Setting up a small Windows Server 2003 network with 2 servers - best practices?

I'm building a Windows Server 2003 network and would like some input in the form of comments and suggestions as to best practices and layouts to achieve the desired result with the hardware we have.  For the purposes of this discussion, let's keep the "backup" talk to a minimum, as we are pretty well equipped with automated backup processes.  I'm more interested in security and preservation of settings;  I want to keep the primary domain controller clean.

We have 2 servers;  one brand-new (what I've been calling the Primary Server) and one slightly older and less powerful (of course I've been calling this the Secondary Server).

We have a Netgear hardware firewall/VPN but I think we'll want to use the internal software VPN in WS2003.  There is also a small LAN with a couple of XP systems hooked up to it.

We will be using Terminal Services and Active Directory to set up remote (and local) users with virtual desktops on the server.  Some internet and email applications will be accessed from these accounts.  Primary usage will be intensive data analysis using Office applications (Access).

As for network architecture, this is what I'm thinking:

     _ LAN _
     |        |
    S1      S2 -- firewall -- internet -- vpn tunnel

Do I want to isolate the user accounts to the secondary server, and put the data and applications on the primary (faster) server?  I suppose though that the user desktops should be on the machine housing the applications, and that the data, for speed, should be on the same machine within the network.  ?

What should be the distribution of roles between the two servers?  Should they both be domain controllers?

How would you set up a two-server small network with VPN and terminal services, where the primary objective is speed with relation to data access?
LVL 2
psk1Asked:
Who is Participating?
 
CiaranDolanConnect With a Mentor Commented:
Both should be Domain managers as you're completely screwed if you lose one. Also, in the realm of AD you don't have to worry as much about keeping the 'Primary Domain COntroller' clean. Unless you can afford dedicated servers you should work to maximise your investment. If you are on a small LAN you could even re-use some desktops as DC's but that would probably be obviated by the cost of the M$ licenses.

Both should be DNS servers - the load is negligible. Faster server obviously secondary but unless you are talking thousands of workstations then it's over-specced anyway. You might want to look at the DNS capabilities of the Netgear? Probably limited.

Use teh 80/20 rule and have both servers act as DHCP servers. Check the Netgear for DHCP capability as well then you can split it 60/30/20.

Forget using Windows VPN rubbish and stick with the hardware based system or get yourself smoothwall and use it's MUCH more sophisticated VPN set up.

Don't use this:

     _ LAN _
     |        |
    S1      S2 -- firewall -- internet -- vpn tunnel

Use this:

         + -- firewall -- internet -- vpn tunnel
         |
     _ LAN _
     |        |
    S1      S2

Make the firewall your default gateway. No point in wasting good CPU doing routing when you have a router already in place!

Terminal services on the fastest server while shared storage on the server with the most RAM and disk space.

As for the 'intensive data analysis' dump Access - it's rubbish. Tiny datbase size and exceptionally slow. Start with MSDE and consider going to full blown SQL Server or, if you want blinding speed, go with MySQL.
0
 
mlemanCommented:
1 domain controller running all the services, dhcp, dns, ad.

wouls use the second server as a file server.

for your vpn etc.

i would consider getting a 3rd server, spec not really that important and run isa as the firewall and web proxy and run the isa vpn services.

hope helps
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.