Announcement

Collapse
No announcement yet.

Sever Roles

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Sever Roles

    I need to have the following things for a small office:

    Domain Controller
    DNS
    DHCP
    VPN
    WSUS

    I only have one server however. I know it's not the best scenerio but how bad is putting DHCP or VPN on a domain controller. This office is a very small company and no funds for a second server.

    Is there a different way if this is really not a good idea... Please help.

  • #2
    Re: Sever Roles

    Small Business Server or also called SBS?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Sever Roles

      I should have mentioned that we have Server 2008 Standard. I wish I would have purchased SBS but that's a done deal.

      Comment


      • #4
        Re: Sever Roles

        Let me also state my goal... that may help.

        I have a HP ML150 Server, Server 2008 Standard, DSL modem, ASUS router (with DDWRT).

        I am trying to set up a server in a small office and want to also be able to easily remote in using a vnc product.

        Port forwarding has seemed like a headache and I thought by setting up a VPN it may be easier / better.

        I know there are programs out there you can pay to use (teamviewer, logmein, etc.) but I don't have the budget and also would not be real thrilled to have to share my password with their servers to connect.

        So, realizing the small budget, what is my best solution? I guess I can just set up port forwarding and use DHCP on the router...

        Looking for some direction.

        Comment


        • #5
          Re: Sever Roles

          DHCP isn't the issue.... VPN is more the issue.
          I don't say it can't be done, but from a security perspective I'm not really fond of it.
          Usually a good firewall would be used to terminate VPN, for example Check Point, ASA, ISA, Juniper and so on.
          However you can do it with RRAS. HOwever you are talking about port forwarding, which ports do you need to forward?
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Sever Roles

            When using VNC from the cloud, I would need to foward to the appropriate internal computer.

            Ie: port 5801 may be 192.168.1.10
            5802 may be 192.168.1.11

            It's to allow me to VNC behind NAT.

            Comment


            • #7
              Re: Sever Roles

              I guess if I do it on a 2nd box I would need a second IP, which costs more money from my ISP... so I guess I am stuck with putting it on my DC... can you please give me at least an idea of how much I 'am hanging my junk out there' by doing this...

              Comment


              • #8
                Re: Sever Roles

                What kind of router do you have? Even if you have a dinky LinkSys, it can handle DD-WRT which has a built-in VPN option. I'm not personally too worried about having a VPN on a DC, but maybe I live dangerously. It's one port open to the public, so keep the server patched, but you should be doing that anyway. You can make the firewall only accept incoming VPN connections from your home/office IP for even more security.

                Another option is to make just a simple workstation in the office the VPN endpoint and port forward the VPN ports to it. Windows XP can be used to terminate up to 10 PPTP VPN connections as per this article (yes, it's legal; MSFT did this by deisgn): http://www.onecomputerguy.com/networ...vpn_server.htm
                Wesley David
                LinkedIn | Careers 2.0
                -------------------------------
                Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                Vendor Neutral Certifications: CWNA
                Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                Comment


                • #9
                  Re: Sever Roles

                  I have an Asus RT-N16 with ddwrt on it and spent about 8 hours yesterday trying to figure it out.

                  Comment


                  • #10
                    Re: Sever Roles

                    What dd-wrt image did you put on it?
                    Wesley David
                    LinkedIn | Careers 2.0
                    -------------------------------
                    Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                    Vendor Neutral Certifications: CWNA
                    Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                    Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                    Comment


                    • #11
                      Re: Sever Roles

                      DD-WRT v24-sp2 (04/23/10) mega
                      (SVN revision 14311)

                      Comment


                      • #12
                        Re: Sever Roles

                        Sweet! The mega image has it all.

                        The way I see it, you have two options. Use the OpenVPN server on the router or the PPTP VPN server on the router. Have you checked these help documents for the usage of the OpenVPN portion of the PPTP Server portion? Actually, that PPTP VPN help file is for something a little different than just a simple client/server setup. It's for an actual static connection if your home router is connected directly to the VPN. I suppose you could do it that way...
                        Wesley David
                        LinkedIn | Careers 2.0
                        -------------------------------
                        Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                        Vendor Neutral Certifications: CWNA
                        Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                        Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                        Comment


                        • #13
                          Re: Sever Roles

                          Tried OpenVPN last night (for about 7 hours), can't seem to get it to work. PPTP looks more straight forward, maybe I'll play with that for a while.

                          Comment


                          • #14
                            Re: Sever Roles

                            ddwrt - built in PPTP VPN works like a CHAMP! Easy easy... Thanks!!!!!

                            Comment


                            • #15
                              Re: Sever Roles

                              If you tell us what seemed to snarl the process up then maybe we could help you poke at it.
                              Wesley David
                              LinkedIn | Careers 2.0
                              -------------------------------
                              Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                              Vendor Neutral Certifications: CWNA
                              Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                              Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                              Comment

                              Working...
                              X