Re: SBS to SBS VPN
- From: "Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 9 Nov 2007 19:11:28 -0500
Is your SBS 2003r2 you have the Premium or Standard version? (You'll need
the Premium version of SBS r2 unless you're going to do a fresh install on
the current SBS 2000 hardware).
There are a few ways to do this but I believe the better approach would be
to make the Windows 2003 Server in the branch office a Domain Controller
(and Global Catolog) in the same domain as the SBS 2003 . VPN can be via
hardware devices or using RRAS.
Some references...
An Alternative Approach to Building an SBS Branch Office
http://www.windowsitpro.com/articles/print.cfm?articleid=49788
Connecting a Remote Office to a Small Business Server 2000 Network
http://www.microsoft.com/technet/prodtechnol/sbs/2000/maintain/remotofc.mspx
Connecting a branch office
http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/a8f0e15e22a47b4f/cfa92cf1b1062f32?hl=en&lnk=st&q=SBS+remote+Office#cfa92cf1b1062f32
Branch office with SBS and a standard server
http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/12a6c8e3e69135f7/22dd82667f3cab7c?hl=en&lnk=st&q=sbs+branch+office#22dd82667f3cab7c
sbs2003 and remote office connection
http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/9fe86a7747b162d3/01bf6f8cd0e1d37c?hl=en&lnk=st&q=SBS+remote+Office#01bf6f8cd0e1d37c
--
Merv Porter [SBS-MVP]
============================
"Jay" <Jay@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:66543930-F62D-4CD7-A6C6-E559274CA2D6@xxxxxxxxxxxxxxxx
Merv:
If I install a Win 2003 Server at the new location and upgrade the SBS2000
to SBS2003r2 at the original location, then the users on the Win2003
Server
side would only be opening Word and Xcel files. The users on the SBS2003
side would be opening a Timeslips database, but would have the TS app
installed on their local clients. Users on the Win2003 Server side would
remain on the SBS exchange and use Outlook over https and could use OWA.
I
think that because I am not planning on running apps across the VPN, but
only
transfering data files, that I don't need a Terminal Server.
Can I establish a VPN between the two servers (SBS2003 and Win2003) that
is
always on that either side could access data in the scenario described
above?
"Merv Porter [SBS-MVP]" wrote:
Hi Jay,
Just a thought...
How many users do you have at the main office and at the branch office?
VPN can be very slow for the end user since a lot of raw data has to be
moved over your Internet pipe. This can take a lot of bandwidth. With
Terminal Server (TS), only keystrokes and screen shots are moved over the
Internet, which takes much fewer (server & Internet bandwidth) resources
so
the "end user" experience is far better. However, TS is not good for
heavy
graphics like CAD files and maybe even some LOB (Line of Business) apps.
Will you have a stable Internet Service connection between the main and
branch offices (99% + up time)? If so, unless you actually need a server
in
the branch office, you might want to consider buying Windows 2003 Server
software (just the license and software, no CALs), moving the new server
you
just bought to the main office and then installing Windows 2003 Server on
the new machine. Then configure it as a Terminal Server (TS) right next
to
the current SBS 2000 machine. You could then upgrade your current SBS
2000
server to SBS 2003 (as long as its not an OEM version of SBS 2003). In
fact, if your SBS 2000 hardware is adequate, I might recommend migrating
the
data from your SBS 2000 to the new SBS 2003 server you just bought and
then
using the current SBS 2000 hardware (with Windows 2003 installed) for the
TS.
NOTE: The SBS 2000/2003 CALs provide for access to the TS server, so
Windows 2003 Server CALs are not required to be purchased. However, you
will need additional SBS CALs to cover the branch office users remoting
in
via RWW if you don't have enough SBS CALs on the SBS 2000 (or SBS 2003)
server.
With a stable Internet Connection, the branch office users can connect to
the main office TS via RWW. Now, since all of the RWW work will be on
the
TS, those people using RWW will each need a legal copy of MS Office on
the
TS for writing to Word, Excel files once they establish a RWW-TS session
(this would be in addition to the MS Office copy that I suspect exists on
their current workstations). So, maybe more $$ here for these. If they
only need read access to these files, you could install the free Word and
Excel viewers on the TS.
SG hinted at this approach. It can be good from an administration
standpoint because all work is centralized at the main office (backups,
server maintenance/updates, LOB software updates, virus protection,
email,
etc.). One of the disadvantages is that if the Internet connection goes
down, those at the branch office may be put in idle mode until the
connection is restored. That's why I asked how good your Internet
Service
connection will be.
--
Merv Porter [SBS-MVP]
============================
"Jay" <Jay@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EF5D6B4F-F356-4071-A420-7C368EC4AC04@xxxxxxxxxxxxxxxx
Thank you. If I use the SBS2003r2 to upgrade our original server and
purchase a new Windows 2003 Server for our new location, can I
accomplish
a
Server to server VPN without a Terminal Server? We need a server at
our
new
location as there won't be unused PC's at our our original location for
RWW,
but do not want to have to purchase another box. Exchange would not be
an
issue as the users at our new site could access Outlook over the VPN
connection on our original SBS Exchange or OWA. The only disadvantage
here
would be that Remote Desktop to the 2003 Server and OWA on the SBS2003
would
be at two different IP's. So is this a possible configuration?
"SuperGumby [SBS MVP]" wrote:
Jay, I really think you do not want to go down this road. Been there,
done
that, have the scars to prove it.
Yes, it is possible to run two SBS cooperatively, distinct AD's, user
accounts, etc... But it is not something you want to explore due to
the
accident of purchasing a wrong product. When my good mate Jan and I
did
this
thing we explored it, planned it, played with it, weeks before
implementation, had test systems to play with, and just about decided
'to
heck with it, it's not nice'. In fact, last I knew (Jan and I no
longer
work
together, though we are still good mates) most cross-site access was
through
RWW, users at siteA would take control of PC's at siteB through RWW
when
they _had too_, primarily operating only at their 'home' site.
SBS2003 R2 gives the opportunity of doing this a much better way. More
expensive, but much cleaner. Implement SBS2003 R2 at the primary site
and
install Windows Server 2003 and a 2nd Exchange server at the 2nd site,
in
a
single AD. The alternative is preferred by many, install Windows
Server
Standard Edition into the existing AD as Terminal Services Application
Mode
and allow remote users acces only through Terminal Services, with
maybe
Outlook over HTTPS from their 'local' workstation.
I cannot in good faith assist with setup of the 'two distinct domains'
scenario. It's not something to do from notes via a newsgroup. I
affirm
that
it is possible but has its issues. Someone intending to do it needs to
work
out those isssues. Me? I probably wouldn't do it again.
"Jay" <Jay@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4241C020-FD4C-4B61-AC7F-AB3DDB990FAB@xxxxxxxxxxxxxxxx
The new users who are moving to the new location on the SBS2003 have
licenses
already on our SBS2000. We ordered the SBS2003 with 10 total, so
we'll
as
long as we control the access to the SBS2003 from the SBS2000 side
we
won't
have a CAL issue.
So, if I use a uniquie AD DNS, different IP scheme and Domain name
is
different, then I can connect the two? Can you spare any info on
how
to
configure the servers to connect to eachother at boot? SBS2000 is
using
ISA,
can I use ISA on either or bother servers? Currently do NOT have
VPN
hardware, can I use SBSServer or should I obtain external VPN.
Thanks.
"SuperGumby [SBS MVP]" wrote:
NOTE: In order for this to work the two SBS domains must remain
distinct
and
separate. They should not have the same AD DNS name and you will
require
additional CALs to cover access to both servers. (ie. users at each
site
will need SBS2000 CALs to cover their access to SBS 2000 _and_
SBS2003
CALs
to cover access to SBS2003.)
From the sounds of it I don't think you really want this.
"Jay" <Jay@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6608B547-DD48-4007-AA42-295DD39A76D2@xxxxxxxxxxxxxxxx
Ultimately, the users on the SBS2003 side want to be able to
access
a
shared
folder of Excel and Word files on the SBS2000 side. The users on
the
SBS2000
side want to be able to access a Timeslips database on the
SBS2003
side.
so
I thnk a Server to Server VPN that allows either side to initiate
access
is
desirable.
For Email, users will remain on their respective domain servers
for
Exhange,
and we plan to upgrade the SBS2000 to SBS2003 after the new year
to
get
OWA
and Mobile templates to the exisiting SBS2000 users.
Thanks for your attention.
"Kevin Weilbacher" wrote:
Well, if you do change the internal IP for the one server (say
10.1.0.x)
you
should be able to have users VPN, if that's your goal. You
mention
being
able to access share folders. What kind of data is being
accessed?
What
apps? How large are the files? How many users?
It's quite possible that configuring a Term Server at the first
site
might
also be a better solution.
--
Kevin Weilbacher [SBS MVP]
"The days pass by so quickly now, the nights are seldom long"
*
"Jay" <Jay@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:19DA5431-6A97-45AB-9FB3-9DAFA5E527FB@xxxxxxxxxxxxxxxx
YES. The original Server and the new one are both using
10.0.0.x,
but
I
havent put the new SBS2003R2 Server live yet so I could
reinstall
and
use
a a
different one. If I do that can I connect two SBS Servers
together
as
I
have
described ? If so, how?
"Kevin Weilbacher" wrote:
By any chance, did you use the same internal IP schema (like
192.168.16.x)
for both SBS systems?
--
Kevin Weilbacher [SBS MVP]
"The days pass by so quickly now, the nights are seldom long"
*
"Jay" <Jay@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7C218CCC-E43D-425B-9D12-F4C92F25228B@xxxxxxxxxxxxxxxx
We have had an SBS2000 server (Server A) for several years.
We
now
have
an
SBS2003R2 (Server B) at a remote location. We need users
on
Server
B
to
access Shares on Server A. It was my understanding that
this
is
possible,
however I cannot establish the link. Now I am finding
articles
on
line
suggesting that SBS Servers cannot be connected due to the
lack
of
Trust
relationship. Can someone shed some light on this please.
Also,
Can
you
suggest some alternatives.
Thanks. Need to have the users on Server B able to access
data
on
Server
A
by Friday, i'm a little under the gun.
.
- References:
- Re: SBS to SBS VPN
- From: Kevin Weilbacher
- Re: SBS to SBS VPN
- From: Jay
- Re: SBS to SBS VPN
- From: SuperGumby [SBS MVP]
- Re: SBS to SBS VPN
- From: Jay
- Re: SBS to SBS VPN
- From: SuperGumby [SBS MVP]
- Re: SBS to SBS VPN
- From: Jay
- Re: SBS to SBS VPN
- From: Merv Porter [SBS-MVP]
- Re: SBS to SBS VPN
- From: Jay
- Re: SBS to SBS VPN
- Prev by Date: Re: Serious SBS 2003 crisis and my wife has left me
- Next by Date: Re: Move Mailbox store database
- Previous by thread: Re: SBS to SBS VPN
- Next by thread: Re: Exchange Notifications
- Index(es):
Relevant Pages
|
