Y Y
asked on
3 Windows 2003 servers, the best way to setup?
We are going to setup 3 windows servers: a file server,
an Exchange server and a SQLServer.
Based on your "real field experience", what is the right way to setup these 3 servers while considering the followings
1. faulgt tolerant
if one server is down, the 20 users can still log on into the network.
2. internet access
the server failure wont affect internet access.
3. security
how to setup the firewall to protect 3 servers while we can still use "Outlook Web Access" and remote control server from outside the company network
We wont buy Cisco, it's too expensive. We may use a regular 4 port router or a cheaper firewall (maybe SonicWall)
4. any other thoughts or ideas?
pls kindly advise, points may be splitted or increased depending on the feedback
thx
an Exchange server and a SQLServer.
Based on your "real field experience", what is the right way to setup these 3 servers while considering the followings
1. faulgt tolerant
if one server is down, the 20 users can still log on into the network.
2. internet access
the server failure wont affect internet access.
3. security
how to setup the firewall to protect 3 servers while we can still use "Outlook Web Access" and remote control server from outside the company network
We wont buy Cisco, it's too expensive. We may use a regular 4 port router or a cheaper firewall (maybe SonicWall)
4. any other thoughts or ideas?
pls kindly advise, points may be splitted or increased depending on the feedback
thx
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ShineOn
P.S. - I have 3 servers at home, but they're my toys... ;)
This is the setup I use with a similar sitution.
First the firewall. I hate Cisco. Its total overkill for most small applications and unless you want to use command line I suggest something else. Ive used Sonicwall's and have had good success with them when they work although one of the two Ive used broke. Sonicwall says its a known issue and Ive heard others say the same thing. Ive used Watchguard, which has a nice interface. Depending on your traffic and needs and preferences this can be a complicated choice. Sonicwall Soho3 is fine, others are fine too. Hell you could even use Microsoft's new firewall device which actually works fine and has a nice interface. (Not the most powerful or flexible though)
Next, the Windows 2003 setup.
Machine 1 - Active Directory Controller, Global Catalog Server and Exchange 2003 box. This is the machine that runs DNS also. You need IIS to run OWA on this machine although you could use the file server as a exchange front end box. Ill keep it simple and just say, this is your webserver. The traffic is not that much and will run fine.
Machine 2 - File Server and backup. Also make this a AD controller and a Global Catalog server just in case Machine 1 goes down, this one still keeps running. This one obviously needs DNS to run AD. Use this machine also to run daily backups. You can backup to HD without a problem. You can also backup SQL to this machine as well.
Machine 3 - SQL Server.
Make sure to raise the functional level of AD to WIndows 2003 level.
I think thats the basics...questions?
First the firewall. I hate Cisco. Its total overkill for most small applications and unless you want to use command line I suggest something else. Ive used Sonicwall's and have had good success with them when they work although one of the two Ive used broke. Sonicwall says its a known issue and Ive heard others say the same thing. Ive used Watchguard, which has a nice interface. Depending on your traffic and needs and preferences this can be a complicated choice. Sonicwall Soho3 is fine, others are fine too. Hell you could even use Microsoft's new firewall device which actually works fine and has a nice interface. (Not the most powerful or flexible though)
Next, the Windows 2003 setup.
Machine 1 - Active Directory Controller, Global Catalog Server and Exchange 2003 box. This is the machine that runs DNS also. You need IIS to run OWA on this machine although you could use the file server as a exchange front end box. Ill keep it simple and just say, this is your webserver. The traffic is not that much and will run fine.
Machine 2 - File Server and backup. Also make this a AD controller and a Global Catalog server just in case Machine 1 goes down, this one still keeps running. This one obviously needs DNS to run AD. Use this machine also to run daily backups. You can backup to HD without a problem. You can also backup SQL to this machine as well.
Machine 3 - SQL Server.
Make sure to raise the functional level of AD to WIndows 2003 level.
I think thats the basics...questions?
I have seen posts on EE that advise against having Exchange on your PDC...
Ive seen different points of view on it, but Exchange 2003 requires all kinds of information from Active Directory. It runs faster on the same box. I do it here and it runs great.
Since techcity wants to have login redundancy, I would recommend having file/print on the PDC and Exchange on a BDC.
There is no such thing as a BDC in Windows 2003 Active Directory Domain Controllers. I wish you NT old-foggies would get with the new slang. ;)
So exchange will run faster if its on a domain controller (any) but dont mistake that one domain controller is more of a domain controller than another.
So exchange will run faster if its on a domain controller (any) but dont mistake that one domain controller is more of a domain controller than another.
Ahhhhccchhh, it's all the same dang thing, just with a "transitive trust" kludge.
The "multimaster" stuff is just smoke-and-mirrors. If you want to have a fault-tolerant, redundant system, then your most stable system is where you should put your "master" "PDC" whatever. You can put a copy of AD on your Exchange server, but it shouldn't be your "main" copy. Since the most important part of your network will be file and print services, you want the "main" copy on your file/print server, and that should be the one that has the backup system and the most fault-tolerant hardware.
The "multimaster" stuff is just smoke-and-mirrors. If you want to have a fault-tolerant, redundant system, then your most stable system is where you should put your "master" "PDC" whatever. You can put a copy of AD on your Exchange server, but it shouldn't be your "main" copy. Since the most important part of your network will be file and print services, you want the "main" copy on your file/print server, and that should be the one that has the backup system and the most fault-tolerant hardware.
ShineOn (is that a reference to Berry Gordy's The Last Dragon?) didnt you start this thread with, Microsoft stinks? Its not just smoke and mirrors. If you have your GC and your AD on two different servers. Either one can go down and you are ok. There are FSMO roles, but I dont think this particular question requires special attention to them. Im assuming that he turns off Netbios to avoid extra network chatter as well. By "main" do you mean "first"?
By the way, you can always be MORE redundant, more fail-safe. Usually requiring more hardware. We brought up fibre channel SANs but if the questioner has 3 servers to do these things, I dont imagine he has lots of cash floating around for extra hardware.
Anyway, Im rambling, its late. ;) I love Windows 2003 server by the way. Im extremeley pleased with everything about it.
By the way, you can always be MORE redundant, more fail-safe. Usually requiring more hardware. We brought up fibre channel SANs but if the questioner has 3 servers to do these things, I dont imagine he has lots of cash floating around for extra hardware.
Anyway, Im rambling, its late. ;) I love Windows 2003 server by the way. Im extremeley pleased with everything about it.
Glad you're happy.
ShineOn is a reference to the Pink Floyd "Wish You Were Here" album, specifically the song "Shine On You Crazy Diamond." I am a Pink Floyd fan. Nothing else implied.
I started this thread with "leave it to Microsoft to require THREE SERVERS to service a whole 20 Users." Not "Microsoft Stinks." Those are your words, don't put them in my mouth.
Anyway, why would it be even remotely within reason to expect a 20-USER environment to have THREE SERVERS or even MORE as you have implied? Next you guyz'll be suggesting a server for each user...
AD is STILL a transitive-trust kludge on top of the domain model. I'm still waiting to see what it'll be like when it grows up.
ShineOn is a reference to the Pink Floyd "Wish You Were Here" album, specifically the song "Shine On You Crazy Diamond." I am a Pink Floyd fan. Nothing else implied.
I started this thread with "leave it to Microsoft to require THREE SERVERS to service a whole 20 Users." Not "Microsoft Stinks." Those are your words, don't put them in my mouth.
Anyway, why would it be even remotely within reason to expect a 20-USER environment to have THREE SERVERS or even MORE as you have implied? Next you guyz'll be suggesting a server for each user...
AD is STILL a transitive-trust kludge on top of the domain model. I'm still waiting to see what it'll be like when it grows up.
You could run 20 people, exchange, file server, SQL, AD etc on one box, something from dell costing between 1-2k. It would run just fine and no one would have trouble. Splitting out SQL and splitting out the file server just disperses the load to more than one machine and makes fewer single points of failure for everything. But dont act like 1 box would crumble under 20 people. It wouldnt. Ok Im going tosleep. I think we answered the question and then some.
Wouldn't it be better to have 2 servers that can handle all the stuff a 20-user environment would need, and have them in a clustered, failover configuration than to spread each service over separate servers? Why is it that server consolidation isn't a priority? 25 years ago, before the PC was even dreamt of, mainframe computers were running multiple services all on the same box without a problem. Why doesn't it seem to be a step backward to you, to require separate servers for the various services?
ASKER
Sorry for the delayed reply. I was too busy to come back.
Thanks Shineon, Thanks Kokoglen. Thanks for all the comments. They are very helpful.
To: Shineon
RE: 20 users VS 3 servers
You are correct: for 20 users, 3 servers is really a overkill. I was thinking running Windows Small Business Server 2003 on 1 server box to support file/internet sharing, ISA firewall, Exchange and SQL, and make this server very robust: dual CPUs, dual power supplies, RAID 10. But I still have 2 concerns about this all-in-1 solution.
1. If the RAID card is dead, the server will be down for about 4 hrs before Dell replaces it. ( we are going to buy 3 yr, 24X7, 4 hrs response on-site warranty from DELL)
2. If something is wrong with software (e.g. viruses, windows corrupted, etc), no matter how fault tolerant the hardware is, the server has to be down to have a service.
That is why i am thinking about running 3 servers to split the load to avoid "single point of failure", just like Kokoglen said.
RE:SAN
You are correct. It is beyond our budget. We will not deploy it.
RE:Server independent internet access.
I will do some research to find out a firewall which deals with internet connection sharing
RE: hot plug PCI and N+1 power supply
What is hot plug PCI?
What is N+1 power supply?
TO: Kokoglen
RE: Sonicwall
1. Is this firewall based on user license? I mean, do i have to buy 20 user licenses to run this firewall or it will protect the whole network no matter how many PCs/servers are behind it ?
2. Does this firewall deal with Internet connection sharing? Can it be a DHCP server?
3. You mentioned you have one broke. What kind of "broke" is it?
Stopped functioning? or a design problem? Which model of the problematic Sonicwall is it? so that i will avoid buying it.
4. You mentioned Soho3 and Watchguard, which one works better in your 3 server environment?
RE: Windows 2003 setup
Your explanation is pretty detailed and clear.
You mentioned "you can backup to HD without a problem", what are you trying to say? I guess you are saying that i can put IDE HDs in server and do the backup on them in addition of the tape backup. Am i right?
Thanks again
Thanks Shineon, Thanks Kokoglen. Thanks for all the comments. They are very helpful.
To: Shineon
RE: 20 users VS 3 servers
You are correct: for 20 users, 3 servers is really a overkill. I was thinking running Windows Small Business Server 2003 on 1 server box to support file/internet sharing, ISA firewall, Exchange and SQL, and make this server very robust: dual CPUs, dual power supplies, RAID 10. But I still have 2 concerns about this all-in-1 solution.
1. If the RAID card is dead, the server will be down for about 4 hrs before Dell replaces it. ( we are going to buy 3 yr, 24X7, 4 hrs response on-site warranty from DELL)
2. If something is wrong with software (e.g. viruses, windows corrupted, etc), no matter how fault tolerant the hardware is, the server has to be down to have a service.
That is why i am thinking about running 3 servers to split the load to avoid "single point of failure", just like Kokoglen said.
RE:SAN
You are correct. It is beyond our budget. We will not deploy it.
RE:Server independent internet access.
I will do some research to find out a firewall which deals with internet connection sharing
RE: hot plug PCI and N+1 power supply
What is hot plug PCI?
What is N+1 power supply?
TO: Kokoglen
RE: Sonicwall
1. Is this firewall based on user license? I mean, do i have to buy 20 user licenses to run this firewall or it will protect the whole network no matter how many PCs/servers are behind it ?
2. Does this firewall deal with Internet connection sharing? Can it be a DHCP server?
3. You mentioned you have one broke. What kind of "broke" is it?
Stopped functioning? or a design problem? Which model of the problematic Sonicwall is it? so that i will avoid buying it.
4. You mentioned Soho3 and Watchguard, which one works better in your 3 server environment?
RE: Windows 2003 setup
Your explanation is pretty detailed and clear.
You mentioned "you can backup to HD without a problem", what are you trying to say? I guess you are saying that i can put IDE HDs in server and do the backup on them in addition of the tape backup. Am i right?
Thanks again
hot-plug PCI:
Some servers have the capability of adding PCI devices without downing the server. It's often called "hot add." I know IBM has that capability on several of its Intel servers. With hot-plug or hot-add PCI, if, for instance, if your server's NIC dies - you can add another NIC without shutting down, and get things going again with minimized impact.
n+1 redundancy is essentially one of the basics of RAID, and when applied to power supplies, means that if one power supply fails, the remaining power supplies take over, and you can remove and replace the failed power supply without downing the server. It means that the server's power supplies are multiply redundant.
Some servers have the capability of adding PCI devices without downing the server. It's often called "hot add." I know IBM has that capability on several of its Intel servers. With hot-plug or hot-add PCI, if, for instance, if your server's NIC dies - you can add another NIC without shutting down, and get things going again with minimized impact.
n+1 redundancy is essentially one of the basics of RAID, and when applied to power supplies, means that if one power supply fails, the remaining power supplies take over, and you can remove and replace the failed power supply without downing the server. It means that the server's power supplies are multiply redundant.
ASKER
TO: Kokoglen
I am happy to know you have the similar environment, so i put a few more questions for you in here. Hopefully you would spend a while to look at them.
RE: backup
What backup software are you running? Veritas Backup Exec?
If i purchase Exchange and SQL agents, it will be expensive.
Do you use the native backup?
RE: antivirus
What antivirus software are you running? Symantec? TrendMicro? or McAfee?
thx
I am happy to know you have the similar environment, so i put a few more questions for you in here. Hopefully you would spend a while to look at them.
RE: backup
What backup software are you running? Veritas Backup Exec?
If i purchase Exchange and SQL agents, it will be expensive.
Do you use the native backup?
RE: antivirus
What antivirus software are you running? Symantec? TrendMicro? or McAfee?
thx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'll drop off an let you two do it your own way. The whims of youth always trump the wisdom of age.
Take care...
Take care...
ASKER
TO: Shineon
Thx for the fast response to my question. You are the first one commented on my question. And your comments are also valuable even I a little bit disagree your all-in-one-box sulotion.
You mentioned in the old days, the main frame deals with everything and works fine. This is because the main frames are very expensive. People can not afford a few main frames running together to split workload. Also, they take a lot of space. I used to work on IBM4381, we built a huge computer room for this giant.
TO: Kokoglen
Thx for your further comments, we are closer. Your comments are very valuable. You answered pretty much of my questions. I will think about to see if i still have any this weekend and i will close this case by next Monday.
I am also a tech support and i also answer questions in this forum (using a different name though). I really appreciate you guy's time and efforts. And i also know the feeling when you spend time input your comments but get no reply or no points.
I will increase the points for this question for sure and split the points for you guys.
thx again
Thx for the fast response to my question. You are the first one commented on my question. And your comments are also valuable even I a little bit disagree your all-in-one-box sulotion.
You mentioned in the old days, the main frame deals with everything and works fine. This is because the main frames are very expensive. People can not afford a few main frames running together to split workload. Also, they take a lot of space. I used to work on IBM4381, we built a huge computer room for this giant.
TO: Kokoglen
Thx for your further comments, we are closer. Your comments are very valuable. You answered pretty much of my questions. I will think about to see if i still have any this weekend and i will close this case by next Monday.
I am also a tech support and i also answer questions in this forum (using a different name though). I really appreciate you guy's time and efforts. And i also know the feeling when you spend time input your comments but get no reply or no points.
I will increase the points for this question for sure and split the points for you guys.
thx again
ASKER
TO: Kokoglen
RE: USB hard drive
Your USB HDD backup solution is very attactive. It is cheaper, faster. If we purchase a few, we can also take them off site just like we do on tapes.
How long have you been running this solution? is it ok so far?
RE: Native backup
Do you think we can make the native backup to backup files, exchange and sql all together and AUTOMATICALLY?
Because this client doesnot have a full time IT guy to take care of the servers. So i have to make the backup solution as simple as possible.
thx
RE: USB hard drive
Your USB HDD backup solution is very attactive. It is cheaper, faster. If we purchase a few, we can also take them off site just like we do on tapes.
How long have you been running this solution? is it ok so far?
RE: Native backup
Do you think we can make the native backup to backup files, exchange and sql all together and AUTOMATICALLY?
Because this client doesnot have a full time IT guy to take care of the servers. So i have to make the backup solution as simple as possible.
thx
USB HD backup. Yes it works fine. Basically the limitations are that IDE drives (which are inside the USB enclosures) last as long as IDE drives normall last. So expect to replace them every 3-5 years with newer ones, but its still pretty cheap. Make sure its USB 2.0, its much faster than 1.1. Ive been doing this for about a year.
Native Backup. Yes, you can, but you will need to read some documentation on how to backup SQL. Exchange and Files are simple. Ive only done this once before with someone else helping so I know it works but not the details. (might be worth a seperate question).
Some helpful links:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/sql/maintain/monitor/c11ppcsq.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/sql/reskit/sql7res/part8/sqc10.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sqldmo/dmoref_ob_b_5hkk.asp
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q241/3/97.ASP&NoWebContent=1
Basically, its easier if you spend the money on Veritas, but it WILL work without it, its just harder.
But Ive forgotton a major thing here...Windows 2003 has a feature called Shadow Copy (which Ive never used). Supposedly it creates a live copy of the server with everything on it. You could set it up this way:
Machine 1: AD, DNS, Exchange, NT backup to USB Drive
Machine 2: AD, DNS, SQL server and File Server
Machine 3: Shadow Copy of Machine 2
This way you have a LIVE backup machine just waiting to be used. It will have a copy of all the files and all SQL configuration and detail.
Its just a thought but this would handle 20 users just fine and have very nice redundancy. Sorry If Im changing gears mid-question. Ive never used this solution myself so its just brainstorming.
Native Backup. Yes, you can, but you will need to read some documentation on how to backup SQL. Exchange and Files are simple. Ive only done this once before with someone else helping so I know it works but not the details. (might be worth a seperate question).
Some helpful links:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/sql/maintain/monitor/c11ppcsq.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/sql/reskit/sql7res/part8/sqc10.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sqldmo/dmoref_ob_b_5hkk.asp
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q241/3/97.ASP&NoWebContent=1
Basically, its easier if you spend the money on Veritas, but it WILL work without it, its just harder.
But Ive forgotton a major thing here...Windows 2003 has a feature called Shadow Copy (which Ive never used). Supposedly it creates a live copy of the server with everything on it. You could set it up this way:
Machine 1: AD, DNS, Exchange, NT backup to USB Drive
Machine 2: AD, DNS, SQL server and File Server
Machine 3: Shadow Copy of Machine 2
This way you have a LIVE backup machine just waiting to be used. It will have a copy of all the files and all SQL configuration and detail.
Its just a thought but this would handle 20 users just fine and have very nice redundancy. Sorry If Im changing gears mid-question. Ive never used this solution myself so its just brainstorming.
ASKER
I increased points from 50 to 250, and split them to you guys
Hopefully you guys feel ok for the points arrangement. If any of you feel your answer(s) worth more points, pls let me know, i will do my best.
I appreciate your comments and attitude which can not be evaluated by points.
Thanks and have a nice weekend,
Hopefully you guys feel ok for the points arrangement. If any of you feel your answer(s) worth more points, pls let me know, i will do my best.
I appreciate your comments and attitude which can not be evaluated by points.
Thanks and have a nice weekend,
no worries, good luck
First, on the mainframe thing. I used to work on a 4381 as well... and a 4341 and a 4361 and a 3083 and so on... The idea isn't that these boxes were exepnsive (they were) or large (they were) but that the processing power in today's Intel servers is much greater than what was available with those old mainframes. You get a lot more MIPS from a 2Ghz Xeon processor that you ever could hope for from an air-cooled 4300-series mainframe - plus a whole lot more, and faster, memory and much cheaper and faster disk storage.
That's why consolidating your services DOES make sense these days, because you can set up a failover cluster relatively cheaply.
As far as backup is concerned, one thing you might consider is to burn a baseline backup to DVD on a regular basis, say once a quarter, DVD isn't subject to degradation caused by EM fields.
That's why consolidating your services DOES make sense these days, because you can set up a failover cluster relatively cheaply.
As far as backup is concerned, one thing you might consider is to burn a baseline backup to DVD on a regular basis, say once a quarter, DVD isn't subject to degradation caused by EM fields.
ASKER
TO: Shineon
If i am not wrong, consolidating services with cluster offers fault tolerance on hardware. What happens if the OS or application corrupted? You have to down the whole thing to fix it.
Distributing services on different servers will keep the whole network up even we have to down one of them. Say if email server is down, we can still have access file server and sql server.
I quite agree with you about baseline backup on DVD or CD. My clients always ask me whether the hard drive is big enough. Actually it can never be big enough. The hard drive can be so easily filled up no matter how big it is. So i always do an offsite backup on old emails and docs and save them on discs. Fewer data left on hdd makes the system running healthier and also make the tape drive last longer.
thx for the contribution to my questions, and your knowledge benefits me a lot.
If i am not wrong, consolidating services with cluster offers fault tolerance on hardware. What happens if the OS or application corrupted? You have to down the whole thing to fix it.
Distributing services on different servers will keep the whole network up even we have to down one of them. Say if email server is down, we can still have access file server and sql server.
I quite agree with you about baseline backup on DVD or CD. My clients always ask me whether the hard drive is big enough. Actually it can never be big enough. The hard drive can be so easily filled up no matter how big it is. So i always do an offsite backup on old emails and docs and save them on discs. Fewer data left on hdd makes the system running healthier and also make the tape drive last longer.
thx for the contribution to my questions, and your knowledge benefits me a lot.
If the cluster pair is resilient you should be able to remove one of the two from the cluster, fix it, and then bring it back online and resync the changes. The user data in a cluster should be on a SAN, so it shouldn't matter which server is handling the data.
Data redundancy is another matter. You can do that with a SAN, too, IIRC, by having a flash copy taken on a regular basis - it's not really redundancy, more of a checkpoint backup.
If you have to shut down both nodes of a cluster to fix anything then something is wrong with how the cluster is configured, IMHO.
Do you think the ppl that use Datacenter Server have a server for each service on those big, expensive boxes? Not likely.
Today, mainstream hardware is cheap, but time is not. The only way to get anywhere NEAR five-nines is with a cluster.
Data redundancy is another matter. You can do that with a SAN, too, IIRC, by having a flash copy taken on a regular basis - it's not really redundancy, more of a checkpoint backup.
If you have to shut down both nodes of a cluster to fix anything then something is wrong with how the cluster is configured, IMHO.
Do you think the ppl that use Datacenter Server have a server for each service on those big, expensive boxes? Not likely.
Today, mainstream hardware is cheap, but time is not. The only way to get anywhere NEAR five-nines is with a cluster.
ASKER
now i got your point, thanks and have a nice weekend