Adding a second server to SBS Domain 1

[TimRegester]

My client has asked me to add a second server to the network, I am under explicit orders that it should be non microsoft, so I am thinking Linux/Unix/OS X running Samba with opendirectory and full AD compatibility (which I know works with Server 2003) the main reason is to take away some of the heat off the overloaded SBS server.

But all I read on here is that you cannot add a second SBS server, Certainly not one running all the services as they would conflict, but would SBS object to another server in the forest and are there any other gotchas I might face.

 

[TimRegester]

It is SBS premium so this a SQL server upgrade has been added to the SBS reconfig wishlist.

Having an dedicated edge/router/vpn endpoint is general network best practice. I remain convinced that no version of ISA will ever outperform a dedicated firewall from sonicwall or checkpoint including zonealarm and i am convinced it remains an unnecessary task for an SBS server. Not even a Sun server configured to route will do routing better than a router. Routers should route, switches should switch (and in layer 3 form route) and servers should serve, this is common sense.

Sage is slow, everyone agrees, except apparantly it has been found to run faster when the data is held on a samba share on a linux server, make of that what you will.

 

[TechSoEasyMVP]

Whatever.

I do wonder why you posted a question seeking advice and then when a dozen qualified professionals offer it to you it doesn't make a difference in your opinion.



Jeffrey B. Kane
TechSoEasy

http://www.techsoeasy.com

Blog:

http://techsoeasy.spaces.live.com

 

[markdmac]

If you need to do packet level filtgering then a hardware firewall is the way to go. If you need to do application level filtering or just port filtering then ISA is the right tool for the job.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[dkediger]

I generally use a hardware FW in combination with ISA for the reasons Mark just stated. Having, say, a Sonicwall do the port filtering right off the bat makes a lot of sense. It also creates a nice physical DMZ for guests to use that need an internet drop while keeping them physically out of the main network - KISS.

App filtering with ISA is nice, and much more configurable than ANY entry to mid level harwdware FW. With those, you rely on the vendor's app definitions if the feature is provided at all. Publishing multiple websites via a single public IP - without relying on host headers/site code is another nice feature. Let's not forget about the dekstop firewall and ISA's ability - in a Window's environment to integrate there as well.

In short, defining the "performance" of a firewall solution has progressed beyond looking at just one single solution or device. Its a multi-layered culture from the edge to the core to the desktop that must be considered as a whole - even, actually I would say especially, in a "small business" environment.

 

[dkediger]

Sage is slow, everyone agrees, except apparantly it has been found to run faster when the data is held on a samba share on a linux server, make of that what you will.

I would still suspect a difference in anti-virus scanning environments - likely for whatever reason the Sage DB directories are getting scanned on access under native Windows and aren't under Samba.