Solved

Windows 2003 Based Network Design

Posted on 2006-07-09
9
271 Views
Last Modified: 2010-08-05
Hello,

I am looking for advice on how to design my small network. I have a small office and currently I have a DSL modem which connects to my Linksys switch. My Windows 2003 server connects to the switch and I have about 8 workstations. My Windows 2003 server also hosts my IIS, Exchange 2003, and job tracking software. It also is my file server.

I now have another server and got Windows 2003 Small Office Premium edition. I am trying to figure out what the best network design layout would be for me. Given that I now have 2 servers and 8 workstations how would you recommend that I setup my network? I need Exchange 2003 and IIS for my public web page. Also, I would like to use Sharepoint. I am also concerned about my Domain Controller being directly connected to my switch. Should I get another switch? My new used server contains two NICS.

Hopefully this is enough information for discussion. Thank you in advance for your help.

John
0
Comment
Question by:jhieb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 450 total points
ID: 17068678
First thing I would do is throw the public web site out. Put it on a host external to your network. That will allow you to close port 80 on the firewall and secure your network. Web hosting is so cheap these days, and by removing the web site means you don't have to worry about anything happening to your public presence while moving everything around.

Hopefully you have a firewall of some kind between the internet and your servers.

Two NICs in a server is fairly common, but doesn't actually help a great deal in many cases. With a network of this size you will gain nothing from teaming the NICs together.

What is "Windows 2003 Small Office Premium Edition"?

Do you mean Windows 2003 Small Business Server Premium?
If so, the first question that has to be asked is what is the other server? Is that a standard server or another SBS?
If it is a standard server, then you can join the SBS to that domain, but you must move all of the domain roles over to the SBS server very shortly afterwards. An SBS must be "top dog" ie, running all the roles on the domain.

Considering that SBS also contains Exchange, one thing you might want to consider is moving all of your key applications, such as Exchange, file serving etc, on to the new server. Moving Exchange is quite easy and has been covered many times.
Once you have moved everything off the other server, dcpromo it out of the domain and turn it in to a conventional member server. Then do any experimenting on that machine, instead of your production kit.

Simon.
0
 
LVL 1

Author Comment

by:jhieb
ID: 17069015
Yes, it is Small Business Server Edition. My find and fingers must have been quarreling.... The one reason why I like hosting my own web site is that I can use Outlook Web Access and also access my own external support site.

If I decide to let someone else host my web site how would I still use Outlook Web Access and my external web site? Also, what about email? I don't mind someone else hosting my site but I want control over my own Exchange server.

Thanks.
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 50 total points
ID: 17069024
Exchange can run over SSL - I would agree with NOT hosting your own web site, but there's no STRONG reason you can't continue to use OWA and host your own email.

You didn't answer the question of what the existing server is - is the EXISTING server an SBS server or a standard server?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:jhieb
ID: 17069037
The existing server is a standard server. I subscribed to the Microsoft Action Pack or solution provider subscription so it has a few flavors of Windows 2003 server. Currently, the one I am running is Windows 2003 Server Standard Edition.
0
 
LVL 1

Author Comment

by:jhieb
ID: 17069103
I am considering having someone else host my web site like you suggested and also my email. I may as well let them do my email, too. Now, the only thing I wonder about is how to host my support link. I have support software that uses IIS and it is accessed via my web site. How would I still let users access my support web site if I close port 80? If my registered business name goes to my hosted site then would I have a hyplerlink go to the IP address where my support site is? I am a bit confused how to do this. This is probably the only kink in the whole design. If someone else hosts email and the web then the rest of the network is easy to design.
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 450 total points
ID: 17069346
What does the support site do? Could be easily moved to another server?
If you are going to an SBS server, then I don't like the idea of having that hosting anything "public" except for OWA. You need to discourage users from accessing your internal network where possible - especially a machine that is also Exchange, domain controller, file server etc.

Simon.
0
 
LVL 1

Author Comment

by:jhieb
ID: 17070775
Yes, the support site could be put on a different server. I suspect this would be a server that is on the other side of a DMZ. I understand the term a little bit but not fully. Is this what you would do? Would you have two switches so that one switch went directly to the internet and connected to the IIS machine while the Domain controller was behind another switch with a firewall or something like that?

PS: The support site is a help desk software package which requires IIS. End users access the support site via their web browser. They can logon and create support tickets and review a knowledge base. There are also logons for techs and helpdesk admins.
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 450 total points
ID: 17073114
Do you really mean a switch?
A switch just allows items to connect to each other. It doesn't provide routing capabilities to the internet.
I suspect that you mean a router, possibly with a built in switch.

A DMZ is a zone where you can put servers and resources where it needs to be isolated from the production network. It is the traditional place for public facing web servers. You can then control the traffic between the DMZ and your production network, and between the DMZ and the Internet.

Whether you need to use a DMZ is a different matter altogether.
I firmly believe that you should be in a position to drop whatever is in the DMZ with a moments notice. If you cannot, then the content shouldn't be in the DMZ.
For example, if you were running something that is database backed, then the database would be inside, with a restricted tunnel between the database server and the web server.

I don't tend to deploy DMZs very much - very few smaller clients can really justify the additional server and the lock down of the server to make a DMZ really work well.
Instead what I would probably consider doing is putting the public web site outside - on a host.
The support site should ideally be on its own server, possibly inside. As you will be controlling who can access it, put it on a unique port: http://support.domain.com:1234 for example.
Then put Exchange on its own server, using the standard https port of 443 to secure remote access. OWA doesn't like using alternative ports.

Simon.
0
 
LVL 1

Author Comment

by:jhieb
ID: 17082388
Thanks for the help.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question