|
|
Our Hot Pick: Rising Antivirus 2006 - Certified by TUV & Checkmark! Get 10% discount by entering this coupon code: ONDISCOUNT10
The server I am working on currently only has a single NIC.......... can
anyone let me know what some of the benefits are of installing a second NIC?
I can't find a whole bunch via Google and wanted to know if it was worth me
installing the 2nd NIC.
Thanks.
|
|
"Homer Jay" <someoneelse[ at ]microsoft.com> wrote in message
news:uDB49GztHHA.5028[ at ]TK2MSFTNGP02.phx.gbl...
[Quoted Text] > The server I am working on currently only has a single NIC.......... can
> anyone let me know what some of the benefits are of installing a second
> NIC? I can't find a whole bunch via Google and wanted to know if it was
> worth me installing the 2nd NIC.
>
> Thanks.
>
Conventional SBS wisdom said two nics. This is changing as the next version
of SBS only allows one nic.
http://sbs.seandaniel.com/2007/05/hey-wheres-my-next-version-of-sbs.html
I prefer one nic with a good hardware firewall. To many it's almost a
religious debate. I'm sure someone will step in with an alternative opinion.
Both setups work well and can be made very secure. For me it comes down to a
complexity issue. The simpler and less complicated the server is the easier
it is to diagnose problems. I find the one nic setup with an external
firewall less complicated to manage the server because the firewall and the
server are separate.
--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca
|
|
And I find it far more trouble to administer, since I now have two things to
deal with, each with very different interfaces and commands. I HATE that the
next version will be single NIC. I do not want to have to buy another
router, and I don't want to have to separately manage an ISA box. If I have
to do that, I'll go all the way to Centro.
--
Charlie.
http://msmvps.com/xperts64
http://mvp.support.microsoft.com/profile/charlie.russel
"Kerry Brown" <kerry[ at ]kdbNOSPAMsys-tems.c*a*m> wrote in message
news:98A6E2C1-FC93-458F-9A73-906743799C08[ at ]microsoft.com...
[Quoted Text] > "Homer Jay" <someoneelse[ at ]microsoft.com> wrote in message > news:uDB49GztHHA.5028[ at ]TK2MSFTNGP02.phx.gbl... >> The server I am working on currently only has a single NIC.......... can >> anyone let me know what some of the benefits are of installing a second >> NIC? I can't find a whole bunch via Google and wanted to know if it was >> worth me installing the 2nd NIC. >> >> Thanks. >> > > > Conventional SBS wisdom said two nics. This is changing as the next > version of SBS only allows one nic. > > http://sbs.seandaniel.com/2007/05/hey-wheres-my-next-version-of-sbs.html> > I prefer one nic with a good hardware firewall. To many it's almost a > religious debate. I'm sure someone will step in with an alternative > opinion. Both setups work well and can be made very secure. For me it > comes down to a complexity issue. The simpler and less complicated the > server is the easier it is to diagnose problems. I find the one nic setup > with an external firewall less complicated to manage the server because > the firewall and the server are separate. > > -- > Kerry Brown > Microsoft MVP - Shell/User > http://www.vistahelp.ca> >
|
|
In article <uDB49GztHHA.5028[ at ]TK2MSFTNGP02.phx.gbl>,
someoneelse[ at ]microsoft.com says...
[Quoted Text] > The server I am working on currently only has a single NIC.......... can
> anyone let me know what some of the benefits are of installing a second NIC?
> I can't find a whole bunch via Google and wanted to know if it was worth me
> installing the 2nd NIC.
Two NIC's allow you to use a firewall running on the Server that is your
domain controller, which is always a bad idea, but, some subscribe to
the idea that MS built it that way so it must be good.
In an enterprise or secure environment we would never allow the Firewall
to be anything other than the firewall, and ISA is only cert certified
on a stand-alone box, so you can use it if you want, but I never spec a
solution with the firewall on anything other than a dedicated system.
With 2 NIC's you have many administration problems, considering that
most people also install a NAT Appliance in front of the firewall NIC
(kind of defeats the purpose if you can't trust your firewall). This
added NAT and second NIC complicate things for even seasoned network
admins when it comes time to allow VPN solutions or remote offices over
dedicated VPN's.
If you use a single NIC and a proper/quality firewall appliance you will
find that life is a lot easier, as or more secure, and that you have
control without having to tax/use the server.
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free[ at ]rrohio.com (remove 999 for proper email address)
|
|
Homer, as you can see by the posts already, there are pros and cons to both
the 1 nic and the 2 nic scenarios.
Old time SBS'ers have always encouraged the use of 2 nic systems. And the
reason for that is that we pushed installing ISA on the SBS boxes, and to do
that, you were required to have two NIC's.
However, as Bob Dylan so eloquently put it some 40 years ago, "the times,
they are a'changin'".
If you have a single NIc and SBS std 2003, stick with what you have. But in
that case, I would strongly encourage you to get something more robust than
a lowend Linksys/Dlink router/firewall. What you want is soimething that
will allow you to monitor, lockdown and report on network traffic.
--
Kevin Weilbacher [SBS-MVP]
"The days pass by so quickly now, the nights are seldom long"
"Homer Jay" <someoneelse[ at ]microsoft.com> wrote in message
news:uDB49GztHHA.5028[ at ]TK2MSFTNGP02.phx.gbl...
[Quoted Text] > The server I am working on currently only has a single NIC.......... can
> anyone let me know what some of the benefits are of installing a second
> NIC? I can't find a whole bunch via Google and wanted to know if it was
> worth me installing the 2nd NIC.
>
> Thanks.
>
|
|
Leythos, you've got the perspective a little wrong is all. To understand ISA
in SBS space we need to take a few steps back and accept some basic SBS
fundamentals.
The major reason why ISA on SBS occurs is because _most_ (ie. the great
majority) of SBS installations are single server setups.
An important consideration in cost is the size of the network. I have heard
it suggested that 90% of SBS installations are under 10 user.
We also need to travel back in time a little. At the time of SBS'
introduction a 'proper' firewall was a significant expense, along come SBS
4.0 with MSPoxy (that's not a typo), which wasn't a firewall but a proxy.
We move forward in time a little and it's now SBS2000, one version, and it
includes ISA2000. The idea 'running your DC as your firewall ain't such a
great idea' gets tossed around along with the idea 'to get similar
functionality to ISA on SBS I need to spend _at least_ several hundred $AU'
(let's call it US20c :-). At the time of SBS2000 release a WatchGuard unit
of similar capability was ~AU$2500+, or I could use ISA on SBS (something I
already owned) and a AU$200 NAT router.
We move forward again, but not so far as SBS2003. By this time ISA on SBS
has proven to be a reliable solution. _NO_ system was hacked _because_ ISA
was running on a DC, nor _because_ ISA was on an Exchange server, nor
_because_ ISA was on a public facing IIS. Systems may have been compromised
due to a misconfigured firewall but the misconfiguration was neither SBS'
fault nor caused by the fact of additional services on the firewall. The
problem was between the keyboard and the chair. Systems were also
compromised due to lack of patching, again TPWBTKATC.
We became comfortable with the idea.
An important point to note here is 'collateral damage', should the system be
compromised. A compelling reason to separate the firewall function has
always been 'this process has been compromised, the box has been
compromised, throw the box away', when you have all your eggs in one basket
this is a difficult situation to address.
I have to go out, I'll come back with SBS2003 comment later.
Our preference for ISA on SBS is not an argument about 'best practice', but
about practical solutions.
"Leythos" <void[ at ]nowhere.lan> wrote in message
news:MPG.20e9ae605b0305f6989733[ at ]adfree.Usenet.com...
[Quoted Text] > In article <uDB49GztHHA.5028[ at ]TK2MSFTNGP02.phx.gbl>,
> someoneelse[ at ]microsoft.com says...
>> The server I am working on currently only has a single NIC.......... can
>> anyone let me know what some of the benefits are of installing a second
>> NIC?
>> I can't find a whole bunch via Google and wanted to know if it was worth
>> me
>> installing the 2nd NIC.
>
> Two NIC's allow you to use a firewall running on the Server that is your
> domain controller, which is always a bad idea, but, some subscribe to
> the idea that MS built it that way so it must be good.
>
> In an enterprise or secure environment we would never allow the Firewall
> to be anything other than the firewall, and ISA is only cert certified
> on a stand-alone box, so you can use it if you want, but I never spec a
> solution with the firewall on anything other than a dedicated system.
>
> With 2 NIC's you have many administration problems, considering that
> most people also install a NAT Appliance in front of the firewall NIC
> (kind of defeats the purpose if you can't trust your firewall). This
> added NAT and second NIC complicate things for even seasoned network
> admins when it comes time to allow VPN solutions or remote offices over
> dedicated VPN's.
>
> If you use a single NIC and a proper/quality firewall appliance you will
> find that life is a lot easier, as or more secure, and that you have
> control without having to tax/use the server.
>
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free[ at ]rrohio.com (remove 999 for proper email address)
|
|
In article <#cwhUV4tHHA.4424[ at ]TK2MSFTNGP04.phx.gbl>, not[ at ]your.nellie
says...
[Quoted Text] > Leythos, you've got the perspective a little wrong is all. To understand ISA
> in SBS space we need to take a few steps back and accept some basic SBS
> fundamentals.
>
> The major reason why ISA on SBS occurs is because _most_ (ie. the great
> majority) of SBS installations are single server setups.
> An important consideration in cost is the size of the network. I have heard
> it suggested that 90% of SBS installations are under 10 user.
I'm fully aware of why ISA is installed on SBS, but I'm also fully aware
that ISA was designed for a dedicated server, that it's certified on a
single dedicated server and that it's not cert certified on a shared
server.
When it comes to having a firewall I want one that can pass all the test
in an expected environment, ISA on a SBS box is not going to pass.
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free[ at ]rrohio.com (remove 999 for proper email address)
|
|
Thanks for all the replies, I think I will stick with the single NIC as it's
already up and working well. I also already have a Netgear ProSafe VPN
Firewall so should have no real issue there...........
Its nice to read about all the pro's / con's of the different set ups
though.
"Kevin Weilbacher [SBS-MVP]" <kweilbacMVP[ at ]gte.net> wrote in message
news:OTKgfw1tHHA.3588[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] > Homer, as you can see by the posts already, there are pros and cons to
> both the 1 nic and the 2 nic scenarios.
>
> Old time SBS'ers have always encouraged the use of 2 nic systems. And the
> reason for that is that we pushed installing ISA on the SBS boxes, and to
> do that, you were required to have two NIC's.
>
> However, as Bob Dylan so eloquently put it some 40 years ago, "the times,
> they are a'changin'".
>
> If you have a single NIc and SBS std 2003, stick with what you have. But
> in that case, I would strongly encourage you to get something more robust
> than a lowend Linksys/Dlink router/firewall. What you want is soimething
> that will allow you to monitor, lockdown and report on network traffic.
>
> --
> Kevin Weilbacher [SBS-MVP]
> "The days pass by so quickly now, the nights are seldom long"
>
>
|
|
I am curious about something here. I see the thread is about 2 NIC's & ISA
and isolation. Looking at the original post and question, are you asking
about the 2 NIC's with respect to file server performance? You can purcase
an Intel dual NIC and set one to receive and one to send and really open up
the pipe for I/O. If you have a switch with 100MB ports and 2 GB ports
(Dell makes them), you will see a performance difference. This is what I do
all the time.
"Homer Jay" <someoneelse[ at ]microsoft.com> wrote in message
news:uDB49GztHHA.5028[ at ]TK2MSFTNGP02.phx.gbl...
[Quoted Text] > The server I am working on currently only has a single NIC.......... can
> anyone let me know what some of the benefits are of installing a second
> NIC? I can't find a whole bunch via Google and wanted to know if it was
> worth me installing the 2nd NIC.
>
> Thanks.
>
|
|
curious, AFAIK both NICs in a 'team' should be able to send and receive at
full speed full duplex.
Effectively, teamed NICs appear to the OS as a single NIC, so it's a
completely valid scenario and fully supported on SBS. For a small shop I
don't see a lot of need for it. Of course there are scenarios where this may
be of benefit (eg. half a dozen design guys dragging huge CAD files around).
Hope you've got better than a pair of 7200 RAID1 SATA drives 'feeding' such.
"jim smith" <james.smith32[ at ]comcast.net> wrote in message
news:%23aCKDuPuHHA.4972[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text] >I am curious about something here. I see the thread is about 2 NIC's & ISA
>and isolation. Looking at the original post and question, are you asking
>about the 2 NIC's with respect to file server performance? You can purcase
>an Intel dual NIC and set one to receive and one to send and really open up
>the pipe for I/O. If you have a switch with 100MB ports and 2 GB ports
>(Dell makes them), you will see a performance difference. This is what I
>do all the time.
>
>
> "Homer Jay" <someoneelse[ at ]microsoft.com> wrote in message
> news:uDB49GztHHA.5028[ at ]TK2MSFTNGP02.phx.gbl...
>> The server I am working on currently only has a single NIC.......... can
>> anyone let me know what some of the benefits are of installing a second
>> NIC? I can't find a whole bunch via Google and wanted to know if it was
>> worth me installing the 2nd NIC.
>>
>> Thanks.
>>
>
>
|
|
|