RE: New Install of SBS 2003?
- From: Dan <Dan@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 22 Aug 2006 14:27:01 -0700
Owen -
Thanks for the information. It gives me a lot to think about. I really
think I need just the basic firewall. I am not so concerned about things
getting out as just keeping stuff/hackers/etc from getting in. I'm going to
delve into this some more and I may have a couple of other questions. Thanks
again to all of you for your input. If you have other suggestions - I am
open to the ideas. Anything I can do to set up well in the beginning will
ease headaches in the end!
"Owen Williams [SBS MVP]" wrote:
In article <5DCB29E2-FCDF-4678-B359-CD5194E819C0@xxxxxxxxxxxxx>,.
Dan@xxxxxxxxxxxxxxxxxxxxxxxxx says...
Here is the updated information on our specs.
We have a server tower designed to hold multiple harddisks. However I only
have one plain old everyday Standard IDE ATA disk on the machine for now. It
is a 60 gig drive. There is also the obligatory floppy drive and CD ROM.
The RAM for the machine is at 512 MB. The processor is an Intel Pentium4 at
1.7 ghz.
The computer is approximately 4 years old so we may be needing to think of
replacement anyway (atleast for the drives). Any advice on what to do or if
this system will work for SBS?
I agree with LanWench that, although this computer has been good to you
up to now, it's time to move on, along with your move to SBS.
To support 9 client computers, 1GB of RAM is the bare minimum and 2GB
would be the "sweet spot." If money is tight - and I know it tends to
be in many churches - configure the server with 1GB but make sure
another 1GB can be added later (i.e., memory slots are available).
While some SBS consultants prefer RAID5 or even multiple RAID arrays
(such as RAID1 [mirroring] for the operating system and RAID5 for data],
I can tell you I have had good results with a single hardware RAID1
mirror set (partitioned into 2 volumes) using SATA drives for networks
with fewer than 10 computers. But it really depends on exactly what
your users will be doing. If they send and receive a lot of e-mail,
have a line-of-business application using a SQL database, and start
hitting the Sharepoint/Companyweb site hard, your performance will
suffer with only a single RAID1 array.
My Router is currently a Linksys BEFSR41 with 4 ports. Attached to that I
have another Linksys Switch - it is the 16 port EZXS16W switch. Our
internet connection is through a broadband with the local cable company.
This is an area of passionate debate among SBS consultants, and the
debate can get - ahem - religious. The BEFSR41 is a simple NAT (network
address translation) router. Many SBS consultants would not be caught
dead using it with a single-NIC configuration, athough it might be
acceptable front-ending a 2-NIC SBS Premium running ISA.
For 1-NIC configurations, some SBS consultants insist that a "true
firewall appliance" is the minimum acceptable device. The big names
here for the small business space are SonicWall and WatchGuard, both of
which can be pricey. I have been evaluating the D-Link DFL-200
(http://www.dlink.com/products/?pid=354) as a lower-cost (about $215)
alternative for very small networks (my customer niche) and so far like
its capabilities. But be aware that with greater capabilities comes
greater complexity: all of these appliances require some good firewall
knowledge to setup properly.
As is happens, the SBS MVPs have recently been discussing among
themselves this very issue (i.e., simple NAT router v. firewall
appliance in 1-NIC SBS configurations). I won't bore you with the
details. Suffice it to say that, notwithstanding the gloom and doom
warnings of using NAT routers here, some of us have been doing so for
years and - so far, at least - those networks have not been hacked.
This presumes the network is being kept up-to-date with security
patches.
It really depends on what you need the firewall device to do. NAT
routers just prevent unsolicited incoming network traffic from reaching
your internal network and more-or-less hide the internal network from
the Internet. True firewall appliances can do a great deal more, such
as preventing certain outgoing traffic from reaching the Internet (for
example, Windows file & printer sharing protocols), directing certain
traffic to a specific network jack on the device (the DMZ, or
demilitarized zone), scanning incoming traffic for dangerous file types,
and allowing you to set up a second (and separate) login to the
appliance before you can use the remote access capabilities of SBS,
among many capabilities. Also, these devices are "business class"
rather than "consumer class", which often makes them more reliable.
I know this is a lot to take it. But that's why we're here and why you
may want to consider working with a qualified SBS consultant rather than
doing everything yourself.
-- Owen Williams (SBS MVP)
- Follow-Ups:
- RE: New Install of SBS 2003?
- From: Owen Williams [SBS MVP]
- RE: New Install of SBS 2003?
- References:
- RE: New Install of SBS 2003?
- From: Owen Williams [SBS MVP]
- RE: New Install of SBS 2003?
- Prev by Date: Performance Reports history
- Next by Date: Re: Pros and cons about AD filtering in Exchange
- Previous by thread: RE: New Install of SBS 2003?
- Next by thread: RE: New Install of SBS 2003?
- Index(es):
Relevant Pages
|
