Re: Security Best Practices; combining server roles (long)
- From: "Bryan L" <blinton.nospam@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 20 Feb 2007 11:57:42 -0600
Jim,
Thanks for the reply. I was aware of 1 and 2, thanks for the advice on 3,
and I agree with you on 4. As for 5, that's also very helpful. I think
I'll check into how much resource usage to expect from a typical DNN site
and see if I think my SBS can take it. I think the site sees frequent but
lite usage, so as long as DNN doesn't add a lot of additional overhead it'll
probably work out fine. I do hesitate to use SBS for security reasons, and
to avoid additional complexity on the SBS box, but it may be the lesser of
my evil options. :-) Only employees will use the published site, and even
then the use will seldom be direct (our intranet and published CRM app wrap
the in-out board, which is the main reason I'd like to get it published;
employees are used to it working when in the office and are disconcerted
when it doesn't appear during offsite use of the CRM system. Well, that
reason, and the fact that the owner keeps asking about it. :-) ). I may
check back for advice on the most secure way to implement this if it ends up
being the way I go.
Thanks again.
Bryan
"Jim Martin [MSFT]" <jimmart@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:p6myHQLVHHA.532@xxxxxxxxxxxxxxxxxxxxxxxxx
I don't have a complete solution but I can perhaps give you some guidance
from the SBS perspective.
1. All of the SBS components (IIS, Exchange, Sharepoint, AD, etc,) are
licensed to run only on the SBS server, so there are licensing limitations
that affect what you can move where.
2. You can have multiple DCs in an SBS domain but the SBS server must a
GC
and must own all of the FSMO roles.
3. If you choose to move a website to the SBS server, PLEASE do not
install it on the Default Website. Create a new website in IIS and
install
it there. A lot of the SBS components have virtual directories on the
Default Website and a quick way to break all of that is to make chnages to
the root of that website.
4. I don't know much about your CRM product from a technical perspective,
but I would heed your vendor's advice.
5. Running a publicly accessible website on the SBS server would
certainly
incerase your security exposure, but it is not an uncommon thing and as
long as you configure your website properly you can reduce the risk.
Jim Martin - (MSFT)
jimmart@xxxxxxxxxxxxxxxxxxxx
Microsoft Corporation
.
- References:
- Re: Security Best Practices; combining server roles (long)
- From: Jim Martin [MSFT]
- Re: Security Best Practices; combining server roles (long)
- Prev by Date: Stand Alone
- Next by Date: SBS with only a network card
- Previous by thread: Re: Security Best Practices; combining server roles (long)
- Next by thread: Change Network login password
- Index(es):
Relevant Pages
|
Loading
