Best setup for 2 offices connected by ADSL VPN

Discussion in 'Windows Small Business Server' started by Ja5on, Mar 15, 2005.

  1. Ja5on

    Ja5on Guest

    Hi guys,

    I'm scratching my head as to the best way to setup mail collection and
    management, and the various groupware functions of the Exchange family
    to work in our two geographically distinct offices :)

    My plan is to buy a couplea Dell servers both running SBS (neither
    office is gonna exceed 75 users in the next hundred years or so), then
    set them up one in each office. However, I'm not sure how to arrange the
    following things ...

    We have one email domain, so it appears to me that I either (1) setup
    one Exchange box to handle all users and then try and arrange Outlook
    clients in the other office to talk to the Exchange server over the
    256kbs ADSL connection between the two offices, OR (2) setup two
    Exchange boxes then somehow arrange for them to talk to each other in a
    meaningful manner - shifting the appropriate mail to each office whilst
    allowing useful groupware transactions such as the shared calendaring /
    public folders etc.

    In the scenario with only one Exchange box, I guess I could enforce an
    OWA only policy for the non-Exchange'd office but this may be a little

    Any and all help would be appreciated!

    Ja5on, Mar 15, 2005
    1. Advertisements

  2. The email domain has no direct relationship to your active directory domain.
    Your email domain could be *" and you active directory
    domain can be "", just doesn't matter.

    Our mail domain is * , our active directory domain is
    "wandtv.loc". they do not match, it does not matter. In my opinion it is
    better that they do not match.
    They must be in the same active directory domain or in a domain "trust"
    situation. SBS Domains do not trust. Exchange does active directory and the
    mail is routed between the Exchange server via the "Exchange Sites" object.
    Phillip Windell, Mar 15, 2005
    1. Advertisements

  3. Ja5on

    Ja5on Guest

    Sure, but the default arrangement for an SBS server is to handle all
    mail for the first organisation's domain internally - the problem I was
    trying to outline was that I didn't want to have to overly complex the
    setup in order to send mail back OUT of the Exchange server to our other

    In short I could probably have better described my concern as being one
    of bandwidth. Is the 256kbs VPN between the two offices enough for the
    Exchange server to handle the 6-10 people on the far side of the VPN in
    an Outlook client /Exchange server setup - or will the outlying users
    find their Outlook stultifyingly slow?
    Interesting. So if I have two SBS setups (I know they can't both be AD
    Domain Masters - old terminology!) with two different domains and ADs, I
    can't setup a trust relationship between them? How does this work if you
    want users of each of the different servers to be able to share files
    .... Oh, and I don't have the bandwidth to stick all the files in Public
    Folders on the Exchange server - we work with image files up to 1/2GB in
    size, so the users tend to traverse the directory structure looking for
    the one or two files they want, then copy the files to the server local
    to them.

    THanks for your reply!

    Ja5on, Mar 15, 2005
  4. Correct. No trusts.
    It doesn't work.
    SBS is *Small* Business Server, but this (multiple domains) would be a
    Medium or Large business environment you are creating as far as the SBS
    "plan" is concerned. So the answer is that you would use the regular
    Server2003 instead of SBS2003.
    Phillip Windell, Mar 15, 2005
  5. Ja5on

    Ja5on Guest

    Yah. Unfortunately we have around 25 users split between 2 offices - now
    that's not anything but a Small business :(

    Now, I need to use the email and groupware facilities for everyone
    spread across the two offices, but each office needs autonomous file
    sharing - i.e. both offices need a local server to stick their files on!

    I was gonna look to SBS server on one site to deal with mail and
    groupware - with Outlook acting as a client over the VPN for said
    capabilities on the remote site.

    However, I'm not sure how to deal with the remote office in terms of
    DNS/DHCP/AD/&c. If I deploy Server 2003 on the other site to deal with
    their file sharing / profiles / AD needs ... how does login
    authentication work in this scenario?

    Can I have my remote users authenticate to their own Server 2003 -
    download multi megabit profiles; access files on THEIR local server with
    appropriate ACL rights - but still use the Exchange component on the SBS

    Sheesh ... I can't get over the fact that the Small in SBS really only
    appears to refer to Single sited :(

    Ja5on, Mar 15, 2005
  6. Well, it is more of a network design issue rather than the actual physical
    size of the business. It is just how they chose to deliniate between what is
    considered "small" vs "medium/large".
    Well all those questions go beyond what I can answer in a simple newsgroup
    message, but I'll try a little.

    You can have multiple Servers, multiple Domain Controllers, and multiple AD
    Sites (I think), but the there can only be *one* Domain, *one* SBS Server
    and it (SBS) will always maintain all the FSMO Roles. But if it won't let
    you use multiple AD Sites then you may be screwed,...I'm just not real sure
    about that one.

    Running a single Domain is perfectly fine. You are supposed to use multiple
    "AD Sites" (not Domains) to maintain replication between Domain Controllers
    across slow WAN links (like VPN). The users just simply "login", don't
    specify any certain DC, but the "AD Sites" cause them to log into the DC
    that is in their "AD Site". So you just make the AD Sites correspond to the
    Physical Sites and have an SBS in one site (where it already is) and place a
    second 2003 Domain Controller (not an SBS box) in the remote sites (both
    physically and in AD Sites) and it will handle their login. Search MS's
    site for "tactics" and information about using AD Sites over slow WAN links,
    there should be a ton of information there.

    The DNS & WINS,... you just run them identically on both the SBS and the
    extra DC. All machines (even the Servers) have both entered in the Network
    settings (2 DNS, 2 WINS).

    DHCP is also very easy. Configure it exactly identical on both servers, but
    use the Exclusions so that each DHCP gives out only 50% of the addresses
    (first half on one server, second half on the other). DHCP is broadcast
    base "first-come-first-serve" so which ever DHCP answers the query first
    wins, naturally the DHCP closes to the users making the query will be
    the one to handle it unless it goes down,...then the other will pick up the
    client's query, worst there might be a very slight delay.
    Phillip Windell, Mar 15, 2005
  7. Ja5on

    Ja5on Guest


    THanks for all that data, I think I need to reaquaint myself with the
    various roles and replication details that I'll need to implement.
    Bottom line is that I'll need a Server 2003 installation on the "other"
    site. And the only potential hiccup is if I can't do multiple AD sites
    in SBS. I don't recall reading that as one of the SBS limitations, but
    looks like research mode will have to be fully engaged :)

    Ja5on, Mar 15, 2005
  8. Ja5on

    Mark Guest

    Maybe having 2 servers at the larger office might work?

    An SBS and a Terminal Server hosting desktops for the remote office users,
    and a VPN tunnel between the two office routers?

    The only WAN traffic would be the Terminal Server sessions to the remote
    office, but 256k might still be too slow...

    Mark, Mar 16, 2005
  9. Ja5on

    Joel Guest

    Is it possible to set up a pop 3 account in outlook and let that handle the
    external mail instead of letting exchange do it?
    Joel, Mar 16, 2005
  10. Ja5on

    Ja5on Guest

    Joel wrote:

    Hey Joel
    Sure (or even IMAP it) but I think this means that the remote users
    won't have access to public folders, shared calendars & the other
    groupware features :(
    Ja5on, Mar 16, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.