Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Effect of having mulitple IP addresses on an SBS2008 system

Posted on 2013-05-14
11
392 Views
Last Modified: 2013-05-16
Hi,
  I have inheritied an SBS2008 setup to support and the client is requesting some additional SPAM filtering above and beyond what exchange does.

A solution I have found sets it self up as a Proxy receiving the email and forwarding it on to exchange.

To install it on the same server as the exchange server, the installation instructions recommend that an additional IP address is added to the SBS2008 server.  My question as this is not a recommended/supported configuration of the SBS server, what would the effect be on the SBS2008 server of having 2 IP addresses, and would it continue to function okay.

(The customer is not willing to spend money on a new server, and the system is setup in a virtual machine environment or else I would just bring up a VM and install the spam filter on an new OS instance).

Thanks for any help

Cheers

David
0
Comment
Question by:davemj9876
  • 3
  • 3
  • 3
  • +2
11 Comments
 
LVL 25

Accepted Solution

by:
Tony Johncock earned 125 total points
ID: 39164564
Hi

I know for sure, SBS only supports a single NIC but I'm not certain about multiple IP addresses.

There's a network support doc here: http://blogs.technet.com/b/sbs/archive/2008/09/16/sbs-2008-supported-networking-topology.aspx

However - I have had much success with a free, open source product called Mailcleaner (www.mailcleaner.org)

It's basically a Linux image with everything you need to get you going - it really is extremely stable, thorough and works very very well.

It integrates into AD for username callout, has antivirus and antispam etc.

It will also work very well virtualised.
0
 
LVL 57

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 125 total points
ID: 39164837
As you mentioned in your question, it is not a supported configuration. Specifically what this means is that several features will not work. Most of the wizards will break. Some console features will crash. And worst of all, if you ever need to call MS support due to a catastrophic system event, they may tell you "tough luck" because you ran a known unsupported config.

The risk/reward isn't worth it.

My general advice is get them on a paid SaaS spam service. It reduces the load on your server and internet connection since spam mail gets filtered before ever reaching your box. There are many good services out there for just a few bucks a month. You can get a year or two of service for less than the cost of setting up a spam box in-house when you take hourly rates/salary into account.
0
 
LVL 12

Assisted Solution

by:Gary Coltharp
Gary Coltharp earned 125 total points
ID: 39167768
Although not supported, it is possible. Only one NIC can be enabled but you can alias a secondary IP. After adding it, reboot the server and check the bindings on DNS, DHCP etc and make sure they are bound only to the primary IP and you shouldnt have any issues.

That being said, an SBS server is doing quite a bit already and adding antispam workload to it isnt a good idea. Better to use a third party service like Postiini, Three Lock or Appriver.


HTH,

Gary
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 35

Assisted Solution

by:Cris Hanna
Cris Hanna earned 125 total points
ID: 39167813
Adding multiple IP's to the same nic is called multihoming and will break SBS, in fact, it's not just SBS...it's any domain controller

http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx
0
 
LVL 25

Expert Comment

by:Tony Johncock
ID: 39167826
Not necessarily.

I don't know specifically to SBS but providing you only have one default gateway and manage your static routes very carefully, it _can_ be done on other servers.

Not that I'm recommending it, but in some scenarios it's a requirement.
0
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 39167835
It doesnt break if you correct the bindings...it breaks if you leave those bindings to dynamically attach to any available IP/interface.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39167944
On any file and print server, etc...not a big deal to multi-home...but bottom line, on DC's (and SBS is a DC), multi-homing is not supported, not recommended and will break things.  SBS has a very specific config it's looking for...go outside that and things quit working.
0
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 39167963
Perhaps if you follow the MS playbook to the letter, you are correct. But I have been adding secondary IPs and setting up anonymous relay connectors for exchange since SBS 2008's new limitations were encountered and have had no issues as long as the bindings on the core services are corrected on a reboot. All the same applies to SBS 2011.
0
 
LVL 25

Expert Comment

by:Tony Johncock
ID: 39167976
I have to second gcolthart on this one I'm afaird. Not arguing it isn't supported and I'd reiterate I can't really comment directly about SBS but I've had scenarios where I've _had_ to multihome DC's (out of band management for example) and providing routing (particularly) and in some cases binding are managed, it works.

However, to get back onto track - I would recommend that as the OP has stated that the company paying the bills doesn't want to spend much (anything) that dropping a spare machine / virtual machine in and putting the completely free Mailcleaner product in would be the best approach - least ongoing cost, cheap and easy to manage.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39167989
@gcoltharp  there's a way to get around everything and if you're supporting it for your customers and don't ever expect to have to call anyone else, including MS, then you should by all means continue down that path.

The goal here is to provide posters with solutions and recommendations, even if the recommendation is to NOT do something, because the risk outweighs the reward, including being in an unsupported product configuration should they need to reach out the MS or other support organizations.

@davemj9876(author), it would be helpful to know what product you're trying to implement for this additional antispam solution.  Have you considered doing this externally from services like Exchange Defender
0
 
LVL 2

Author Closing Comment

by:davemj9876
ID: 39170914
Thanks all, that gave me the information so that I could go back to the customer with and explain the situation, and we could continue to looks for alternatives to the original suggestion.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question