Network Layout Design
-
ok, we are attempting to add/update some functionality to our network and servers, and i have a view questions that i hope some of you brilliant people can help me with: currently we have an SBS2003 server setup with ~5 clients. After disputing the upgrade method, we decided to purchase a new Server with SBS2008. a couple of things we are looking at doing: 1. Create a Fail Over DC with the SBS2008 as Primary DC, use older server as Secondary DC. 2. Add Guest Wireless for clients. (reason this was posted here) these are my thoughts/questions: 1. Can we run 2 copies of SBS on the same domain? 1a. if not, can SBS2008 be primary DC, and a copy of Server 2003 Standard be Secondary DC? our budget is shallow, just barely enough to buy a decent server, so high-end networking is out the door. currently our network topology as is follows:
{Internet}-{Modem}-{SBS03}-{Unman. Switch}--{WLAN AP)<(Wireless Clients)
(Wired Clients)what i am thinking about doing is this:
{net}-{Modem}-{Unman. Switch 1}-{SBS08}-{Unman. Switch}-{WLAN AP)<(Wireless Clients)
|| (Wired Clients)
||
{Guest WLAN AP)<(Wireless Guests)with the Guest WLAN AP acting as a router, and the SBS08 acting as a Router. the Guest WAP would have a subnet: 192.168.100.0/24 and the SBS08 would have a subnet: 192.168.16.0/24 this way the SBS08 server would see all the traffic from the Guest Network as "Outside" or Internet Traffic, and we could protect our network from it with the firewall on the server. these are my thoughts/questions: 1. Can we run 2 copies of SBS on the same domain? 1a. if not, can SBS2008 be primary DC, and a copy of Server 2003 Standard be Secondary DC? 2. Will the proposed network topology be secure/good idea for a Small business?
-
ok, we are attempting to add/update some functionality to our network and servers, and i have a view questions that i hope some of you brilliant people can help me with: currently we have an SBS2003 server setup with ~5 clients. After disputing the upgrade method, we decided to purchase a new Server with SBS2008. a couple of things we are looking at doing: 1. Create a Fail Over DC with the SBS2008 as Primary DC, use older server as Secondary DC. 2. Add Guest Wireless for clients. (reason this was posted here) these are my thoughts/questions: 1. Can we run 2 copies of SBS on the same domain? 1a. if not, can SBS2008 be primary DC, and a copy of Server 2003 Standard be Secondary DC? our budget is shallow, just barely enough to buy a decent server, so high-end networking is out the door. currently our network topology as is follows:
{Internet}-{Modem}-{SBS03}-{Unman. Switch}--{WLAN AP)<(Wireless Clients)
(Wired Clients)what i am thinking about doing is this:
{net}-{Modem}-{Unman. Switch 1}-{SBS08}-{Unman. Switch}-{WLAN AP)<(Wireless Clients)
|| (Wired Clients)
||
{Guest WLAN AP)<(Wireless Guests)with the Guest WLAN AP acting as a router, and the SBS08 acting as a Router. the Guest WAP would have a subnet: 192.168.100.0/24 and the SBS08 would have a subnet: 192.168.16.0/24 this way the SBS08 server would see all the traffic from the Guest Network as "Outside" or Internet Traffic, and we could protect our network from it with the firewall on the server. these are my thoughts/questions: 1. Can we run 2 copies of SBS on the same domain? 1a. if not, can SBS2008 be primary DC, and a copy of Server 2003 Standard be Secondary DC? 2. Will the proposed network topology be secure/good idea for a Small business?
jwalker343 wrote:
1. Can we run 2 copies of SBS on the same domain?
Yes if you have the licenses.
jwalker343 wrote:
1a. if not, can SBS2008 be primary DC, and a copy of Server 2003 Standard be Secondary DC?
Even if you don't use 2 x SBS2008, you can only use 2003 as a DC so long as you are not using any 2008 specific Active Directory features.
jwalker343 wrote:
2. Will the proposed network topology be secure/good idea for a Small business?
check out the following http://technet.microsoft.com/en-us/library/cc527583(WS.10).aspx[^] Personally I would look at firewalling your guest wireless network with ISA server. You could re-use an old PC and run one of the Linux firewall variations (Smoothwall etc..) Good luck.
Alan
-
jwalker343 wrote:
1. Can we run 2 copies of SBS on the same domain?
Yes if you have the licenses.
jwalker343 wrote:
1a. if not, can SBS2008 be primary DC, and a copy of Server 2003 Standard be Secondary DC?
Even if you don't use 2 x SBS2008, you can only use 2003 as a DC so long as you are not using any 2008 specific Active Directory features.
jwalker343 wrote:
2. Will the proposed network topology be secure/good idea for a Small business?
check out the following http://technet.microsoft.com/en-us/library/cc527583(WS.10).aspx[^] Personally I would look at firewalling your guest wireless network with ISA server. You could re-use an old PC and run one of the Linux firewall variations (Smoothwall etc..) Good luck.
Alan
Thanks Alan for the info: 1. I was under the assumption that running 2 SBS servers would cause problems: http://blogs.technet.com/b/sbs/archive/2007/10/04/debunking-the-myth-about-additional-domain-controllers-replica-dcs-in-an-sbs-domain.aspx[^] 1a. when running SBS2008 as my primary DC/AD/DNS i should be able to setup a Win2k3 server as a backup AD/DNS server and use the available features following this guide?: http://blogs.technet.com/b/rwagg/archive/2010/03/11/extend-your-server-2003-active-directory-schema-for-windows-vista-and-server-2008.aspx[^] 2. Following your advice, and looking at the smoothwall firewall, i would update the network config as follows: i have 2 WAN IP addresses from our ISP:
(Ext IP addy 1){net}-{modem}-{dumb Switch}=-{Smoothwall FW}-{unmanaged Switch}--{WLAN AP) < Wireless Clients
|| || || ||
|| (Wired Clients) (SBS08) (Win2k3 Backup AD/DNS)
||
||
{cheap Wireless Router} < Wireless Guests
(External IP Address 2)Thoughts or comments?
-
Thanks Alan for the info: 1. I was under the assumption that running 2 SBS servers would cause problems: http://blogs.technet.com/b/sbs/archive/2007/10/04/debunking-the-myth-about-additional-domain-controllers-replica-dcs-in-an-sbs-domain.aspx[^] 1a. when running SBS2008 as my primary DC/AD/DNS i should be able to setup a Win2k3 server as a backup AD/DNS server and use the available features following this guide?: http://blogs.technet.com/b/rwagg/archive/2010/03/11/extend-your-server-2003-active-directory-schema-for-windows-vista-and-server-2008.aspx[^] 2. Following your advice, and looking at the smoothwall firewall, i would update the network config as follows: i have 2 WAN IP addresses from our ISP:
(Ext IP addy 1){net}-{modem}-{dumb Switch}=-{Smoothwall FW}-{unmanaged Switch}--{WLAN AP) < Wireless Clients
|| || || ||
|| (Wired Clients) (SBS08) (Win2k3 Backup AD/DNS)
||
||
{cheap Wireless Router} < Wireless Guests
(External IP Address 2)Thoughts or comments?
Greetings, I can see why you have a confusion but your problem really hinges on the question of 'what are you trying to achieve?'. Personally I think of SBS as the B@s'd child of Windows, Exchange and anthing else that got in there at the time. True it serves the purpose for SME's but there comes a point where you have to ask if you need to grow beyond SBS, which I suspect you might, then maybe full products might be more cost effective in the long run. However if we put that aside for a second, try and think of your infrastructure in terms of the services you need to provide and then slot in the products to suit. As I read what you have said I think you could use the SBS install media to install Windows ONLY and then promote this to a DC within the domain independant of the SBS install process. So my advice would be to re-evaluate what it is you need and then build it. If you don't need all of SBS then don't pay for it, just use a base Windows license. Why not try it, i.e. build up a machine and use the 30 activation period to test. If in doubt call Microsoft? Just make sure you know what you are trying to achieve before you do because if you don't know what you want how is anyone going to be able to help. After all no matter what my good intentions might be my advise is not guarenteed (unless you pay for it ;) ) As for your network. Yes you are getting the idea BUT do you really want to give unfettered access to the internet to your guest wireless? What if the police come knocking and ask you who was downloading 'xXx' material? How do you prove it was not someone in your organisation? So my suggestion would be as follows.
(Ext IP addy 1){net}-{modem}-{Smoothwall FW}---------------{unmanaged Switch}--{WLAN AP) < Wireless Clients
|| || || ||
|| (Wired Clients) (SBS08) (Win2k3 Backup AD/DNS)
||
||
{cheap Wireless Router} < Wireless GuestsThat is put a 3rd network card into the Smoothwall (or alternative) and log EVERYTHING from the guest network. An additional NIC is probably cheaper than a dumb switch and although it is a little more configuration it will pay you dividends in the long run. I have used this scenario for years, admitedly using ISA, on my own desk. Yes I know this is overkill but I do some testing of Malware and this allows me to put anything where your wireless guest will be and be
-
Greetings, I can see why you have a confusion but your problem really hinges on the question of 'what are you trying to achieve?'. Personally I think of SBS as the B@s'd child of Windows, Exchange and anthing else that got in there at the time. True it serves the purpose for SME's but there comes a point where you have to ask if you need to grow beyond SBS, which I suspect you might, then maybe full products might be more cost effective in the long run. However if we put that aside for a second, try and think of your infrastructure in terms of the services you need to provide and then slot in the products to suit. As I read what you have said I think you could use the SBS install media to install Windows ONLY and then promote this to a DC within the domain independant of the SBS install process. So my advice would be to re-evaluate what it is you need and then build it. If you don't need all of SBS then don't pay for it, just use a base Windows license. Why not try it, i.e. build up a machine and use the 30 activation period to test. If in doubt call Microsoft? Just make sure you know what you are trying to achieve before you do because if you don't know what you want how is anyone going to be able to help. After all no matter what my good intentions might be my advise is not guarenteed (unless you pay for it ;) ) As for your network. Yes you are getting the idea BUT do you really want to give unfettered access to the internet to your guest wireless? What if the police come knocking and ask you who was downloading 'xXx' material? How do you prove it was not someone in your organisation? So my suggestion would be as follows.
(Ext IP addy 1){net}-{modem}-{Smoothwall FW}---------------{unmanaged Switch}--{WLAN AP) < Wireless Clients
|| || || ||
|| (Wired Clients) (SBS08) (Win2k3 Backup AD/DNS)
||
||
{cheap Wireless Router} < Wireless GuestsThat is put a 3rd network card into the Smoothwall (or alternative) and log EVERYTHING from the guest network. An additional NIC is probably cheaper than a dumb switch and although it is a little more configuration it will pay you dividends in the long run. I have used this scenario for years, admitedly using ISA, on my own desk. Yes I know this is overkill but I do some testing of Malware and this allows me to put anything where your wireless guest will be and be
Thanks agian Alan for all your help, i think the proposed will work perfectly.