Windows 2003 Based Network Design


I am looking for advice on how to design my small network. I have a small office and currently I have a DSL modem which connects to my Linksys switch. My Windows 2003 server connects to the switch and I have about 8 workstations. My Windows 2003 server also hosts my IIS, Exchange 2003, and job tracking software. It also is my file server.

I now have another server and got Windows 2003 Small Office Premium edition. I am trying to figure out what the best network design layout would be for me. Given that I now have 2 servers and 8 workstations how would you recommend that I setup my network? I need Exchange 2003 and IIS for my public web page. Also, I would like to use Sharepoint. I am also concerned about my Domain Controller being directly connected to my switch. Should I get another switch? My new used server contains two NICS.

Hopefully this is enough information for discussion. Thank you in advance for your help.

Who is Participating?
SembeeConnect With a Mentor Commented:
First thing I would do is throw the public web site out. Put it on a host external to your network. That will allow you to close port 80 on the firewall and secure your network. Web hosting is so cheap these days, and by removing the web site means you don't have to worry about anything happening to your public presence while moving everything around.

Hopefully you have a firewall of some kind between the internet and your servers.

Two NICs in a server is fairly common, but doesn't actually help a great deal in many cases. With a network of this size you will gain nothing from teaming the NICs together.

What is "Windows 2003 Small Office Premium Edition"?

Do you mean Windows 2003 Small Business Server Premium?
If so, the first question that has to be asked is what is the other server? Is that a standard server or another SBS?
If it is a standard server, then you can join the SBS to that domain, but you must move all of the domain roles over to the SBS server very shortly afterwards. An SBS must be "top dog" ie, running all the roles on the domain.

Considering that SBS also contains Exchange, one thing you might want to consider is moving all of your key applications, such as Exchange, file serving etc, on to the new server. Moving Exchange is quite easy and has been covered many times.
Once you have moved everything off the other server, dcpromo it out of the domain and turn it in to a conventional member server. Then do any experimenting on that machine, instead of your production kit.

jhiebAuthor Commented:
Yes, it is Small Business Server Edition. My find and fingers must have been quarreling.... The one reason why I like hosting my own web site is that I can use Outlook Web Access and also access my own external support site.

If I decide to let someone else host my web site how would I still use Outlook Web Access and my external web site? Also, what about email? I don't mind someone else hosting my site but I want control over my own Exchange server.

Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
Exchange can run over SSL - I would agree with NOT hosting your own web site, but there's no STRONG reason you can't continue to use OWA and host your own email.

You didn't answer the question of what the existing server is - is the EXISTING server an SBS server or a standard server?
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

jhiebAuthor Commented:
The existing server is a standard server. I subscribed to the Microsoft Action Pack or solution provider subscription so it has a few flavors of Windows 2003 server. Currently, the one I am running is Windows 2003 Server Standard Edition.
jhiebAuthor Commented:
I am considering having someone else host my web site like you suggested and also my email. I may as well let them do my email, too. Now, the only thing I wonder about is how to host my support link. I have support software that uses IIS and it is accessed via my web site. How would I still let users access my support web site if I close port 80? If my registered business name goes to my hosted site then would I have a hyplerlink go to the IP address where my support site is? I am a bit confused how to do this. This is probably the only kink in the whole design. If someone else hosts email and the web then the rest of the network is easy to design.
SembeeConnect With a Mentor Commented:
What does the support site do? Could be easily moved to another server?
If you are going to an SBS server, then I don't like the idea of having that hosting anything "public" except for OWA. You need to discourage users from accessing your internal network where possible - especially a machine that is also Exchange, domain controller, file server etc.

jhiebAuthor Commented:
Yes, the support site could be put on a different server. I suspect this would be a server that is on the other side of a DMZ. I understand the term a little bit but not fully. Is this what you would do? Would you have two switches so that one switch went directly to the internet and connected to the IIS machine while the Domain controller was behind another switch with a firewall or something like that?

PS: The support site is a help desk software package which requires IIS. End users access the support site via their web browser. They can logon and create support tickets and review a knowledge base. There are also logons for techs and helpdesk admins.
SembeeConnect With a Mentor Commented:
Do you really mean a switch?
A switch just allows items to connect to each other. It doesn't provide routing capabilities to the internet.
I suspect that you mean a router, possibly with a built in switch.

A DMZ is a zone where you can put servers and resources where it needs to be isolated from the production network. It is the traditional place for public facing web servers. You can then control the traffic between the DMZ and your production network, and between the DMZ and the Internet.

Whether you need to use a DMZ is a different matter altogether.
I firmly believe that you should be in a position to drop whatever is in the DMZ with a moments notice. If you cannot, then the content shouldn't be in the DMZ.
For example, if you were running something that is database backed, then the database would be inside, with a restricted tunnel between the database server and the web server.

I don't tend to deploy DMZs very much - very few smaller clients can really justify the additional server and the lock down of the server to make a DMZ really work well.
Instead what I would probably consider doing is putting the public web site outside - on a host.
The support site should ideally be on its own server, possibly inside. As you will be controlling who can access it, put it on a unique port: for example.
Then put Exchange on its own server, using the standard https port of 443 to secure remote access. OWA doesn't like using alternative ports.

jhiebAuthor Commented:
Thanks for the help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.