Hosting a public website on SBS 2003

Posted on 2007-11-15
Medium Priority
Last Modified: 2008-02-01
I have noticed that "A general exception to Windows Small Business Server 2003 CAL requirements is that CALs are not required when the server software is accessed through the Internet by an unauthenticated user. An example of this exception is unidentified users browsing your public Web site. Windows Small Business Server 2003 CALs are not required for those users."

I want to implement a CMS for a public website. The system has its own login system (does not use Windows authentication but the usernames and passwords are stored in the sql database).

Is this allowed according to the MS licensing scheme ? Can I limit the cal's to the users needed to be authenticated by Windows?
Question by:proximal
LVL 29

Accepted Solution

Alan Huseyin Kayahan earned 375 total points
ID: 20292697
LVL 29

Expert Comment

by:Michael Worsham
ID: 20292716
It is recommended that you don't use the SBS server as a public web server directly as it can open the server up to several possible exploit attacks and port scans software, etc.

I would recommend setting up a Linux box and install Apache/PHP/MySQL on it and just have the firewall/router redirect all web traffic via http (port 80) attempts to it instead. That way the SBS box environment is safe and the Linux box can be easily utilized for later expansion, virtual hosting needs, etc.
LVL 58

Assisted Solution

tigermatt earned 375 total points
ID: 20292726
As far as I am aware, the terminology "unauthenticated user" refers to users browsing the site where anonymous access is enabled in IIS. The moment a visiting user becomes "authorised" is when you enable integrated windows authentication and begin authenticating with Active Directory. This would then be counted as authentication and would require appropriate CALs.

Personally, I wouldn't host a major public website on an SBS server, although by the sounds of it you just want to put a CMS online for your users to access? Putting a large website with many visitors on an SBS isn't a good idea since it opens up your system to DOS attacks and the like; if you wish to host your large publicly accessible website yourself, I would definitely recommend that you get another server to run it on.


Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Microsoft Jet database engine errors can crop up out of nowhere to disrupt the working of the Exchange server. Decoding why a particular error occurs goes a long way in determining the right solution for it.
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
How to fix display issue, screen flickering issue when I plug in power cord to the machine. Before I start explaining the solution lets check out once the issue how it looks like after I connect the power cord. most of you also have faced this…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question