We are trying to migrate from Windows Server 2003 SBS to Windows Server 2008 SBS. Our problem is that in W2003 it is very simple to get multiple internet accessible IP addresses simply by adding the addresses to our Network NIC. However, it seems that W2008 works quite differently, and we are having a problem in successfully connecting the server directly to the internet, and a router only accepts a single IP address on the WAN side.
Has anyone successfully set up W2008 with multiple addresses? We operate a few websites for our business, and they require different addresses. We actually have a string of 5, so we want to utilize them.
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
I am afraid that I am a bit lost. Our server is used specifically for hosting our websites. It therefore runs DNS, e-mail, and our websites. On W2003 we manually opened only the 6 or 8 ports necessary to do this. On W2008 it appears that I will also have to close ports that are opened by default.
If running such a configuration is a security risk, then how is a server to host websites?
You can do it, but there are risks involved. When you host websites on SBS (or any domain controller) you're bringing connections in through the firewall to the machine that holds the security context for your whole network.
Generally, publically accessible web sites are hosted on machines that live in a DMZ and are not domain controllers and often are not even members of a domain. That way if a machine does get compromised, the hackers still have to get through a second firewall. Additionally, they don't have access to the keys to the kingdom, aka a domain controller (in your case an SBS server).
If you don't have any other options -- a second server for hosting the web sites, a hosting service to host the web sites, etc. -- then you use what you have. I just thought that you should be aware of the risks in general terms. You may have perfectly good reasons for your configuration.
Anyway, you should be able to set multiple IP addresses through the network connection properties, TCP/IP properties, advanced button...
http://social.technet.micr
Please correct me if I am wrong, but on W2003 the system required two NICs- one for the internal network and another for the outside world. In W2008 this is not the case. Given that, our intent is to run the W2008 server strictly for DNS, e-mail, and websites. Our network (which is really just a couple of computers at the warehouse and at home) will not be connected behind the server. Those at the warehouse are on a different ISP, and those at home (where the server is located due to the better reliability of that ISP) will be run on one of the IP addresses, behind a router.
Does this make a difference to the concerns over security? Basically, if someone did manage to hack into the server, they would have access to basic web files that they can pull down from online, anyway. The only additional piece that they can pull is the SQL file, which contains names and addresses. And, unfortunately, if a hacker is going to get into our server for that, they are going to hack in wherever that file is, anyway. Nothing is 100% hacker-proof.
Two NICS is better, but you can assign multiple IPs to a NIC using the method I described.
With regard to hacking and data, it all depends on the value of the data. For instance, if the data in your SQL database is just addresses, then it may not be such a big deal. If those addresses have names, and SSNs, and / or credit card numbers, bank acount numbers, etc., then you're required by law to be sure that that information is secure.
Good luck!
The db only contains names and addresses (well, order history, but if anyone actually cares about that they must be very bored). We do not have SSN's or bank information, and CC#'s are never retained. Given that, the information is really not going to be of interest to anyone who would hack the system, as they cannot really profit from it.
I am able to get multiple IP's onto the NIC, but it seems that in doing so the automatic firewall rules that Windows puts in place do not function correctly. However, if I create manual rules then I am alright. I believe that my only remaining issue is that I cannot get Remote Web running, although the system says that it is. Any thoughts, or should I put that into a new question?
Business Accounts
Answer for Membership
by: zelron22Posted on 2009-03-09 at 20:40:49ID: 23843462
I don't have an answer for your question however I do have a concern. That concern is having a server that controls your domain security with public IP addresses and hosting websites. This potentially opens you up to some serious security issues.
Good luck!