on certain folders. A new hire is handled by adding an account to the right group, without touching the shares.
Operations rely on the NAS’s built-in pieces: access and change logging, monitoring and alerts, file versioning. A runbook covers the scenarios that matter: restoring a file or a folder, a disk failure, loss of the whole unit.
This page contains no address, no network map, and no identifying equipment detail. It describes roles and decisions; specifics are shared in an interview.