• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 286
  • Last Modified:

Design question...

I just started at this new job. I am building them a brand new network, with brand new servers, etc. This is a small company (35 employees) so I was given a limited budget in which to buy equipment.

This is the equipment I have, and the duties that I have assigned to them thus far. My problem is I don't have a router, so I'm going to have to use one of the servers to handle routing duties. Whichever box I pick will have a second NIC in it, which I will hook the DSL line right up to. Which box should the second NIC go in to?

Server 1: Domain controller. Will be setup to handle DNS, print server, and maybe some file storage since the drives in it are pretty big.

Server 2: File server. This has a mission critical database on it, and will also serve as our main file storage location.

Server 3: SBS 2000 server. This is where Exchange 2000 will be running, as well as ISA 2000.. so this is our mail and our firewall box.

Server 4: Terminal Server/RAS box. This is the machine that our 5 employees in a remote office are going to connect to across the Internet to work on.

So, based off of this amount of equipment, which box should the line go into?
0
Gabe_Rivera
Asked:
Gabe_Rivera
  • 4
  • 3
  • 2
  • +1
1 Solution
 
Banyan99Commented:
I know this is not the answer you want to hear but maybe you should consider a basic 16 port firewall/router/switch. This would eliminate the need for a second nic in any machine and could also be used as the main swtich for the network. These can be picked up now for less than $200.
0
 
mikecrCommented:
Your SBS 2000 box. Your going to want to keep your firewall as close to your internet connection as possible, however, be careful with running Exchange and ISA server on the same box as you will need to make sure that you create a rule in your rule base to open the SBS box for email traffic as this will all be closed off by default.
0
 
Joel MillerDevOps EngineerCommented:
I agree with Banyan. I would never do routing on a Windows 2000 PC. You could however, pick up an even cheaper solution for the time being until your company can afford a router.

You could purchase a 1-4 port Linksys Router that would do nothing but serve Internet routing and basic Firewall. Then you would have the ability to NAT easily if you needed and your other Firewall would be even more effective with the Linksys router handlng the incoming firewall  also. (You could also turn off all functions except routing too if you wanted...) This solution would be under $100. You can actually pick them up for like $50-$60 on a deal.

They are very stable and reliable. It can also act as a DHCP server, DNS, NAT, and other features if for some reason, your DNCP server went down temporarily, you could start up DHCP on the router.


I hope this is of some help to you...
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
Gabe_RiveraAuthor Commented:
Why would you never do routing on a Windows 2000 server? I have a Windows 2000 box that I use for routing at the office right now and it works like a champ, what's the problem?

As I said, barring additional costs, which box would you pick? I have 1 vote for the SBS box.
0
 
Joel MillerDevOps EngineerCommented:
"Why would you never do routing on a Windows 2000 server? "

One - This is software driven and Microsoft not only has many "security" problems, but is prone to crash periodically.

Two - Putting all your eggs in one basket... If you do routing, DNS, Domain Controller, e-mail, file services, and print services on one computer and a print queue gets hung up and the only thing you can do to fix it is to reboot the Windows 2000 based server, BOOM, there goes everything all your users were working on.... because of a simple stuck print queue.

Three - Ease of use. Setting up Windwos 2000 routing and remote access is not only a bit difficult, you usually need training, and if something is not working right, it could take a LONG time to get it going. The hardware router? You reset it to default settings, change a few settings using web interface, and done. Or if it is completely dead, go get another for under $100. Set the new one up in just minutes.

Four - Uptime. If something really bad happened to that server, and you needed to reinstall or take it down for heavy maintenance, all users lose routing and Internet Access for that time also. If it had to go down for some reason and you didn't have all the services on that box and the router was a hardware router, then Internet Access for reasearch, mail, etc.. would still be possible.

Otherwise, to your specifications, I woud also go with the box with the ISA server service on it...
0
 
Joel MillerDevOps EngineerCommented:
BTW - I feel the same way about Software RAID for the same reasons. It can be done, and people can get it to work, but think of the complications that could happen if something were to go wrong...
0
 
mikecrCommented:
Please keep in mind Gabe that this is not the opinions of all of the Experts here. I have no problem with software routing or basically anything else that you need to get by with on a 35 user network, however, if we would be talking a 350 user network then I would suggest moving to hardware instead. A lot of companies normally can't afford to do things the way the IT department wishes them to be done so it remains that you need to apply work arounds in different situations. Against popular belief, I personally have had Windows 2000 servers that have been running for over a year now without any reboots except for the ocassional application of a recommended patch. I'll grant you that Microsoft has had some security bugs but they are making great effort to fix these problems and I would have more respect for knowing you have a problem and attempting to fix it than ignoring the situation altogether.

I had a nasty problem once with a Linksys wireless access point that I got the run around for 2 days on from them before anyone had the common sense to give me a beta copy of their firmware for it that didn't completely cure the problem but it did help. So this goes to show that any company can have faults, it just depends how they handle them.
0
 
Gabe_RiveraAuthor Commented:
Thank you for your comments and input Mike, it's very much appreciated.
0
 
Joel MillerDevOps EngineerCommented:
Very nicely put mikecr!
0
 
Gabe_RiveraAuthor Commented:
Hey I forgot to ask:

I have found that with Small Business Server and the installation of Exchange 2000, it wants the server to be a domain controller.

Should I be concerned about a machine that will be my primary domain controller, my Exchnage server, and my firewall server all sitting out there on the Internet for someone to come and abuse?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now