Network Topology?
|
Prev: 550 5.7.1 Sender ID (PRA) Not Permitted
Next: NTBACKUP error with volume shadow copy:0x80042306
From: Mark on 18 Apr 2006 07:10 I have two questions regarding setting up my sbs 2003 network: 1. I am using my access point/router to assign an IP address (192.168.254.100) to my SBS, while also using the 4 port router's dhcp to assign IP's to computers that are not part of the SBS network (nat is turned on). I have a static IP of (74.x.x.x). The rest of the network is working flawlessly, and the PC's not part of my SBS network are able to connect to the internet just fine -thanks for help with that. How do I access my internal companyweb and RWW from a remote location? Do I have to register a Domain Name and have it point to my ISP's DNS, or can I just use the static IP 74.x.x.x/remote, and if so why doesn't it work. 2. I also want to use a different ISP to host my company's public web site, say http://mycompany.com, and also access my SBS's companyweb, exchange, and RWW. Should I name my SBS Domain mycompany.local, or will that interfere with my public web site http://mycompany.com? Thanks
From: stephen on 18 Apr 2006 08:36 Mark wrote: > I have two questions regarding setting up my sbs 2003 network: > > 1. How do I access my internal companyweb and RWW from a remote location? Do > I have to register a Domain Name and have it point to my ISP's DNS, or can I > just use the static IP 74.x.x.x/remote, and if so why doesn't it work. That will most likely work to get to RWW, but if you're registering a domain for your web site then it's more sensible to use that domain name. Companyweb is internal only by default: you'd need to access it through an RWW desktop session or a VPN connection. > 2. I also want to use a different ISP to host my company's public web site, > say http://mycompany.com, and also access my SBS's companyweb, exchange, and > RWW. Should I name my SBS Domain mycompany.local, or will that interfere with > my public web site http://mycompany.com? Yes, name your sbs domain mycompany.local. No, it doesn't interfere with your public website or e-mail - quite the opposite, i.e if you use mycompany.com for the internal SBS domain then you would have to duplicate the real external DNS entries for mycompany.com on the internal SBS DNS). What to is: register mycompany.com and modify the DNS using your domain agent's control panel (or instruct your agent to modify the DNS) such that: You have MX records like this (raw DNS zone file format - you may have a nicer interface): @ IN MX 5 mail.mycomany.com. @ IN MX 10 backupmx.myisp.com. ;(if available) And A records like this: @ IN A 74.x.x.x ;(your sbs server) mail IN A 74.x.x.x ;(ditto) www IN A 88.x.x.x ;(your external web site) If you want the domain A record for mycompany.com to resolve to your external site (so http://mycompany.com/ is equivalent to http://www.mycompany.com/) instead of your sbs server then you can't use https://mycomany.com/remote for RWW. You have 2 choices: 1/ as above - i.e your external website is www.mycompany.com not http://mycompany.com. You can use mycompany.com for the sbs server's external address. OR 2/ Set the domain A record to point to the external web site ie @ IN A 88.x.x.x and use mail.mycompany.com to refer to the sbs server (ie https://mail.mycompany.com/remote/ for RWW). (The '@' is called the origin and basically means the base domain name. You can also just use a space on the left hand side instead of '@'. Any name not terminated with a dot in the zone file gets the origin appended so you could also write: IN MX 5 mail as the equivalent for the MX record above). Whatever you choose, create the sbs SSL certificate appropriately, i.e use mail.mycompany.com for option 2 and mycompany.com for option 1. Personally, I prefer option 1 for end-user simplicity or the third option, which is: myserver IN A 74.x.x.x. and use https://myserver.mycompany.com/remote/ for RWW It doesn't really matter which of the 3 you choose, but there is arguably some security by obscurity (which is really no security at all) in using option 3. -- stephen
|
Pages: 1 Prev: 550 5.7.1 Sender ID (PRA) Not Permitted Next: NTBACKUP error with volume shadow copy:0x80042306 |