No announcement yet.

Our network too big for SBS?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Our network too big for SBS?

    Good morning Family!!!

    I greatly respect this website, so I'm looking for a bit of advice..

    Long story short:
    CompanyA started off small. 1 office, 15 employees.

    Fast forward 3 yrs?
    7 remote offices around the USA, 50 employees or so, expanding.

    Awesome server,
    Vmware running the main sbs2011, main office.
    Metro 5e ISP.

    *Each satellite office has a network drive to keep their files on, otherwise everyone e-mails the forms from the main office, where the server is. It's not uniform, it's confusing, and it's a mess.

    *Every outside employee runs outlook over http. I'm sure that hurts the server.

    *Symantec for email 'protection', msse for antivirus on some local machines.

    *Drop to sbs 2008 r2, run a couple of them, and divide the roles?

    *VPN satellites to main office?

    *TMG or otherwise, for av / cf?

    What are your opinions, to be ready for the rapid growth that's about to happen?

    Thanks in advance =)

  • #2
    Re: Our network too big for SBS?

    SBS 2011 is good for up to 75 users, so you are safe for a while...
    You can add branch office servers (file and RODC if you want)

    But IMHO start planning for a full infrastructure (Exchange / SQL / DCs / File Servers)
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: Our network too big for SBS?

      Originally posted by Ossian View Post

      But IMHO start planning for a full infrastructure (Exchange / SQL / DCs / File Servers)
      Coming from the land of SBS,
      where on earth do I start on planning a full infrastructure?

      The server has a 'test lab' part marked off, with a diff ip range so it's perfect to start testing it.

      ..Can you shed some light on where I should start?

      I know I'll need a server for:
      *SQL / BESx
      *Routing / TMG
      *File Server (Do I use 1 for each office, or one for all?)


      • #4
        Re: Our network too big for SBS?

        From the vpn standpoint DMVPN may be worth looking at. (Dynamic Multipoint VPN)

        Supports dynamic ip addressing on the remote side

        Supports routing protocols

        DMVPN Phase 1 works like a hub and spoke. All data from remote to hub or remote to remote goes through the hub.

        DMVPN Phase 2 adds on demand dynamic vpn tunnels from spoke to spoke
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)


        • #5
          Re: Our network too big for SBS?

          I think SBS is ok in your present scenario:

          each remote site should have a site-to-site VPN link back to the head office.
          Each site should use BranchCache for data replication. (you need W7 computers to do this)

          there's nothoing necessarily wrong with your file system structure.. providing you aren't needlessly duplicating files (IE, same forms exist in a folder for each site)

          you could also consider Sharepoint as a place to keep forms ? (Sbs has this by design for reasons like this)

          in terms of dropping to SBS08, and running several - while you could do that in theory, they wouldn't "talk" to each other - you can only have one SBS server in a domain.. so each site would be it's own domain. you also cannot divide roles.

          to do a full architecture implementation i'd consider:
          2 DCs at head office
          1 Exchange at head office (dependent on requirements.. )
          1 RODC/FS at each remote site.
          branch cache or DFS for file sharing replication
          site-to-site vpn for each sit eback to main office.

          SQL, if you're using SQL, at head office. But then - it entirely depends on what you're using and how, and it's a bit difficult to give you indetail suggestions..
          Please do show your appreciation to those who assist you by leaving Rep Point


          • #6
            Re: Our network too big for SBS?

            I have SBS at the main office, and 9 other locations that are site to site vpn connected. Currently we are less then 40 users.

            We use Sonicwall's setup in a hub and spoke configuration so that the remote sites can talk to each other. I was just straight site to site vpns but I had to go to the hub and spoke so that the VOIP phones could call from one remote site to the other remote site. @The main office I have 2 NSA-240's in a HA pair, and 2 internet connections from seperate ISP's

            We use Trend Micro for AV, I like it a lot more then symantec. When I started at this company we had symantec, when the license was up for renewal I dumped it for Trend. All the workstations had different versions, different settings, some not even protected. The symantec install was a big mess, I installed Trend on to a different server and pushed it out to the workstations a few at a time and verified a smooth transition it worked great. Trend automagically removes symantec and installs itself. The clients stay updated and the dashboard keeps me informed. Adjustments from the dashboard are really reliable as far as the clients getting the new settings applied relitively quickly.

            I have hardware appliance for spam filtering at the main site. We had a barracuda, it was a PITA so I moved to spam titan. Spam titan works better I think and the yearly subscription is cheaper for a 2 cluster node vs 1 barracuda. I actually re-furbed my barracuda and installed spam titan on it, that worked so well I purchased a second one on ebay for $50. Now I have 2 barracuda 300 (hardware) applicences running the spam titan software in a clustered node.

            Currently all file storage is at the main site and remote users are setup exactly the same as local users. Remote users are required to use the terminal server for a couple of minor programs. Also the terminal server has specific programs installed on it that some users may need occasionally but to keep seat license costs down.

            Users are instructed that everything gets saved to the file servers, if they are working off the C:\ drive I don't want to hear crying when it blows up, also they answer to their boss about not following the computer usage policy if work is lost due to saving it on the C:\drive. A couple of remote "power" users have external harddrives to backup their laptops and PST files to but I want to move away from that.

            Remote all laptops have (sonicwall) SSLVPN client installed and are required to make a VPN connection for any network services (email files) when they are not connected to one of our sonicwalls wired or wirelessly.

            Due yourself a favor and make sure that as much as possible can be backed up at the main office, avoid any kind of backup to tape at the remote offices.