Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SBS 2003 best practices.

Posted on 2004-10-06
4
266 Views
Last Modified: 2013-11-16
I’d love to see something like a definitive answer to this question:  

Which of these 3 configurations of SBS 2003 is the “best practice”?

Assume that external access to the server is required for things like OWA and Remote Workplace

Option 1: SBS is the firewall and LAN internet gateway, directly connected to the internet via 2nd NIC
Option 2: SBS is the gateway (again via 2nd NIC) with a router or firewall appliance between it an the Internet
Option 3: SBS and client systems all use the router as the gateway/firewall; SBS has a single NIC

Option 3 is what we’ve been doing, but my feeling is the option 2 is probably the best.  On the other hand, I remain concerned about the load on the server due to all LAN internet traffic passing through it.  I have no idea whether that is a real issue or not.

This is a rather broad question I know, I'm looking for some definitive pro's and con's.
0
Comment
Question by:logic1cs
4 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 12240228
Do some server monitoring - see what kind of performance you are getting out of things with System Monitor.  It can monitor your NIC throughput - for one or both NICs.  With option 1 you are putting a highly insecure system right on the internet for people to attack.  Bad idea (I don't care how much you patch it, people keep finding holes in Windows security and exploiting them).  Option 2 to me has some logic - until you realize that all you're doing is adding another layer of failure.  To keep your client workstations on the internet BOTH the router/firewall appliance AND the server must remain on.  Now this can actually work to your advantage if you want to use Windows to track throughput and use programs like Network Monitor to spy in the traffic actually going out to the internet.  But other than that, I'd consider it a waste.  Option 3 is the most logical and the one I'd recommend.
0
 

Author Comment

by:logic1cs
ID: 12240817
Thanks for the quick response.

I'm not referring to a specific network with this query. Server monitoring is always being done on our networks on a regular basis. We look after large and small networks for our clients, I'm trying to establish a "best practice".

I totally agree that option 1 is out of the question I just put it there for reference more than anything.
0
 
LVL 5

Accepted Solution

by:
t_swartz earned 125 total points
ID: 12243340
My two cents;
I have installed multiple SBS 2000 and 2003 servers. We typically go w/ your option 3. Keeping up w/ ISA is painful, especially if you need external access. Those third party firewall just work so much stable, plus they are easier to configure for remote access and whatnot. We feel so strongly about it, we even went back (at our expense) and removed ISA from the SBS server, diabled the external NIC and moved them over to Cisco PIX or Fortigate firewalls, depnding on the functionality required.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Samba Question 11 72
Network setup for 8  X Cisco Edge Switch 2960 and Cisco C6880-X-LE 7 38
Remote access problem to camera controller 9 37
Cisco WRVS4400N 11 37
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question