Load Balancing in Server Design
I am doing some research into a suitable design to move a client from a SBS 2003 single server to perhaps multiple servers due to the heavy exchange usage and/or TS requirements.
Presently there are approx 16 Users where about half work remotely on Laptops and VPN in to collect email and access files. They are presently heavy users of email with Exchange 2003, where there are multiple 5GB+ mailboxes - restrictions on mailbox size were lifted some time ago which has given Users free reign on email. In saying that, I am interested to hear what people of done for mail archiving solutions.
The plan at this stage is to beef up with a new SBS 2008 Server with 16GB RAM, but wanted to consider other designs.
Presently there are approx 16 Users where about half work remotely on Laptops and VPN in to collect email and access files. They are presently heavy users of email with Exchange 2003, where there are multiple 5GB+ mailboxes - restrictions on mailbox size were lifted some time ago which has given Users free reign on email. In saying that, I am interested to hear what people of done for mail archiving solutions.
The plan at this stage is to beef up with a new SBS 2008 Server with 16GB RAM, but wanted to consider other designs.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you're trying to move e-mail to another server then you can always just move the mailbox through Exchange if the server is in the same domain / exchange org. If you're moving to a new domain then you can export the mailbox to a PST (just make sure you select the top of the mailbox and click "include subfolders" when exporting). You can then import that massive PST into the new Exchange mailbox just make sure you have turned off quotas. By default SBS 2008's default e-mail quota is 1GB.
Accessing file shares is a different story and a real pain in the rear if you ask me. For my clients I have always implemented either a SSL VPN for file access or instituted Citrix or Terminal Services for remote access to files. Users sometimes get really confused with the idea of local and remote files so I find that Citrix / Terminal Services simplifies the concept for them. However if they really want to access files locally or need them offline then an SSL VPN is the way to go. I use the Juniper SA's all the time and I love them. You can set them up where they'll authenticate to the domain then pass along the user credentials to the file servers so the user only gets access to the files they're allowed to access. It'll take a share and list all of the files in a web page so the user only needs to click on a file to download or open it. It'll also list the sub or parent folders for navigation throughout the file share, allow them to create folders, upload files, etc. Most modern SSL VPN's will do this. I think it really beats the old VPN connectivity options of yester-year.
Accessing file shares is a different story and a real pain in the rear if you ask me. For my clients I have always implemented either a SSL VPN for file access or instituted Citrix or Terminal Services for remote access to files. Users sometimes get really confused with the idea of local and remote files so I find that Citrix / Terminal Services simplifies the concept for them. However if they really want to access files locally or need them offline then an SSL VPN is the way to go. I use the Juniper SA's all the time and I love them. You can set them up where they'll authenticate to the domain then pass along the user credentials to the file servers so the user only gets access to the files they're allowed to access. It'll take a share and list all of the files in a web page so the user only needs to click on a file to download or open it. It'll also list the sub or parent folders for navigation throughout the file share, allow them to create folders, upload files, etc. Most modern SSL VPN's will do this. I think it really beats the old VPN connectivity options of yester-year.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have not had a chance to review the migration guide that MS post for SBS 2003 --> 2008, but assume it will guide me through Exchange. I have used exmerge in days gone by, but assume that there are other ways to achieve the same result.
So for the mobile User, what is the best option:
1. Use a company laptop with Outlook 200x, SSL VPN and use the file shares already mapped
2. Use a company laptop with Outlook 200x, SSL VPN and Terminal Services for remote connection. Obviously when in office they simply use their laptop with no TS.
Now I start thinking about Virtualizing a Terminal Server on SBS 2008 hardware to support remote connectivity?
Considering I am working with small business and small budgets I need to weigh up cost and usability to come up with best solution.
So for the mobile User, what is the best option:
1. Use a company laptop with Outlook 200x, SSL VPN and use the file shares already mapped
2. Use a company laptop with Outlook 200x, SSL VPN and Terminal Services for remote connection. Obviously when in office they simply use their laptop with no TS.
Now I start thinking about Virtualizing a Terminal Server on SBS 2008 hardware to support remote connectivity?
Considering I am working with small business and small budgets I need to weigh up cost and usability to come up with best solution.
ASKER
Thanks guys - I have been trying to push SP for some of these SMBs I look after for some time, but you know the old game of 'why change' always comes up.
Thanks for your responses, time to do some testing .... :-)
Thanks for your responses, time to do some testing .... :-)
I don't think using a VPN with file shares mapped is a good idea. It's slow and prone to errors. When you click on a share with 100 files in it then the laptop is going to slow to a crawl while it populates the list. I've even seen computers that run slowly just because they're mapped to drives over a VPN (meaning you can disconnect the drives and everything speeds up dramatically). Note I'm referring to using an SSL VPN different than a standard VPN in the sense that the SSL VPN is only being used to access file shares although the Juniper SA's and Citrix CAG's will also connect users to terminal servers / citrix servers via the SSL home page.
What you choose ultimately depends on your budget and performance trade-offs. You can do a traditional VPN but it's more work for the end user and is slower in regards to file shares but a traditional VPN is also cheaper. The SSL VPN option is better but more expensive.
A third option is to setup TS Web Access with TS RemoteApp on a server 2008 box. That's as close as you can get to Citrix without paying the Citrix prices. You can publish applications via a web page (encrypted with SSL of course) or just publish a TS desktop and let the users login to that to access their files. The user would use Outlook & Outlook Anywhere for e-mail access. The end result is no VPN and no SSL VPN. If the box you're setting up is beefy enough and you're using Windows Server 2008 Enterprise then you could always do the TS Server 2008 box as a virtual machine although you'll have to purchase another Server '08 license which will include 5 cal's so if you only anticipate 5 concurrent users on the TS box then you won't have to purchase additional cal's. The cost of the basic server '08 license would be cheaper than the SSL VPN gateway or Citrix CAG.
What you choose ultimately depends on your budget and performance trade-offs. You can do a traditional VPN but it's more work for the end user and is slower in regards to file shares but a traditional VPN is also cheaper. The SSL VPN option is better but more expensive.
A third option is to setup TS Web Access with TS RemoteApp on a server 2008 box. That's as close as you can get to Citrix without paying the Citrix prices. You can publish applications via a web page (encrypted with SSL of course) or just publish a TS desktop and let the users login to that to access their files. The user would use Outlook & Outlook Anywhere for e-mail access. The end result is no VPN and no SSL VPN. If the box you're setting up is beefy enough and you're using Windows Server 2008 Enterprise then you could always do the TS Server 2008 box as a virtual machine although you'll have to purchase another Server '08 license which will include 5 cal's so if you only anticipate 5 concurrent users on the TS box then you won't have to purchase additional cal's. The cost of the basic server '08 license would be cheaper than the SSL VPN gateway or Citrix CAG.
ASKER
Maybe 'email archiving' in the sense of moving email to another server is what I meant. I suppose I am now in the position to ensure that Users manage their emails responsibly but aligns with business directives. In the world of Exchange 2003 I would look to utilise Public Folders to move bulk of email, but wanted to see if a 5GB mailbox should sound any type of alarm, or this is considered to be the norm these days.
SAS drives are already in the spec - I have used these from Dell before and am fairly happy with them.
I will be setting up a test network next week to test out possible solutions so it sounds like Outlook Anywhere is on the cards, and perhaps alongside Outlook 2010. For remote Users, it sounds like email over SSL with OA is the standard, but what about accessing file shares?
Probably will not be able to get them to a x64 OS as they are a small business with little cash flow - x32 seems fine for their needs.