Monday, March 28, 2005

Support Configurations

Some folks have asked how we test SBS and in what configurations. So I thought I'd write a little post on that.

First off, we base our install configurations on the network topology. SBS does really well if you plug in your network topology before you start your install. The SBS tools detect and lead you down the appropriate paths if you've pre-setup the hardware on your network. Moreover, if you're thinking about not using our tools, think again. So many things are done under the covers you wouldn't want to have to remember to do them all each time you do an install would you? Also, we make some changes to items that do not expose UI, so it's impossible for you to make these changes.

The 2-nic scenario
This is the birthplace of SBS. SBS being the firewall/NAT box on the network, one network card pointed out to the internet and another pointed in to the internal network. SBS 2000 ran like this, SBS 2003 also supports it. Some people like to toss a hardware firewall infront of the internet facing nic, but other than creating a DMZ, I'm not sure what this does, and can definately lead to confusion if you don't use different not-routable IP subnet masks on both networks.

The 1-nic scenario
This is new to SBS 2003. The support for routers and running without a specific firewall on the SBS box. You are relying on the configuration of an additional hardware router. Of course, SBS attemps to configure this via uPNP configuration standard, but many uPNP enabled routers have implemented the uPNP standard differently. This means that in some cases, what you expect to happen doesn't happen.

Of course, I should mention that the 1-nic scenario has two sub scenarios. DHCP on the SBS box, and DHCP on the router. I personally would recommened the former, disabling DHCP on the router and running this off the server. This is for a number of reasons:

  • There is no risk of failure due to an incorrectly configured DNS configuration on the Router

  • All routers support turning off DHCP in some form or another

  • Should you have a problem with a client, you can get to the IP address of that client directly from the server

I started running SBS with DHCP on my router and have since moved over to the SBS box so I can manage it all from the server.

The word of caution is, if you are going to leave DHCP on the router, please please please be sure to place SBS as the primary DNS server in the router configuration.