What server for Win2003?

[rsb]

Hi

Yes a domain controller. But what about the people that want to work from there home office? How do I fix that?

Thanks again

[FAT64]

You simply enable and configure Routing & Remote Access on your Domain Controller.

[nmX.Memnoch]

Hi

Thanks again, I will install office on all the computers then and drop TS. But what about rules for the clients who use the computers, I mean, that they are not allowed to install things, go on different websites etc. I dont want to go to each computer and setup these setting, windows update etc. I was hoping to controll all from one "server"

Like FAT64 said...that's the point of setting up a domain.

You don't want them installing things? Don't make them administrators on the workstations. Setup a Group Policy Object for Restricted Groups, only allowing those you want to have Admin privs.

You want to restrict web access? SBS 2003 R2 Premium comes with Internet Security and Acceleration (ISA) Server. ISA Server includes a firewall and a proxy...you can block any website you want.

You don't want to go to each computer to configure settings? That's what Group Policy is for. You can control whether or not Automatic Updates is on, and even point it to an internal Automatic Updates server (Windows Server Update Services (WSUS) comes with SBS 2003 R2). WSUS even allows you to specify which updates will be applied to your workstations/laptops.

And people you want to work from their home office...I'd recommend a router with VPN capabilities instead of using RRAS.

[rsb]

Hi

Ok, but 2x of DELL 2950 (5000usd version) is fine then? and a backup NAS + VPN

Thanks again

[nmX.Memnoch]

Two 2950's, something for backups and a VPN capable router would be a very good start. Just so you know, you're going to end up spending some bucks for this. While a 2950 with a base configuration is $5K USD...the price quickly jumps to between $10-15K when you start adding the things you really need. Of course, $10-15K for a server with that kind of power is relatively cheap compared to 5-10 years ago.

Below are my recommendations. I purposefully "over" powered the SBS 2003 R2 server because it'll be running the majority of your stuff. You can get away with less power on a simple file/print server, but what I've configured still has enough power should you need to add some sort of server-side application (for networked multifunction devices, etc). Both are configured with WAY more power than you're going to need initially. But, the last thing you want to do is purchase something that you'll have to replace in a year. These servers should have more than enough power to last you at least 3-5 years, even accounting for some pretty serious growth.

Rack:

Dell PowerEdge 4210, Includes Doors and Side Panels

1U Console Tray w/ Touchpad, Keyboard & 15inch Flat Panel

3Yr Bronze Support, Next Business Day

No Installation (unless you need it)

2 Port SNMP Management Card for Dell UPS Products

3000VA UPS 120Volt, 2U Rack Mount

Power Distribution Unit compatible with servers (ask your Dell rep)

Fixed Rack Equipment Shelf (very handy for storing spare parts, CDs, etc)

Closout filler panels for unused rack units (provides proper air flow)

That's a full rack and will give you plenty of room to grow. When you install the equipment in the rack, put the UPS in the bottom and leave 2U open (closed by a 2U filler panel) between the UPS and the next piece of equipment. This will leave you room to add another UPS in the future without having to move equipment around.

I have a pair of fully configured PE6850's (4xdual-core CPUs, six hard drives, 20GB RAM, dual PSU's, etc) in a rack with a complete SAN that includes 30 hard drives. We have two 3000VA UPS'es running that equipment with everything evenly balanced across the two UPS'es. They both run on about a 30% load, which is very good considering the amount of equipment we have running on them.

You also need to add a keyboard/video/mouse switch to the above. They've got some really nice (and really expensive) ones, but you probably don't need anything fancy.

SBS 2003 R2 Premium Edition Server:

Dell PowerEdge 2950

2 x Quad-Core Intel Xeon X5355, 2x4MB Cache, 2.66GHz, 1333MHz FSB

4 x 1GB 667MHz Dual Ranked DIMMs

Microsoft Small Business Server 2003 R2, Premium Edition

Maximum Parition Size for Microsoft OS

3 x 25-Pack SBS2003 R2 device/user CALs

1x8 Backplane for 2.5-inch Hard Drives

PERC 5/i, x8 Backplane, Integrated SAS RAID Controller

Dual-External-Port SAS 5/E HBA for PowerVault MD3000, PCI Express

Integrated SAS/SATA RAID 1/RAID 10 (RAID 1 for OS drives, RAID 10 for Exchange data)

2 x 73GB 15K RPM 2.5-in HotPlug Serial-Attached SCSI Drives

6 x 146GB 10K RPM 2.5-in HotPlug Serial-Attached SCSI Drives

24X CD-RW/DVD Combo Drive

No Floppy Drive with Filler Panel

Rack Chassis w/ Sliding Rapid/Versa Rails and Cable Management Arm, Universal

Riser with 3 PCIe Slots

Redundant Power Supply with Y-Cord

Rack Bezel

Dual Embedded Broadcom NetXtreme II 5708 GigE NICs

Broadcom TCP/IP Offload Engine Enabled

Dell Remote Access Card, 5th Gen for Remote Management

USB to PS2 Adapter for KVM Connectivity

3 x Symantec AntiVirus 10.2 w/ GroupWare - 25 User (AV/Spyware/Mail Security)

3Yr Gold Enterprise Support, 7x24 HW/SW, Escalation Mgmt, 4Hr 2x74 Onsite

No Installation (unless you need it)

The 6x146GB drives in RAID10 will give you about 438GB of useable space. I configured this storage strictly for your Exchange mailboxes, although it could be used for the SharePoint site's database if you decide to use that functionality. I would start with setting every mailbox to a maximum of 3GB. That's A LOT of mail. That'll leave you with some space for the SharePoint site if you need it, and some space to set certain mailboxes with a larger size limit (management, organiztional/shared mailboxes, etc). The Dual-External-Port SAS 5/E HBA for PowerVault MD3000 is so that you can add a PowerVault MD3000 for additional Exchange storage space in the future, should you need to.

You also need to decide if you want user or device CALs. You can mix them, but then it becomes a license management nightmare. Since you're going to have users working from home, you probably want to go for the User CALs.

File/Print Server:

Dell PowerEdge 2950

2 x Dual-Core Intel Xeon 5160, 4MB Cache, 3.00GHz, 1333MHz FSB

4 x 1GB 667MHz Dual Ranked DIMMs

Microsoft Windows Server 2003 R2, Standard Edition

Maximum Parition Size for Microsoft OS

1x8 Backplane for 2.5-inch Hard Drives

PERC 5/i, x8 Backplane, Integrated SAS RAID Controller

Dual-External-Port SAS 5/E HBA for PowerVault MD3000, PCI Express

Integrated SAS/SATA RAID 1/RAID 10 (RAID 1 for OS drives, RAID 10 for Exchange data)

2 x 73GB 15K RPM 2.5-in HotPlug Serial-Attached SCSI Drives

6 x 146GB 10K RPM 2.5-in HotPlug Serial-Attached SCSI Drives

24X CD-RW/DVD Combo Drive

No Floppy Drive with Filler Panel

Rack Chassis w/ Sliding Rapid/Versa Rails and Cable Management Arm, Universal

Riser with 3 PCIe Slots

Redundant Power Supply with Y-Cord

Rack Bezel

Dual Embedded Broadcom NetXtreme II 5708 GigE NICs

Broadcom TCP/IP Offload Engine Enabled

Dell Remote Access Card, 5th Gen for Remote Management

USB to PS2 Adapter for KVM Connectivity

3Yr Gold Enterprise Support, 7x24 HW/SW, Escalation Mgmt, 4Hr 2x74 Onsite

No Installation (unless you need it)

The configuration is nearly identical except for the CPUs and software options. The RAID10 set on this server would be for your data shares. This is probably WAAAAY more space than you really need, but again, you don't want to find out in a year that you need to replace the drives because you're running out of space. I did, however, also include the controller card so you can add a PowerVault MD3000 in the future if you have to.

Router w/ NAT, firewall and VPN:

Watchguard Firebox X55e Edge Security Appliance - Unlimited Node

Dell also sells this piece of equipment so you can stick with one vendor (good for support purposes). There's also a wireless version if you need wireless access. The model number for that is the X55e-W. You may want to opt for getting the non-wireless version and then getting seperate wireless access points...again, if you need wireless.

Switches:

2 x Dell PowerConnect 2748 GigE web-managed switches

Four SFP Optical Transceivers, 1000-Base-LX, LC Connector

3Yr Basic 4Hr 7x24, L1 Hardware Queue, 4Hr 7x24 Onsite Warranty

No installation (unless you need it)

This will provide internal Gigabit connectivity for your servers and workstations/laptops. There are two reasons for getting four of the SFP transceivers:

1. You can aggregate the connections to provide 4Gbps full duplex throughput between the switches

2. It'll provide a redundant path between the two switches

Also note that both servers come with dual NICs integrated. You can do the same for your servers (connect both and aggregate the connection for higher throughput, while also providing a redundant path).

Again, a lot of this is waaaaaay overkill for what you need starting out. But migrating services after just a year of operation is senseless. Cheaping out on the warranty support is a bad idea as well.

Now...where do I send my bill?

Edited August 13, 2007 by nmX.Memnoch

[rsb]

Hi

Yeah Thanks for all the help. What do you charge pr hour if I want you to help me install all this when I get the products from DELL, nmX.Memnoch?

[nmX.Memnoch]

I'll have to give that some thought. It took me several days just to find enough time in my schedule to put together a recommended configuration. Between family and work I'm stretched pretty thin right now...

For the initial install you may be better off just letting Dell come in an do the initial install/configuration. You'll probably want someone who can be a little more hands on in the beginning...especially if this is the first network you're setting up. Some things can be difficult to troubleshoot remotely. We had them do a SAN install for us and they're very thorough.

Also, you need to figure out if the switches I suggested are going to provide enough connectivity. The two servers (with aggregated connections) will take four ports right away. 96 ports may sound like a lot, but when you start adding computers, network printers, NAS devices, a port or five for working on/installing computers, it all adds up quick. You mentioned growing to about 50 users in the first year. Let's suppose that you have 50 users, two servers (with dual links each), 10 network printers and 2 NAS devices and 5 ports reserved for a computer repair/install area. That's already 71 ports...73 if the NAS devices have dual connections.

[Jakebo]

You should be fine putting exchange on the domain controller. Microsoft does not recommend putting Terminal Services on a domain controller for security reasons. If you are using a Small Business Server you would need a second Windows Server for the the Terminal Services. Small business Server only allows 2 Terminal Services Connections. Hope it helps and isn't to repetitive of what has already been posted.

[rsb]

Hi

Ok, now I got a bit confused, but do I need a termianl server if I want the people that work at the office to connect from home or can this be done another way?

Thanks again

[nmX.Memnoch]

No, forget the Terminal Server.

You do, however, need the "Watchguard Firebox X55e Edge Security Appliance - Unlimited Node" device I mentioned in my recommendations. That device has built in VPN capabilities that will allow users to connect from home (or anywhere really). If you're not familiar with a VPN connection...basically once they connect to the VPN it's as if they're at the office physically plugged into the LAN. The speed will largely depend on what kind of internet connection you have at the office.

[rsb]

Hi

I understand, and thanks again. But it only support 50VPN tunnels? http://www.watchguard.com/products/x55e-w.asp

And we have about 500computers in our network that needs to be connected all time, what product do you recommend then? The 500computers are just boxes that send signal to the office to tell that its online, and send us small data info about weather etc.

Thanks again

[nmX.Memnoch]

Errr....500 what? 500 of anything hasn't been mentioned before now.

Are these devices inside the nework or will they be connecting from an external source? A little more explenation is probably required for me to understand that correctly.

But...and this is hazarding a guess...you probably won't be using VPN connections for that. Those will probably be routed through the firewall. The VPN connections would be strictly for users connecting to check email, work on documents, etc (basically anything they can do in the office could be done over the VPN connection if the PC was configured with all of the same applications).

You may also be misunderstanding the VPN connections as well. PCs inside the network won't use a VPN connection. Again, that's strictly to allow people to connect from a remote site to the network and do work. For external devices connecting to an internal device you would simply open a port on the firewall and allow that particular external source IP to access a particular internal destination IP on a given port.

Also, just to be clear, the one you linked to is the wireless version. Personally, I would get the non-wireless version and add a seperate wireless access point (but only if you need wireless connectivity).

[rsb]

Hi

Yes all the computers are external sources, so it will be true the firewall as you say.

Is this as good as the other VPN box you recommended? http://www.dlink.com/products/?sec=0&pid=453

Thanks again

[nmX.Memnoch]

I wouldn't consider that as good as the Watchguard.

What you need to realize is that just because these machines are external sources doesn't mean they'll use a VPN connection. In other words, they'll be going through your firewall, but not connected through a VPN tunnel.

SonicWALL also has some good devices if you just don't like the Watchguard Firebox.

What kind of internet connection (or connections) are you planning on getting?

[JuMz]

Wow. Those are some nice specs. I can't believe you just came up with all of that so fast...