Overclock.net banner
Cancel

Windows Admins: Top SMB Server Roles

484 Views 9 Replies 4 Participants Last post by  ComGuards
killnine
For those of you who administer on a network using Windows servers, what would you see as the best roles to install for a small business?

I am setting up a network for a friend's small business ( less than 10 employees) and Workgroups are no longer sufficient for them. Not to mention they want higher level of security.

I was thinking about getting them set up with Server 2008 Standard and the following roles:
  • Active Directory
  • File Services
  • IPSec
  • RRAS
However, some other roles like Print services are a close call for me. It might just be adding unnecessary complexity to their infrastructure and they dont have a dedicated IT group.

What are your guys' thoughts?
Reply
Save
Like
1 - 10 of 10 Posts
Dylan
Terminal Services
Print Services
Active Directory
Exchange
SQL

In addition to what you have listen above. It's good to have options.
Reply
Save
Like
ComGuards
If you're not going to be the one that's actively administering the network environment, don't make it overly complex.

Windows Server 2008 introduces a whole host of additional features as compared to Server 2003 - it could appear daunting if you've not actively administered Active Directory in the past.

The "problem" (if you can call it that) with setting up Active Directory is that you *really* have to know know it. Setting it up is easy, fixing it when it breaks is the hard part. If you're running a single server, you better invest in a *very* good form of backup, since it becomes a single point of failure. If the server goes down, the business grinds to a halt.

In your case, with the size of company you mentioned, I'd actually probably go with Google Apps for email, instead of trying to install and maintain an Exchange server on the network.

If you have printers with integrated NICs, then setting up full file & print sharing on the server is recommended. You'll need to double-check for driver support for Server 2008 though. Specifically 64-bit drivers if you're going with Server 2008 R2.

What are you going to use IPSec for? VPN? Is it required? Do you *really* need RRAS and IPSEC VPN? Would it be easier for you to just NAT various ports to allow employees to remote desktop to their office PC if necessary?

Once you install Active Directory, you'll also have to install DHCP and DNS on the main server. These will have to Active Directory-integrated network functions. That is, you'll have to migrate both DHCP and DNS off from the router and let the server handle it. That's if you want Active Directory to function properly.

Again, doing all this creates a potential single-point-of-failure. Lots of things to consider even if the only things you're implementing is Active Directory and File & Print services.

Let me know if you have any questions. What you're planning is right up my alley of what I used to do...
.

P.S. I run Active Directory at home with most of the services listed above, I *know* how big of a pain in the a$$ just maintaining it can become... Not to mention Disaster Recovery scenarios... lol
See less See more
Reply
Save
Like
  • Rep+
Reactions: 1
killnine
@ComGuards: Thanks.

I am definitely not going to install Exchange, as their current webhost actually is how they have their e-mail setup and I don't think the overhead of exchange is warranted with that size company.

Also, I don't want to install Terminal Services because you usually don't want TS on the root domain controller, and since I only have one domain controller....yeah. Not to mention, I probably won't want to invest in the CALs necessary to make a TS role worth it.

My client is pretty worried about security and setting up something like NAP was my initial thought. All their user PCs are vista so I am able to start pretty fresh. They have two network printers.

I want to use AD to impose a few group policy decisions on various parts of the business, not to mention have GP set up so automatically set up network drives and printers and shared folders. Nothing too fancy, though I know what you mean about the system being complicated.

I have set up a test bench at home with Server 2008 R2. I have DNS, File Sharing, ADDS, Printer Services running right now. I am using Hyper-V to simulate client systems. I am at a few sticking points since I know they will want to use a basic router as a gateway, I don't think I want to install DHCP. This is contingent on their router being able to assign static IPs to certain MAC addresses (essential for the domain controller).
See less See more
Reply
Save
Like
ComGuards
Quote:

Originally Posted by killnine View Post
@ComGuards: Thanks.

I have set up a test bench at home with Server 2008 R2. I have DNS, File Sharing, ADDS, Printer Services running right now. I am using Hyper-V to simulate client systems. I am at a few sticking points since I know they will want to use a basic router as a gateway, I don't think I want to install DHCP. This is contingent on their router being able to assign static IPs to certain MAC addresses (essential for the domain controller).
You shouldn't rely on the router assigning a DHCP reservation to the domain controller. If I'm not mistaken, once you run DCPromo, part of the check process is that it checks for an assigned static IP address on the server anyways. If you don't specify it beforehand, I think it'll automatically assign a static IP.

No problems using a basic router as a gateway, but you *really* don't want to be using the router as a DHCP server either. I really think you should install DHCP on the server, along with DNS. The reason for this is that any router you use won't be able to make secure, dynamic updates to the DNS server. Your DNS setup in the domain should really be Active Directory-Integrated for maximum security. As you know, Active Directory requires DNS to be configured & functioning properly, otherwise you're going to run into all sorts of problems.

You might not notice it initially, what with only a single domain controller and everything running on the DC, but if you start expanding, even with just a secondary DC for replication, if AD isn't configured and referenced properly, you'll run into replication issues.
See less See more
2
Reply
Save
Like
killnine
Quote:

Originally Posted by ComGuards View Post
You shouldn't rely on the router assigning a DHCP reservation to the domain controller. If I'm not mistaken, once you run DCPromo, part of the check process is that it checks for an assigned static IP address on the server anyways. If you don't specify it beforehand, I think it'll automatically assign a static IP.

No problems using a basic router as a gateway, but you *really* don't want to be using the router as a DHCP server either. I really think you should install DHCP on the server, along with DNS. The reason for this is that any router you use won't be able to make secure, dynamic updates to the DNS server. Your DNS setup in the domain should really be Active Directory-Integrated for maximum security. As you know, Active Directory requires DNS to be configured & functioning properly, otherwise you're going to run into all sorts of problems.

You might not notice it initially, what with only a single domain controller and everything running on the DC, but if you start expanding, even with just a secondary DC for replication, if AD isn't configured and referenced properly, you'll run into replication issues.

I agree with your first point totally. DCPromo does basically require that the DC is on a static IP. So what I was planning on doing is reserving an IP for the DC (some nicer routers allow this) so that the router won't let the lease expire for that device.

Ideally I would have DHCP set up on the DC to encapsulate all the necessary functionality on the single server. Truth be told, I am just a bit intimidated by setting up a dhcp server.

I'd also like to eventually set up aliases in DNS to make it easier for them to reach internal websites (e.g. sharepoint or jira or something). They don't have anything like that right now, but I think it may be sometime in the not-too-distant future. What I mean is, they can open IE and type in: CompanySharepoint or something and it will redirect to the location of the sharepoint.

Very few of the employees are technical, so doing stuff like this would be good for them.

Lastly, Remote desktop would be a huge asset. I am just worried about the security of implementing it with Microsoft's built-in tools. I dont believe the company is a target for purposeful attacks, but there are LOTS of automated attacks that happen all the time (botnets and worms, etc.) that I would be worried about. RDP is probably their top priority right now, not any of this other stuff with AD or anything...
See less See more
2
Reply
Save
Like
0
You should check out the features offered by small business server 2008 standard Its alot cheaper than the regular server version of windows for the features it has right out of the box and theirs no longer any electronic enforcement of the client cals.
Reply
Save
Like
ComGuards
Quote:


Originally Posted by 0ptic0n
View Post

You should check out the features offered by small business server 2008 standard Its alot cheaper than the regular server version of windows for the features it has right out of the box and theirs no longer any electronic enforcement of the client cals.

Based on the needs of the OP, I don't believe that SBS2008/2003 would be an appropriate solution. With SBS2003, if I remember correctly, there was no option of *not* installing Exchange, for example. Installing Exchange just uses up unnecessary resources. For a small client, solutions such as Google Apps for collaboration would be more useful. Also don't have to worry much about email backups and the such. Blackberry (and other mobile-mail) integration is also easy with Google Apps.

In the old days, before Google Apps, then heck yeah, by all means, SBS. But these days... not so much.

Not to mention that disaster-recovery of a SBS server can be a *real* pain in the a$$...
See less See more
2
Reply
Save
Like
0
I think small business server would be the best way to go for single server on small networks. During the sbs server setup you do have install options for the additional server components such as exchange, sql, sharepoint, wsus, etc. Also their are other features that make sbs unique I think such as remote web workplace for remote access to all client machines also sbs comes with its own special administration console thats easy to use for those that dont know their way around active directory. Also the servers monitoring and reporting features are useful. The new version of sbs 2008 also comes with a new backup utility.

However sbs does have and may always have its little demons that like to go nuts for no good reason...lol
SBS does have its quirks no doubt but I have yet to find a better all in one server solution for the cost its tough to beat
See less See more
Reply
Save
Like
ComGuards
Quote:


Originally Posted by 0ptic0n
View Post

I think small business server would be the best way to go for single server on small networks. During the sbs server setup you do have install options for the additional server components such as exchange, sql, sharepoint, wsus, etc. Also their are other features that make sbs unique I think such as remote web workplace for remote access to all client machines also sbs comes with its own special administration console thats easy to use for those that dont know their way around active directory. Also the servers monitoring and reporting features are useful. The new version of sbs 2008 also comes with a new backup utility.

However sbs does have and may always have its little demons that like to go nuts for no good reason...lol
SBS does have its quirks no doubt but I have yet to find a better all in one server solution for the cost its tough to beat

I have personally *always* hated the SBS version of Windows, because of those little quirks. I remember that there was a particular way of setting up Exchange mailboxes in SBS2003 that kept on driving me nuts - I think I had to use the damn add-user wizard or something, or things like that. Not to mention that all corporate users tend to use email as a storage location, so the 75GB limit on Exchange stores in 2003 was a real pain in the a$$.

Hardware is cheap, software is expensive, that's common knowledge. But these days, with free & powerful virtualization solutions, I think implementing a non-all-in-one solution is certain a feasible option. Sure, buying all those Microsoft components separately would be more expensive, but would certainly allow the greatest flexibility and future-expansion. But at least Microsoft is offering small-business-oriented payment options that help break the cost down...
See less See more
2
Reply
Save
Like
1 - 10 of 10 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Overclock.net
A forum community dedicated to overclocking enthusiasts and testing the limits of computing. Come join the discussion about computing, builds, collections, displays, models, styles, scales, specifications, reviews, accessories, classifieds, and more!
Full Forum Listing
Explore Our Forums
Hardware News Intel CPUs PC Gaming NVIDIA Water Cooling
Top