Small Business Design Help

[ToddGivens]

Hey everyone,

We are using one windows small bus server 2003 as a multifunctioning machine. We are using this one machine as a file server, exchange server, web server (iis) and sql server.

To help alleviate processing power and increase security we are buying a separate piece of hardware and a standard windows 2003 version.

Any design tips?

My thoughts:
Since exchange and sql are bundled into the Small bus server OS, should I put this on the perimeter (DMZ) network and use the standard version as our internal file server. This would mean that active directory would be in the DMZ.

Or, should I use the standard windows version as just a webserver in the DMZ and exchange, sql and file server would be handled by the internal small bus server.

Thanks,

Todd

 

[Jpoandl]

My thoughts:
Since exchange and sql are bundled into the Small bus server OS, should I put this on the perimeter (DMZ) network and use the standard version as our internal file server. This would mean that active directory would be in the DMZ."

I don't think this is a good idea.. I would stay away from putting my Domain controllers (DNS,WINS, FSMO roles, etc) on the DMZ.

Most small companies with one or two servers would keep thier servers internal. There is no need for a DMZ unless you have a web server that is doing something special (like passing information back to a database or something). If you just have a simple read only web site, I would just keep it internal and protect the server using the WEBURL lockdown tool or IISLockdown tool (from MS) and a firewall.

In fact, it would most secure to host your website on an ISP server or a third party web hosting server (like Yahoo small business). This way, the web piece is out side of your network entirely.

As far as your Exchange OWA server, I would just keep this internal and protect with a firewall.

-later

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[fdalmoro]

I think you should stick to plan B -> IIS on DMZ everything else inside the firewall. At most, since IIS is not a hog per say, you can also combine IIS and Exchange on the same server to balance out usage between the two servers.

IIS and Exchange are designed to interact with the internet whereas SQL and File sharing are mainly LAN services.

Fernando

 

[ToddGivens]

Thanks for your help. I needed some reassurance.

-Todd

 

[dkediger]

I don't believe the SBS bundled Exchange/SQL, etc will install on anything but the SBS server.

In one of my setups, I have SBS premium (Exchange/SQL/ISA), 2003 Server Web edition for 3 public web sites, and a 3rd 2003 Standard server used for app development.

Everything is on the internal protected LAN behind a firewall appliance and ISA server. No problems with connectivity to the public web sites, or to Outlook Web Access or the Remote Web Workplace from external computers.

 

[lgarner]

That's correct- you can't split the components. Any software to be installed on the Win 2003 standard server needs to be purchased for that one. Then you can just stop running the software on the SBS server, if you go that way.

I'd go with IIS in the DMZ on the 2003 std server, since all Windows servers do come with that anyway. Leave Exchange & the rest on the inside segment for more protection.

 

[dkediger]

I'll note that I have my web server on the internal LAN because I can take advantage of ISA server's Web Publishing rules to publish the 3 web sites with 1 public IP.

Otherwise, if I placed it in the DMZ, I'd have to use ISA server publishing, or basic public server port forwarding at the firewall, which is a lot less flexible.