simple (i hope) WAN ...need advice

I want to connect 3 offices (LAN’s) together to share Exchange Email and File/Print services. Main office is in Michigan with approx. 10 users/workstations (Windows XP). The other two branch offices are located in Ohio and Florida where we expect to roll out 5-6 users/workstations per site. The Michigan workstations are currently connected to the internet via DSL. The only network equipment at the moment is a standard DSL router and switch at the Michigan office

I am considering installing SBS Server 2003 at the Michigan location. I am required to put together a reliable WAN that allows users at each site to have access to this Exchange server. In order to keep things simple, is it ok to implement a single domain with one DC located in Michigan and let users at remote sites connect there?

One book I read said not to install Exchange on a Domain Controller, but isn’t that the approach SBS Server 2003 takes?
I am considering running the following services

Server1: DC, DHCP, FS, TS, RRAS (if necessary), DNS
Server2: Exchang

I have never installed SBS Server… will it allow me to install Exchange separate from the DC? If not, should I change my plan to

Server1: DC, Exchang
Server2: DHCP, FS, TS, RRAS (if neccesary), DNS

I see that most routers today come with DHCP and VPN capability. Do I need to turn both of these services off on the router/NAT device and manage it through Windows when building a WAN

And finally, what type of network connection will allow the users at each site to always be connected? Should I enquire about a T1, Frame Relay, or can I accomplish this with DSL? If I use DSL, will I have to set up site-to-site VPN connections to the main office? There doesn’t seem to be enough users at the remote sites to justify T1 lines all the way around but I don’t want latency problems either

Any advice on this

"DB" <(E-Mail Removed)> wrote in message
news:7DBDAB4C-E358-4913-A4DF-(E-Mail Removed)...

Use one Domain with a DC at each site and create separate "Site" in AD to
correspond with that. It will be "Site boundaries" that separate the sites,
not Domain boundaries.

> One book I read said not to install Exchange on a Domain Controller, but
isn't that the
> approach SBS Server 2003 takes?

SBS is "unique" and should not be looked at as a "model" for how to do
things in other situations. SBS is not suitable for large environments.

> I have never installed SBS Server. will it allow me to install Exchange
separate from
> the DC? If not, should I change my plan to:

No. Everything is forced to be on the same box. Stay away from SBS in your
situation.

> I see that most routers today come with DHCP and VPN capability.

They are not "real routers", they're just NAT boxes with a stripped down
DHCP Service and a LAN Switch built into the same case, but anyway....

> Do I need to turn both of these services off on the router/NAT device and
manage it through Windows when building a WAN?

No, and they aren't effecting the WAN, they are only effecting the sit they
are in. You would want to use the these device's NAT and VPN and maybe the
DHCP unless the Server handles DHCP. Use the device at the "edge" of the
network and let your Server be single-homed and let it only worry about
keeping the LAN happey and not about dealing with the Internet.

Now you could put the Server into this role with two NICs and eliminate the
DSL Router in favor of a "DSL Modem" which has no address and is just a
glorified "media converter". But why complicate things?,...keep it simple.
Either way your do not want to do both at the same time because you then
complicated the system by creating a Back-to-Back DMZ and now have that to
deal with.

> And finally, what type of network connection will allow the users at each
site to always > be connected? Should I enquire about a T1, Frame Relay, or
can I accomplish this with
> DSL?

T1 or FR is the best choice. Note that T1 only referres to speed, not the
type of connection. A T1 can *be* a Frame Relay, it can also be an ISDN
line.

DSL is the worse possible choice.

> If I use DSL, will I have to set up site-to-site VPN connections to the
main office?

Yes.

> but I don't want latency problems either.

Can't have your cake and eat it too. DSL/Internet is the worse performer of
the bunch and always will be. You'll have to make a choice.

Note also that whatever is used for the VPN must be directly accessable to
the users, or at least to a Router (a real router) used by the users. Do not
create a DMZ between it and the users and I recommend also that you do not
create a DMZ between the device and the Internet as well,...in other words
no DMZ at the sites. The VPN device is most dependable with a "direct shot"
on both sides of it.

Keep in mind that the number of machines isn't what justifies a T1, what
justifies a T1 is how much money do those few machine make for the company.
If you have only one 486SX machine running DOS at that office and that
machine helped bring in $250,000 a year for the company then a T1 is
justified.

Your best performer is a private link using a T1 or partial (256k ?) T1.
This would be a private link that would have no bearing on the Internet in
any way. But that isn't the "popular thought" today. Today everyone has
jumped head first into the Internet/DSL/VPN "bandwagon" because it has been
so heavily marketed, but the fact is that it is not a very good performer.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Phillip, thanks for the quick and thorough response.

Interesting comment that I almost overlooked… “wha
justifies a T1 is how much money do those few machine make for the companyâ€

Our company may be willing to spend the extra $$$ to make sure it is up and running reliably and efficiently. We intend on installing a medical appointment scheduling application to be shared between offices. I’m convinced that reliability is a priority. Based on your feedback I’m now reconsidering the all-in-one SBS approach

Here is what I have so far

T1 or partial T1 between all sites (will contact phone company for details and options I guess). By the way, does a CSU/DSU have to be configured or is this something that is handled by the phone company? I’m pretty familiar with cable/dsl modem connections, linksys/dlink routers, port forwarding, etc… but the T1 thing makes me a bit more anxious.

Single Domain with Site boundarie

Michigan (Main Office) 192.168.1.
Server1: DC, DHCP, TS, DNS, F
Server2: Exchang
Both Servers and 10 XP Workstations connected to a 100MB or 1GB switch. (Switch connected to a real router
Router (Any suggestions on size and brand for this type of setup? 3com, Cisco?

Ohio (Branch Office) 192.168.2.
Server3: DC, DHCP, TS, DN
Server and 5 workstations connected to a 100MB or 1GB switch (Switch connected to a real router
Router (same kind of router?

Florida (Branch Office) 192.168.3.
Server4: DC, DHCP, TS, DN
Server and 5 workstations connected to a 100MB or 1GB switch (Switch connected to a real router
Router (again, same router?

"DB" <(E-Mail Removed)> wrote in message
news:7B1C83C8-420B-42B2-A3F5-(E-Mail Removed)...
> T1 or partial T1 between all sites (will contact phone company for
> details and options I guess). By the way, does a CSU/DSU have to
> be configured or is this something that is handled by the phone
> company? I'm pretty familiar with cable/dsl modem connections,
linksys/dlink routers, port
> forwarding, etc. but the T1 thing makes me a bit more anxious.

The CSU/DSU I believe will be configured to the Line's specs. Your line
provider should be able to help configure both it and the Router. In fact I
think they should be expected to. They may even supply the equipment and
also monitor its state and may even know before you do if there is a
problem. All that stuff can be worked out with them when you get the line
from them.

> Router (Any suggestions on size and brand for this type of setup? 3com,
Cisco?)

We used a "lighter weight" Cisco 1600 series when we had one. You could even
pick up some older used 2500 series routers for that, and probably get them
pretty cheap. The 2500's only run at 10mbps, but that is still about 7 times
faster than the T1 can go, so it would be fine. You don't need anything real
"heavy" on a WAN link because there isn't any complex routing happening with
them as there would with LAN routers serving LANs with many subnets, hosts,
redundant routes, routing protocols, ect. A WAN link is simple and is just a
single "route" in most cases, so it isn't like there are any big routing
decisions to make, it is just providing the means to access the line.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com