My first server room - please be gentle :) 1

[Silmeron]

Hi guys,

I'm putting together my first server room for a small company (25 people at first, going to a max of 50 in a year) and was hoping for some pointers. We purchased the following so far:

1) Dell PowerEdge 2600 (with 2 CPU's, 1GB of RAM, redundant PS, Server 2003)
Plan to have this handle:
- Company E-mail
- FTP access (our website is managed by an ISP, just need a spot to share specific files with contractors, etc.)
- Domain controller
- Internet proxy

2) Dell PowerConnect 24-port gigabit managed switch
3) Dell PowerVault NAS with 400GB of space for all file serving of project work, shared data, etc.

Any recommendations for:
- Hardware Firewall (for 50 user max company)
- E-mail server that works really well with Outlook, supports distribution lists, and can send auto-replies (e.g., "We received your e-mail, this is an automated response", etc.)
- Any other equipment I should consider?

Thanks,
-S-

 

[NickFerrar]

You don't mention tape backups at all - I hope you plan on backing both the email and NAS server up!

Personally I would buy an infrastructure server and run it as a domain controller with DHCP, DNS and WINS on it - the email server would just be an additional DC for redundancy.

I would also split Internet stuff (hosting/proxy) onto a different server, it adds a lot more security issues and is just easier to manage if you don't have to worry about messing about with the comapny email every time you want to reconfigure the IIS server etc.

For email I've only ever used Exchange server so if you don't want to use that no clue on alternatives.

For firewalls we use Checkpoint FW-1 on either Intel (PowerEdge 2450's) or Sun boxes. The Nokia IP boxes are nice if you want a ready made solution, they run a version of Checkpoint on them with a hardened OS. Other than that maybe a Cisco hardware FW.

 

[NickFerrar]

Oh and make sure you get a decent air con unit for the room

 

[Zypher123]

Hi,
I can Recomend Netscreen Firewalls as an security solution, and I agree with Nickferrar that Exchange server is pretty much the right Solution for you, the Infrastructure to, try to split up the different services in smaller pieces and different servers, that way you will not loose that much data or time when restoring the services. And Coling is more important than you maybee think, the lifetime of hardware for eg. The hardrives and the cpu is shortened considerably in a server room that holds 30 degrees or more.
Even if the bigest word out today is Cosolidation, i cannot agree with them on everything.
Good luck with your project

 

[polymath5]

I agree with the above recommendations, with a couple of other suggestions.

WatchGuard makes some nice hardware firewalls. And for email, definitely check out MDaemon. I've used it for a long time in many different environments, never fails, easy to setup, does what you want, and is a LOT less expensive than exchange.

So, get a good backup system (could cost as much as a small server, but worth it!!). If you do get exchange, it's gotta be on it's own box.

In a lot of ways consolidating servers is a great idea, but always be aware of the dreaded "Single Point of Failure"!

=============
Mens et Manus
=============

 

[jkupski]

If you're looking at Win2k server, and you're planning on running Exchange, I'd look into Microsoft's SBS2000.

It's an "integrated" product that includes Win2k Server, Exchange Server 2000, SQL Server 2000, and (I believe) ISA Server. It supports up to 50 users.

It will be cheaper than a simple Win2k + exchange setup, and give you more functionality.

You might also look at some flavor of Linux, considering this is a small business that's just scaling up and probably doesn't have any legacy apps to worry about. If you don't need Exchange's groupware features and are only interested in email, it's probably a better choice anyway (and free.)

Postfix or qmail for email, Samba for filesharing (and to serve as yur DC if all your clients are windows based) various ERP/MRP suites (some free, some not) CRM, etc.

 

[Zypher123]

Ohh I almost forgot to mention this... hummm baaaad meee!!!
A good Antivirus system both for the Servers, clients and the incoming mail is a must have in todays virus world.. I can strongly recommend F-secures software, We are running a F-secure Policy server to distribute Scanning policys and Virus definition updates to all clients, and Antivirus on both server & client and F-secure SMTP/Exchange Antivirus scanner, this way you will probably not get infected, neither by mail or other ways, one more thing about netscreen that they are developing together with Trend Microvirus a Antivirus addin to their Firewalls, and do allso point out that you should rather run a Harwarebased Firewall system than an Software based one, Like Linux or MS ISA Server, there are bugs in the OS and those cannot will make an attack available on the system.

 

[technome]

Two cents...

Battery backup unit, I have apc 2200 model, but this is a large unit capable of over 100 minutes run time; 1000 to 1500 watts would be good. Keep a spare disk locked up for the NAS.
Anti virus.. best to have two versions running. I run Norton CE networkwide, and have F PROT and Mcaffe on my IMAIL server. If a virus gets past the email server, Norton CE scans it when Outlook clients open the email.
Anti-static floor mat for the server. I use a Sonicwall pro 100 for a firewall.
The managed switch is a good idea

 

[Silmeron]

First off, I want to say "THANK YOU!" to everyone for your comments. This has helped tremendously. If I could ask another piece of advice, in an effort to keep things simple, yet flexible, what kind of server configuration would you guys recommend that is reasonably redundant for a 25-50 person tops company. For example:

SERVER #1 - High end
--------------------
1) Connected to the Internet to serve webmail (e.g. mail.mywebsite.com)
2) Serves the internal company e-mail with Exchange Standard.
3) FTP server (not much traffic coming here, nor planned to)
4) Antivirus

SERVER #2 - Middle of the Road
------------------------------
1) Primary Active Directory/domain controller
2) Primary DHCP/DNS/WINS server
3) Time server
4) Print server for 3 printers

SERVER #3 - Crappy
------------------
1) Tape backup machine
2) Backup domain controller
3) Backup DHCP/DNS/WINS

SERVER #4 - NAS
---------------
1) File server

Does this seem like a fairly safe set up? Too many servers? Anything I'm missing?

Again, thank all of you for your assistance!

 

[polymath5]

Looks pretty good. Just be sure your backup solution can backup your NAS. Most of the time the NAS run advanced server, which requires a more expensive backup program.

Also if you all your clients are W2K or XP, you don't need WINS.

=============
Mens et Manus
=============

 

[pikk]

Just my two cents....

For Internet...I run a Linux box (very secure) as a gateway. All traffic goes thru it...in and out. Also have a seperate Linux VPN PC(running FreeSwan). For a server...nothing fancy. A PDC and a seperate BDC. I run a Dell 2300 for my Exchnage Server v. 5.5. My choice for UPS? Powerware's 5125, and APC 1450 and an Alpha 700 for my Norstar switch.

Pikk

 

[NickFerrar]

I would do it slightly differently...

Firstly I'm assuming you are doing firewalling separately, either on another dedicated server or via a router with firewalling built in.

In terms of Dell models I would do:

Server 1 - Dell PowerEdge 2600 (with rackmount chassis kit)
Single CPU
1GB RAM
3 x 36GB drives (10k rpm) - this gives about 55GB usuable data area in RAID5, add more disks if needed.
PERC4 Raid card
Redundant PSU
LTO drive
etc etc

This server would be the Exchange server and backup server for the domain controllers.

Server 2 - Same as above
This would be the file server, print server and a DC

Server 3 - Dell PowerEdge 1650 or 1750
Single CPU
512MB RAM
2 x 36GB drives (mirrored)
PERC card
Redundant PSU
etc etc

This server would be the main DC and infrastructure services server (DHCP, DNS, WINS).

Server 4 - Same as above
This would sit on the DMZ and be your Outlook Web Access (OWA) server for web mail and FTP etc.

In addition you should think about an AV and Proxy server, could both sit happily on the same PowerEdge 1650/1750.

 

[Silmeron]

Thanks everyone!

-S