Planning servers for network
Guyz, I'm a rookie IT now, I'm lucky I got a job with that little knowledge n without certificate At the moment I have one server n 37 clients. Server is serving SQL 7. 0 , that all the clients n things going on that.
Guyz, I'm a rookie IT now,
I'm lucky I got a job with that little knowledge n without certificate
At the moment I have one server n 37 clients.
Server is serving SQL 7.0 , that all the clients n things going on that.
Some fool tried to install exchange n antivirus to same srv , lol
now , I have 3 new server (ok not srv but will be used as)
each config is same,
AMD XP2000+
Chaintech 7sid sis735 (rock solid n no problems)
ram : 1 srv 1 gb , other 2 512 mb DDR
60gb 7200 western
intel pro100/s
n things I2m gonna serve :
SQL 7.0
Exchange 2000
Norton antivirus enterprise
Firewall (dunno yet what to use)
a domain srv with AD
file n backup
NAT
each srv will be w2k server
Now I need opinions as which thing should run with which.
I will leave SQL alone .
Should I run Exchange with Domain srv or not ?
should NAT be on domain ?
which one should connect to net n other 2 stay internal ...
I'm lost hehe
pls help
I'm lucky I got a job with that little knowledge n without certificate
At the moment I have one server n 37 clients.
Server is serving SQL 7.0 , that all the clients n things going on that.
Some fool tried to install exchange n antivirus to same srv , lol
now , I have 3 new server (ok not srv but will be used as)
each config is same,
AMD XP2000+
Chaintech 7sid sis735 (rock solid n no problems)
ram : 1 srv 1 gb , other 2 512 mb DDR
60gb 7200 western
intel pro100/s
n things I2m gonna serve :
SQL 7.0
Exchange 2000
Norton antivirus enterprise
Firewall (dunno yet what to use)
a domain srv with AD
file n backup
NAT
each srv will be w2k server
Now I need opinions as which thing should run with which.
I will leave SQL alone .
Should I run Exchange with Domain srv or not ?
should NAT be on domain ?
which one should connect to net n other 2 stay internal ...
I'm lost hehe
pls help
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Ok, these only are opinions:
1 Buy some books and read every night. Start with a general networking one to get the concepts.
2 Although you can install all that stuff on one machine, I agree with your method of setting up mutiple servers. Keep SQL and exchange separate. Make sure you set up some type of fault tollerance. Mirroring would probably be your best bet.
3 BACKUPS!!!!! Make sure you set that up, and test atleast monthly.
4 I personally would get a good firewall that also performs NAT. There are many to choose from, however I like Symantec's (Formerly Axent Raptor)
There is so much more to say, but it all is subjective and depends on your situation. You really need to get a networking essentials book, and see if your employer will pay for some classroom instruction.
-RY
1 Buy some books and read every night. Start with a general networking one to get the concepts.
2 Although you can install all that stuff on one machine, I agree with your method of setting up mutiple servers. Keep SQL and exchange separate. Make sure you set up some type of fault tollerance. Mirroring would probably be your best bet.
3 BACKUPS!!!!! Make sure you set that up, and test atleast monthly.
4 I personally would get a good firewall that also performs NAT. There are many to choose from, however I like Symantec's (Formerly Axent Raptor)
There is so much more to say, but it all is subjective and depends on your situation. You really need to get a networking essentials book, and see if your employer will pay for some classroom instruction.
-RY
I have run Exchange, SQL Server, NAT/Firewall (ISA Server), WWW, etc. on servers that were both member servers and domain controllers without any issues. DCs, however, do have more overhead in large environments when they are tracking many clients. If you can keep Exchange away from SQL, Norton (I keep everything away from Norton products but that's just me ), and any firewall/NAT system you should be OK.
At my office, it works something like this:
Server: Exchange
Server: SQL, McAfee Epolicy Orchestrator (similar to your NAV)
Cisco PIX: Handles Firewall/NAT duties (like a separate server)
Firewall/NAT systems should be on their own, since the might block active ports used by your apps or may have issues with socket-pooling applications (like IIS by default) that will cause an application to monitor all IPs on a given interface and may clash with whatever rules are set on the firewall.
But remember, as mentioned earlier you should read up on these applications and see if any known issues might exist and *why* they exist. This way, you can try to avoid them, but if they come up you will have a better chance of recognizing them.
At my office, it works something like this:
Server: Exchange
Server: SQL, McAfee Epolicy Orchestrator (similar to your NAV)
Cisco PIX: Handles Firewall/NAT duties (like a separate server)
Firewall/NAT systems should be on their own, since the might block active ports used by your apps or may have issues with socket-pooling applications (like IIS by default) that will cause an application to monitor all IPs on a given interface and may clash with whatever rules are set on the firewall.
But remember, as mentioned earlier you should read up on these applications and see if any known issues might exist and *why* they exist. This way, you can try to avoid them, but if they come up you will have a better chance of recognizing them.
Also, I do not know if NAV for the servers has a separate exchange 'plug in' or if it is bundled, but you definately need to get an exchange antivirus program that will scan at either the MTA or IMC. I think 98% of the viruses sent to my company were caught by the exchange agent. Of cource that also assumes you do not have another scanner at the firewall.
-RY
-RY
Thxs for the replies all
Yeah I have to read n learn a lot n a lot ,
I know that.
I'm not after a short way to learn all those (lol impossible)
n not
I have few experience with AD n exchange , n no with sql
My only stand point is they didn't have a IT or such before, so I will learn with them
n yes they will send me to MCSE course next month, probably 350 hours or such.
Now from all your points , I came up with this :
1 - SQL : server (even not a client AV , bc there won't be any sharing or such, only the proggy clients use will reach the database, nothing but nothing will ruun on it, so as I assume even a virus spread there it's low possibility tý hurt the srv) warn me if I'm wrong
2 - Exchange , nat , firewall : server . Now we don't have cable or dsl yet. Both ISP's say won't take more than 2 months for the service but for that 2 months my only choice is dialup , n as I know if I keep exchange behind , it doesn't run. So exchange should dial n connect to net directly. I will use Sybari for echange. Warn me again if I'm wrong.
3 - norton AV , file , backup : server
I will let norton update the clients , also scan the sql server at nights , when sql won't be serving. I will keep ppl documents at that srv n enable the real time protection.
at the moment company won't afford to pay for tape backup. So I plan to schudele n backup sql database n exchange files to here n burn them
again warn me if I'm wrong
I will keep those servers here at home for 2 weeks n a client , n will check anything I notice
will ask for help
n for last I assume keeping AD at third server is better ,
but not sure for this again , need your opinion
tia
Yeah I have to read n learn a lot n a lot ,
I know that.
I'm not after a short way to learn all those (lol impossible)
n not
I have few experience with AD n exchange , n no with sql
My only stand point is they didn't have a IT or such before, so I will learn with them
n yes they will send me to MCSE course next month, probably 350 hours or such.
Now from all your points , I came up with this :
1 - SQL : server (even not a client AV , bc there won't be any sharing or such, only the proggy clients use will reach the database, nothing but nothing will ruun on it, so as I assume even a virus spread there it's low possibility tý hurt the srv) warn me if I'm wrong
2 - Exchange , nat , firewall : server . Now we don't have cable or dsl yet. Both ISP's say won't take more than 2 months for the service but for that 2 months my only choice is dialup , n as I know if I keep exchange behind , it doesn't run. So exchange should dial n connect to net directly. I will use Sybari for echange. Warn me again if I'm wrong.
3 - norton AV , file , backup : server
I will let norton update the clients , also scan the sql server at nights , when sql won't be serving. I will keep ppl documents at that srv n enable the real time protection.
at the moment company won't afford to pay for tape backup. So I plan to schudele n backup sql database n exchange files to here n burn them
again warn me if I'm wrong
I will keep those servers here at home for 2 weeks n a client , n will check anything I notice
will ask for help
n for last I assume keeping AD at third server is better ,
but not sure for this again , need your opinion
tia
I wouldn't put any other software on the Exchange server, except virus scanning software meant for Exchange (not just the server version of an AV program). It is generally considered not a good idea to have normal AV scanners on database servers, since they try to treat the database/transaction log files as normal files, and this may lead to corruption of these files. Now, there are virus scanner packages meant for servers running these applications (and the applications themselves) which should be used, I am just suggesting that you don't use the regular file server versions with these apps.
One more thing about backups. How do you plan on backing up your Exchange server? I setup Windows 2000 to use NTBackup and run batch jobs every night to make a single backup file. Then, the network backup (ARCserve 2000) picks up that file when it backs up the rest of the server. Using this method, you can easily restore the databases of the Exchange server while it's online using all MS applications. I have done this a few times, and it works very well. Some backup packages have agents meant for Exchange that allow you to do "brick-level" (mailbox level) backups, but most admins that I have heard from recommend against using them as backup times are miserable and restoration abilities are questionable.
One more thing about backups. How do you plan on backing up your Exchange server? I setup Windows 2000 to use NTBackup and run batch jobs every night to make a single backup file. Then, the network backup (ARCserve 2000) picks up that file when it backs up the rest of the server. Using this method, you can easily restore the databases of the Exchange server while it's online using all MS applications. I have done this a few times, and it works very well. Some backup packages have agents meant for Exchange that allow you to do "brick-level" (mailbox level) backups, but most admins that I have heard from recommend against using them as backup times are miserable and restoration abilities are questionable.
Sorry Clutch but I must disagree,
Perhaps a differance in opinion, but when I was restoring from a brick level backup the executive VP's files I was quite happy to have it. Also at month end, and accounting needed a mail from the past month again the brick level was quite usefull. I found an extra hour and a half for the backups at night when no one was using the system was quite acceptable.
Perhaps a differance in opinion, but when I was restoring from a brick level backup the executive VP's files I was quite happy to have it. Also at month end, and accounting needed a mail from the past month again the brick level was quite usefull. I found an extra hour and a half for the backups at night when no one was using the system was quite acceptable.
They may have worked for you, and that's cool. Most of the Exchange admins that I have spoken to (and posted to on Exchange newsgroups) don't care for brick level backups and instead use a 30-day reclaimation policy on the server, so that one could just bring back the deleted files. But, the brick-level method must work for somebody (like you ) since it's available. I already spend a little more than 10 hours on our network backup, so I couldn't afford it even if I wanted to.
