Setting up a small Windows Server 2003 network with 2 servers - best practices?

Posted on 2005-05-16
Last Modified: 2010-04-19
I'm building a Windows Server 2003 network and would like some input in the form of comments and suggestions as to best practices and layouts to achieve the desired result with the hardware we have.  For the purposes of this discussion, let's keep the "backup" talk to a minimum, as we are pretty well equipped with automated backup processes.  I'm more interested in security and preservation of settings;  I want to keep the primary domain controller clean.

We have 2 servers;  one brand-new (what I've been calling the Primary Server) and one slightly older and less powerful (of course I've been calling this the Secondary Server).

We have a Netgear hardware firewall/VPN but I think we'll want to use the internal software VPN in WS2003.  There is also a small LAN with a couple of XP systems hooked up to it.

We will be using Terminal Services and Active Directory to set up remote (and local) users with virtual desktops on the server.  Some internet and email applications will be accessed from these accounts.  Primary usage will be intensive data analysis using Office applications (Access).

As for network architecture, this is what I'm thinking:

     _ LAN _
     |        |
    S1      S2 -- firewall -- internet -- vpn tunnel

Do I want to isolate the user accounts to the secondary server, and put the data and applications on the primary (faster) server?  I suppose though that the user desktops should be on the machine housing the applications, and that the data, for speed, should be on the same machine within the network.  ?

What should be the distribution of roles between the two servers?  Should they both be domain controllers?

How would you set up a two-server small network with VPN and terminal services, where the primary objective is speed with relation to data access?
Question by:psk1
    LVL 5

    Expert Comment

    1 domain controller running all the services, dhcp, dns, ad.

    wouls use the second server as a file server.

    for your vpn etc.

    i would consider getting a 3rd server, spec not really that important and run isa as the firewall and web proxy and run the isa vpn services.

    hope helps
    LVL 7

    Accepted Solution

    Both should be Domain managers as you're completely screwed if you lose one. Also, in the realm of AD you don't have to worry as much about keeping the 'Primary Domain COntroller' clean. Unless you can afford dedicated servers you should work to maximise your investment. If you are on a small LAN you could even re-use some desktops as DC's but that would probably be obviated by the cost of the M$ licenses.

    Both should be DNS servers - the load is negligible. Faster server obviously secondary but unless you are talking thousands of workstations then it's over-specced anyway. You might want to look at the DNS capabilities of the Netgear? Probably limited.

    Use teh 80/20 rule and have both servers act as DHCP servers. Check the Netgear for DHCP capability as well then you can split it 60/30/20.

    Forget using Windows VPN rubbish and stick with the hardware based system or get yourself smoothwall and use it's MUCH more sophisticated VPN set up.

    Don't use this:

         _ LAN _
         |        |
        S1      S2 -- firewall -- internet -- vpn tunnel

    Use this:

             + -- firewall -- internet -- vpn tunnel
         _ LAN _
         |        |
        S1      S2

    Make the firewall your default gateway. No point in wasting good CPU doing routing when you have a router already in place!

    Terminal services on the fastest server while shared storage on the server with the most RAM and disk space.

    As for the 'intensive data analysis' dump Access - it's rubbish. Tiny datbase size and exceptionally slow. Start with MSDE and consider going to full blown SQL Server or, if you want blinding speed, go with MySQL.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
    Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now