Solved

Using SBS to to link together 7 remotes sites with 1 central administration office?

Posted on 2010-08-24
20
349 Views
Last Modified: 2013-12-23
Here it is.

I have found myself in a local that is VERY outdated (all win 2000 machines, and linux servers from about 8 years ago)

I like SBS becuase of the price and it includes everything i need all in one cal as well (ISA, SQL exchange. etc)

Each remote office will have maximum 40 users, so I think SBS would be best for them becuase of cost and cals. So what would you guys think would be the best way to do this? I understand on ONE domain you can only have one SBS server. So would it be ok to do this:

Main Office: Windows Server 2007, Primary DC
SBS server for all other office apps

Loc1-7: SBS server with remote access for admin management. Each office will have its own email domain (as they do now) and I will just point the MX entry to the exchange server per location. my question is, is it possible to have all these servers on one primary business domain? Or is that impossible. My goal here is just keeping costs down. Each location MUST have ISA, SQL, Exchange? (perhaps) (i might change this depending on your recommended setup).

No 2 locations will share data, but the main office will need data from all locations. I could set up SBS individually per location and have VPN's for each location installed on the managements computers to access files and run programs etc. Perhaps static Ip's for each server for better remote management.

Each location will also contain a back-up DC for redundancy and hardware will be top of the line etc. (this is what Im good at) not enterprise development. Problem being, there is nobody at this far away remote location that can do the job, so they put it on me becuase of my experience with a smiler setup in egypt. As Im the IT man (on contract ) for 5 remote locations and find SBS the easiest for remote management and ticket support.

Or could I simply have windows server installed in all locations, with a primary DC located in the Data center that controls everything (except for the fact i will still need to configure exchange for all those remote locations and users, as well as a local SQL for business apps.

One problem is I have no experience putting remote locations on a primary business domain, all projects I have done before have been for either single offices that need serious upgrades and a 2 remote projects for contracted IT support (where they actualy DID NOT want to share anything between offices).  I know I'm out of my league here but I'm a super fast learner, so any help is appreciated, the goal of this question is to see what other experts think is the best for this project...

cheers,
patrick
0
Comment
Question by:Perkdaddy
  • 7
  • 5
  • 5
  • +2
20 Comments
 
LVL 9

Accepted Solution

by:
ConchCrawl earned 250 total points
ID: 33512944
First you need to be aware that all SBS servers must be on their on domain and subnet, they cannot coexist with another SBS server inside the same domain or network.
There are other issues but make sure this is possible for you first and foremost.
0
 

Assisted Solution

by:biglabs
biglabs earned 125 total points
ID: 33512965
Patrick -
The first limitation is that SBS2008 will only support up to 75 users.  If your total users in all 7 remote offices is 40 then you are OK.  If the total users is 40 PER office = 280 then you are not OK.

Second limitation is that it is not possible to have more than one SBS server per domain.  

You may need to turn your solution around and go the other route with a primary exchange server in the Data Center and 08 servers at each location.

Post back some clarification.
0
 

Author Comment

by:Perkdaddy
ID: 33513246
Yeah thats what I thought. SBS is restricted to one SBS server per site, BUT I can have other servers connected to each individual domain (as I have done in the past). The issue here is that I need to keep costs down and have VERY easy management. the current IT team here is mostly hardware guys with a little linux knowledge.

So it ONLY possible to have a separate domain for each remote office if I want SBS server. I see no problem with this as there is no sharing of data and i can set up the remote access for the central IT office to conduct support. As i currently do for numerous locals.

BUT, if I do run accross an application (ie: accounting) that needs all data from each location, would it still be possible to migrate all this data, or would i be restricted to a VPN style access per domain.

Also, setting up 8 windows 2007 servers with cals across the entire netwrok can be very expensive when it comes to adding sql, isa etc. PLUS, wouldnt ISA need to be on the edge server of each remote location? Would there also be lag with using SQL and exchange if each remote local must access the primary DC in the data center?

Oh and NO I wouldnt use SBS for the whole darn network, WAY to many users and no expandability if we add more locals etc.

But the question is, what is cheaper?
OPTION1:
One primary Server (DC) with win server 2008 and exchange in the main office one one domain (ie Business.local)
7 remote servers with Win server 2008 ISA, SQL  and cals for each system per location and software?

OPTION2:
One Primary Win Server for the office with only what they need (local Exchange)(DC and GPO stuff) (main office.local)
and 7 remote SBS premium servers set up individually? (business name.local)

But with option 2, there would be no way to replicate GPO through all locations at once, it would have to be made 1 by 1 correct?


What is the pro's and cons of each option? Also, the net is not very good nor fast, so maybe using one location to share all the data and be the DC would actualy be worse then doing it all localy)

i want ot do my best here...



0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 125 total points
ID: 33513396
SBS2008 does not have an ISA license as far as I am aware Patrick so these would need to be licensed separately - SBS2008 is 64-bit and ISA is 32-bit so would need separate servers anyway.
0
 
LVL 9

Assisted Solution

by:ConchCrawl
ConchCrawl earned 250 total points
ID: 33513581
SBS 2008 Premium comes with Server, Exchange, ISA, and SQL.
Yes you can connect the SBS servers thru a VPN to the central site that would collect the data, with the limitations as mentioned before. I would use point-to-point hardware VPN's.
There is no issue with standalone servers and SBS.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33513663
You'd better tell MS then - they don't think it does.
http://www.microsoft.com/sbs/en/us/compare-features.aspx
0
 
LVL 9

Expert Comment

by:ConchCrawl
ID: 33513767
Your correct :-), They've determined that the other features and technologies have negated the need for ISA so they've added MS Forefront Security for Exchange and gizmos :-). Sorry for the confusion. BTW, most people now use hardware to do the same thing as ISA. Wow do I remember SBS 4.0 and ISA being the cats meow :-).
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33513970
ISA is still a cracking product - and it is a shame that FTMG (ISA's replacement) has not been bundled in. The reason though is that Forefront Edge (which is Forefront TMG and the UAG) is going to different roles. FTMG is geared towards protecting users on the internal network when they access extrnal networks and services. UAG is being targetted at protecting internal services when accessed by external syst6ems, users and services. We knew for a while that this move was coming but it is still a sad day.

Keith
0
 
LVL 3

Expert Comment

by:scraane
ID: 33520239
Okay, my two cents;
Site-to-Site VPN's

Setup your SBS on ONE central location.
Enable DFS and DFS-R.


Setup a normal win2008 server on your sites.

DC promo these so you get a DC on the remote sites. Also create shares and add them to your DFS root.
have this synced to your SBS. This way you can back them up in one location.

Only the exchange will stay on the SBS server.
0
 

Author Comment

by:Perkdaddy
ID: 33520532
I like the way you think scraane. but I will run out of users quickly dont you think?

KEITH! Are you stalking me? lol SO with SBS2008, no more ISA, well then, I dont think I will go for that. I have a love hate relationship with ISA but it does what I want and I have full control, what about forefront? seems there is something more to learn...

I have to start putting my budget together today for 146 upgrades, 8 servers and all the bells and whistles. I will report back with what I think I will do....
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 3

Expert Comment

by:scraane
ID: 33521069
Well, if your not going with SBS, you could still do the same with a Windows Server 2008 and exchange.
0
 

Author Closing Comment

by:Perkdaddy
ID: 33523641
Thanks
0
 

Author Comment

by:Perkdaddy
ID: 33523651
I will keep you informed as I move along with this. SO KEITH! No ISA? The what will I do?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33523687
hehehe - Any question asked that has ISA in the mix will arrive at my door sooner or later :)

Forefront TMG is a good product but pricey. You get additional functionality include content filtering such as black/white URL lists and categories now plus malware protection. The updates for that service is subscription based - per year - per user. FTMG as a product - like ISA - is processor based in respect to licensing.

http://www.microsoft.com/forefront/en/us/default.aspx
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33523695
Thanks :)
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33523711
PS - if you need to know specifics about ISA, upgrades and FTMG etc, you know where to find me.
0
 
LVL 9

Expert Comment

by:ConchCrawl
ID: 33525000
Keith and Perk, what are your thought on using SonicWall instead? That is the way we have gone in most cases with SMB and SBS. A TZ 210 comes with 3 years license for most of the subscription services needed, just something I thought I'd throw out there.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33526542
Not used Sonicwall at all but hear good things about their products - I know many people swear by them.
0
 

Author Comment

by:Perkdaddy
ID: 33532962
I havnt implemented it at all. I like to stick with MS cause I have this awesome support system called Keith! The IT guys here in one casino where talking about it like its a miracle worker. (I even saw a stand for it at a trade show in London back in jan)  though I will go with FTMG, becuase in my current setups I was using ISA in conjunction with GFI web monitoring (becuase it had the web filter categories that I love so much! NO MORE PORN!!!!!!!!!!!!!) But it seems FMTG is exactly the same, ISA plus GFI (as well as being subscription serviced)

I'm an evil It manager, i dont let users do ANYTHING, lol

0
 
LVL 9

Expert Comment

by:ConchCrawl
ID: 33533313
Just for your consideration, I used to use ISA in the early days because of the expense and lack of router capabilities. But in the last five years or more companies like sonicwall have beefed up there capabilities so much and cost has come down considerably, we haven't used ISA in a very long time. Just think of it this way would you rather stop the threats before or after your firewall router? Like I said just for your consideration of the changing times and I still have nothing against ISA. But as pointed out earlier even MS isn't updating the product with SBS 2008. I've tested Forefront but haven't purchased the services because we decided to stay with the hardware solution. Hope this helps. Even Forefront requires a new learning curve, trust me it isn't a walk in the park :-).
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now