SBS 2011 Vs 2k8 R2 + Exchange

dave-lew99 · 3 Feb 2011 at 20:47

I'm in a situation where we're looking at purchasing Exchange in some form or another.

Obviously SBS is nice and cheap, will suit us (5 users) and can be had with a suitable server for around £1,500.

As a bonus it also comes with Sharepoint Foundation.

The trouble is, putting it all on one box (so that's DNS, DHCP, AD, Exchange, Sharepoint) feels risky both from a stability (having lots of services) and security point of view (no possible isolation of public bits (eg SMTP) from the rest).

Is it worth pushing for the alternative - shaping up to be 2x Win 2k8 R2s, 2x Exchange 2010 and 2 boxes to run it on, plus CALS...

Since the recommended deployment of Exchange 2010 is a min of two boxes, do you have to buy two Exchange licences?

Obviously something like £5k is a lot more than £1.5k! Plus you lose sharepoint, although i'm not sure how much we'd use that anyway.

atomiser · 3 Feb 2011 at 21:33

what's you're expected growth rate? for 5 users i would probably look at a hosted solution.

dave-lew99 · 3 Feb 2011 at 22:03

Unfortunately due to some contractual and security obligations we have to keep it in-house...

Hosted was the plan up until recently

Growth wise, not a lot maybe a couple of people in the next 12 months.

atomiser · 3 Feb 2011 at 22:18

sounds like one of those political hot potatoes that always seem to become the problem of it the i.t. department!

if you can swing the budget, y'know - because of contractual and security obligations - then go for the two box setup.

might as well get some toys out of it!

#Chri5# · 3 Feb 2011 at 22:43

My team supports quite a few SBS installs. From SBS 2000 :eek:

(one left!) though to 2008 (just looking at the first live 2011 projects).

If you can afford to do it properly, then I would take multiple servers. For many SMEs, that is just too much cash and a well spec'd server is the best choice allowing for redundancy / uptime vs cost. If you want to protect public services eg SMTP, then deploy a gateway level server / appliance that the outside world talks to.

Is it still the case for Exchange 2010 that MS recommend not to install Exchange on a DC? If so, then that's 3 or 4 servers if you want 2 Exchange boxes. Suddenly getting quite a bit install for 5 users!

slylittlefox · 3 Feb 2011 at 22:54

Two servers, ESXi on both, SBS installed in a VM on one of them, backup the VM nightly to the hot spare? Could be done on two cheap servers to satisfy 5 users with still plenty of room to grow.

slylittlefox · 3 Feb 2011 at 22:56

Looking at about £2k using a pair of T110s (X3440s w/4GB RAM) with the SBS license included (with 5 cals) direct from Dell, though I've no idea if you need rackmount kit.

slylittlefox · 3 Feb 2011 at 22:59

I would say the alternative (i.e. 2 x 2008, 2 x Exchange etc) is way too expensive for 5 users, and it's not something I would recommend diving into without any prior experience.

dave-lew99 · 4 Feb 2011 at 08:53

My rough estimate of £1.5k was for a Dell rackmount box based on SBS '08 pricing. We don't really need rackmount but it would be nice to head that way.

It also included RAID-1 SAS for disks and i think 6GB RAM.

I thought the recommended RAM for SBS 2011 was 8GB? I have squeezed it into my dev VM box to try out at 4GB and it hasn't complained.

In terms of reliability of one box, it's less the hardware more the software i'm worried about - piling all those interacting services into one place just makes me nervous.

I hadn't considered the option of a SMTP gateway to seperate it from the real world, that seems like a good option as next on my list is a new network gateway/security appliance.

a1ex2001 · 4 Feb 2011 at 09:17

Go with the single box SBS was designed specifically for this situation, a gateway SMTP device would be an excelent addition and give you the oppertunity to ditch all the spam/viruses before they fill up your exchange database as well as reducing the potential attack surface.

The multi box solution is a nice idea but seems totally overkill for your needs and will likely give you more hastle than the single purpose built box. The SBS solution will also make any future upgrades more affordable as you will still only be buying licenses for one box as opposed to 4 or 5.

#Chri5# · 4 Feb 2011 at 09:29

The other option to a gateway mail device is to use a hosted solution and only accept incoming traffic from their defined relay servers. Probably more cost effective for 5 users - can be had from upwards of £1 per mailbox per month.

My preference is to have two RAID sets for SBS. RAID-1 for the OS, then another RAID-1 (or higher level) for user data and the Exchange IS.

SBS has come a long way since 4.5/2000 and is generally reliable. The biggest headache we've had with SBS 2008 is with migrations from 2003 but that obviously doesn't apply to a fresh install like yours.

What are your backup requirements?

dave-lew99 · 4 Feb 2011 at 15:54

Thanks for the info

Backup wise, currently i do an automatic nightly backup of key data on a rolling 7-day to our fileserver with an offsite done monthly or so. I'm likely to step this up - at the moment it's a bit labourious to zip, encrypt and burn several CDs (no tape!)

SBS i understand has enough built in backup to cover email, sharepoint etc.

Since we need a new network gateway/security appliance then we might as well get one which will do email too, or even keep out existing Postfix box to do relaying/scanning.

I did a risk mitigation exercise this afternoon on the probable services which would run on the SBS box and it seems straightforward to comfortably cover these in the event of a short outage.

I may look at speccing a slightly better than required box so i can at least put it into a VM - are there any problems with doing this with SBS?

slylittlefox · 4 Feb 2011 at 16:12

None at all from my experience, though that's limited to 2008.

Jimathy · 8 Feb 2011 at 21:54

From experience of trying to run SBS in all sorts of fancy ways to create highly redundant systems, and getting bitten in the backside trying, I'd highly recommend sticking with the single box environment for SBS, or two if you have SBS Premium, after all that's how its built and supposed to be run. With SBS you can chuck out all the rules of not running Exchange on a DC etc, as that's the only way you can run it.

For your 5 users a T110 would be sufficient, or if you've got cash to spare a T310 or even a T410, but it could be argued that that is overkill for 5 users. Remember a RackMount will be like sitting next to a loud hand dryer so unless you've a basement or room well away from your users to stick it in I'd keep away from a RM Server.

SBS will run quite happily on a VMWare ESXi box without issues, I've got 2 configured this way, without issues, as well as several native installs. At least with an ESXi box you can easily backup the entire system, maybe to a single internal drive that could be pulled and stuck into another box in an emergency.

If downtime due to hardware failure is also an issue then just take out a 24/7/365 4 Hour warranty, especially if your losses due to downtime are going to be more than the few hundred quid it'll cost to upgrade the warranty.

matthab · 9 Feb 2011 at 08:45

If it was me, I would buy a server with redundant PSU's a good raid set up and 4hr responce with Dell/HP.

So if anything goes wrong with in 4hr at least it will be fixed. But it does depend how much money you would lose to downtime.

#Chri5# · 9 Feb 2011 at 11:35

The problems I've had with SBS over the years are usually down to hardware or environmental issues.

I had an SBS 2003 chew it's Exchange Information Store last year. The cause? No UPS (customer too tight), so a power cut was terminal for the IS...

dave-lew99 · 9 Feb 2011 at 17:50

Great stuff.

I will make sure the box is reasonbly well specced (raid, redundant PSU), plus i'll try and wedge a UPS in there. Timescales for this project are ever extending so we'll probably just limp along as we are for a while yet.

In terms of contiuity of service we have several things we can do -

* Use another SMTP server as a proxy/cache in case Exchange is down
* Run BIND and replicate the whole of DNS as a secondary DNS server
* Leave DHCP on the router (currently done by DNSMasq)

Those simple steps will at least mean we don't lose any mail plus internet access isn't interrupted for short outages.

I'll probably run it in ESXi as the only VM on the box - we already have an ESXi box so it does mean if there is a problem we can just transfer the VM's back and forth (albeit manually, but that in a lot of cases will still be quicker than repairing the fault). Plus it means in the future we can add capacity by simply copying the image to a more powerful server and avoid most of the work in migrating systems.

For a security gateway i've been looking at the Watchguard products (specifically the XTM 505 w/Security bundle), seems well specced and well priced, although i have no experience of the product. (Then again, who wouldn't want a bright red box in their rack!

)

matthab · 9 Feb 2011 at 20:56

For a security gateway i've been looking at the Watchguard products (specifically the XTM 505 w/Security bundle), seems well specced and well priced, although i have no experience of the product. (Then again, who wouldn't want a bright red box in their rack! )

Better than those pesky Blue Boxes

DRZ · 9 Feb 2011 at 21:22

Be extremely careful with your licence position if you do decide to use virtualisation for failover!

slylittlefox · 9 Feb 2011 at 21:39

DRZ said:
Be extremely careful with your licence position if you do decide to use virtualisation for failover!

How so?