RE: Web Server on SBS Domain

Andrew,
Typically the best and most practical approach is to Web Publish your
webserver behind your SBS just like how the SBS Setup configures RWW and OWA.

By doing so, you are able to take advantage of ISA's special application
filtering capabilities, which can be especially important today considering
the increasing number of exploits over port 80.

The architecture you're suggesting has the following drawbacks
- You didn't specify a firewall ahead of your webserver, did you intend for
it to be naked?
- A VPN connecting a highly exposed target to your private network is not
the best idea.

An alternative that is something like what you describe but much better is a
back to back FW DMZ... a FW in front that controls what traffic can touch
your webserver in the DMZ and what traffic might be forwarded to a second
firewall between your Webserver and your LAN. There are plenty of
descriptions on the Internet if you want to consider that... but...

IMO you'll be fine simply relying only on ISA (maybe a small appliance in
front of your SBServer, too) to Web Publish your solution. This is also your
easiest to set up because your webserver will reside in your LAN (not another
zone), so your Webserver<>SQL security can be setup easily without having to
cross firewalls.

Tony






"Andrew CC" wrote:

> Hello everyone,
>
> Im currently running a web server box in my SBS2003 domain. Ive setup the
> ISA server to allow this. I know that this may not be the best idea. The
> ecommerce software I use needs the server to access the sql server on the SBS
> 2003 box. I was thinking of taking the web server off the domain and
> connecting it directly to the internet and creating a vpn attached to the
> local network so the SBS server and Web server can exchange information.
> Here are the questions I have:
>
> 1. Is this a good setup? What type of vpn should I use?
> 2. Should I do the VPN over the internet or should I connect the computers
> together (crosswire cable) for increased speed and security and run the vpn
> that way?
>
>
>
>
> --------- N2
> | N1 SBS2003 (ISAserver2000+SQL)
> | |
> VPN Router
> | |
> | N1
> |--------N2 Web Server
>
> N1 – Network Card 1
> N2 – Network Card 2
>
.

Relevant Pages

  • Re: Inherited botched w2k3 SBS install, is this recoverable?
    ... continue installing rest of the SBS Components. ... Server Setup. ... Microsoft Windows Small Business Server Setup, ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: Setting up exchange server
    ... If you ever decide to try again with SBS then come back to this ... backup, the server came with Symantec Backup Exec 10d Small Business Server ... your SBS setup but get it done right. ...
    (microsoft.public.windows.server.sbs)
  • Re: How do I reinstall setup.exe file for clients in server?
    ... Deployment on SBS to rebuild client setup application. ... We need to select "Windows Small Business Server 2003" but not ... | installation was made late September. ...
    (microsoft.public.windows.server.sbs)
  • Re: Best way to connect via wireless in new SBS install?
    ... I have just setup someline very similar for a client of mine. ... and setup DHCP on the server. ... this means that all local internal network traffic ... I've seen so many posts suggesting using SBS ...
    (microsoft.public.windows.server.sbs)
  • Re: newbie: a/d design and setup
    ... > I would highly recommend purchasing a Small Business Server book to read ... > If all the sites have high speed internet access, you can setup the SBS at ... then setup a VPN tunnel to the other sites. ...
    (microsoft.public.windows.server.sbs)
Loading