Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!
Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!
Act now. This offer ends July 14, 2017.
Course Of The Month
2 days, 18 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Using SBS to to link together 7 remotes sites with 1 central administration office?
Posted on 2010-08-24
Here it is.
I have found myself in a local that is VERY outdated (all win 2000 machines, and linux servers from about 8 years ago)
I like SBS becuase of the price and it includes everything i need all in one cal as well (ISA, SQL exchange. etc)
Each remote office will have maximum 40 users, so I think SBS would be best for them becuase of cost and cals. So what would you guys think would be the best way to do this? I understand on ONE domain you can only have one SBS server. So would it be ok to do this:
Main Office: Windows Server 2007, Primary DC
SBS server for all other office apps
Loc1-7: SBS server with remote access for admin management. Each office will have its own email domain (as they do now) and I will just point the MX entry to the exchange server per location. my question is, is it possible to have all these servers on one primary business domain? Or is that impossible. My goal here is just keeping costs down. Each location MUST have ISA, SQL, Exchange? (perhaps) (i might change this depending on your recommended setup).
No 2 locations will share data, but the main office will need data from all locations. I could set up SBS individually per location and have VPN's for each location installed on the managements computers to access files and run programs etc. Perhaps static Ip's for each server for better remote management.
Each location will also contain a back-up DC for redundancy and hardware will be top of the line etc. (this is what Im good at) not enterprise development. Problem being, there is nobody at this far away remote location that can do the job, so they put it on me becuase of my experience with a smiler setup in egypt. As Im the IT man (on contract ) for 5 remote locations and find SBS the easiest for remote management and ticket support.
Or could I simply have windows server installed in all locations, with a primary DC located in the Data center that controls everything (except for the fact i will still need to configure exchange for all those remote locations and users, as well as a local SQL for business apps.
One problem is I have no experience putting remote locations on a primary business domain, all projects I have done before have been for either single offices that need serious upgrades and a 2 remote projects for contracted IT support (where they actualy DID NOT want to share anything between offices). I know I'm out of my league here but I'm a super fast learner, so any help is appreciated, the goal of this question is to see what other experts think is the best for this project...
cheers,
patrick
I have found myself in a local that is VERY outdated (all win 2000 machines, and linux servers from about 8 years ago)
I like SBS becuase of the price and it includes everything i need all in one cal as well (ISA, SQL exchange. etc)
Each remote office will have maximum 40 users, so I think SBS would be best for them becuase of cost and cals. So what would you guys think would be the best way to do this? I understand on ONE domain you can only have one SBS server. So would it be ok to do this:
Main Office: Windows Server 2007, Primary DC
SBS server for all other office apps
Loc1-7: SBS server with remote access for admin management. Each office will have its own email domain (as they do now) and I will just point the MX entry to the exchange server per location. my question is, is it possible to have all these servers on one primary business domain? Or is that impossible. My goal here is just keeping costs down. Each location MUST have ISA, SQL, Exchange? (perhaps) (i might change this depending on your recommended setup).
No 2 locations will share data, but the main office will need data from all locations. I could set up SBS individually per location and have VPN's for each location installed on the managements computers to access files and run programs etc. Perhaps static Ip's for each server for better remote management.
Each location will also contain a back-up DC for redundancy and hardware will be top of the line etc. (this is what Im good at) not enterprise development. Problem being, there is nobody at this far away remote location that can do the job, so they put it on me becuase of my experience with a smiler setup in egypt. As Im the IT man (on contract ) for 5 remote locations and find SBS the easiest for remote management and ticket support.
Or could I simply have windows server installed in all locations, with a primary DC located in the Data center that controls everything (except for the fact i will still need to configure exchange for all those remote locations and users, as well as a local SQL for business apps.
One problem is I have no experience putting remote locations on a primary business domain, all projects I have done before have been for either single offices that need serious upgrades and a 2 remote projects for contracted IT support (where they actualy DID NOT want to share anything between offices). I know I'm out of my league here but I'm a super fast learner, so any help is appreciated, the goal of this question is to see what other experts think is the best for this project...
cheers,
patrick
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
7
5-
5
- +2
20 Comments
First you need to be aware that all SBS servers must be on their on domain and subnet, they cannot coexist with another SBS server inside the same domain or network.
There are other issues but make sure this is possible for you first and foremost.
There are other issues but make sure this is possible for you first and foremost.
Patrick -
The first limitation is that SBS2008 will only support up to 75 users. If your total users in all 7 remote offices is 40 then you are OK. If the total users is 40 PER office = 280 then you are not OK.
Second limitation is that it is not possible to have more than one SBS server per domain.
You may need to turn your solution around and go the other route with a primary exchange server in the Data Center and 08 servers at each location.
Post back some clarification.
The first limitation is that SBS2008 will only support up to 75 users. If your total users in all 7 remote offices is 40 then you are OK. If the total users is 40 PER office = 280 then you are not OK.
Second limitation is that it is not possible to have more than one SBS server per domain.
You may need to turn your solution around and go the other route with a primary exchange server in the Data Center and 08 servers at each location.
Post back some clarification.
Yeah thats what I thought. SBS is restricted to one SBS server per site, BUT I can have other servers connected to each individual domain (as I have done in the past). The issue here is that I need to keep costs down and have VERY easy management. the current IT team here is mostly hardware guys with a little linux knowledge.
So it ONLY possible to have a separate domain for each remote office if I want SBS server. I see no problem with this as there is no sharing of data and i can set up the remote access for the central IT office to conduct support. As i currently do for numerous locals.
BUT, if I do run accross an application (ie: accounting) that needs all data from each location, would it still be possible to migrate all this data, or would i be restricted to a VPN style access per domain.
Also, setting up 8 windows 2007 servers with cals across the entire netwrok can be very expensive when it comes to adding sql, isa etc. PLUS, wouldnt ISA need to be on the edge server of each remote location? Would there also be lag with using SQL and exchange if each remote local must access the primary DC in the data center?
Oh and NO I wouldnt use SBS for the whole darn network, WAY to many users and no expandability if we add more locals etc.
But the question is, what is cheaper?
OPTION1:
One primary Server (DC) with win server 2008 and exchange in the main office one one domain (ie Business.local)
7 remote servers with Win server 2008 ISA, SQL and cals for each system per location and software?
OPTION2:
One Primary Win Server for the office with only what they need (local Exchange)(DC and GPO stuff) (main office.local)
and 7 remote SBS premium servers set up individually? (business name.local)
But with option 2, there would be no way to replicate GPO through all locations at once, it would have to be made 1 by 1 correct?
What is the pro's and cons of each option? Also, the net is not very good nor fast, so maybe using one location to share all the data and be the DC would actualy be worse then doing it all localy)
i want ot do my best here...
So it ONLY possible to have a separate domain for each remote office if I want SBS server. I see no problem with this as there is no sharing of data and i can set up the remote access for the central IT office to conduct support. As i currently do for numerous locals.
BUT, if I do run accross an application (ie: accounting) that needs all data from each location, would it still be possible to migrate all this data, or would i be restricted to a VPN style access per domain.
Also, setting up 8 windows 2007 servers with cals across the entire netwrok can be very expensive when it comes to adding sql, isa etc. PLUS, wouldnt ISA need to be on the edge server of each remote location? Would there also be lag with using SQL and exchange if each remote local must access the primary DC in the data center?
Oh and NO I wouldnt use SBS for the whole darn network, WAY to many users and no expandability if we add more locals etc.
But the question is, what is cheaper?
OPTION1:
One primary Server (DC) with win server 2008 and exchange in the main office one one domain (ie Business.local)
7 remote servers with Win server 2008 ISA, SQL and cals for each system per location and software?
OPTION2:
One Primary Win Server for the office with only what they need (local Exchange)(DC and GPO stuff) (main office.local)
and 7 remote SBS premium servers set up individually? (business name.local)
But with option 2, there would be no way to replicate GPO through all locations at once, it would have to be made 1 by 1 correct?
What is the pro's and cons of each option? Also, the net is not very good nor fast, so maybe using one location to share all the data and be the DC would actualy be worse then doing it all localy)
i want ot do my best here...
SBS2008 does not have an ISA license as far as I am aware Patrick so these would need to be licensed separately - SBS2008 is 64-bit and ISA is 32-bit so would need separate servers anyway.
SBS 2008 Premium comes with Server, Exchange, ISA, and SQL.
Yes you can connect the SBS servers thru a VPN to the central site that would collect the data, with the limitations as mentioned before. I would use point-to-point hardware VPN's.
There is no issue with standalone servers and SBS.
Yes you can connect the SBS servers thru a VPN to the central site that would collect the data, with the limitations as mentioned before. I would use point-to-point hardware VPN's.
There is no issue with standalone servers and SBS.
You'd better tell MS then - they don't think it does.
http://www.microsoft.com/sbs/en/us/compare-features.aspx
http://www.microsoft.com/sbs/en/us/compare-features.aspx
Your correct :-), They've determined that the other features and technologies have negated the need for ISA so they've added MS Forefront Security for Exchange and gizmos :-). Sorry for the confusion. BTW, most people now use hardware to do the same thing as ISA. Wow do I remember SBS 4.0 and ISA being the cats meow :-).
ISA is still a cracking product - and it is a shame that FTMG (ISA's replacement) has not been bundled in. The reason though is that Forefront Edge (which is Forefront TMG and the UAG) is going to different roles. FTMG is geared towards protecting users on the internal network when they access extrnal networks and services. UAG is being targetted at protecting internal services when accessed by external syst6ems, users and services. We knew for a while that this move was coming but it is still a sad day.
Keith
Keith
Okay, my two cents;
Site-to-Site VPN's
Setup your SBS on ONE central location.
Enable DFS and DFS-R.
Setup a normal win2008 server on your sites.
DC promo these so you get a DC on the remote sites. Also create shares and add them to your DFS root.
have this synced to your SBS. This way you can back them up in one location.
Only the exchange will stay on the SBS server.
Site-to-Site VPN's
Setup your SBS on ONE central location.
Enable DFS and DFS-R.
Setup a normal win2008 server on your sites.
DC promo these so you get a DC on the remote sites. Also create shares and add them to your DFS root.
have this synced to your SBS. This way you can back them up in one location.
Only the exchange will stay on the SBS server.
I like the way you think scraane. but I will run out of users quickly dont you think?
KEITH! Are you stalking me? lol SO with SBS2008, no more ISA, well then, I dont think I will go for that. I have a love hate relationship with ISA but it does what I want and I have full control, what about forefront? seems there is something more to learn...
I have to start putting my budget together today for 146 upgrades, 8 servers and all the bells and whistles. I will report back with what I think I will do....
KEITH! Are you stalking me? lol SO with SBS2008, no more ISA, well then, I dont think I will go for that. I have a love hate relationship with ISA but it does what I want and I have full control, what about forefront? seems there is something more to learn...
I have to start putting my budget together today for 146 upgrades, 8 servers and all the bells and whistles. I will report back with what I think I will do....
Well, if your not going with SBS, you could still do the same with a Windows Server 2008 and exchange.
hehehe - Any question asked that has ISA in the mix will arrive at my door sooner or later :)
Forefront TMG is a good product but pricey. You get additional functionality include content filtering such as black/white URL lists and categories now plus malware protection. The updates for that service is subscription based - per year - per user. FTMG as a product - like ISA - is processor based in respect to licensing.
http://www.microsoft.com/forefront/en/us/default.aspx
Forefront TMG is a good product but pricey. You get additional functionality include content filtering such as black/white URL lists and categories now plus malware protection. The updates for that service is subscription based - per year - per user. FTMG as a product - like ISA - is processor based in respect to licensing.
http://www.microsoft.com/forefront/en/us/default.aspx
Keith and Perk, what are your thought on using SonicWall instead? That is the way we have gone in most cases with SMB and SBS. A TZ 210 comes with 3 years license for most of the subscription services needed, just something I thought I'd throw out there.
Not used Sonicwall at all but hear good things about their products - I know many people swear by them.
I havnt implemented it at all. I like to stick with MS cause I have this awesome support system called Keith! The IT guys here in one casino where talking about it like its a miracle worker. (I even saw a stand for it at a trade show in London back in jan) though I will go with FTMG, becuase in my current setups I was using ISA in conjunction with GFI web monitoring (becuase it had the web filter categories that I love so much! NO MORE PORN!!!!!!!!!!!!!) But it seems FMTG is exactly the same, ISA plus GFI (as well as being subscription serviced)
I'm an evil It manager, i dont let users do ANYTHING, lol
I'm an evil It manager, i dont let users do ANYTHING, lol
Just for your consideration, I used to use ISA in the early days because of the expense and lack of router capabilities. But in the last five years or more companies like sonicwall have beefed up there capabilities so much and cost has come down considerably, we haven't used ISA in a very long time. Just think of it this way would you rather stop the threats before or after your firewall router? Like I said just for your consideration of the changing times and I still have nothing against ISA. But as pointed out earlier even MS isn't updating the product with SBS 2008. I've tested Forefront but haven't purchased the services because we decided to stay with the hardware solution. Hope this helps. Even Forefront requires a new learning curve, trust me it isn't a walk in the park :-).
Featured Post
Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!
Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!
Act now. This offer ends July 14, 2017.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Background Information
Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility.
Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses
Course of the Month2 days, 18 hours left to enroll
Earn Certification
MCSA Configuring Windows 7 Exam 70-680
$49.00$44.10
696 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.