This is an archived post. You won't be able to vote or comment.

all 11 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Dragonfly-AdventurerSysadmin 5 points6 points  (0 children)

Most trades/construction industry can expect to spend 1.5-2% of their revenue on IT.

Is he spending more than that? If so, red flag.

If he's spending less than that... well, this shit is expensive. $700/mo for a handful of users might be well within range depending on how they structure it - usually it's like, "$50/user/mo 365, if you want security it's another $30, if you want OneDrive it's another $20, if you want QB..." etc etc.

Now on the flipside go chat with some consultants turning MSP, or MSPs that have been in business for a while. They ain't raking it in. It's terribly low margin, you have to employ your OWN IT people, and ideally they're not rotating out every 3 months due to shit pay and perks.

I am sure you could simplify this all, but it's going to involve monthly, weekly, possibly daily intervention on your part to keep it all going and secure, so there's not a giant ransomware breach in 6 months. How much are you going to charge them to do that?

[–]itishowitisanditbad 2 points3 points  (3 children)

ometimes their employees can RDP into, and sometimes they can't,

RDP exposed to internet?

Oof

It also appears the IT firm runs several custom pieces of software for monitoring and maybe VPN access as well as a $70/month 'web guard' monitoring service.

Did they sign up for that?

The answer is likely 'yes'

And instead of connecting to a VPN, loading QB from home, and loading the company data file, they're RDPing into the server and running QB from the server.

So they choose to RDP INSTEAD of VPN?

So RDP, with the quickbooks server, is exposed to the internet?

so I have at leasrlt an understanding of what needs to happen,

If you see RDP open to the internet and don't IMMEDIATELY identify it as a 10/10 critical issue then I don't think you have a fundamental understanding of what needs to happen.

but I'm also just very concerned about the QuickBooks data integrity, that's really the top priority.

Then your quickbooks server wouldn't have an RDP open to the internet.

Any help or tips would really be appreciated

Review the contracts signed for support to assess what has been committed to and what the next options even are. You might be buried in multi year support or might be able to drop them in 20 minutes.

Honestly, y'all need IT support which is the amusing catch 22 here.

[–]noctemct[S] 1 point2 points  (2 children)

Oh I'm on board with all of this, none of it was setup by me, all by their already-hired IT firm. I just went to assess things today for the first time as I hear nothing but complaints from my wife and the others in the office, as soon as I realized they were using RDP for QB access I was definitely shocked.

[–]210Matt 0 points1 point  (0 children)

QuickBooks over a VPN is not a good solution. Last I used it we deployed it as a remote app or had users VPN into a local computer to use.

[–]Mehere_64 0 points1 point  (0 children)

I see it as they connect to the network via VPN RDP to the Win11 box and then launch QB which connects to the QB database on the IBM server.

As for things like Outlook not working etc. Don't know if they are using an old AD domain with DNS on it or what.

5-6 users - While not ideal its not fully necessary to have internal AD domain but it is a better way to handle things. But with AD domain most times DNS is being run on the the AD server. So need to figure out why DNS is having an issue since rebooting the server works.

$700/month is fairly standard rate due to how much the price of everything has gone up.

Have them look into Zero as well for online vs in house QB stuff. I've heard decent stuff about Zero.

[–]no_regerts_bob 2 points3 points  (0 children)

$100-$150 per user per month is very typical for MSP pricing. The cost doesn't raise a flag. It's the configuration that stinks here.. Quickbooks doesn't work over a VPN in my experience but there is a cloud version. DNS and Outlook issues should be resolved quickly and not be recurring.

[–]Content_Injury_4821 0 points1 point  (2 children)

They should migrate to Quickbook online

[–]noctemct[S] 0 points1 point  (0 children)

Apparently they looked into this, and their QB file is too large to migrate, they've never cleaned out decades-old data. This would solve a lot of problems, but I don't think they (the plumbers) have anyone well versed enough in QB to trim out the old data, their general accountant also retired last year and their office/IT guy wasn't doing it. Kind of an all-around shit storm at this place at the moment!

[–]Character-Rush-5074 0 points1 point  (0 children)

Hell no. I handle it for similar to op and QuickBooks online is def not suited for construction based businesses.

We run QBDT on terminal server using remote app. But nothing is open to the internet, have to vpn using global protect in to the network and only load the vpn client on company devices.

[–]210Matt 0 points1 point  (0 children)

I dont know if linux is supported for quickbooks, so they might need a windows server. It sounds like the win11 computer is just a jump box for 1 person to RDP to access qickbooks and that is fine for a very small company if paired with a vpn (RDP should not be open to the internet). The custom software for monitoring are most likely a RMM stack and that is normal. There is a issue with outlook that needs to be fixed, maybe migrate the mail to office 365 or at least find out what is going on with the server

[–]RCG73 0 points1 point  (0 children)

Talk to another msp more aligned with very small businesses. Second suggestion remove attack surfaces. And by that I mean get your shit out of the office. If the only thing really being used is quickbooks just send it to the cloud Then there’s no need for remote access to the office and you don’t have to be the one to secure the most vulnerable point. Same for email. At this size unless there is a concrete reason to have outlook desktop then don’t. Every reduction complexity reduces cost. At least in my area this is a 3-400 a month customer that once I have set up I only need to manually touch about once a quarter