Hosting a public website on SBS 2003

I have noticed that "A general exception to Windows Small Business Server 2003 CAL requirements is that CALs are not required when the server software is accessed through the Internet by an unauthenticated user. An example of this exception is unidentified users browsing your public Web site. Windows Small Business Server 2003 CALs are not required for those users."

I want to implement a CMS for a public website. The system has its own login system (does not use Windows authentication but the usernames and passwords are stored in the sql database).

Is this allowed according to the MS licensing scheme ? Can I limit the cal's to the users needed to be authenticated by Windows?
proximalAsked:
Who is Participating?
 
Alan Huseyin KayahanConnect With a Mentor Commented:
  Absolutely
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
It is recommended that you don't use the SBS server as a public web server directly as it can open the server up to several possible exploit attacks and port scans software, etc.

I would recommend setting up a Linux box and install Apache/PHP/MySQL on it and just have the firewall/router redirect all web traffic via http (port 80) attempts to it instead. That way the SBS box environment is safe and the Linux box can be easily utilized for later expansion, virtual hosting needs, etc.
0
 
tigermattConnect With a Mentor Commented:
As far as I am aware, the terminology "unauthenticated user" refers to users browsing the site where anonymous access is enabled in IIS. The moment a visiting user becomes "authorised" is when you enable integrated windows authentication and begin authenticating with Active Directory. This would then be counted as authentication and would require appropriate CALs.

Personally, I wouldn't host a major public website on an SBS server, although by the sounds of it you just want to put a CMS online for your users to access? Putting a large website with many visitors on an SBS isn't a good idea since it opens up your system to DOS attacks and the like; if you wish to host your large publicly accessible website yourself, I would definitely recommend that you get another server to run it on.

-tigermatt
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.