The client I am working for is currently looking at registering their own
domain name (i.e. company.com). They already have a temporary dyndns.org
site in place (primarly to get the site up and running). They are currently
running SBS2003 Premium w/ SQL _minus_ ISA (due to factors w/ Linksys WRV
VPN endpoint router) and already have an internal domain name setup for
their workstations.
What are the steps I need to do to register this new external domain name w/
the SBS server, setting up DNS for the A, PTR, MX records, setting up
Exchange to handle e-mail internal and external, and IIS for hosting their
website, etc.
I am very new to SBS, so pretty much need a good step-by-step guide to setup
their environment w/o doing a reinstallation of their SBS server (i.e. no
backup option is currently in place).
Thanks.
-- Michael
"MWE Computers Services" <mwecom...@gmail.com> wrote in message news:OroRxVNi...@TK2MSFTNGP15.phx.gbl...
Thanks for using SBS newsgroup. Cris thanks a lot for valuable suggestions.
Issue description:
I understand that you want to set up your SBS server as a email server for
both internal and external emails. You also want to set up website on SBS
2003.
Analyzing and suggestions:
For email issue:
You can run CEICW to configure your email setting, make sure that you have
a registered FQDN on internet or on your ISP or you have a static IP
address or you have to use the smarthost on ISP to relay your internet
emails. Please contact with your ISP about detailed emails setting, you
have to contact with your ISP to see if you can use DNS to route your
internet emails or use ISP smarthost to relay emails. For running CEICW,
you can refer to the following KB articles, it might help you understand
the wizard more clearly:
825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763
For hosting website:
If this is a premium edition SBS 2003 server with ISA installed, you will
need to create new destination set for these web sites and then create web
publishing rules to publish them. Please refer to the following documents:
http://www.isaserver.org/tutorials/Publishing_Multiple_Web_Sites_using_Web_P
ublishing_Rules.html
300435 HOW TO: Securely Publish Multiple Web Sites by Using ISA Server in
http://support.microsoft.com/?id=300435
At my point of view, there could be no benefit to host public web sites by
using SBS 2003 server. Since the SBS 2003 server is an integrated business
solution for small business environment, it is better to use a separate
Windows server to host the company sites. SBS 2003 server built-in web site
is recommended to be only used for the private users.
Hosting public web sites will cause security, licensing and performance
issues. The security issue is the top cause. Port 80 is never out of the
top ten attacked ports. User account based authentication can prevent
unauthorized access; however, each connection will take one user CAL.
Considering the server performance, the public web site will increase the
server workload.
If you do want to host a public web site on the SBS 2003 server, it's your
best interest to use SBS 2003 Premium Edition with ISA server. I would like
to give you the steps for hosting a public web site on a SBS 2003 server
with ISA:
To deploy a customized public web site on the SBS 2003 box, you need to use
different URL to access the customized web site and the SBS 2003 build-in
web sites. I assume you have already registered an internet Domain name. I
would like to suggest you try the following steps to configure the SBS 2003
box.
For example, you have an FQDN: www.mydomain.com pointing to the static IP
address of your SBS server external NIC and you use the following URL to
access the particular web sites:
URL
Website function
http://www.mydomain.com
Customized public web site
https://www.mydomain.com:444/ Companyweb
(SSL)
https://www.mydomain.com/remote/ Remote Web
workplace (SSL)
https://www.mydomain.com/exchange/ Exchange
Outlook Web Access (SSL)
1. Use CEICW to automatically create the web publishing rules and
certificates for web sites.
Open "Server Management", navigate to "To Do List" and click "Connect to
the Internet". Re-run CEICW and when you configure the firewall options,
select "Enable Firewall" --> Select the services click "Next". In the web
services configuration window, select *ALL web sites* --> In the
certificate window, if you have already created a certificate, please
select "Do not change" option. Follow the wizard to finish the
configurations.
2. Create a folder to store the web page files.
Open Windows Explorer, create a folder (to store the customized web page
files) on the hard disk. Copy all customized web page files (which were
writen by some web author tools such as Front Page or Dream Weaver) to this
folder.
3. Create a new web site in IIS.
Open "Internet Information Services (IIS) Manager", navigate to <Server
Name>\"Web Sites". Right-click "Web Sites" folder, click "New"-->"Web
Site". The web site creation wizard will launch. Click "Next", input the
web site name such as "My Site"-->Select the *Internal IP address*, input
the port number "80" and input "www.mydomain.com'''' in the host header
box-->Click "Browse", find the folder that created in step2 --> Set the
permission (by-default Read and Run scripts)-->"Finish".
NOTE: Please ONLY select the Internal IP address as the identity for this
new web site. DO NOT input 443 port as the SSL connection for this site.
4. Create server publishing rule for external Companyweb access.
Open "ISA Management", navigate to "Publishing"\"Web Publishing Rules". In
the right panel, disable the rule for "Companyweb". Create a server
publishing rule for companyweb access. Navigate to "Policy Elements",
right-click "Protocol Definitions"-->"New". Input a name such as "444" -->
Set the properties: 444/TCP/Inbound and click "Next"-->"Next"-->"Finish".
Navigate to "Publishing", right-click "Server Publishing
Rules"-->"New"-->"Rule". Input the name such as "Companyweb"-->Input the
internal IP address and external IP address of the SBS server-->Select the
newly created protocol "444" --> Select "Any request"-->"Finish". Navigate
to "Monitoring"\"Services", restart the ISA services.
838304 How to publish http://Companyweb to the Internet by using ISA Server
2000 on a server that is running Windows Small Business Server 2003,
Premium Edition
http://support.microsoft.com/?id=838304
After the above steps, you can access all the web sites by using the listed
URL"s. However, you could not access the public web site from the internal
network. This is because we configure this web site to use a host header
(www.mydomain.com) to accept the web request. As a workaround, you can
modify the *hosts* file on the internal client computer (For windows
XP/2000 the path is %systemroot%\system32\drivers\etc\) and add an entry
for www.mydomain.com with the internal IP address of the SBS server.
After doing this, you can configure the SBS 2003 server to publish the web
site on the internal computer to the Internet by using Web publishing
rules.
As your convenience, I suggest you design a backup for your SBS 2003
server, it will make your server more reliable:
Backup and restore SBS 2003:
http://download.microsoft.com/download/b/d/8/bd8e1a40-d202-429a-8eb7-26300d6
2bcc9/BKU_BkupRstr.doc
I hope the above information helps. If you have any questions, please feel
free to let me know. I am glad to be any further updates.
Have a nice day!
========================
This response contains a reference to a Third party World Wide Web site.
You should know that Third party sites are not under the control of
Microsoft. Accordingly, Microsoft can make no representation concerning
the content of these sites. Microsoft is providing this information only
as a convenience to you. This is to inform you that Microsoft has not
tested any software or information found on these sites and therefore
cannot make any representations regarding the quality, safety, or
suitability of any software or information found there. There are inherent
dangers in the use of any software found on the Internet, and Microsoft
cautions you to make sure that you completely understand the risk before
retrieving any software on the Internet.
========================
Best regards,
Charles Yang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
"Cris Hanna [SBS-MVP]" <crisnos...@computingnospampossibilities.net> wrote in message news:%23QFXCdO...@TK2MSFTNGP09.phx.gbl...
-- Michael
""Charles Yang [MSFT]"" <v-ch...@online.microsoft.com> wrote in message
news:K%23smTwRi...@TK2MSFTNGXA01.phx.gbl...
I am sorry to hear that you could not use ISA with your router; of course
you can establish the website without ISA. But you need also configure your
router as firewall. As this refer to third party vendor. We could not help
you on this field; it is your best interest to contact the Cisco for
further support.
Thanks for understanding. If you have any other concerns, please let me
know.
Best regards,
Charles Yang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
Thanks for your emails.
Yes we did not recommend configure too much website on SBS 2003, you can
host website on one member serve on SBS 2003. It might be a reasonable
solutions for both security reason and performance reasons.
We appreciate your understanding, if you have any other concerns, you can
feel free to use it. We will try our best to help you.
Below is your reply from emails:
I contacted MS support directly as it seems that the SVPs on the SBS
newsgroup are pretty much against using the SBS application as an
All-In-One suite (i.e. public web, sql server, exchange, etc) as it was
intended for small businesses. I also reflected this issue with several MS
SBS developer and marketing team members and they weren't very happy to
hear this is happening.
I wont be using the newsgroups any more unless the issue is not dire enough
to take on member phone support.
-- Michael
As per the Microsoft website and the SBS marketing plan, SBS is supposed to
be an All-In-One (AIO) small business server platform for doing public and
private web servicing, having Exchange e-mail server built-in, and allowing
the client to have their staff able to remote in via RWW and/or OWA --
without having to purchase each of these modules individually. For those
that need the added functionality, the Premimum edition is available with
the ISA for firewall/added security, Frontpage for customized web sites and
SQL server for those that want to run a database. Listed below is a link to
the SBS Data Sheet -- which is one of the key documents that SMBs are
looking at (as well as System Integrators) to help offer an AIO solution for
the customer.
SBS Datasheet Link:
http://www.microsoft.com/WindowsServer2003/sbs/evaluation/datasheet/default.mspx
Now, here's the kicker: pretty much the SVPs here talk about NOT using SBS
as an AIO server package for SMBs. If SBS is not supposed to be deployed as
an AIO operating system platform, then someone at Microsoft needs to pull
the software and reevaluate what is a viable option.
Outsourcing is crap as far as I am concerned when it involves SMBs as alot
of their customer and business information should be stored and accessable
locally and not turned over to a hosting company. If the client updates
their locally-found SQL database in real-time and their website uses this
information, the SMB needs/has to replicate the SQL data for the web hosting
service site to keep the prices of their items current? I think not.
SBS Case Studies:
http://www.microsoft.com/WindowsServer2003/sbs/evaluation/casestudies/default.mspx
Many SMBs are wanting an AIO package so they don't have to outsource and it
prevents them from keeping their customers close at hand. Take a look at the
Case Studies link above. Several of my clients are wanting to do the same
thing as many of these studies reflect. Having the SVPs state that SBS
shouldn't be used in this manner (as that is what SBS was truely developed
for) is really hurting Microsoft SBS program rather than helping it.
-- Michael
""Charles Yang [MSFT]"" <v-ch...@online.microsoft.com> wrote in message
news:FZvdela...@TK2MSFTNGXA01.phx.gbl...
As I know, the SBS is only a solution for small business company, so we did
not recommend using so much content at one server, as we have already host
SQL Exchange and companyweb at the same server, so it is your best interest
to host website on member server. Also as I know the advantage of SBS is to
use a lot wizard that will certain simply the configuring task on SBS
server.
We could not compare SBS with other windows edition, as we know as the low
price, SBS did have some limitation. But you could make your IT management
more easily than other windows. For example, you did not need to run a lot
of wizard to configure your component individually instead, SBS can run a
simple wizard to configure the component together.
Still thanks very much for your input. Any concerns would be free to input.
I run/own a small computer consulting/integration business for the area I
live in. My background is that of different traits: systems engineer,
Oracle/SQL database admin, Unix/Linux/MS sys admin, BizTalk
designer/developer and even a enterprise/technical architect -- most of it
in the telecommunications field. I had worked with many types of business
environments -- everything from a local ISP to that of Fortune 500 companies
that still exist today. So working with clients, both from a pre-sales and
after-sales level is nothing new to me.
Many of my clients are SMBs -- from 3 to 50 employees or so. Currently a
couple of local, outside web hosting and computer service sites have gone
under, thus not really giving these SMBs a real chance at any further
support help. I found that if the hosting company isn't local, they won't
use it. These are some real back woods folks here (many of them are still
running Win98 so having them look at XP was really pulling teeth -- what
ones they had left). Outsourcing just wasn't a viable option any longer.
When it comes to budget-wise for these SMBs, my clients look at $1,000 as
ALOT of money to spend on anything.
I had been reading up on the SBS platform and found in certain cases that it
would be beneficial to these clients as they are looking for an AIO package
deal. Many SMBs are looking to have AIOs available to them. They want to
have customer-driven/e-commerce based websites housed locally so they have
make adjustments to the site's information in real-time. They want a
locally-accessable e-mail system they can control. They are willing to pay
for this type of support _as long as_ they can keep it all in-house and not
controlled by anyone outside their business site.
Setting up a Linux server for external/internal e-mail capabilities, even
SuSe's OpenExchange, only takes a few minutes. Microsoft Word, Excel and
other data files could be stored easily on the server (or even a NAS mount)
and accessable via Samba. Installation of either MySQL or Oracle then using
Apache w/ PHP for web services would be a breeze as well. Security wouldn't
be an issue. Someone that knows the basis of the Linksys products could have
port forwarding setup on the VPN firewall/routers so that hackers could be
kept at bay. Adding additional IPTables to the Linux server would even
further promote this higher level of security stance.
As you can see, I could have setup a Linux server for pretty much all of it,
but I was willing to give Microsoft a shot at it since I had recently become
a registered partner and they had an excellent sales and marketing opp for
promoting the SBS platform to small businesses. After getting such a
response here that using SBS as an AIO wasn't a good choice for this inital
client, I am starting to have doubts of using any future MS product nor
recommending SBS for any future placements for my clients wanting to do the
same thing.
-- Michael
""Charles Yang [MSFT]"" <v-ch...@online.microsoft.com> wrote in message
news:fOCF$iljFH...@TK2MSFTNGXA01.phx.gbl...
Thanks for updates.
I understand that you are not satisfied why SBS have so many limitation, as
we know. SBS is an integrate solutions, we can not expected one server can
cover all the roles, so we need to configure some other member server to
deploy the tasks. As I know, Microsoft does not recommend host too many
tasks on DC. SBS is design only for small company, so it allow to host SQL
and Exchange on the DC. But if you want to host more things such as website
on the DC, it might cause performance issue, if you want to host websites,
we suggest you buy a Windows 2003 server standard or enterprise to do this
task.
Thanks for understanding. As I know, different product fit for different
user, we design the product from both performance and also the price.
Thanks for your clarify. Sorry for any incovenient
-- M
""Charles Yang [MSFT]"" <v-ch...@online.microsoft.com> wrote in message
news:g9svd4oj...@TK2MSFTNGXA01.phx.gbl...
Now for the AIO stuff...YES it is a AIO sytem, more internally than
externally. YES you can run it as a AIO serving external resources but
you then give up some security by going against best practices. Just
beacuse you have a car that does 120 mph, does not mean you will do that
on a freeway. If you bought SBS just for the price point / features
and did not intend to server internal FPS / Mail services, I would say
go for it, open that puppy up to the net! One thying you may consider
is hosting the site on a Linuix box, but connections to the SQL
database. This is more secured, but yes not a ture AIO system.
I also have a small consulting company in the Columbus, OH area serving
several 3-50 users shops. I belong to the partners programs like you,
and agree that some of the marketing is off. Microsoft boasts that SBS
is a prefect solution for the SMB market, but relies alot on the
enterprise experience / documenatation. It is up to us the consultant
to read between the lines of SBS / Enterprise best practices for form
the final solution. Does MS need to fix this? YES Is SBS 2003 still a
good solution? YES
Feel free to email me or post any new questions. Hope this helped.
your question has very little to do with MS, MVP's, or SBS.
Let's get rid of all of them. I'm a 'computer consultant' same as you,
it seems.
I _strongly_ recommend against inhouse www hosting, regardless of the OS
on which it it hosted. (while hosting my and my sisters' sites on SBS)
FACT: Any device on which you host a publicly available website _must_
be vigilantly maintained. Not only webserver patches but patches for any
component available through the website (PHP, SQL, etc) and the 'OS' of the
device must be applied as soon as available. Traffic to/from the site should
be monitored and filtered to ensure any new exploit is recognised and
defeated before it becomes a problem.
FACT: Ensuring the security of a Windows system will involve restarts.
FACT: If you host inhouse, traffic to/from the website will impact the
internet performance experienced by inhouse users. and the vice versa rule
applies, inhouse traffic will impact the speed at which webpages can be
served. The cost of increasing the internet speed to accomodate this traffic
is greater than webhosting charges.
NOTE: I've not mentioned a DC yet, let alone SBS.
FACT: ONE security incident involving a DC will cost more to address
than a couple of years hosting. Maybe the 'support' is inhouse, or more
likely in our cases we provide support and the client will have to:
A) send everyone home while we fix the problem. There is a cost associated
with this.
B) pay us to fix the problem.
and _my opinion_ regarding SBS
SBS is the 'heart' of our network, the primary (if not only) DC and probably
data store, it is our Exchange, and our firewall (standard or premium). IF
the SBS is compromised we can no longer trust any part of AD. The cost of
one security incident far outweighs the cost of external webhosting. BUT,
BUGGER 'security incidents', the cost of having the whole office off the air
regularly while we maintain the server is sufficient to pay for external
hosting of all but the most complex interactive sites. I'd even be happy to
discuss having my site hosted externally and using some form of backend,
accessed only by the public webserver, sitting on the SBS (mind you, this
opens you to attack should the hosting service be compromised).
"MWE Computers Services" <mwecom...@gmail.com> wrote in message
news:OXU$parjFH...@TK2MSFTNGP14.phx.gbl...
Thanks for updates.
I appreciate your so valuable input, I will also send this to our Dev
teams, it might help us design the SBS more suitable for customers.
Hope you all have a good sharing.