Solved

windows 2003 sbs concerns

Posted on 2004-10-21
216 Views
Last Modified: 2010-04-19
My company's website and email are hosted by a third party web server. We also have two in-house servers. One, a Windows 2000 machine, is mainly a file server - it's used for employee access to several programs and files through the network. The other one is a WinXP Pro machine, and is set up as with IIS as a web and ftp server for web utilities, reports, and documents, which are mainly accessed by employees - both in-office, and at home or on the road.

I would like to consolidate all these functions (web, file, program, ftp, email) into an in-house, new Windows 2003 SB server machine (which I have not purchased yet).

Here is a breakdown of functions I need for a new server, and questions/concerns that I have:

* Function as a web server - anyone should be able to access the company website from the internet.

* Function as an email server - be able to set up company email accounts using company domain (e.x. bob@mycompany.com) - employees will be able to keep their existing company email addresses; they will just be set up on the new server instead of the third party server as of now.

* Function as a file server - Employees will be able to connect (e.x. map a network drive) to the new server and be linked to several company-essential applications and files.

* Function as a terminal server - select employees will be able to login to the server remotely from home or on the road like they are doing now to the win2000 machine.

Now, how hard would it be to setup DNS on the new server (for web and email use), and switch it over from the third party server we are currently using?

Also, what's the deal with CALs for Windows 2003 Server? I'm assuming only the office machines will need them. How much time would it take to setup a client (WinXP or 2000) machine to be able to connect and communicate with the 2003 server through the office LAN?

Any additional information that you think is important would be appreciated.
0
Question by:vitanza
    3 Comments
     
    LVL 5

    Accepted Solution

    by:
    You can do all of this with SBS.

    Lets address your issues.  

    Here is a breakdown of functions I need for a new server, and questions/concerns that I have:

    * Function as a web server - anyone should be able to access the company website from the internet.

    This is no problem.  You do have a security concern however, you are now letting people connect directly to your server for webpages.  This is also the server that houses all of your confidential business data.  This is the catch 22 with SBS.  It has tons of cool features but does introduce some security risks.  It does come with ISA server depending on the version you buy.  While ISA server is a good firewall, it does not function as well as it could when it is on the same servers as what it is trying to protect.  if you can put in a second server and use ISA on that, you should.  Then you can publish your web sites to it and help protect yourself a little more.  I would also look at a hardware firewall like a Cisco PIX.  You can get the 501 for less than 500 dollars.  This as well as the ISA server will help protect your email as well

    * Function as an email server - be able to set up company email accounts using company domain (e.x. bob@mycompany.com) - employees will be able to keep their existing company email addresses; they will just be set up on the new server instead of the third party server as of now.

    This is no problem.  You are going to change your MX record to point to the external interface of your internet presence.  This may be your PIX firewall or your ISA server.  You are going to need a static IP address from your ISP.  You can do it with dynamic address and a company like dynamicdns to keep track of your dns, but I dont reccomend it.  Once your MX record is changed mail will start flowing to you.  You of course need to make the apporpraite rules in your firewall to allow the traffic through.  I would then import your users PST files from Outlook into Exchange.  If they are using outlook express, upgrade them to Outlook (included with sbs)and then import the PST files.


    * Function as a file server - Employees will be able to connect (e.x. map a network drive) to the new server and be linked to several company-essential applications and files.

    No Problem, nothing fancy here.  Login scripts and mapped drives

    * Function as a terminal server - select employees will be able to login to the server remotely from home or on the road like they are doing now to the win2000 machine.

    You will need to purchase the correct amount of Terminal Sever CALS.  These are different then they were in 2000.  Windows 2000 and XP included a free TSCal for connecting to Windows 2000 Terminal Servers, that is goine with 2003.  Depending on how many users you have you may want to keep your 2000 Terminal Server.  Then you dont have to buy CALS

    Now, how hard would it be to setup DNS on the new server (for web and email use), and switch it over from the third party server we are currently using?

    You wouldnt set this up as an external DNS server.  There is no reason for this.  You will have DNS installed by default for internal use.  You just configure forwarders.

    Also, what's the deal with CALs for Windows 2003 Server? I'm assuming only the office machines will need them. How much time would it take to setup a client (WinXP or 2000) machine to be able to connect and communicate with the 2003 server through the office LAN?

    You can by device CALS or user CALS.  If you buy a device CAL than only one device can connect.  If you purchase a USER cal, then that user can connect from wherever.  So if the user has a laptop and a desktop, buy a user cal.  If the user only has one device then just by a device cal.  No matter what you still need Termsinal Server CALS

    Hope this helps

    0
     
    LVL 4

    Expert Comment

    by:shard26
    What snowsurfer said was pretty much on the money.  I do have a few things to add.

    with SBS 2003 you can not set up Terminal services in application mode.  That means your stuck with admin mode whick only allows 2 connections at a time.  By default only admins can log in but you can change it to allow other none admin users access if needed.  Now thats not recommended unless you lock it down using GPO's and loopback mode. setting up loopback and GPO's can be tricky so I would practice before going live.  The good news if you leave it in admin mode it doesn't track CALS so you won't need to purchase any.

    Also like snowsurfer said the 501 pix is a great choice.  Just remember that the 501 is not like the other pix's out there that just keep track the amount of internet connections you have.  It tracks your mac's so it only lets by default 10 mac's access to the internet.  If you want more then that you will have to buy more licenses.  That means if you have 15 stations the first 10 stations to go to the internet wins. The other 5 are out of luck until you restart your pix's.

    Hope that helps
    0
     

    Author Comment

    by:vitanza
    thanks guys....

    I have one more question - if I get user CALs and one of the users is no longer with the company, can I simply "switch" or "rename" that CAL so a new employee/user can use it?
    How exactly do CALs work? Is it a small program that must be installed on each machine? Or is it simply a code or password that must be entered?
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

     Java Android Coding Bundle

    Whether you're an Apple user or Android addict, learning to code for the Android platform is an extremely valuable, in-demand skill. It all starts with Java, the language behind the apps and games that make Android the top platform it is today.

    Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
    This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
    This video Micro Tutorial is the second in a two-part series that shows how to create and use custom scanning profiles in Nuance's PaperPort 14.5 (http://www.experts-exchange.com/articles/17490/). But the ability to create custom scanning profiles a…

    856 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now