Re: Installing new SBS 03 server. Will that be 1 Nic or 2 ?
- From: TravisF <tdqh1922@xxxxxxxxx>
- Date: Fri, 15 Jun 2007 19:13:19 -0000
On Jun 15, 2:49 pm, "Dave Nickason [SBS MVP]"
<gwdib...@xxxxxxxxxxxxxxxxxxxxxx> wrote:
The only difference I'm aware of with SBS DHCP is that it's configured by
the CEICW.
Are you familiar with Remote Web Workplace? You may find that you don't
need VPN for anything. I use VPN because I need two-factor authentication.
At the time I set all this up, there was no two-factor auth product for RWW,
but there is now. http://www.scorpionsoft.com/products/rww-guard/index.html
I guess technically 2 NICs would be more secure, but hopefully the SonicWall
makes that irrelevant.
"TravisF" <tdqh1...@xxxxxxxxx> wrote in message
news:1181932105.433762.118110@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jun 15, 2:12 pm, "Dave Nickason [SBS MVP]"
<gwdib...@xxxxxxxxxxxxxxxxxxxxxx> wrote:
I don't disagree with Leythos about the single NIC, although as an
old-school SBS'er, I fully expect to be struck by lightning as soon as I
hit
"send."
I installed my current SBS in February of 2006 and have not had any
unplanned down time since - literally none at all. I use RAID with a hot
spare, and when the server was about 6 weeks old a drive failed.
However,
the controller failed it over to the hot spare, so there was no
degradation
of performance - I didn't even notice the dead drive for about a day. I
buy
redundant power supplies, although I don't ever remember one failing, and
use good UPSs.
I've never had a problem with my SonicWall either, which I consider a
pretty
bulletproof device. I'm not 100% sure how the VPN thing works with
SonicWall. If you have the VPN connections terminate at the SonicWall, I
think you need the licenses, but if you just pass the VPN connections
through the SonicWall to the SBS, I'm pretty sure you don't need them. I
just pass the connections through to the SBS, and it never seems to see
more
than one connection at a time. You could test that before spending money
with SonicWall. I can't think of why a 1- or 2- NIC configuration would
matter with regard to VPN, unless of course you had ISA, which requires 2
NICs.
DHCP on the SBS is configured with the CEICW. There's no work,
configuration, or maintenance involved. The SBS pushes out more
information
through DHCP than the SonicWall is aware of (such as DNS and WINS), so
you'd
have to figure out what that information is, then configure the SonicWall
with that information. If anything changed, the SonicWall would be
giving
out the wrong information. Features like the change IP wizard would not
work properly. It seems like a fair number of people have trouble caused
by
using something besides SBS as the DHCP server, while those who have
problems doing DHCP on the SBS are those who tinker with it or try to
reinvent the wheel.
"TravisF" <tdqh1...@xxxxxxxxx> wrote in message
news:1181927984.394442.289700@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jun 15, 9:41 am, TravisF <tdqh1...@xxxxxxxxx> wrote:
Hi all;
I will be installing a new sbs 03 server where I work soon as a domain
controller, general file/print etc and I have a couple of questions
and points regarding method of connectivity.
This may seem obvious to some but read on anyway.
If anyone has the time for a couple of suggestion, I thank you in
advance.
My existing environment consists of approx 20 people/pcs, a few
printers, peer to peer only.
They all connect to a newly installed sonicwall router. It supplies
dhcp, firewall and is wan connected to a bell dsl router supplying
internet connectivity, webmail etc. Simple enough.
The standard way to setup an sbs server/DC is with 2 nics - 1 on lan
side, 1 facing wan/router etc. ok makes sense but.... I might use a 1
nic server "hanging off the lan" for these reasons:
1. With 2 nics, I see that as a single point of failure - the server
itself - because everything must go thru it to get an ipaddress, dns,
internet connectivity. I'm afraid that well, if the server goes down,
then users get nothing, no internet, no email because everything goes
thru the server.
Setup a 2nd DC answer is the standard way to go, I know, but that will
likely not happen in my case.
2. I know the 2 nic method is more secure. If that's the only reason
ok but put that aside for now.
3. With server having only 1 nic (hanging off the lan, not in series)
it would be connected to a common switch on the lan.
Users would still get dhcp and internet connectivity thru the existing
sonicwall router and bell dsl modem. (NOT thru the DC) . "Normally"
they would login to the DC get access to files etc.
4. BUT IF there's a server problem, emerg maintenance etc., with 1 nic
server, hanging off the lan, users don't HAVE to login to it. They
could login locally and still get their email and internet
connectivity - which is extremely important here in my case.
5. As well, how about this: Still with the 1 nic method, setup
redirected "my documents" folder beforehand and offline file access.
Now, IF the DC is not available, at some point, they will still have
dhcp, internet, email AND offline file access.
It certainly better than no access.
I've worked with Netware servers in the recent past and this is how we
had things setup generally. I've maintained aspects of sbs 03 servers
as well more recently.
With my old job in the corporate environment, dhcp was supplied from
the US (I am in Canada), local Netware servers were onsite. If dhcp
was down, we logged on locally, no problem.
I know its a different security model with DCs, but that part of it is
not a big deal here.
Comments? I'm just looking for a way to have system access fault
tolerance, if you will, so when things go bump, or WHAM!, we are not
caught dead in the water. Maybe this still can be done with the 2 nic
server?
Thanks
Travis
wow thanks there guys. Great responses.
If I may comment...
I guess it comes down to is that everything is a case of risk
management and we have to make choices.
Mike yes I did forget about cached creds. Ok on that one.
"then you can always plug the sonicwall back
in and then the users can get internet access again. "
I guess what I'm goin for is as much focus on uninterrupted service as
on downtime headaches.
That's more important where I am - business hours go beyond 9 2 5 and
on weekend sometimes (Pharmacy). I'm the only IT guy here. So I was
big on fault tolerance before, I am HUGE on it now for these reasons
With 2 nic server, if the server has problems when I'm not here,
eventho yes they will have an ip addr with cached creds, how can they
get online (outside email etc) if the physical server is offline?
I'm gonna use raid1 on the os drives and raid5 on the data drives on a
quality server.
Absolutely agree an quality gear! NP there.
Charlie you say the single nic (hanging off the lan) solution as I
presented it is ok.
I'm suprised - I thought coming from the MS side, a conventional setup
would have been more encouraged.
ok cool.
All you guys are insisting on sbs dhcp. Hmmm. I've setup dhcp on some
windows 2003 servers and its pretty easy.
But the sonicwall is doing fine with it now. Not sure I see the
benefit of changing it. Maybe dns related?
I may just go with static ip since there's not many anyway.
Dave I agree single points of failure are everywhere, but I see an
appliance like the sonicwall as being more "stable" for lack of a
better word as far as SPof F. No spinning disks, updates, lesser
potential attacks. etc. But yes point taken.
The sonicwall's firewall is default settings. We may use sbs vpn in
near future - we have only a couple vpn licenses on the sonicwall. I'm
guessing a 2 nic setup is more secure in this case? Or indifferent?
Would I have to enable RRAS with 2 nic setup BTW? Would there be NAT
between the 2?
Thanks again.
Travis
All sounds good.
Yes Sonicwall's vpn terminates at the lan. It comes with one vpn
license and you have to buy additionals at about $50 each. Since we
don't have a server here yet, we have 2 licenses for now. Will likely
go with sbs vpn afterwards if needed as you described. Isn't dhcp
config on sbs 03 same as server 2003? Dang.. hope so. I'd gotten used
to the methods in server 2003 - I hope sbs is not too different. Can't
see why they would be.
Wouldn't the 2 nics though give u additional security ? i.e. nat
between 2 cards? Just wondering.
Thanks
Wooah. scorpionsoft . price has quite the "sting" to it.
.
- Follow-Ups:
- Re: Installing new SBS 03 server. Will that be 1 Nic or 2 ?
- From: Charlie Russel - MVP
- Re: Installing new SBS 03 server. Will that be 1 Nic or 2 ?
- References:
- Installing new SBS 03 server. Will that be 1 Nic or 2 ?
- From: TravisF
- Re: Installing new SBS 03 server. Will that be 1 Nic or 2 ?
- From: TravisF
- Re: Installing new SBS 03 server. Will that be 1 Nic or 2 ?
- From: Dave Nickason [SBS MVP]
- Re: Installing new SBS 03 server. Will that be 1 Nic or 2 ?
- From: TravisF
- Re: Installing new SBS 03 server. Will that be 1 Nic or 2 ?
- From: Dave Nickason [SBS MVP]
- Installing new SBS 03 server. Will that be 1 Nic or 2 ?
- Prev by Date: Re: SSL Certificate Error
- Next by Date: User over quota, but where?
- Previous by thread: Re: Installing new SBS 03 server. Will that be 1 Nic or 2 ?
- Next by thread: Re: Installing new SBS 03 server. Will that be 1 Nic or 2 ?
- Index(es):
Relevant Pages
|
Loading
