Questions on segmenting

We have finally decided to purchase a new server, migrating from NT4.0
to SBS2003. We have 19 clients and 1 server, the 1 server runs 3 apps
for 4 client machines as well as houses db's for those apps. It also
acts as the DHCP sever, I've heard NT has to be the DHCP so I've never
attemped to use our firewall appliance for DHCP. Anyway the new server
config is going to house these apps as well as all files for
engineering, programming, and machining departments. I need to know if
segmenting the front office (5 clients) from the rest of the clients
will provide better data transfer for the apps? I would also like to
segment for security, the front office holds accounting information on
the server and I need to make sure the rest of the network does not
have access to it.

Which way should I proceed;
1. Create 2 domains and setup permissions for certain users between
them?
2. Physically segment the networks using a router or bridge (different
subs), then setup permissions on the server itself?
3. Use the firewall appliance to seperate the network (Checkpoint
Safe@Office 225)?
4. Any other?

Thanks for any help.

Chad



ckramer7070@gmail.com

NT does not have to be the dhcp server. You should have a minimum of two DCs
with both configured for GC and DNS for failover and account preservation.

My recommendation would be to have the checkpoint router facing the
internet. I would not segment. You can handle access via permissions to the
financial folders/files.

Your SBS should be the DNS server and dhcp server. Advantage of doing so is
dhcp dynamically updates DNS. Your wksts point to the MS DNS. In MS DNS you
forward to your ISP's dns server.

Create two domains? Not sure what the thinking is here. Double the work.
Personally I would upgrade the NT box to W2K Srv and have it join the SBS
tree/domain as a DC for the reason stated at the beginning. Realize you will
be creating everything account wise from scratch with SBS.