From: Mark on
I have two questions regarding setting up my sbs 2003 network:

1. I am using my access point/router to assign an IP address
(192.168.254.100) to my SBS, while also using the 4 port router's dhcp to
assign IP's to computers that are not part of the SBS network (nat is turned
on). I have a static IP of (74.x.x.x). The rest of the network is working
flawlessly, and the PC's not part of my SBS network are able to connect to
the internet just fine -thanks for help with that.
How do I access my internal companyweb and RWW from a remote location? Do
I have to register a Domain Name and have it point to my ISP's DNS, or can I
just use the static IP 74.x.x.x/remote, and if so why doesn't it work.

2. I also want to use a different ISP to host my company's public web site,
say http://mycompany.com, and also access my SBS's companyweb, exchange, and
RWW. Should I name my SBS Domain mycompany.local, or will that interfere with
my public web site http://mycompany.com?

Thanks

From: stephen on
Mark wrote:
> I have two questions regarding setting up my sbs 2003 network:
>
> 1. How do I access my internal companyweb and RWW from a remote location? Do
> I have to register a Domain Name and have it point to my ISP's DNS, or can I
> just use the static IP 74.x.x.x/remote, and if so why doesn't it work.

That will most likely work to get to RWW, but if you're registering a
domain for your web site then it's more sensible to use that domain
name. Companyweb is internal only by default: you'd need to access it
through an RWW desktop session or a VPN connection.

> 2. I also want to use a different ISP to host my company's public web site,
> say http://mycompany.com, and also access my SBS's companyweb, exchange, and
> RWW. Should I name my SBS Domain mycompany.local, or will that interfere with
> my public web site http://mycompany.com?

Yes, name your sbs domain mycompany.local. No, it doesn't interfere with
your public website or e-mail - quite the opposite, i.e if you use
mycompany.com for the internal SBS domain then you would have to
duplicate the real external DNS entries for mycompany.com on the
internal SBS DNS).

What to is: register mycompany.com and modify the DNS using your domain
agent's control panel (or instruct your agent to modify the DNS) such that:

You have MX records like this (raw DNS zone file format - you may have a
nicer interface):

@ IN MX 5 mail.mycomany.com.
@ IN MX 10 backupmx.myisp.com. ;(if available)

And A records like this:

@ IN A 74.x.x.x ;(your sbs server)
mail IN A 74.x.x.x ;(ditto)
www IN A 88.x.x.x ;(your external web site)


If you want the domain A record for mycompany.com to resolve to your
external site (so http://mycompany.com/ is equivalent to
http://www.mycompany.com/) instead of your sbs server then you can't use
https://mycomany.com/remote for RWW.

You have 2 choices:

1/ as above - i.e your external website is www.mycompany.com not
http://mycompany.com. You can use mycompany.com for the sbs server's
external address.
OR
2/ Set the domain A record to point to the external web site ie
@ IN A 88.x.x.x
and use mail.mycompany.com to refer to the sbs server (ie
https://mail.mycompany.com/remote/ for RWW).

(The '@' is called the origin and basically means the base domain name.
You can also just use a space on the left hand side instead of '@'. Any
name not terminated with a dot in the zone file gets the origin appended
so you could also write:
IN MX 5 mail
as the equivalent for the MX record above).

Whatever you choose, create the sbs SSL certificate appropriately, i.e
use mail.mycompany.com for option 2 and mycompany.com for option 1.

Personally, I prefer option 1 for end-user simplicity or the third
option, which is:

myserver IN A 74.x.x.x.

and use https://myserver.mycompany.com/remote/ for RWW

It doesn't really matter which of the 3 you choose, but there is
arguably some security by obscurity (which is really no security at all)
in using option 3.

-- stephen