Advice Needed re: Best Setup for Two Organizations Sharing Single

Hi There,

I have just acquired a new client that is a non-profit (5 x WinXP desktops)
sharing office space with a church. The church is not my client although I
hope it might be at some point in the future. Both share a single DSL
connection. Both are currenly running peer to peer with no central file
management or server etc. Staff at the non profit are frustrated and ready to
move to a server based network. I don't see a problem with the non-profit
having an SBS server on their own and the church continuing to be peer to
peer (single DNS and DHCP server) but what happens down the road if the
church decides to get SBS as well.

- I am assuming two SBS can't exist in the same subnet even with different
domains ... can someone verify this?

- If two SBS servers can't co-exist in same subnet can two regular Windows
2003 Servers exist (non-profit is using Act and won't really need Exchange)
or can I have one SBS server in one domain and one Win 2003 Server in another
domain?

- Has anyone tried adding two additional routers in a Y configuration so
they each have their own subnet (they use VPN which might make this a
challenge) but still share internet connection

- Any other suggestions would be appreciated.


Thanks

Steve

 

As long as you set them up on two isolated LAN subnets (which shouldn't be
difficult if you have more than one static IP) this is a cinch - and
protects each network from the other.

I think this will cause problems, but I haven't tried it, honestly.

Yes, but it's still insecure & might lead to other problems. I'd try to
avoid it if possible, as they aren't actually the same "company".

Yes. You need more than one public IP address from the DSL provider to make
this work right, tho -

-------------------------------------------------

*ISP's modem*
|
|-----Ethernet switch-----|
| |
(123.123.123.1) (123.123.123.2)
*RouterA* *RouterB*
| |
|----LANA----| |----LANB----|

-------------------------------------------------

 

One acronym - DHCP.


Yeah, it'll have problems. But if you dual NIC one or both of them, you get
them out of the problem. Just make sure they're on different physical
segments on the LAN side. Set your DSL up in bridge mode, to a hub/switch.
The multiple fixed IPs solves the public side.

Or, as you suggest, two routers on the downstream side of the switch.
Actually, that way you _could_ run single NIC, if that's your preference.

 

Ah, yes, there is that. Of course, the workgroup computers could very easily
pick up their IP addresses from the SBS box and work that way, but this is a
good point. Even though it's an abbreviation and not an acronym ;-)

Presuming there are two - if it's cheapo residential ADSL, may not be....

That's always my preference. ;-)

 

My residential ADSL lets me buy fixed IPs. I have 1 fixed, and the higher
bandwidth option on ADSL lets me have up to five floating. I use
DirectUpdate when I need to plug something in to one of the floating ones to
test against. (My _real_ SBS box uses the fixed, along with a fixed on the
cable, running through a Dual WAN Xincom router.)

And never mine. But then, I run Premium just so I can have ISA.

Charlie.

 

Cool beans.

I install SBS mainly so I can get Exchange into small offices ;-)

 

Thanks. I hadn't even thought about getting 2 static IP's. The diagram below
is very helpful.

They are currently with Bell Canada DSL (not sure they can get 2 IP's) but
they are too far from dslam and get poor service so we may be switching to
Rogers Cable and I know they offer up to 5 IP's.

 

Thanks Charlie I hadn't thought of dual NICS as an option.

 

A thought...

Dual NICs are good for isolating the SBS servers from each other, but if you
only have a single WAN IP address, both SBS servers may not be able to
participate in all the features of externally accessing SBS. Certain ports
are "hardcoded" in to the Windows OS and can't be changed. Therefore, in
the router you can forward to the external NIC on only one SBS server. An
example of ports that can't be changed are 1723 (VPN) and 443 (SSL -
although there may be ways to get aroud this one). Ports 4125 (RWW), 3389
(Terminal Services/RDP), 25 (Exchange) can be changed but I've never had to
do this for a dual SBS setup. Could be interesting.

 

What would your non-profit say to a suggestion 'OK, you guys are buying a
server, how about we let the church piggy back along on it?'.

Setting up a single SBS, say SBS.StMarks.local then having it look after
email for nonprofit.com _and_ church.com would be less complicated than the
other scenarios, and in the long term provide a less expensive and less
complex environment to both. Of course, there would need to be discussions,
information/resource sharing, what happens if they separate? Possibly many
issues.

just a thought.

 

Yeah, I don't get these folks who buy SBS and don't take advantage of
Exchange.

--
Charlie.
http://msmvps.com/xperts64
http://mvp.support.microsoft.com/profile/charlie.russel


"Lanwench [MVP - Exchange]"

 

Yeah....that's crazy talk !

 

I *think* I like SG's suggestion the best. Email can be controlled with
recipient policies or default SMTP settings, the rest is trust that folders
are kept separate so that Church_Payroll.xls is not open to Not for Profit
Susan, and vice versa.

OTOH, if two IP's could be had from the ISP this really simplfies things. I
have more than one location where there are two SBS servers sharing one inet
connection (fractional T1) where there are 5 ip's available. This leaves
three or more for web cams or the like.