Setting up a server... How does this sound?

[Blammo300]

My friend owns a small business and asked me to do some research on the kind of server they would need to run software remotely and share files. Currently they have 15 workstations that
and will probably increase that amount by 10-20 in the next 2 years. The workstations each run the same networked software and would connect to the server. The software uses the server for all main file storage and the workstations would access them from the networked software. They would like to have users connected remotely but it will be less then 5 so I dont think I will need more CAL licenses.

Dual Core Intel® Xeon® 3040, 2MB Cache, 1.86GHz, 1066MHz FSB
Microsoft® Small Business Server 2003 R2 with SP2, Standard Edition
2GB DDR2,667MHz, 2x1GB Dual Ranked DIMMs
Primary Hard drive 250GB RAID
2nd Hard Drive 250GB RAID
SAS 5iR internal RAID adapter
Onboard Single Gigabit Network Adapter, No TOE

Do you guys think this server has the power to support 15-40 users connecting for software data files and a few connecting remotely via VPN tunnel? Also do we need a SQL server for this kind of setup?

Any other recommendations would be appreciated?

 

[Fardringle]

What type of software do they want to be running remotely? Is it just basic office applications, or database software that moves a lot of information across the network? If it's a network intensive program, they are not going to want to use it remotely over VPN and you would be better off setting them up with Terminal Services or Citrix, although a Citrix server might be overkill for 5 remote users.

 

[RebateMonger]

In general, Windows Small Business Server 2003 is an excellent choice for businesses with less than fifty or so employees. I normally recommend the Premium Edition because of the ISA Server and SQL Server licenses. ISA Server makes setting up VPNs a two-click operation, and having SQL Server is valuable if you acquire any applications that use it. SQL Server is mostly used as the database for OTHER applications.

SBS 2003 has great remote access features, but it DOES NOT support Windows Terminal Services. If you actually intend to RUN applications on the SBS Server in Terminal Server mode, you'd either need a second server (Terminal Server, running on Windows Server 2003, standard Edition), or could possibly set up Windows Virtual Server 2005 and run several XP Professional virtual PCs inside of Virtual Server.

If you are going to use ISA Server, you'll want a second NIC installed and will want to pass all Internet traffic THROUGH the Server. That'll give you full control and monitoring of the client PC Internet traffic.

There's nothing wrong with the basic hardware you specified. It wouldn't hurt to add another GB of RAM, but I actually don't have any clients who have more than 2GB in their SBS Servers.

 

[JackMDS]

Hardware wise you would be OK unless you are going to Run Heavy SQL and Exchange server traffic.

 

[RebateMonger]

Forgot my most-important caveat....
Make sure you have a backup system of some sort. Don't count on RAID to keep you from losing data...cuz' it won't.

For most companies with 5 to 30 employees, I recommend removable SATA hard drives. Buy at least three, keeping two offsite and swapping them as appropriate.

 

[Blammo300]

Thanks for the advice everybody.

Just to give you guys a better idea of what were trying to setup. We are installing this system into a Health treatment center that does chiropractic and surgical work. The software that is going to be networked is accounting software and also a medical database software that keeps all records of patients including photo's, previous visits and more. The doctors will use laptops to connect via Remote Desktop to the server to run the medical software when they are with a patient. The desktop workstations will not need to connect via Remote Desktop and instead will have the medical software installed on the local machine while accessing the database files from the server so all the info syncs up. I wouldn't call this office high traffic bandwidth enviroment.

The SBS Premium seems to be the best option but the extra $800 might be a problem. Do you think I need ISA Server and SQL Server licenses for this kind of setup? If not I would prefer the Standard version of SBS unless you guys think Windows Server 2003 R2, Standard Edition /w 5 CALs would be a viable option.

They do plan to open another office location in the next 2 years so the new office would sync up with the server at the older location. They would not have more then 10-15 coputers at the new location when it does open. When the time does come to expand would purchasing CALS for the new office to connect to the server at the old office be a good option?

PS
We have a 500gig USB external drive we will be backing up to and the server from Dell comes with a RD1000 Removable Disk Media.

 

[JackMDS]

A system in Doc's office has to be HIPAA complaint.

If you, or any one that you works with are Not familiar with what it entails you should hire a consultant to make sure that every thing concerning Medical Data on the Network is covered.

HIPAA Security Compliance.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is designed to improve the efficiency and effectiveness of the health HIPAA Compliance care system and to reduce the incidence of fraud. The focus of this policy requires, among other things, the secure transfer of electronic health care information.

 

[QQtechQQ]

Originally posted by: RebateMonger

If you are going to use ISA Server, you'll want a second NIC installed and will want to pass all Internet traffic THROUGH the Server. That'll give you full control and monitoring of the client PC Internet traffic.

May I know what software or feature do you use to do the monitoring clients' Internet traffic for ISA 2006?
Thanks.

 

[RebateMonger]

If you think you'll NEVER have a need to monitor or restrict Internet traffic, and will NEVER need SQL Server (and not everybody does), then you can go with SBS 2003 Standard Edition.

SBS 2003 checks for basic licensing compliance, and you'll have licensing issues with only five SBS User/Device licenses. For 90+ percent of offices, the best way to determine licensing is the TOTAL number of people who'll be accessing the SBS server. That's not concurrent users. It's TOTAL users. It makes no difference if they are accessing the server remotely or from the local network. If they are logging onto Outlook Web Access to get email, for instance, they need an SBS license. CALs are about $80 per User, or less than $20 a year per person for the life of a typical server.

With SBS 2003 R2, any User or Device licenses apply to your whole Domain. You can buy more Server 2003 (Standard Edition, not SBS) servers and put them at remote sites if you want and not need additional licenses for the additional servers.

 

[RebateMonger]

Originally posted by: QQtechQQ
May I know what software or feature do you use to do the monitoring clients' Internet traffic for ISA 2006?

There are several third-party products, both paid and free, that can help summarize or restrict Internet access. For many small businesses, Internet activity logs are reviewed at the owner's or manager's request, to help back up suspicions of inappropriate Internet activity. Most managers don't want to spend time staring at pages of access reports.

 

[QQtechQQ]

Originally posted by: RebateMonger

Originally posted by: QQtechQQ
May I know what software or feature do you use to do the monitoring clients' Internet traffic for ISA 2006?

There are several third-party products, both paid and free, that can help summarize or restrict Internet access. For many small businesses, Internet activity logs are reviewed at the owner's or manager's request, to help back up suspicions of inappropriate Internet activity. Most managers don't want to spend time staring at pages of access reports.

Hi, I am actually looking for a paid(free is ever better) software that can allow administrator to restrict Internet access for individual client that connect to our network. For example, i can see the computer's name and mac address from the monitoring computer and i can restrict the connection to the Internet right the way.

Thanks.

 

[RebateMonger]

Originally posted by: QQtechQQ
Hi, I am actually looking for a paid(free is ever better) software that can allow administrator to restrict Internet access for individual client that connect to our network. For example, i can see the computer's name and mac address from the monitoring computer and i can restrict the connection to the Internet right the way.

Are you trying to totally shut off the client's Internet access, or trying to limit the sites that can be reached?

You'd create a Firewall rule in ISA that restricts, either by Computer or by User that restricts Internet access appropriately. If you are restricting by User, you'd have to tell ISA to require User Authentication before allowing Internet access.

 

[netsysadmin]

Since this is a medical office with PHI on the server I would not install ISA Server and pass all the internet data through that machine. To me that is way too much of a risk!! Hide that server back behind a firewall. I also agree that unless you have HIPAA experience and know the regs pretty well I would source someone from the outside to certify your setup. Since I deal with HIPAA now as an Admin I find myself questioning all my doctors to see if they are secure. You would not beleive what I have seen people do!!

John

 

[RebateMonger]

Originally posted by: netsysadmin
Since this is a medical office with PHI on the server I would not install ISA Server and pass all the internet data through that machine. To me that is way too much of a risk!! Hide that server back behind a firewall.

I'd argue that there's nothing "wrong" with passing traffic through the SBS/ISA Server. Microsoft has built SBS that way for seven years and many offices use it. ISA's "publishing" of the server functions of SBS does a pretty good job of "hiding" the SBS server. Microsoft's ISA 2004 Server has had ZERO reported advisories on Secunia's site.

The reality is, as you've found, that most smaller (less than fifty people) medical centers have horrible IT security.

 

[netsysadmin]

I run ISA 2006 and know its a pretty good product, but I still wont put a server at the edge like that. You are talking about a server that has PHI and all your account info...etc. I know SBS is meant to do that. That doesnt change the fact that I think that is crazy to do!! There is no way you are getting me to put a DC or a file server anywhere near the perimeter!! I really dont want to be in the news with a HIPAA violation.

John

Originally posted by: RebateMonger

Originally posted by: netsysadmin
Since this is a medical office with PHI on the server I would not install ISA Server and pass all the internet data through that machine. To me that is way too much of a risk!! Hide that server back behind a firewall.

I'd argue that there's nothing "wrong" with passing traffic through the SBS/ISA Server. Microsoft has built SBS that way for seven years and many offices use it. ISA's "publishing" of the server functions of SBS do a pretty good job of "hiding" the SBS server. Microsoft's ISA 2004 Server has had ZERO reported advisories on Secunia's site.

The reality is, as you've found, that most smaller (less than fifty people) medical centers have horrible IT security.

 

[RebateMonger]

Originally posted by: netsysadmin
There is no way you are getting me to put a DC or a file server anywhere near the perimeter!! I really dont want to be in the news with a HIPAA violation.

You can still put a firewall of some sort in front of the SBS/ISA box if you wish. The doctor's offices that I've worked with mostly had SOHO-like routers at their front end, with NO firewall enabled on their Windows servers. One client has a Watchguard router/firewall.

 

[Buttzilla]

Wow, just the thread i'm looking for. My cousin asked me to do the same thing for his new dental practice. Things are running fairly smooth with his current practice. 8 computers with dental software, info/data is running off a file server as well as standard security and firewalls, we dont' do electronic claims or have remote access. with the new practice my cousin wants to be able to access files remotely, from home or from either practice. setting up one practice was fairly simple, but since he eventually wants to link up both practices as well as remote access schedules, patient info, and possible insurance info...i think i'm out of my league here.

Since he's the only one accessing the information, do i still need to follow all the server protocols as well and liscense agreements? I understand HIPAA laws must be strictly followed.

 

[mooseracing]

ISA needs to be on another server, but i don't like the price of it. I also hate SBS, if the company ever grows its a huge PITA to merge data from SBS to enterprise. I just went through it. Shell the dollars out for 2003 R2 standard. Routing and Remote services sucks too, dedicated router firewall on the rack.

 

[RebateMonger]

Originally posted by: mooseracing
ISA needs to be on another server, but i don't like the price of it.

The SBS version of ISA installs on the SBS server and ISA and SQL are included in SBS Premium Edition. Together, these are $3000 products, but only a $800 upgrade from SBS Standard Edition.

I hate SBS, if the company ever grows its a huge PITA to merge data from SBS to enterprise. I just went through it. Shell the dollars out for 2003 R2 standard. Routing and Remote services sucks too, dedicated router firewall on the rack.

If you hate SBS, then you probably haven't used it much. It gives a small (less than 50 PC) company features that they'd never be able to afford otherwise.