Windows 2003 Server choice ...

[b4u]

Hi,

I'm in the process of configuring a small network in a small company. I need some opinions on what I was thinking about:

The network will have at start 3 workstations (laptop/desktop), and will have a non-existent server. In the future, there may be 3 more workstations, making a total of 6 computers connected to the network. Oh, and there is a potential Network Laser Printer (so a separate connection/IP).

I was thinking about installing a server with 1Gb RAM, DVD Burner (simple P4 computer, no need for some dual processor beats), with Windows 2003 Server Standard. I know there are some other windows editions, including a Small Business Edition, which although being cheaper, will probably not meet my needs ... and my needs are:

I will configure the Windows 2003 Server Standard beeing a Domain Controler, beeing DNS server for the local IPs, and so having Active Directory installed.

The workload in that server: Domain user accounts/logins, with local personal storage (each login will have a specific directory of personal storage, mapped to a network drive on logon). Will have an Apache Tomcat running and serving a local intranet, with MySQL database. Will be running all day long, 24/7. There will be an hub for 16 connections, and most probably an ADSL or Cable web access connected to the hub, for sharing the broadband connection.

So, I'm I thinking correctly on adopting Windows 2003 Server Standard, or should/must I go for another edition to accomplish this results?

If my windows will give IP numbers from a specific range (defined by me), can I restrict the web sharing through the hub for those IPs? A way of sharing the web only to users logged on the domain? (any other simplier way of accomplishing this?)

This is my first go at Windows 2003, I configured something similar with Windows 2000 Server, but now I'm blown away with the several editions of the new OS by Microsoft. I could even think about a Linux, but I have no experience yet to back me up in such a network installation.


Thank you.

 

[spyordie007]

You might want to consider 2003 Small Business Server Premium. Not only does it cost less but you can use it to run Exchange and MS's SQL server if you want (giving you other options) but it also contains ISA server which you would use as a firewall and web proxy (giving you the ability to limit web browsing, etc.).

The specs you've suggested should be enough.

With the size of the company there really isnt a need to spend the extra money and do it peacemeal.

 

[imported_ed8150]

for such minimal requirements the rig you have in mind is extreme overkill. what i recommend is picking up an old, cheap server(less than 1ghz processor. i have a 450 mhz p3 running debian that easily saturates a 100 mbps connection using samba)

use switches not hubs. you might consider getting a 10/100/1000 switch in order to have some room for expansion, they are pretty inexpensive these days.

you might consider using linux. it is a valuable skill to learn even if you dont deploy it in this particular situation. you can save on hardware also by not having to support hardware that is capable of outputing video(you can run a headless server and administer it over ssh).

 

[hopejr]

IMHO, Linux is a great way to go for this sort of thing, mainly because it is free. However, if you really need to use Active Directory, Windows would be better (not sure how to get Windows clients to interact with an equivalent on Linux). SBS2k3 should be sufficient. It can do everything that you are wanting.
BTW, ed8150 is right. A system with such specs is overkill for a server. Heck, I'm running Windows Server 2003 Enterprise on a Pentium 2 350MHz, with 192MB RAM. It's even running a web server, FTP server, and is the file server here. It has absolutely no problems.

 

[b4u]

Thanks for the answers so far.

As for Linux, I would gladly configure a system using it, but as I said, I have no experience at all on it. As an example, I have VMWare installed on my PC, and I got an installation of Linux SuSE 9.1 Personal up and running ... well, at least I just installed it ... but after login in, I don't know what to do next ... for now it's very different from windows, and I need some time to deal with it ... can't say I'm ok to sell a solution employing that OS ... but I recognise I must move on to learn it ... any good tutorials online?

As for W2K3SBS, I'll check for it and for prices. I don't think the Premium would be a choice, as I'm not directly interested in SQL Server 2000. But you'll never know ... I'll check that also.

The main need for Active Directory, is to configure a DNS server. I mean, back in W2000Server, to configure a server that would distribute IPs through the network, I need to have Active Directory installed, so there my thought ...

About the hub vs switch, what I see is this: if several people try to reach the server, say for copying some file, how will the switch deal with it? I mean, the switch will ... erm switch (eheh) the connection to each client, like it was creating a cross-link cable, and serve it, with the other clients waiting for the transmission to complete ... isn't it? (so if someone copies a 500Mb file, no other client will have access to the network) Sorry all that asking around, but I'm no expert in System/Network administration.

Oh, and one more thing ... can a switch or a hub have firewall (hardware firewall) incorporated? Are those firewalls managed through a specific program, or by a browser connecting to some IP which is identified as the switch/hub?


Thank you.

 

[hopejr]

I use a switch and two computers can be accessing stuff from another at the same time with no problems. When a connection is made to computer, it accommodates multiple connections using multi-threading.
It's a hub that you would need to worry about because they can't deal with collisions very well (it slows the connection down heaps). A hub is essentially like a powerboard that you plug computers into, but has no intelligence whatsoever. A switch handles ip addresses, collisions, and all sorts of stuff intelligently.

 

[drag]

As for Linux, I would gladly configure a system using it, but as I said, I have no experience at all on it. As an example, I have VMWare installed on my PC, and I got an installation of Linux SuSE 9.1 Personal up and running ... well, at least I just installed it ... but after login in, I don't know what to do next ... for now it's very different from windows, and I need some time to deal with it ... can't say I'm ok to sell a solution employing that OS ... but I recognise I must move on to learn it ... any good tutorials online?

I agree. To sell linux setups it would require a level of expertese above the average Windows admin's knowledge of Windows. Simply the nature of the beast. It's worth knowing though, many setups would work much better with Linux then Windows, especially if they have legacy unix stuff like OpenUnix (SCO) laying around. Good time to check it out, at least.

Check out my sig for introductionary stuff. The linux document project is just that, and offer good stuff.

this guy has lots of experiance with classic Unix stuff and works as a professional freelance admin/consultant type thing. Looking thru the articles (not so much the blog part) is a nice way to see what sort of skills people use. Lots of good references and tips.

Especially good stuff about backups, which are mostly ignored by most people. Backups are a treated like a set it and forget it by most people. However statistics show that most people's backup scemes are completely inadaquate. (anybody simulate a total system failure and try to rebuild their system by depending on their current backups?) Something like 30% of businesses that have a severe system failure go out of business within six months. Or some such thing.

Bookstores usually have lots of stuff on Linux and generall unix stuff. Some books are good, some are crap, some are realy good.

Best experiance is gained (at least in the beginning) by installing, running, and experimenting on your own machines. It doesn't take much horsepower, 200mhz machines with 64megs of ram are completely adiquate for running a Linux server sans the gui enviroment. Best tool for remote administration is a Openssh server, putty.exe is a excellent ssh client for Windows.

Personally I like Debian, but Suse and especially Redhat is popular. (Debian is used commonly, too). Whitebox is a redhat clone if you don't want to pay for the costs of buying Redhat support + a OS from redhat. (when you buy a OS you are realy getting a one year support contract. The more you pay, the more and more immediate support you get).

 

[spyordie007]

As for W2K3SBS, I'll check for it and for prices. I don't think the Premium would be a choice, as I'm not directly interested in SQL Server 2000. But you'll never know ... I'll check that also.

My reason for suggesting the premium edition was because it includes ISA server. You had mentioned you were looking for a web-proxy that you could use to limit users access to the internet; ISA can do it both by IP as well as by group membership (within AD). Even though it comes with licensing for MS's SQL server it doesnt mean you have to run it.

I also suggest looking in to replacing the hub w/ a switch. This will become very nice as network traffic increases.

Lastly if you dont have the experience w/ Linux yet you really shouldnt be looking to put it into production use. Perhaps if you run it for a while first in a test enviroment and you got familier enough with it to manage the services that you are looking to run (and you're looking to run a lot of them: LDAP, DHCP, DNS, Apache, MySQL, etc.). Not that I'm trying to turn you off to Linux, just that I think you need to be able to support whatever it is that you put into place and it sounds like you have some experience running these services on Windows servers but zero experience on Linux servers.

 

[b4u]

I'll be staying with Microsoft this time ... like I said, at least I can configure a Windows Server to match what I'm looking for ...

As for the switch, I was thinking about adopting something like this Linksys 10/100 8-Port Switch ... I just installed one of those on a small network (Windows 2000 Server with AD, DNS, DHCP, plus 3 Windows 2000 Pro and a Lexmark Optra 610 network printer, plus 2 laptops when needed), and it seems to work just fine.

Like I said, no system expert, but until now, I figured out all I needed ...

 

[StuckMojo]

as no one has specifically stated it: small business server 2003 includes windows server 2003, and a bunch of other stuff, thus if it is cheaper than 2003 alone, it would be the better way to go. it's limitation is that you can only have a maximum of 50 client machines, and it must be the domain contoller. see the MS sales crap on their website for details.

 

[hopejr]

the 50 client limitation wouldn't be a problem with this scenario.

 

[Slowlearner]

For such a small office why do they need such an elaborate setup. What applications/data wil be on the server? From my experience, a peer to peer set-up is more flexible, easier to manage/set-up. If all they are going to do is office apps/accounting & other database apps/email/web-surfing, a "server" to hold shared data, and router/switch combo is all you need. So long as there are 10 or less computers connecting simultaneously to the "server", Win XP Pro will do just fine.

If you have more than 10 pcs needing concurrent access, simple file sharing on Windows 2000 will also work fine. While Windows SBS 2003 with 5 CALs is indeed a cheap and feature rich package, adding another 5 CALs kills the price advantage - and with its many restrictions makes it IMHO a less attractive than Windows Server 2003. The Standard Ed in any case is less useful than the Premium Edition, which also has a much higher price. Windows Server 2003 is indeed better than Windows Server 2000, but the same so far reliability and stability goes.

Unless you have good reasons for AD, Exchange server etc, stick with what you are comfortable with, Windows Server 2000, and you will do fine. For a small outfit it is best that email/ftp/website etc are sourced outside as the costs are insignificant.

Your first instincts on building a pretty solid server are sound. A good server will be in use 24/7 for atleast two years and who knows what apps it called upon to run. You will need bios/driver updates etc to upgrade HDs and make other enhancements. Go with Intel CPU/Intel mb or Athlon 64/Asus or Gigabyte mbs. A combination which worked very well for me was P42.4C/Intel 865GBFLK/2x 80GB Seagate HD/Liteon CDRW/Enermax 365 PSU - Both Dell and HP have very good low budget servers available.

And always remember you build it you support it. So dont get into something that requires constant tinkering and hand holding of users.

 

[spyordie007]

if he wants domain accounts than he needs active directory; hence the SBS recomendations.

 

[addragyn]

"The main need for Active Directory, is to configure a DNS server. I mean, back in W2000Server, to configure a server that would distribute IPs through the network, I need to have Active Directory installed, so there my thought ... "

You can do DHCP with a $20 router! Do you have a compelling reason to have a Windows box facing the internet?

 

[PlatinumGold]

ya, i can't figure out why people use domains for such small networks. Microsofts recommendation used to be peer to peer for less than 10 clients and client / server for more than 10 clients. that is my general rule of thumb.

basically, the company will be spending $1000.00 on Server OS, $1000.00 on Server Machine, $2000.00 on installation and setup, for what? the ability to give people individual HD space on a server?

if it was me, i'd set them up with a Linux / Samba OR if you are uncomfortable with that, use a WinXP Pro machine and shared drive and mapped folders. you can limit access of folders to specific users etc with winxp.

 

[spyordie007]

ya, i can't figure out why people use domains for such small networks.

Not that I'm saying there is neccisarily a right or wrong way to do it but I really like having a domain even in small enviroments as it gives you a uniform mechanism for authentication (rather than seperate accounts on each machine).

But yes you're both right, if all he wants is DHCP and DNS caching than this could be accomplished w/ a very inexpensive router and he could just use one network workstation with a larger hard disk for file/print sharing. Granted it wouldnt scale well and he couldnt run Exchange or ISA server to accomplish some of the other stuff listed, but it would cost a heck of a lot less.

 

[b4u]

Well, from my experience with that network, it was a good bet I installed a win2k server.

Before that, there was just 3 computers connected through a switch, with a network printer installed. Then every user was able to install software on their machines.

There was a specific machine that was always getting into trouble. Getting slow, by acting like an application server, file server, printer server (for a local connected printer).

The day I took to setup the network the way it is, was a great day! Now each user has an AD account, with user-only previledges. They cannot install anything, but I configured all the apps in one go ... one year has passed by now, and everything runs as smoothly as it can get ... my only interventions is to install some updates on the software (specific for their business), and nothing more.

There is a shared directory with docs, a shared directory for application data, and a shared personal folder for each user.

One good thing that $1000 splashed money brought with win2k server, was the ability to properly configure the environment. And that is priceless.

One other thing I will do in the coming months, is to add a router and connect the ADSL line, so internet get's shared. I must think a bit more about security issues, though.

And after the internet get's shared, this will official be a 24/7 server. It will get a mail server, web server and ftp server.

The mail server will allow me to create as much email accounts as needed, plus I'll get rid of specific ISP domain names. At the moment, they have one email account, like info@ispname.com, and we'll change to another faster-for-less-cash ISP, so the email would have to change ... this way we'll get our own server, we'll just have to point out to another ISP if we ever change again.

Web server will be usefull, because I'll also develop an intranet app, together with a database holding sensible client data, so we'll latter add an internet web interface so we have our own web page with client area for giving our clients online services. For that we'll have to get access to database client data.

FTP for ... well ... ftp ... it's not really needed right now, so for a start, this service will be closed, although the idea will stay on air.

That's why I believe going to a win2k server brought me a good advantage. I would prefer to go for a Linux/Samba free OS, but I'm not confortable with Linux, so I must pass it right now.


So, share your opinions with me ... I learn something new everytime I visit this forums ...


Thanks for submissions.

 

[dawks]

Originally posted by: b4u
The main need for Active Directory, is to configure a DNS server. I mean, back in W2000Server, to configure a server that would distribute IPs through the network, I need to have Active Directory installed, so there my thought ...

About the hub vs switch, what I see is this: if several people try to reach the server, say for copying some file, how will the switch deal with it? I mean, the switch will ... erm switch (eheh) the connection to each client, like it was creating a cross-link cable, and serve it, with the other clients waiting for the transmission to complete ... isn't it? (so if someone copies a 500Mb file, no other client will have access to the network) Sorry all that asking around, but I'm no expert in System/Network administration.

Oh, and one more thing ... can a switch or a hub have firewall (hardware firewall) incorporated? Are those firewalls managed through a specific program, or by a browser connecting to some IP which is identified as the switch/hub?


Thank you.

First of all, you do not need Active Directory to run a DNS server. You do need DNS to run an AD server however. Secondly, you do not need Active Directory to run DHCP, nor do you need DHCP to run AD.

And for the comment of 2kserver, no, you did not need AD to distribute IP's. Having AD installed on 2K and 2K3 server gives you more control over IP distribution however.

As for the switch, its capable of creating virtual links between two IP's. Where as a hub simply broadcasts everything to every port, which can be a problem when you have several computers moving data around. No one is blocked from the network when one or two clients are communicating. They all have continuous access.

Hubs do not have firewalls. Im not sure if a switch can, but all routers in a sense do have a basic firewall.

If you plan on using a switch, with a server distributing IP's, you'll want to use soemthing like ISA as mentioned above for firewall services.

Another alternative as some have mentioned is getting a router and using Windows XP or Linux as your server, since AD isnt an absolute requirement here it seems.

 

[b4u]

Originally posted by: dawks
First of all, you do not need Active Directory to run a DNS server. You do need DNS to run an AD server however. Secondly, you do not need Active Directory to run DHCP, nor do you need DHCP to run AD.

And for the comment of 2kserver, no, you did not need AD to distribute IP's. Having AD installed on 2K and 2K3 server gives you more control over IP distribution however.

Hehe, you're right about that ... everytime I think about those 3 features I mess them a bit in my mind.

DHCP is independent (even basic routers have DHCP capabilities), and for AD I'll need DNS to resolve names.

So I have DHCP for IP leasing, DNS to resolve network names, and most probably will be using it when I have the network with internet sharing through a router. So a question here ... if I forward port 80 on the router to the server with DNS, can I locally resolve www.mydomain.com, ftp.mydomain.com, personal.mydomain.com, ... ? (mydomain.com will be registered with a registrar).

So I end up with AD ... but what is AD, other than a place to register resources available on the network? Like users, computers, printers, ... what else can I use AD for? What top-notch features can I get from AD other that those?

 

[PlatinumGold]

Originally posted by: b4u

Originally posted by: dawks
First of all, you do not need Active Directory to run a DNS server. You do need DNS to run an AD server however. Secondly, you do not need Active Directory to run DHCP, nor do you need DHCP to run AD.

And for the comment of 2kserver, no, you did not need AD to distribute IP's. Having AD installed on 2K and 2K3 server gives you more control over IP distribution however.

Hehe, you're right about that ... everytime I think about those 3 features I mess them a bit in my mind.

DHCP is independent (even basic routers have DHCP capabilities), and for AD I'll need DNS to resolve names.

So I have DHCP for IP leasing, DNS to resolve network names, and most probably will be using it when I have the network with internet sharing through a router. So a question here ... if I forward port 80 on the router to the server with DNS, can I locally resolve www.mydomain.com, ftp.mydomain.com, personal.mydomain.com, ... ? (mydomain.com will be registered with a registrar).

So I end up with AD ... but what is AD, other than a place to register resources available on the network? Like users, computers, printers, ... what else can I use AD for? What top-notch features can I get from AD other that those?

active directory is for AUTHENTICATION purposes. distributes user rights, access to network resources etc. it is not for name resolution.

again, for the network you have, i strongly recommend saving your company some money by using a linux shared drive or a winxp share machine.

file server
print server
Domain Controller
DHCP
DNS
Firewall
Database server
Web Server
Email Server

those are some of the functions a "server" is capable of. of those you will only need File server, i strongly recommend using a network printer and setting up printer drivers from workstation to printer directly. if you really want to spend money and security is important, get a Sonicwall firewall as your primary firewall, it can also limit access to certain users.

sonicwall can handle DHCP, just use WINS for name resolution.

WinXP machine with shared drives and a sonicwall firewall would be a much better solution than Windows SBS 2003 premium, unless you have to have SQL Server and Exchange Server (neither of which you mentioned).

 

[PlatinumGold]

btw, if you are concerned with limting access to certain users in a peer to peer enviroment as i outlined, it is just as easily done as it is in an Active Directory domain.

with 5 to 6 users, Group policies aren't that beneficial.