Solved

Licensing for SBS, 2k Server, and W2k3 Server w/ ISA

Posted on 2006-11-21
8
361 Views
Last Modified: 2010-04-19
I currently have a SBS 2003 server with 30 user CALs installed along with a Windows 2000 server running TS.  My plan is to install a third server, Windows 2003 Standard, that will run ISA Server 2004 or 2006 on it to act as our firewall.  The ISA server will be connected directly to the DSL coming in and then control the traffic to the DMZ (where the TS server is) and the LAN.

My question is - Will I need to purchase additional licensing for the Windows 2003 server that has the ISA running on it?  Does my SBS 2003 CALs cover those licenses?  I have the Microsoft Action Pack so I have 10 licenses for the Win2k3 server already.


Please let me know if you need any more information than what I am giving.  Thanks.
0
Comment
Question by:jsvor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17990699
Your SBS CALs would cover the additional Server 2003, but I don't really understand why you would deploy a separate server for ISA when SBS integrates it so nicely!  If you install the premium component ISA Server 2004 on your SBS, everything will be configured automatically with SBS's wizards.  

I really don't quite understand your reasoning here.

Jeff
TechSoEasy
0
 
LVL 8

Author Comment

by:jsvor
ID: 18157718
The reason I will be having the ISA server on a separate server than the SBS is because I don't like the idea of having my DC being connected directly to the internet.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18172292
Your absolutely right that a DC shouldn't be directly connected to the Internet... unless it's SBS with ISA and/or a hardware firewall.

It's important to realize that properly configured, SBS is a secure server.  When you go away from the proven configuration which has been deployed by hundreds of thousands of small businesses, you run a much greater risk of having an insecure environment because you're basically on your own to know if a threat would be applicable to your environment.

One thing I should point out is that if you bought the Premium Edition of SBS, licensing prohibits installing ISA on a separate machine.  So you would need to purchase a separate ISA which runs $1,499.00 PER PROCESSOR in addition to the $999.00 for the Standard Server 2003 license needed for it to run on.

Now granted you are using the Action Pack which makes this initial cost irrelevant, but the ongoing upkeep will definitely be costly.  You won't find many, if any, resources for your configuration.

Jeff
TechSoEasy
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Author Comment

by:jsvor
ID: 18172481
OK.  With the configuration you are suggesting (ISA installed on SBS) would/should I create a DMZ for a published TS or will the ISA server provide enough protection to have the TS in the internal network?  I am concerned that the extra traffic going to the SBS may slow it down - is that something to worry about?  I just don't want to run into any performance issues.

Thanks for all the input.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18172634
ISA will handle it just fine.  I've never seen an SBS slow down because of this... as long as you've got a proper machine to begin with.  You'll overcome any performance issues by having the correct hardware.  If anything err on the side of more than you think you need.  These days, that may only be a difference of $400 or $500 which if divided by your total users may only be pennies per day per user.

Jeff
TechSoEasy
0
 
LVL 8

Author Comment

by:jsvor
ID: 18172842
The machine is pretty beefy so then I guess I'll be all set there.  Are there any concerns I should have installing ISA on an established SBS that is running Exchange, SQL, and tape backups?

How about the TS on the DMZ?  Would it be OK to have the TS on the internal network for remote users to connect to?  Or will it be secure enough just being behind the ISA?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18185020
Putting the TS in a DMZ means that you have to separately manage the logins for it... you lose all the benefit of having everything under one control.  Once you start making separate this and that logins you will have a much more unsecure environment.  Keep it under Active Directory and your Domain's control.

See http://sbsurl.com/sbstss for the how-to for adding a terminal server to an SBS network.

As for adding ISA?  It's almost always added after-the-fact.  So just follow the instructions to install the premium technologies.  http://sbsurl.com/premium

Jeff
TechSoEasy
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Domain Controller Diagnostic Errors on SBS 2008 3 60
SBS 2003 RWW Login 3 50
SBS 2008 Transition to Windows Serve 2016 Essentials 16 57
Cannot create 365 Migration Endpoint 11 79
In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question