Well, as you know, Small Business Server 2008 is scheduled to be released at the end of this year, and it's coming with a rather big change that I wanted you to be ready for. That change is the server will be a single-nic solution only. Thus moving forward, you should start to think about removing the dual-nic solutions at your sites to prepare to migrate to SBS 2008, if you choose to.
Why was this decision made you ask? Well, it comes down to customer research showing that the majority of installations are single-network card solutions with a hardware firewall router. The second reason is OS support for a network firewall.
In Windows Server 2003, when it was originally released, the firewall included with the Operating System was called RRAS (Routing and Remote Access Service). With the release of Windows Server 2003 SP1, (and XP SP2) the Windows Firewall was introduced to the public, leaving administrators of Medium to Enterprise networks with questions on which was the better Firewall solution to use.
With the release of Windows Server 2008, the firewall component of RRAS was removed in favor of the superior Windows Firewall. The reasoning was that the Windows Firewall uses higher-end inspection methods than the RRAS firewall (think of Windows Firewall as closer to ISA, although clearly, not all the way there and RRAS as close to one of those consumer based routers < $50, which does port blocking only). Clearly the Windows Firewall is the better choice.
However, due to the fact that the Windows Firewall is designed to protect the local box only, it does not protect the network (or more specifically, NAT) traffic through the box. The NAT functions that comes with RRAS in 2008 is lower in the network stack then the firewall (where as in 2003, they were at the same level, or at least worked together). The Windows Firewall does not protect NAT, thus if inbound traffic to port “X” not headed for the local machine, is passed through the machine without the Windows Firewall’s knowledge. Thus, as designed, the Windows Firewall is a “host” firewall only, it does *not* protect NAT traffic.
Due to this major change in the Operating System behavior and the customer research, Windows Small Business Server 2008 will support a single network card, with the requirement of a separate firewall to protect the network. This can be your favorite hardware or software firewall solution (or combo of course!)
Internet Security and Acceleration
I wanted to also add some information regarding Internet Security and Acceleration server (ISA). As you probably noted from the website. ISA is not longer included in the Premium offering of SBS 2008. This has been replaced with a second copy of Windows Standard Server 2008, which can be used to run ISA on the edge of your network, or a line of business application with SQL. ISA must be purchased seperately.
For those of you under Software Assurance, Microsoft will have some "make-good", announced around the time of the product, most likely in the next few months.