Planning Your SBS Network on Windows® Small Business Server 2011

  • 5/15/2011
Contents
×
  1. Planning the Network Infrastructure
  2. Choosing Naming Conventions
  3. Planning for Security
  4. Summary
By designing your network infrastructure, naming conventions, and network security before you actually implement them, you’ll save costly reconfiguration later.

Before you actually start installing Windows Small Business Server 2011 Standard, you should spend some time and thought planning what your network will look like. Time spent now, before you actually start installing anything, will save you time, energy, and complications later. By designing your network infrastructure, naming conventions, and network security before you actually implement them, you’ll save costly reconfiguration later.

Planning the Network Infrastructure

The first tasks in designing a network for your company are

  • Evaluating the computing needs of the organization

  • Choosing an Internet connection method and local network type

  • Selecting network devices

  • Choosing server hardware

  • Choosing client hardware and software

UNDER THE HOOD: Network Operating Systems

On an ordinary PC, the role of the operating system is to manage the file system; handle the running of applications; manage the computer’s memory; and control the input and output to attached devices such as cameras, printers, and scanners. A network operating system expands that role, managing the following:

  • Centralized security

  • Remote access

  • Remote file systems

  • Running shared applications

  • Input and output to shared network devices

  • CPU scheduling of networked processes

When multiple computers are connected in a workgroup, as shown in Figure 3.1, the result is called a peer-to-peer network: a network without a central server and with no network operating system.

Figure 3.1 A peer-to-peer network, which has no central server or management

Adding one or more servers running Windows Server 2008 R2 or a Windows Small Business Server 2011 Standard, as shown in Figure 3.2, is a client/server-based network—one or more servers and multiple clients, all sharing a single security policy. The servers provide both the resources and the security policy for the network, and the clients are the computers that use the resources managed by the server.

Figure 3.2 A client/server network, which has a central management and resource server

Servers Use Network Operating Systems

Because SBS 2011 has to supply services to as many as 75 users, and you’re depending on it to run your business, a high-powered, robust operating system and highly reliable hardware are essential. When your users rely on a server to get their work done and keep your business running, you certainly don’t want frequent failures—you don’t even want to reboot!

In addition to supplying print, file, or other services, the network operating system has to provide network security. Different businesses and organizations have varying security needs, but all must have some level of data protection. Therefore, the system must offer a range of configurable security levels, from the relatively nonintrusive to the very stringent.

Clients Use Workstation Operating Systems

Like other computers, client computers on a network need an operating system. However, a client operating system doesn’t need to manage the resources for other computers or manage security for the network. Rebooting a workstation can be an annoyance for the user but doesn’t usually disrupt anyone else’s work.

On a Windows Small Business Server network, clients can run Microsoft Windows XP Professional (including Windows XP Tablet PC Edition and Windows XP Professional x64 Edition) and business editions of Windows Vista or Windows 7. However, for best performance and security, Windows Vista SP1 or Windows 7 should be deployed on clients.

Determining Your Needs

Before designing a network, decide which features of SBS 2011 your business needs; doing so helps ensure that the network design is dictated by business needs rather than by fancy technology. Key needs to consider include

  • Centralized user account management

  • Centralized update management

  • Web and email access for employees

  • File sharing and centralized file storage

  • Database storage using Microsoft SQL Server

  • Printer sharing

  • Centralized backup

  • Centralized fax server

  • Remote access to the internal network via the Internet, including remote access directly to the user’s desktop from the web

  • Management of remote computers

  • Collaboration and document management (SharePoint Foundation 2010)

You also must decide how important the following factors are, as well as what resources are available to support your choices:

  • Performance

  • Reliability

  • Security

NOTE

PLANNING Get a thorough idea of what kind of work will be done on the network, when and where it will be done, and by whom. For example, your organization might need to do payroll every other Friday, during which time the file server and printers are under a heavy load.

Choosing an Internet Connection

To choose an Internet connection method, you must balance an organization’s bandwidth needs and budget against the available Internet connection methods. The following sections discuss how to do this, as well as how to choose an Internet service provider (ISP).

Determining Bandwidth Needs

First, determine the baseline level of bandwidth you require. You can then balance this against the organization’s budget and performance goals. Allow for 100 kilobits per second (Kbps) of download bandwidth and 50 Kbps of upload bandwidth for each simultaneous user of email and the web. If remote access is important, allow for a minimum of 100 Kbps of upload bandwidth for each simultaneous remote access user. Table 3-1 lists various Internet connection speeds and the number of users supported for each speed, assuming that users will be browsing the web and using email. This table does not include requirements for remote connections.

WARNING

IMPORTANT Running an Internet-accessible web server on your network requires at least 50 Kbps or more of upload bandwidth per simultaneous visitor, depending on the size of images or files. This can quickly swamp your Internet connection, which is one reason most small businesses pay for web hosting.

Table 3-1. Bandwidth requirements for web browsing and email

DOWNLOAD/UPLOAD SPEED

NUMBER OF USERS

256/128 Kbps

1–5

512/256 Kbps

1–5

1024/512 Kbps

5–10

3072/768 Kbps

10–20

5120/1024 Kbps

15–30

NOTE

These bandwidth numbers are not intended to be definitive—they are a minimum planning baseline. Each organization and its users have different usage patterns and needs, and you should evaluate your needs accordingly. Be prepared to add more bandwidth if necessary. Your users will never complain that the Internet connection is too fast, but they will definitely complain if it’s too slow!

UNDER THE HOOD: Bits and Bytes

Network speeds are measured in either kilobits per second (Kbps) or megabits per second (Mbps), whereas download speed and hard disks are rated in kilobytes per second (KBps) or megabytes per second (MBps). For example, a 640-Kbps DSL connection might download files at 60 KBps from a fast website, but a 1.5-Mbps cable Internet connection might download at 180 KBps from the same site. (Some of the bandwidth is used up by transmission overhead and inefficiencies.) When you compare network speeds, make sure you’re using the same units of measurement.

Types of Internet Connections

To choose an Internet connection method, you need to know which methods are available as well as their performance characteristics. Table 3-2 lists the most common connection methods and their speeds.

Table 3-2. Internet connection types

TYPE OF CONNECTION

DOWNLOAD SPEED

UPLOAD SPEED

NOTES

Dial-up

28.8–53 Kbps

28.8–40 Kbps

Analog telephone line. Sometimes referred to as Plain Old Telephone Service (POTS).

ISDN (Integrated Services Digital Network)

64–128 Kbps (one channel or two)

64–128 Kbps (one channel or two)

Must be within 50,000 feet of a telephone company central office (CO). Connection is dial-up (not persistent).

ADSL (Asynchronous Digital Subscriber Line)

256 Kbps–8 Mbps

128 Kbps–1 Mbps

Must be within 18,000 feet of a CO.

IDSL (DSL over ISDN)

128–144 Kbps

128–144 Kbps

Works at greater distances from a CO than other DSL variants.

SDSL (Synchronous DSL)

128 Kbps–2.3 Mbps

128 Kbps–2.3 Mbps

Must be within 20,000 feet of a CO.

Cable

128 Kbps–15 Mbps

128 Kbps–1 Mbps

Must have access to broadband cable service; speed can fluctuate depending on the number of users on a given cable loop.

Microwave wireless

256 Kbps–10+ Mbps

256 Kbps–10+ Mbps

Must be in line of sight to the ISP’s antenna; maximum distance 10 miles.

Frame relay/T1

56 Kbps–1.54 Mbps

56 Kbps–1.54 Mbps

Good availability; very reliable; consistent throughput; expensive.

802.11b (WiFi)

Up to 11 Mbps

Up to 11 Mbps

Speed decreases with increasing distance from access point.

802.11g or 802.11a

Up to 54 Mbps

Up to 54 Mbps

Speed decreases with increasing distance from access point.

802.11n

Up to 540 Mbps

Up to 540 Mbps

Speed decreases with increasing distance from access point.

Geosynchronous satellite

150 Kbps–3 Mbps

33.6 Kbps–128 Kbps

Requires line of sight to satellite (southern sky in North America). Unsuitable for real-time multimedia because of high latency.

Ethernet

10 to 1000 Mbps

10 to 1000 Mbps

Limited availability. Backbone connection might be DSL or T1, limiting actual bandwidth.

Choosing ISPs

After determining the preferred connection type and bandwidth, it’s time to actually find ISPs. Two websites to check are http://www.cnet.com/internet-access and http://www.dslreports.com. In addition to speed and cost, look for the following features:

  • Static IP address To host any kind of Internet-accessible service such as email, Microsoft Outlook Anywhere, remote access, or websites, you need a static IP address or an ISP that supports the Dynamic DNS service, or you need to manage your external DNS with a DNS service that supports dynamic updates, such as http://www.zoneedit.com. SBS 2011 includes support for tzo.com dynamic DNS if you use the built-in wizards to register or transfer your domain name.

  • Terms of service and ports Many ISPs have terms of service (TOS) on consumer-grade accounts that prohibit hosting email servers, or they have a policy that blocks specific ports such as port 25. You need to ask before you buy.

  • Transfer limitations If the ISP has a monthly data transfer limit, make sure the limit isn’t lower than your anticipated usage—charges for going beyond the limit can be significant.

  • Web hosting If you want the ISP to host the organization’s Internet website, look for virtual hosting (so that your organization can use its own domain name) with enough disk space on the ISP’s web servers.

  • Backup Internet connection If your business is dependent on always being connected to the Internet, choose a secondary Internet connection with sufficient bandwidth to allow you to maintain minimal service in case the primary Internet connection fails. This second Internet connection should use a different ISP and a different connection technology. You can use a dual WAN router to use both connections simultaneously.

Choosing a Network Type

The next step in designing a network is to choose a network type. (See Table 3-3.) Start by looking at where your computers are physically located. If you can easily run cable between all computers, the choices are simple: Gigabit Ethernet (GigE) or Fast Ethernet (100BaseT). Choose GigE if your wiring supports it; otherwise, stick to Fast Ethernet. If you’re installing new cabling, hire a professional cabling expert. Spending money on good wiring now can save you a lot of problems in the future.

If the computers are widely scattered or mobile, consider including some wireless access points (APs). These are network devices that permit wireless clients access to a wired network. Even Fast Ethernet is virtually as fast as the real-world speeds of the fastest current wireless standard (802.11n), while being far more reliable, more secure, and cheaper as well. For these reasons, use wireless networks to supplement wired networks, not to replace them.

MORE INFO

For more information about wireless access points, see the section Choosing a Wireless Standard: 802.11a/b/g/n later in this chapter.

WARNING

SECURITY ALERT All wireless technologies have the potential to introduce security risks. When using wireless networking, always use appropriate security measures, such as Wireless Protected Access (WPA), 802.11i (WPA2), or 802.1x. For more information, see the section Planning for Security later in this chapter.

Table 3-3. Common network types

TECHNOLOGY

SPEED

SPEED (REAL WORLD)

CABLING

MAXIMUM DISTANCE

OTHER HARDWARE REQUIREMENTS

Fast Ethernet

100 Mbps

94 Mbps

Cat 5, Cat 5e, Cat 6

328 feet from hub or switch

Fast Ethernet hub or switch

Gigabit Ethernet

1000 Mbps

327 Mbps

Cat 5e or Cat 6

328 feet from hub or switch

Gigabit hub or switch

802.11b (WiFi)

11 Mbps

4.5 Mbps

Wireless

1800 feet (60–150 feet typical indoors)

802.11b or 802.11g access point (AP), 32 users per AP

802.11a

54 Mbps

19 Mbps

Wireless

1650 feet (50–100 feet typical indoors)

802.11a AP, 64 users per AP

802.11g

54 Mbps

13 Mbps

Wireless

1800 feet (60–150 feet typical indoors)

802.11g AP, 32 users per AP

802.11n

540 Mbps

130 Mbps

Wireless

7200 feet (100–500 feet typical indoors)

802.11n AP, 32 users per AP

NOTE

Wireless speeds vary greatly depending on the distance from the access point, and the number and type of walls, floors, and other interference between the access point and the client device.

BEST PRACTICES

Avoid the consumer-focused HomePNA and HomePlug network types. They’re more expensive, slower, less secure, and less reliable than Ethernet or a properly configured 802.11a/b/g/n wireless network.

Choosing the Right Network Cable

Choosing the right cable for a wired Fast Ethernet (100 Mbps) network is easy—Cat 5 cable. However, there are exceptions to this rule that pertain to existing installations and new construction.

Cables in an existing network might not be usable. 10-megabit Ethernet equipment might be usable for small networks until it can be replaced, but expect to replace it soon—you’ll find it slow. Coaxial (thinnet) Ethernet and Cat 3 Unshielded Twisted Pair (UTP) cables are unreliable and slow and should be replaced.

New construction should run several strands of Cat 5e or, ideally, Cat 6. Although Cat 5 cable can be used with Gigabit Ethernet, it is marginal at best. Cat 5e and Cat 6 cables are more reliable and provide headroom for possible 10-Gigabit Ethernet standards. Cables should converge at a reasonably clean, centrally located wiring closet with adequate power, ventilation, and security for all servers and network devices. (Be sure to leave room for future growth.)

Shielded Cat 5, Cat 5e, and Cat 6 cables are available for situations that potentially involve high levels of electromagnetic interference (such as antennas). You should use plenum-grade cable any time wiring is placed in a drop ceiling. (Before running cable in a drop ceiling, talk to the building manager.)

Choosing a Wireless Standard: 802.11a/b/g/n

Currently, you can choose from four wireless standards: 802.11b, 802.11a, 802.11g, and 802.11n. Here’s what you need to know about each (also refer to Table 3-3):

  • 802.11b 802.11b was the first widely deployed standard, though the speed was limited (11 Mbps theoretical; 5 Mbps or even less in the real world). 802.11b supports a maximum of 32 users per AP, and a maximum of 3 simultaneous channels in use in the same location. Channels separate wireless networks, with each channel providing 11 Mbps of bandwidth. You should not buy new equipment that supports only 802.11b, and if you currently have 802.11b equipment, you should upgrade it to 802.11n. There are serious security considerations with older wireless hardware that preclude it from being deployed in a business environment.

  • 802.11g 802.11g is faster than 802.11b (54 Mbps theoretical; 13 Mbps real-world) and backward-compatible with 802.11b. 802.11g supports a maximum of 32 users per AP, and a maximum of 3 simultaneous channels in use in the same location.

  • 802.11a 802.11a is faster than 802.11g (54 Mbps theoretical; 19 Mbps real-world) and is more tolerant of microwave interference and network congestion because it uses the 5 GHz frequency band. 802.11a supports a maximum of 64 users per AP, and a maximum of 8 channels in use simultaneously in the same location. 802.11a is not compatible with either 802.11b or 802.11g.

    If you decide to use 802.11a network devices, stick with devices from the same vendor and consider a tri-mode 802.11a/b/g device that will allow other devices, such as laptops with built-in 802.11b/g connectivity, to work on the wireless network. (This strategy also permits the highest network density, with 11 channels available simultaneously for wireless networks.)

  • 802.11n 802.11n is faster than 802.11g (up to 540 Mbps theoretical; 100–130 Mbps real-world) and backward-compatible with 802.11g and 802.11b. Most 802.11n equipment is in the same frequency band (2.4 GHz) as 802.11b/g, but the standard supports dual-band equipment that can also use the 5-GHz range of 802.11a. This dual-band equipment provides the greatest flexibility and compatibility and is especially good at avoiding interference from other equipment. Choosing dual-band equipment from a single OEM is the safest choice for compatibility at the highest speeds. If you’re buying new wireless equipment, we strongly recommend 802.11n and prefer dual-band 802.11n where possible.

Choosing Network Devices

After selecting a network type and Internet connection method, create a network diagram to visually show which network devices are needed. Then select the necessary devices for the network, such as switches, wireless access points, firewalls, and network adapters.

BEST PRACTICES

Choose a single brand of network hardware if possible. This ensures greater hardware compatibility, simplifies administration, and makes obtaining vendor support easier.

Diagramming the Network

Creating a diagram of the network can quickly show which devices you need and where they should be located, as shown in Figure 3.3.

Figure 3.3 A network with the Windows Small Business Server computer connected directly to the Internet

Use the following list as a guide when creating the network diagram:

  • Internet connection The Internet connection usually comes in the form of a telephone or coaxial cable that connects to a DSL or cable router. It is traditionally represented by a cloud at the top of the drawing and a line that connects to the router or firewall.

  • DSL or cable modem The Internet usually enters the organization in the form of a telephone or cable line that plugs into a DSL or cable modem.

  • Firewall The DSL or cable modem is then plugged into the firewall, which should be a router or firewall. Some modems are combined with built-in routers that have basic firewall capabilities. Consumer routers or DSL modems are not sufficient protection for a business network.

  • Perimeter network This is an optional area of the network between the DSL or cable modem and the firewall, where low-security devices such as wireless access points can be placed.

  • Internal network The internal network includes the SBS computer, the client computers, and any network-connected devices, such as printers.

PLANNING

Wireless access points should be on the internal network and use 802.11i (WPA2) encryption. You can also place access points in the perimeter network when you want to provide Internet access to the general public (such as in a coffee shop, conference room, or lobby).

Choosing a Network Switch

Ethernet networks use the star network topology (also known as hub and spoke), which means that all network devices must be plugged into a central hub or switch. Choosing the right switch requires evaluating the following factors:

  • Switch or hub Don’t buy a hub unless you have a specialized need and understand why you’re doing it. Get a switch instead. Switches are inexpensive, provide additional performance, and facilitate mixing 10 Mbps, 100 Mbps, and 1 Gbps devices on the same network segment.

  • Number of ports Make sure that the switch provides more than enough ports for all computers, access points, network printers, and Network Attached Storage (NAS) devices on the network, along with spare ports for expansion or to use in the event of a port failure.

  • Speed Fast Ethernet (100/10 Mbps) switches offer basic performance for small businesses, but GigE (1000/100/10 Mbps) switches are hardly different in price and provide extra bandwidth for improved performance of file servers and high-quality streaming video where the network cabling will support it.

  • Management Managed switches provide the ability to view the status of attached devices from a remote connection, which can be useful for off-site technicians. In general, save the cash and stick with an unmanaged switch unless the cost difference is slight or the organization uses an off-site consultant who wants the ability to remotely administer switches.

Choosing Wireless Access Points

As you learned earlier in the chapter, wireless access points permit clients to wirelessly connect to a wired network. Access points are often integrated into routers, but they are also available as stand-alone devices that must be plugged into a switch like any other network device. Avoid wireless “gateway” or router products for connecting to your internal network—they will complicate your network management and TCP/IP configuration. They’re fine for externally connected wireless access points. Some wireless routers can be reconfigured to be simple access points.

Note

Business-grade access points are more expensive than consumer-oriented access points; however, they are usually more reliable and full-featured.

When choosing an access point, consider the following features:

  • Routers with built-in access points are often no more expensive than stand-alone access points and are useful when creating a perimeter network. But be sure they can be used as a pure access point—many can function only as a router, which will complicate your network setup.

  • Access points should support 802.11i (WPA2). WEP is simply not acceptable for any wireless device connected to your internal network, and even WPA should not be considered sufficient protection for an internally connected access point.

  • Access points should support 802.1x (RADIUS) authentication if you want to provide the highest level of security and ease-of-use to a wireless network.

    WARNING

    SECURITY ALERT Two “features” that some suggest to improve wireless security are disabling of SSID broadcasts and Media Access Control (MAC) address filtering. Don’t bother. They are a significant and ongoing administrative burden, and a hacker with a port scanner can easily defeat them anyway.

  • Some access points have two or more antennas that can be adjusted for better coverage; others support external antennas that can be mounted on a wall for better placement.

  • Stand-alone wireless bridges (often referred to as wireless Ethernet bridges) and some access points provide the ability to wirelessly bridge (connect) two wired networks that can’t be connected via cables. There are a number of different types of bridging modes, including Point-to-Point and AP Client. Point-to-Point uses two wireless bridges to link two wired networks. AP Client uses an AP on the main network (to which wireless clients can connect) and a wireless bridge in AP Client mode on the remote network segment, acting as a wireless client.

    Clients on the other side of a wireless bridge will experience slower performance to the main network segment because of the shared wireless link, so use wireless bridges with discretion, and always use bridges and APs made by the same manufacturer.

  • Don’t include “turbo” or other high-speed modes offered by some manufacturers in your buying criteria. They provide little performance gain, if any, in the real world and can have a deleterious effect on compatibility.

REAL WORLD: Placing Access Points for the Best Coverage

Wireless access points have a limited range, especially in the environment of a typical office. The indoor range of 802.11b, 802.11g, and tri-mode 802.11a access points is usually around 60–100 feet at the highest connection speed, and 25–75 feet for first-generation, single-mode 802.11a access points.

That said, 2.4-GHz cordless phones, microwave ovens, and Bluetooth devices can cause serious interference with 802.11b and 802.11g networks (but not with 802.11a networks) when they are turned on. Fluorescent lights, metal walls, computer equipment, furniture, and standing too close to the access point can also reduce the range of wireless networks.

Unfortunately, there is no reliable way to quantify these variables—trial and error is the best way to position access points. With 802.11n, and especially dual-band 802.11n, the effective distance is at least double that of 802.11g, but this still requires full 802.11n deployment and optimal conditions. In our initial tests of 802.11n, it does appear to provide a more stable and reliable signal at a significantly greater distance than our previous 802.11a/g equipment. There are some useful guidelines when selecting access point locations:

  • Place the access point and wireless network card antennas as high as possible to get them above objects that might attenuate the signal.

  • If you place access points in the plenum (the space inside a drop ceiling or raised floor), make sure you obtain access points or enclosures certified for plenum installation.

  • Place the access point in the center of the desired coverage area to provide the best coverage while also reducing the publicly exposed “surface area” of the network.

  • Only use the minimum signal strength (power) required to provide coverage for your office. Most WAPs have multiple levels of signal strength but ship with a default of “maximum.”

  • Use multiple access points as necessary to cover multiple floors or large offices, or to service a large number of clients simultaneously. Twenty clients per 802.11g AP is a reasonable maximum, with an average of no more than two to four simultaneously active users per AP yielding the best network performance.

  • Use wireless bridges to place another Ethernet network segment (or another wireless access point) in a location unreachable by cables. Wired clients on this segment communicate with other wired devices on this segment at the speed of the wired network (1000/100/10 Mbps); however, communication with the main network segment takes place at the speed of the wireless network (10–100 Mbps real-world bandwidth).

  • When selecting channels for access points, sniff (search by using a wireless client) for the presence of other networks and then choose an unused channel, preferably one that is four or more channels separated from other channels in use. For example, channels 1, 6, and 11 can be used simultaneously without interference.

Choosing a Firewall Device or Router

SBS 2011 is designed to connect directly to a firewall and does not provide any direct protection for the rest of the SBS network. This is a major change from earlier versions of SBS that acted as the gateway between the Internet and the internal network when SBS was deployed with two network cards (NICs). Windows Small Business Server 2011 Standard includes the new Windows Firewall that is part of Windows Server 2008 R2 to protect the server, but it should be protected by an additional, separate firewall that will also act to protect the computers on the internal network.

You should look for the following features on your network firewall device:

  • Packet filtering Firewalls should support inbound packet filtering and Stateful Packet Inspection (SPI).

  • Protection from specific attacks Firewalls should support protection from the denial-of-service (DoS) attacks and other common attacks such as Ping of Death, SYN Flood, LAND Attack, and IP Spoofing.

  • Network Address Translation (NAT) NAT is the backbone of most firewall devices, providing basic security and Internet connectivity to internal clients.

  • IPv6 Support As IPv6 becomes more pervasive, and as our pool of available IPv4 addresses approaches exhaustion, the need to directly support IPv6 for our Internet connection becomes more compelling. Choosing a firewall device that fully supports IPv6 now will save money and time later.

  • VPN pass-through To permit properly authenticated Internet users to establish VPN connections with a Windows Small Business Server computer behind a firewall, the firewall must support VPN pass-through of the desired VPN protocol (PPTP, L2TP, and/or IPSec).

  • VPN tunnels Some firewall devices provide direct support for establishing VPN connections. If you do choose to use a firewall device to establish VPN connections with clients and servers in remote offices, make sure the firewall supports the necessary number of simultaneous VPN tunnels.

  • UPnP support Windows Small Business Server can automatically configure firewalls that support Universal Plug and Play (UPnP) to work with Windows Small Business Server services such as Exchange Server and remote access (by opening the necessary ports on the firewall). UPnP support can be found in most consumer firewall devices as well as in some business firewalls.

    • NOTE

    Enabling UPnP on a dedicated firewall device makes configuring the device to work with Windows Small Business Server easy, but it does have security implications. We suggest using UPnP to do the initial setup of the firewall device, if the device supports it, but then disabling UPnP completely.

  • Dual-WAN support Some firewalls come with support for two WAN connections to increase speed and reliability, which is a great solution for networks looking for a reliable Internet connection. Other firewalls provide a serial port so that an external dial-up modem can be used as a backup connection, but this connection is much slower.

  • RADIUS support RADIUS support on your firewall will enable additional functionality and security, including easily integrating Two Factor Authentication (TFA) into your remote access configuration.

  • Content filtering Most firewalls make blocking certain websites possible, such as websites containing specified keywords. Many businesses use this feature to reduce the employees’ ability to visit objectionable websites, although most content filters are largely ineffective.

  • Built-in wireless access point Firewalls with built-in access points and switched, GigE, wired ports combine several functions and can be a cost-effective solution. However, their primary function is to protect the network, and that should be the first and most important evaluation criterion.

Choosing Server Hardware

If you have a server that can meet the capacity needs of the network or can be upgraded to do so while allowing for future growth, by all means use this server. But realistically, because there is no in-place upgrade to Windows Small Business Server 2011 Standard, you should plan on buying a new server as part of your migration plan.

Note

MORE INFO See Chapter 7, for more information about migrating to SBS 2011 from an existing SBS domain.

When evaluating server hardware, see Table 3-4, which lists the effective minimum configurations necessary for adequate performance at different load levels.

Note

MORE INFO The sidebar Determining Server Load later in this chapter provides more information about configuration and performance.

Table 3-4. Minimum server configurations for different load levels

COMPONENT

LIGHT LOAD

MEDIUM LOAD

HEAVY LOAD

CPU

Quad core Intel or AMD processor

Quad core or greater Xeon or Opteron processor

Dual Xeon or Opteron processors, with at least four cores each

Memory

10–12 GB

12–16 GB

12–32 GB

Storage

Two or more hard drives in hardware mirror (RAID-1) with 200 GB available for Windows Small Business Server 2011 Standard

Four-drive, hardware-based RAID using SATA or SAS drives

Four-drive (or more), hardware-based SCSI or SAS RAID

LAN Network Adapter

100/10 Mbps PCI card

1000/100/10 Mbps PCI card

1000/100/10 Mbps PCI-x or PCIe card

Backup

Two or more external USB hard drives

Two or more external eSATA or USB hard drives

Two or more external eSATA or USB hard drives

Note

MORE INFO See Chapter 11, for more information on RAID. See Chapter 12, for more information about choosing the appropriate storage solution. See Chapter 16, for more information about creating a backup strategy and choosing backup devices.

UNDER THE HOOD: Determining Server Load

The appropriate hardware for an SBS 2011 server depends on the load you place it under. Think of load as equal to the number of requests per unit of time multiplied by the difficulty of fulfilling each request.

The easiest way to determine load is to sample the performance of the existing server over a range of conditions. Of course, this is tricky when you’re constructing a new network or restructuring an existing network. Consider the following factors:

  • The usage pattern over time (number of requests per unit of time) A server that handles an average load can easily become swamped at key times, such as at the beginning and end of a workday, when many users simultaneously log on or log off; during lunch, when users might browse the Internet for personal use; or around deadlines, when many users make heavy use of file, email, or database services.

  • The kinds of user requests (the complexity of each request) This determines which server subsystems are stressed most heavily. Database serving stresses storage, memory, and possibly CPU; file serving stresses mostly storage and I/O; remote access stresses memory and I/O primarily; Exchange Server stresses storage, memory, and to some extent CPU.

Choosing Client Hardware and Software

When selecting client computers for use on a network, choose systems that are fast enough to perform adequately when running Windows7 Professional. (See Table 3-5 for recommended configurations.) Other operating systems—such as Windows XP, Mac OS X, and Linux—can be made to work on an SBS 2011 network; however, they won’t provide full support for many features of SBS.

Table 3-5. Recommended client computer configurations

COMPONENT

MINIMUM CONFIGURATION

BETTER CONFIGURATION

Operating System

Windows XP Professional SP3

Windows 7 Professional or Enterprise

CPU

Pentium 4, 2.0 GHz or faster

Dual-core processor, 2.0 GHz or faster

RAM

256 MB

2 GB

Hard drive

30 GB

100 GB

Network Adapter

Fast Ethernet or 802.11g

GigE, 802.11n

Display

15-inch monitor running at 800 x 600 resolution

17-inch monitor running at 1024 x 768 resolution

UNDER THE HOOD: Remote Desktop Services (RDS)

Computers too slow to adequately run a Windows XP operating system can be put to use as Remote Desktop or Virtual Desktop Infrastructure (VDI) clients. In this configuration, users connect to a separate Windows Server 2008 R2 computer running the RD Session Host or RD Virtualization Host role. This server can provide a full desktop replacement (VDI) or a full desktop session (RD Session Host), or it can be used to supplement the power of the client by running key applications as RemoteApps and displaying them on the client.

This second server cannot be the same physical computer as the Windows Small Business Server computer unless virtualization is used to run multiple virtual machines (VMs) on a single physical computer. With either RDS or VDI, all processing is done on the server, and the display is sent back to the client computer, which can run any supported RDS client operating system.

This approach can make more efficient use of resources and make central management easier. The new RemoteApps simplifies deploying resource-intensive applications to users without having to upgrade everyone’s computer, while the use of VDI allows full-featured Windows 7 desktops to be deployed to less powerful clients. For more information on Remote Desktop Services and VDI, see Chapter 26.

Save to your account

This chapter is from the book