Trillex small business server 2008
Contents
- 1 Deployment of Small Business Server 2008
- 1.1 Introduction
- 1.2 Small Business Server 2008
- 1.3 Network Diagram
- 1.4 Exchange Server 2007
- 1.5 Problems I Ran Into and How to Fix
Deployment of Small Business Server 2008
Introduction
For this week, I am going to deploy a Small Business Server 2008, that would be suitable for a "standard" business.
Just to give me some kind of aim, I will put up these demands for myself:
The company has 15 computers. They require logins which go through an exchange server. As any normal company, they also require emails, a website, personal login and a means of getting their files stored remotely on the server. A VPN connection for the workers as well as a means to manage the server remotely could also be mandatory.
Introduction to 64 bit Architecture
With Windows Server 2008, Microsoft made their operating system 64 bit. This is done for several reasons, but the "main" reason is that it supports more than 4 GB of memory. They've actually made it mandatory, so you cannot install it without less.
There are more to it, but mostly in memory allocations i.e. larger address spaces, wider registers and data paths. If a 64 bit operating system is handling a 64 bit compiled program or game, it will feel faster in that it got less limitations. This means that the processor can process more data at a time.
Small Business Server 2008
Microsoft have developed this branch of server operating systems to benefit smaller business that do not require big servers. By doing this, they've made a cheaper license that most business can afford with the ability to update.
Features and Components
- E-mail Server Application (Through Exchange).
- IIS Server Application. This is essentially a webserver.
- DHCP server
- DNS server
- Active Directory for handling Users and Groups
- Remote Web Workplace, Remote Desktop and VPN support
- Firewall
- Virus Scanner in the form of OneCare.
Limitations and Requirements
Windows Small Business Server 2008 has certain restrictions. This is because Microsoft wanted this to fit, as the name says, a small business so they put in some limitations to make the server operating system cheaper. Most business will not be affected by these limitations. A lot of the limitations, like a specific amount of space for emails, can be managed by implanting business policies - such as making sure you keep a tidy email account.
These limitations are:
- Only one SBS server in a domain. The domain can only handle more servers if these are of a different operating system, i.e. like linux, Windows Server etc.
- SBS is very picky about domains. It can only handle one and no child domains.
- Must be the root of the Active Directory forest.
- It is limited to 75 users (licenses).
- Earlier versions of SBS were limited to max 4 GB of memory. SBS 2008 requires a minimum of 4 GB and got a maximum limited of 32 GB. This is due to earlier versions being based on the x86 (32 bit) architecture while 2008 is based on x86-64 (64 bit). This change is because of Exchange Server 2007 is running in 64 bit.
- There are two different versions of SBS 2008. Standard Edition and Premium Edition. The difference between the two are: Premium includes a license to another Windows Server as well as MSSQL database.
- I am not certain if this limitation is still active in 2008 - but in Small Business Server 2003 service pack 2, the Exchange server limits you to 75 GB of emails.
If the business suddenly hits one of these limitations and needs to grow even further, it is possible to upgrade to a bigger license.
Installation of Small Server Business 2008
Everybody knows how to press next and fill it out. So I will only fill this out with information that deems necessary to this project.
Partitioning
Normally, a server will have several harddrives in it and will run a certain kind of raid. Some people like to partition their harddrives to make it more "manageable" because they can assign certain drive letters to specific things, like documents for users etc. This is not at all necessary but can be easier to mange for certain people. I have decided not to do it - simply because it is not needed. By doing it this way, you will also force yourself to "read" drive/folder layouts and optimize them properly. This might be a linux thing but I prefer it this way.
In short, it's a matter of preference.
Updating and Virus Protection
Throughout the installation, it asks us whether or not we want to keep it up to date with updates and install it's virus scanner. We might as well, eh? Don't do it if you plan on using another one.
Post-installation
For the love of everything, remove UAC at once. It will make you hate everyone. Do that now.
Setting it Up
Internet Connectivity
An important part of a good business network, is having a constant connection to the Internet.
As we do not have a server with two ethernet interfaces, we are forced to do it a different way.
I believe that the best way to do it, is to let the router do the "sharing" and make the server give the IP, gateway and DNS information through it's DHCP server with a standard scope.
As I cannot do this with the current setup, I will not attempt it.
Adding Computers to the Domain
A pretty nice change in SBS is the ability to add computers. Not only does it add a computer, but it also installs certain tools to make sure that you can monitor a computer without having to physically look at it, i.e. it monitors virus scanner, status, updates etc and gives you a means to log on to it if needed. The way to do this is:
- Have a ready made XP installation. Login as Administrator.
- Go into a webbrowser and go to http://connect - or plug in a USB drive and tell the server to put the necessary files on there
- Follow the simple wizard.
Easy Configuration
Small Server Business 2008 has taken a hint from the unix world, and have truly made it a lot easier to manage users and set up the system. Upon installation, it starts up and installs the most commonly used services and utilities, such as DNS, IIS, Active Directory and more (these are also called roles and features). But the Windows SBS Console also allows for some amazing wizard options. If you want to add a user, it will automatically create a personal share for it, set the permissions for that folder as well as a "global" shared folder, create an email and send them a default "Welcome" email. Along with this, it can also print out this information. It is sort of a default way to do it, which can be very limiting to some.
While certainly streamlining the general process of managing and monitoring the server and the network, it can get very limiting in certain aspects and if you want to do something that isn't in the SBS Console, you will have to dig it out. If you are not familiar with earlier versions of SBS or Windows Server in general, you could get into a lot of problems doing something that was meant to be easy - like changing DHCP scope options, advanced permissions and logon scripts.
Shares
As stated above, the installation puts up a very standard, yet functional means of managing and taking care of shares. This is all very good but can be tedious to have to redo, since it just puts it in a standard folder called C:\Users\. If you have several partitions or harddrives, you'd most likely want to make use of them for user shares and documents. Thankfully, it is relatively easy to delete and redo the shares on different folders and is conveniently described in the SBS Console.
It is also with relative ease that you can ensure that only certain users can enter certain directories/shares. It is done in the same way as most 2000+ Windows operating system - but I will just scratch it down quickly; You can do it the time consuming way or you can just add groups that certain people have access to. This is all done through the standard Active Directory or can be done through the SBS Console.
I'd personally recommend keeping the sharing structure this way. There aren't many situations where you'd need to create it in a different way. So don't fix what isn't broken.
Users
As I noted earlier, there are several means of grouping people, so mundane tasks are quickly done - like sending an email to a group of people can easily be done by putting them into a so called "Distribution Group". This creates the group on the email server and when mails are sent to this group, every one who is a member, will receive an email. Good for announcements.
You can also group people in security means which, surprisingly, is called "Security Groups". Using these security groups can be wise if you only want a specific amount of people being able to use, say, a printer or a cetain share. You can, for example, have a group just for the big bosses where they are given access to just about everything.
Both of these groups can be attached to users during addition of users and groups.
Tools of Small Server Business 2008
Microsoft have expanded a bit on their tools from 2003, most notably Windows SBS Console and Server Manager.
There are 2 different version of Windows SBS Console, normal and advanced mode - though all that advanced does, is add a few extra features under "Tasks".
These two tools cannot really be compared as they are governing two different aspects of the server. While Windows SBS Console is more monitoring, adding of users, shares etc - which is more like every day stuff - the Server Manager is exactly what is said in the name. It manages the server and keeps logs of everything running in the background. Essentially, it is a glorified Event Log as well as a Add/Remove Windows Components - just a lot more advanced in it's features.
Through Server Manager, you can add, remove, start, stop, restart and configure most "roles". Microsoft now call the background things going, i.e. like DNS, DHCP servers "roles". Which makes sense. The things on the frontend of it all, is then called features. These features include tools of varying kind - i.e. for deeper management of every specific role. For example, there are the role called DNS Server and for it, there is a feature called DNS Server Tools. It also has the ability to add "role services" which is essentially a module that can be added to a specific role. An example is that File Services can have a role service called Windows Search Service.
As stated earlier, it is also a event viewer. It keeps track of just about everything that is going on and lists if there has been an error on a specific role or if something has gone horribly wrong - much like what the SBS Console does, except this is deeper - it will show a warning symbol or something else in the main panel and then you can start digging into it.
Obviously, you can find and configure more in details if you go directly to the role/service itself than if you went through SBS Console or Server Manager. Both of them, however, conveniently link to this. A thing to note, is that whatever you add through SBS Console will be added to Active Directory, i.e. users and groups added will be added in it. If you view through Active Directory, you will see these in it's own directory, so you can sort through what changes came from SBS Console.
I am really loving these extra tools, that just make server monitoring, and to some extent, managing a server a lot easier. Just having a monitor attached to it with SBS Console running constantly will make sure that a lot of errors are caught early on.
Remote Web Workplace
Again, a great feature from Small Server Business - The Remote Web Workplace is just what it says - a means to connect to work from home and have access to just about everything you need. Intranet website, e-mail and Remote Desktop Connection to any computer you are allowed to. Great for those who wants to clock in some extra hours from home. You can even expand it with Office AnyWhere which provides an online means of viewing, writing and using documents online.
To me, this makes VPN kind of obsolete unless you have a database tool or something that requires you to be connected to a VPN - but that could just as possible be done through Remote Desktop Connection. They still allow for VPN connection but it isn't as simple as with SBS 2003, that even allowed an easy application to be downloaded and used, streamlining the process for workers.
Windows Firewall
Firewall is, like all the other tools, preinstalled and setup. Firewall in SBS is very tightly integrated with the rest of the systems, which makes sure that the tools that need to go out, gets out and the things that need to go in, goes in.
Obviously, it got a deeper configuration, which can be accessed through the Server Manager tool. Personally, I feel that this is the way a Firewall should be. When everything that is necessary to make a server/network run is already plotted in, you can just make minor changes and tweaks here and there for whatever you need to make use of.
SharePoint
SharePoint is a flexible "tool" from Microsoft. Essentially, it is a means to make webpages with ease using a preset form but it is more than that. It can be used as a sort of a file server or a "whiteboard" for work projects, groups and more where the workers can share their work, information etc. It is also a platform for various programs.
As an administrator, you must think it could be hell administering all of the SharePoint items that your business will make use of, but with most things Microsoft, you have a means to give other users group "leadership", so they can add/remove items themselves and generally configure their own item without having to contact their local administrator.
Through SharePoint, users or administrators can create "items" which can contain certain information or a workplan - making it an ideal platform to gather on and keep everybody up to date and synced.
A bit of a downside to SharePoint is that every site you make will, by default, make use of a new port. This means extra adminstration because you have to open up another port, depending if you are using a router or not, for every site you make.
Network Diagram
This network diagram is suited for a very standard small business.
Note that since I do not have access to a computer with two ethernet interfaces, I have made it so I will not require this on the diagram. This can be a problem for certain businesses, since you cannot set up a proper firewall or monitor internet activity etc., except through a router's very limited monitoring tools and firewall. It is, however, possible.
It can be done in many ways, but this is a pretty good one for what we have available.
Remember that this is not how it will look physically.
What we got is a router that connects to the internet. We could have connected the server directly to the router and the switch with it, but that could create a necessary burden on the router - which could strain the network if huge amounts of data are passed through. You CAN do it but there is no reason to, if you already have a switch handy. Why would it do this? Well, every packet going to the server would have to go into the inbuilt switch in the router as well as every packet aiming for the web, would have to go through it. Again, you can do it but it is not ideal.
Now that we cleared that up, we have a switch connected to the router. This switch is connected to the server and as many computers as there are in the company. Notice that there easily could be more switches in the physical setup, due to computers being spread out in different departments and offices.
IP Table
| IP | Device | DHCP or Static | Gateway | DNS |
|---|---|---|---|---|
| 192.168.1.1/24 | Router | Static | N/A | N/A |
| 192.168.1.2/24 | SBS 2008 Server | Static | 192.168.1.1 | 192.168.1.1 |
| 192.168.1.10-254/24 | Computers and Devices* | DHCP | 192.168.1.1 | 192.168.1.1 |
* Devices are network printers, IP phones and everything else that would require an IP.
Pretty straightforward and easy.
How to Simulate at Mercantec
I do not have access to 15 computers or devices nor do I want to have to set up an entire Cisco Router just for this project, so I cut some corners on certain things but will still accomplish the same thing. I am only writing this here, so I can keep it organized and noted down.
After consulting Henrik about the network here, he suggested that I just use some IPs freely available here and create it out from that. These two are:
192.168.138.128192.168.138.131
What I will do is give the server the first IP and the computer the second one. Because of this, I cannot install DHCP. I find that installing DHCP is pretty straight forward anyway and shouldn't need to be documented as we can just assume it is there. It is used for Internet Connectivity section and I will describe it like it is used like that. But if it is needed, let me know and I can find another way to do it.
After having tried the above, I've decided to just make a small network with just 2 computers in it with no connectivity to the internet. I enabled the scope, I described earlier and set it's gateway and DNS to the fictional router. I've updated both client and server so I shouldn't require any web access.
Exchange Server 2007
Small Server Business is using Exchange Server 2007.
Exchange Server has a lot of roles and functions that are tightly integrated into the very core of the operating system, providing one of it's main infrastructures together with Active Diectory.
Exchange major functions are that of e-mails, calendar, contacts, tasks through calendar, IIS (webserver) and data storage.
With 2007, they introduced several new features, including:
- Protection (anti-spam, antivirus etc.).
- Extensive Scripting language (Microsoft PowerShell).
- Increased allowed size of database and allowed amount of databases that can be run through Exchange.
- Outlook AnyWhere, a remote access to a web e-mail client.
Problems I Ran Into and How to Fix
I started out on a different network than I was going to end up on, so my DNS had already put in all of the information required for that IP and network. This made everything a bit tricky since my client wouldn't be able to resolve anything as the DNS server is out of reach.
To fix it, I had to reinstall the role DNS server and let it reconfigure itself. Afterwards, everything worked without a hitch.