70-282 exam cram: Configure Windows Small Business Server 2003 for Networking and Remote Connectivity

Howdy folks – harryb here – publisher of the Microsoft Small Business Specialist title. Here is today’s 70-282 exam cram viertual book reading!

Configuring a server for secure remote access sounds like a gargantuan task-and it could be if it were not for the smart wizards included in SBS.

Using the To Do List

What would SBS be without the To Do List? The To Do List, first shown to
you in Chapter 5 as Figure 5.2, is the epitome of simplicity and I like it! The
first thing that will pop up on the server after a new installation will be the To

Do List. Basically this list is a collection of tasks to be performed to finalize the SBS setup. Funny enough, the To Do List has checkboxes so you can mark what “To Do” tasks you have already performed. I always use the checkboxes when I am at the client site setting up a server, as there are always interruptions. Checking off the tasks completed means I have one less thing to remember when I come back to the server.

Connecting to the Internet

And which is the baddest wizard of all? Of course, the CEICW (Configure E­mail and Internet Connection Wizard). This is the kitchen-with-the-sink type wizard, and you will find that this wizard is the one that will save you hours of time when configuring your Small Business Server for Internet connectivity, setting up e-mail and many other items. So take a minute to click slowly through the CEICW, click on the “more information” buttons on the individual screens and really pay attention to all its available options.

The following four components are configured by the CEICW:

  • Networking
  • Firewall
  • Secure Web Site
  • E-mail

and let’s take a dive to see what they encompass.

IMPORTANT: At any time you need to reconfigure a setting, you can rerun the CEICW to make changes. Settings that shouldn’t be changed can be bypassed, and there is no need to reboot the server after making configuration changes.

Networking

First you will be asked to choose your connection type, which could be:

  • Direct Broadband connection-Requires a DSL or cable modem that does not have an IP assigned to the modem. Requires two NICs on the server.

Chapter 7Configuring Windows Small Business Server 2003

  • Local Router-Requires a router, typically hardware-based (not anther computer) with an IP address assigned by the ISP. Can be configured with one or two NICs on the server. This is Microsoft’s support for having SBS 2003 use a single NIC and using a hardware-based firewall to provide Internet security and firewall protection.
  • IMPORTANT: So the cat is out of the bag here. Microsoft indeed sup­ports hardware-based firewalls in the SBS 2003 product. It’s not read­ily emphasized in Microsoft marketing messaging because Microsoft would rather have you use two NIC cards with its built-in SBS 2003 firewall components. So, for 70-282 exam purposes, it’s important to honor the local router selection, but not dwell on it.
  • Broadband connection requiring a username and password, also called PPoE, requires authentication information and uses a DSL or cable modem which does not have an IP assigned to the actual modem. Requires two NICs on the server.

The next screen is the Network Connection screen where the NIC properties will be configured. Depending on whether you have one or two NICs installed in the server, you well get a choice of either a single or, as shown in Figure 7-1, a dual NIC configuration option.

Figure 7-1

Configuration options for SBS in a dual-NIC configuration (in this case the external NIC connects to the ISPs router).

 

Make sure you have the IP address information from your ISP ready when starting the CEICW. Depending on your Internet connection device, you will be prompted to fill out information on an IP address, a subnet mask, and preferred DNS servers before you can continue on to configure the firewall. This will actually configure the DNS settings without the SBS admin having to touch the DNS console. Figure 7-2 shows this configuration using the CEICW.

Figure 7-2

DNS settings configuration in the CEICW

 

SBS has support for UPnP routers and the CEICW will configure the ports for you upon detection. This is very cool and a new feature in the SBS 2003 time frame. UPnP routers do not require user name and password authentication on the LAN port and that allows the CEICW to open the ports you have elected to open as part of the wizard process.

Chapter 7Configuring Windows Small Business Server 2003

Firewall

In the Standard Edition of SBS, the CEICW will configure a stateful firewall that monitors all communication transactions and therefore provides a security system preventing unauthorized access. This will be done by using RRAS under the hood and configuring NAT if you have two NICs on the server. If you do not have two NICs, make sure to use a hardware firewall device or you will be completely vulnerable on the Internet.

In the Premium Edition of SBS, you are using ISA 2000 Server. The CEICW will configure ISA for you at this point. A warning message will appear stating that services are being stopped and then restarted in order to configure ISA. Figure 7-3 shows the Services Configuration screen, which opens the ports in the firewall without having to go into the ISA Server management console, or RRAS.

Figure 7-3

Opening ports SBS-style by use of the CEICW Services Configuration screen.

 

IMPORTANT: If you use the Premium edition of SBS and decide to configure ports directly through the ISA server management console, be aware that every time you run the CEICW, the settings will be re-set to default. The CEICW acts upon a set of pre-defined scripts. Therefore it is recommended that you use the services configuration options in the CEICW to open ports. Settings entered into the CEICW will be applied automatically every time the CEICW is used.

Here are some examples of commonly used ports that can be configured:

 

Service

Port

SMTP

25/TCP

POP3

110/TCP

VPN

1723/TCP

Terminal Services

3389/TCP

FTP

20/TCP & 21/TCP

TelNet

23/TCP

HTTP

80/TCP

HTTPS

443/TCP

 

Secure Web Site

The CEICW can also configure Secure Web Site services allowing or denying access to users coming from the Internet through the firewall. Web Site services include:

  • Outlook Web Access (OWA)
  • Remote Web Workplace (RWW)
  • Performance and Usage reports
  • Outlook Mobile Access (OMA)
  • Outlook via the Internet (rpc over https)
  • Windows SharePoint Services (WSS)
  • Business Website (open only if you plan on hosting a site)

Chapter 7Configuring Windows Small Business Server 2003

You could also choose to allow access to the entire web site from the Internet, which exposes the entire default web site on the Internet, including all services listed above as well as any additional web sites you created in the default web site. Figure 7-4 shows the Web Service Configuration screen. Just think if you had to configure these items manually!

Figure 7-4

The Web Service Configuration screen is your friend.

 

When you select to enable Windows SharePoint Services, SBS will install a fully-functional companyweb with preconfigured folders, including a fax folder, specially designed by the SBS team for small business use as shown in Figure 7-5.

Figure 7-5

Windows SharePoint Services companyweb installed by enabling one check- box in the CEICW.

 

The CEICW can create a Web Server Certificate for the services that require Secure Sockets Layer (SSL) to communicate. This is effectively having Windows Small Business Server 2003 create a self-signed certificate for SSL communication. Small business customers can reduce the cost of deploying Small Business Server, using the self-signed certificate option, because the customer does not need to buy a certificate from a public certification authority (CA). You could also choose to use a certificate signed by a CA and browse to the location of the certificate file. Verisign is one such third-party CA provider.

IMPORTANT: The self-signed security certificate discussion is new for many SBSers as it’s a new capability in SBS 2003. And if Microsoft is pretty proud of this capability, don’t you think it’s a distinct pos­sibility it could appear on the 70-282 exam? You bet.

Chapter 7Configuring Windows Small Business Server 2003

cheers….harrybbbb

Harry Brelsford, CEO at SMB Nation

MBA, MCSE, CNE, CLSE, CNP, MCP, MCT, SBSC (Microsoft Small Business Specialist)

PS – my Small Business Server 2008 (SBS 2008) book is now here! J

PPS – my spring show, SMB Nation Spring 2009, is in the NYC-area on May 1-3, 2009.

 

Advertisements

1 Comment

Filed under Book

One response to “70-282 exam cram: Configure Windows Small Business Server 2003 for Networking and Remote Connectivity

  1. Chris B

    Very nicely written, good article – unfortunately difficult to get full benefit from it because the graphics don’t load

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s