Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SBS 2003 Std Edition and exchange2003

0 views
Skip to first unread message

Craig Matchan

unread,
Aug 28, 2005, 8:56:00 PM8/28/05
to
Hi all,

sorry for this "noob" question, but I am new to SBS 2003. A friend of mine
is contemplating a new e-mail system for his company. Currently the company
is quite small, 12 staff. He has asked me about getting scheduling going,
they used to use exchange at a previous place he used to work before we
started up his new company.

I have come up with a few possible solutions for him and SBS 2003 looks like
a contender. I don't think a full blown exchange server is warrented at this
point in time.

From what I have seen on the SBS site, the main difference between SBS Std
and SBS pro is the inclusion of SQLServer, RRAS and ISA. My main question is
is the version of Exchange that comes with SBS knobbled in any way? Is it
the same as Exchange2003 Std edition or are there more severe restrictions
on it such as the size the mailstore db can grow to, or the number of users
it can support?

Currently they have a small number of servers running independently of each
other (Win2k and Win2003 Std) with no AD.

I am relatively compentent with Exchange2003 Std ans AD in general, but SBS
is a new beast to me.

Regards

Craig


Message has been deleted

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

unread,
Aug 28, 2005, 9:43:22 PM8/28/05
to
Not for long as with Exchange 2003 sp2 it will go to 75 gigs.

Honestly if you don't recommend SBS to a small firm you are restricting
them for future growth and geekiness.

I don't use VPN anymore. Only RWW.

VPN actually introduces more risk.

I haven't VPN'd into my office for ages.

Leythos wrote:

>In article <OfG4tRDr...@tk2msftngp13.phx.gbl>, cwigster@spammenot-
>swiftdsl.com.au says...


>
>
>>From what I have seen on the SBS site, the main difference between SBS Std
>>and SBS pro is the inclusion of SQLServer, RRAS and ISA. My main question is
>>is the version of Exchange that comes with SBS knobbled in any way? Is it
>>the same as Exchange2003 Std edition or are there more severe restrictions
>>on it such as the size the mailstore db can grow to, or the number of users
>>it can support?
>>
>>
>

>SBS2003 with Exchange is a great solution and is only limited by the
>normal 16GB store size.
>
>Things you really need to consider:
>
>1) A real firewall, not just a NAT box, but a firewall that can clean
>SMTP sessions of bogus SMTP headers, bad attachment types, and also
>block attachments greater than size=xxxMB
>
>2) Some type of Exchange aware AV software - like Symantec Mail Security
>for Exchange - this does SPAM, RBL, Virus checking, White and Black
>lists.
>
>3) Get a firewall that acts as a PPT VPN endpoint to that users can VPN
>into the office using just their Windows XP software and then connect
>via Remote Desktop directly to their workstations in the office -
>blocking all access via the firewall except 3389 from User to Desktop...
>
>It's also good to add large block lists based on places you don't do
>business with - like I block most of Asia, Russia, France, etc... from
>any inbound connection at the firewall...
>
>
>
>

--
An open letter to the Security Community::
http://msmvps.com/bradley/archive/2004/12/12/23540.aspx

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

unread,
Aug 28, 2005, 9:43:44 PM8/28/05
to
Only open 443/4125 no need to open 3389.

Leythos wrote:

>In article <OfG4tRDr...@tk2msftngp13.phx.gbl>, cwigster@spammenot-
>swiftdsl.com.au says...
>
>

>>From what I have seen on the SBS site, the main difference between SBS Std
>>and SBS pro is the inclusion of SQLServer, RRAS and ISA. My main question is
>>is the version of Exchange that comes with SBS knobbled in any way? Is it
>>the same as Exchange2003 Std edition or are there more severe restrictions
>>on it such as the size the mailstore db can grow to, or the number of users
>>it can support?
>>
>>
>

SuperGumby [SBS MVP]

unread,
Aug 28, 2005, 9:48:27 PM8/28/05
to
I'll only argue against 1) and 3).

A 'real firewall' (as an appliance) will cost similarly, or in most cases
more, than upgrade to SBS Premium which includes a real firewall, ISA.

If you must allow VPN into the network I don't really care whether the VPN
is terminated at an appliance or SBS. However, I feel VPN is _mostly_
unnecessary, use RWW/RDP proxy/CompanyWeb instead. Secure access to data
without inviting dirty little home PCs into your network.

"Leythos" <vo...@nowhere.lan> wrote in message
news:MPG.1d7c29c9d...@news-server.columbus.rr.com...


> In article <OfG4tRDr...@tk2msftngp13.phx.gbl>, cwigster@spammenot-
> swiftdsl.com.au says...

>> From what I have seen on the SBS site, the main difference between SBS
>> Std
>> and SBS pro is the inclusion of SQLServer, RRAS and ISA. My main question
>> is
>> is the version of Exchange that comes with SBS knobbled in any way? Is it
>> the same as Exchange2003 Std edition or are there more severe
>> restrictions
>> on it such as the size the mailstore db can grow to, or the number of
>> users
>> it can support?
>

> SBS2003 with Exchange is a great solution and is only limited by the
> normal 16GB store size.
>
> Things you really need to consider:
>
> 1) A real firewall, not just a NAT box, but a firewall that can clean
> SMTP sessions of bogus SMTP headers, bad attachment types, and also
> block attachments greater than size=xxxMB
>
> 2) Some type of Exchange aware AV software - like Symantec Mail Security
> for Exchange - this does SPAM, RBL, Virus checking, White and Black
> lists.
>
> 3) Get a firewall that acts as a PPT VPN endpoint to that users can VPN
> into the office using just their Windows XP software and then connect
> via Remote Desktop directly to their workstations in the office -
> blocking all access via the firewall except 3389 from User to Desktop...
>
> It's also good to add large block lists based on places you don't do
> business with - like I block most of Asia, Russia, France, etc... from
> any inbound connection at the firewall...
>
>
> --
>

> spam9...@rrohio.com
> remove 999 in order to email me


Russ Grover

unread,
Aug 28, 2005, 11:07:59 PM8/28/05
to
I'll agree with the VPN (however VPN for WiFi)

VPN can use more bandwidth and Most small businesses don't have that...

RWW OWA is less bandwidth 28k and it works...

I do use TS to the server...
You know us power geeks We Love SPEED ;)

VPN takes sometimes longer to connect.
Heck RWW is much faster to connect usually.
Even if you have to type your password... (Ok I exaggerate)

I talk people out of VPN (External) unless they need to transfer files
often
(Then I urge them into a NAS with FTP or some other solution.)
FTP is KILLER fast..

Once they see how fast OWA RWW is and they can do it from ANY PC
They are hooked...

Russ


--
Russ Grover
Small Business IT Support
Portland\Beaverton OR USA
Email: Sales at SmallBusinessITSupport.com
Website: www.SmallBusinessITSupport.com


"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbra...@pacbell.net>
wrote in message news:ewCKLsDr...@TK2MSFTNGP09.phx.gbl...

Russ Grover

unread,
Aug 28, 2005, 11:49:21 PM8/28/05
to
Port 3389 is Reserved for ME :) Muhaahaaa Haa.. (However you spell an evil
laugh?)


--
Russ Grover
Small Business IT Support

SBS Rocks!
Portland/Beaverton OR
Email: Sales at SmallBusinessITSupport.com
Website: http://www.SmallBusinessITSupport.com


"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbra...@pacbell.net>

wrote in message news:u1YkYsDr...@TK2MSFTNGP09.phx.gbl...

SuperGumby [SBS MVP]

unread,
Aug 29, 2005, 12:13:41 AM8/29/05
to
you shouldn't. By exposing port 3389 you are directly making Terminal
Services available to the internet, should a compromise of the service be
available you are unnecessarily exposing yourself to it.

Much better to rely on the RDP proxy component of RWW 'Connect to my
computer at work' (normal users) or 'Connect to Server Desktops' (admin)
which dynamically allows the connections only after SSL authentication.

"Russ Grover" <ru...@NoSPam.SmallBusinessITSupport.com> wrote in message
news:u9bilyEr...@TK2MSFTNGP14.phx.gbl...

Message has been deleted
Message has been deleted
Message has been deleted
Message has been deleted

Craig Matchan

unread,
Aug 30, 2005, 12:25:11 AM8/30/05
to
Hi everyone.

firstly, thanks for all your replies. Most appreciated. One thing that has
come out from this that has me a little concerned is how well SBS scales, or
grows. Some other threads have indicated that there are some "hard coded"
limits to how big AD can grow on SBS and that you can only have one ADC with
SBS. I'm a little concerned about this as if this company takes off it will
probably in a fairly big way and could easily outgrow SBS. Is there a clear
and easy way to migrate from SBS2003 to a Win2003 Srv+Exch2003 Server setup?

As far as firewalls, a/v and antispam, they already have this in place and
should work fine with SBS. They have a dedicated SMTP daemon which handles
all their incoming/outgoinf mail and this handles spam and virus detection
and it passes on/ fetches mail from their existting mail system. As long as
I can tell Exchange for SBS to listen on a different port for SMTP
connections it should be ok.

Thanks to you all for all of your comments,

regards

Craig

"Craig Matchan" <cwig...@spammenot-swiftdsl.com.au> wrote in message
news:OfG4tRDr...@tk2msftngp13.phx.gbl...

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

unread,
Aug 30, 2005, 12:46:28 AM8/30/05
to
Absofreakinglootly they can grow. It's call the SBS 2003 transtion pack
and once you hit the 75 limit you buy it, apply it and off you go.

Googl and you'll see all about it

SBS doesn't limit the firm but allows for expansion.

SuperGumby [SBS MVP]

unread,
Aug 30, 2005, 12:51:54 AM8/30/05
to
you touch on one of the two most misunderstood concepts relating to SBS.

1) You can have additional DC's in an SBS domain. SBS is often discussed in
relation to a 'single server' environment, this is particularly true of the
lower end of the SBS marketplace because the situation does not require
additional servers. Each additional server in an SBS environment consumes a
single device CAL, access to the additional servers is covered by the SBS
CAL's. Additional DC's in an SBS environment are fully supported, as are
member servers (say TS, or LOB application server). If the additional
server(s) are TS Aplication Mode servers TS CALs are required in addition to
any SBS CALs.

The SBS must hold all FSMO roles and be licensing server for the domain. It
must also be a GC but you may have multiple GC's in a domain. (HEY, can you
have multiple license servers? subordinate to SBS? not sure but I don't
think so)

2) is the 'root of the forest' or 'first server' thing. The SBS can actually
be the 75th server you install on a network (this is a rather ridiculous
scenario but it may happen). What is really meant is that SBS must hold all
FSMO roles. The FSMO roles are exclusive at either the 'forest' or 'domain'
level so, as SBS must hold these exclusive roles there can be only one SBS
in a forest. As SBS only supports a single domain in a forest there can be
only one domain and only one SBS in that domain. Multiple sites is fully
supported, if a little outside most SBS experience.

Your SMTP question shouldn't cause any major issue. I'd need more info to
discuss it further though.


"Craig Matchan" <cwig...@spammenot-swiftdsl.com.au> wrote in message

news:uJbaRrRr...@tk2msftngp13.phx.gbl...

0 new messages