none
Two (2) Network Cards on SBS 2008

    Question

  • Could you please expand a little as to why 2 network cards are not supported for Windows SBS 2008? Previous editions of SBS did support 2 Network cards. I thought that it was a good idea that the server stood in front of the client computers to protect them from direct access of the internet. Even though there is a router in place. In otherwords, we have scenario, DSL MODEM : ROUTER : SERVER NIC1 : SERVER NIC2 :  24 PORT SWITCH : CLIENT COMPUTERS. I thought that usually IT personell keep the server more secured and by nature the server is more robust in terms of security. Could you provide some document references regarding the 2 network card issue with SBS 2008?

     

    Thursday, October 14, 2010 5:56 PM

Answers

  • In order to for SBS 2008 to run with two nics...you have to have RRAS provide certain services...that was not included in SBS 2008
    RRAS is still present, primarily to support VPN
     
    SBS is the ONLY product MS ever had out that supported using a domain controller as an "edge" device, basically replacing the router.
     
    So when SBS 2008 was designed, in keeping with MS's intention of Secure By Design, it became a single nic environment and cannot have a routeable IP

    --
    Cris Hanna [SBS - MVP] (since 1997)
    Co-Contributor, Windows Small Business Server 2008 Unleashed
    http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
    Owner, CPU Services, Belleville, IL
    A Microsoft Registered Partner
    ------------------------------------
    MVPs do not work for Microsoft
    Please do not submit questions directly to me.

    Could you please expand a little as to why 2 network cards are not supported for Windows SBS 2008? Previous editions of SBS did support 2 Network cards. I thought that it was a good idea that the server stood in front of the client computers to protect them from direct access of the internet. Even though there is a router in place. In otherwords, we have scenario, DSL MODEM : ROUTER : SERVER NIC1 : SERVER NIC2 :  24 PORT SWITCH : CLIENT COMPUTERS. I thought that usually IT personell keep the server more secured and by nature the server is more robust in terms of security. Could you provide some document references regarding the 2 network card issue with SBS 2008?

     


    Cris Hanna, Microsoft SBS MVP, Owner-CPU Services, Belleville, IL
    Thursday, October 14, 2010 6:03 PM
    Moderator
  • In article <da3fdd30-769b-4d73-be56-4175365b4be2
    @communitybridge.codeplex.com>, TRI-C says...


    Could you please expand a little as to why 2 network cards are not suppor ted for Windows SBS 2008? Previous editions of SBS did support 2 Network ca rds. I thought that it was a good idea that the server stood in front of th e client computers to protect them from direct access of the internet. Even  though there is a router in place. In otherwords, we have scenario, DSL MO DEM : ROUTER : SERVER NIC1 : SERVER NIC2 :  24 PORT SWITCH : CLIENT COMPU TERS. I thought that usually

    IT personell keep the server more secured and by nature the server is more  robust in terms of security. Could you provide some document references reg arding the 2 network card issue with SBS 2008?


     

    It would actually be more secure if you had it setup as follows:

    Internet
    |
    Internet Router
    |
    Firewall Appliance WAN port
    |
    Firewall Appliance LAN port
    |
    24 Port Switch
    |
    Computers/Server

    Then you make rules that only allow approved outbound and approved inbound.


    You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that.  Trust yourself.
    spam999free@rrohio.com (remove 999 for proper email address)

    Saturday, October 16, 2010 12:27 PM
  • Hi,

    I thought that it was a good idea that the server stood in front of the client computers to protect them from direct access of the internet.

    Yes, it is a good idea that the server which is capable of packet filtering stands in front of the client computers to protect them from direct access of the internet. However, please be aware that Forefront ISA\TMG is not shipped in SBS 2008. You will put the critical resources in a danger place if the SBS server faces the internet directly without Forefront ISA\TMG or other packet/application filtering apps.

    If you already a hardware firewall for internal network, there will be no reason to configure SBS server since there is no dedicated network security/monitoring software installed. SBS 2008 is designed to run with 1 NIC scenarios. Integrated installation and SBS wizard may fail when you have 2 NIC enabled on the server.

    Monday, October 18, 2010 3:07 AM
    Moderator

All replies

  • In order to for SBS 2008 to run with two nics...you have to have RRAS provide certain services...that was not included in SBS 2008
    RRAS is still present, primarily to support VPN
     
    SBS is the ONLY product MS ever had out that supported using a domain controller as an "edge" device, basically replacing the router.
     
    So when SBS 2008 was designed, in keeping with MS's intention of Secure By Design, it became a single nic environment and cannot have a routeable IP

    --
    Cris Hanna [SBS - MVP] (since 1997)
    Co-Contributor, Windows Small Business Server 2008 Unleashed
    http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
    Owner, CPU Services, Belleville, IL
    A Microsoft Registered Partner
    ------------------------------------
    MVPs do not work for Microsoft
    Please do not submit questions directly to me.

    Could you please expand a little as to why 2 network cards are not supported for Windows SBS 2008? Previous editions of SBS did support 2 Network cards. I thought that it was a good idea that the server stood in front of the client computers to protect them from direct access of the internet. Even though there is a router in place. In otherwords, we have scenario, DSL MODEM : ROUTER : SERVER NIC1 : SERVER NIC2 :  24 PORT SWITCH : CLIENT COMPUTERS. I thought that usually IT personell keep the server more secured and by nature the server is more robust in terms of security. Could you provide some document references regarding the 2 network card issue with SBS 2008?

     


    Cris Hanna, Microsoft SBS MVP, Owner-CPU Services, Belleville, IL
    Thursday, October 14, 2010 6:03 PM
    Moderator
  • In article <da3fdd30-769b-4d73-be56-4175365b4be2
    @communitybridge.codeplex.com>, TRI-C says...


    Could you please expand a little as to why 2 network cards are not suppor ted for Windows SBS 2008? Previous editions of SBS did support 2 Network ca rds. I thought that it was a good idea that the server stood in front of th e client computers to protect them from direct access of the internet. Even  though there is a router in place. In otherwords, we have scenario, DSL MO DEM : ROUTER : SERVER NIC1 : SERVER NIC2 :  24 PORT SWITCH : CLIENT COMPU TERS. I thought that usually

    IT personell keep the server more secured and by nature the server is more  robust in terms of security. Could you provide some document references reg arding the 2 network card issue with SBS 2008?


     

    It would actually be more secure if you had it setup as follows:

    Internet
    |
    Internet Router
    |
    Firewall Appliance WAN port
    |
    Firewall Appliance LAN port
    |
    24 Port Switch
    |
    Computers/Server

    Then you make rules that only allow approved outbound and approved inbound.


    You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that.  Trust yourself.
    spam999free@rrohio.com (remove 999 for proper email address)

    Saturday, October 16, 2010 12:27 PM
  • Hi,

    I thought that it was a good idea that the server stood in front of the client computers to protect them from direct access of the internet.

    Yes, it is a good idea that the server which is capable of packet filtering stands in front of the client computers to protect them from direct access of the internet. However, please be aware that Forefront ISA\TMG is not shipped in SBS 2008. You will put the critical resources in a danger place if the SBS server faces the internet directly without Forefront ISA\TMG or other packet/application filtering apps.

    If you already a hardware firewall for internal network, there will be no reason to configure SBS server since there is no dedicated network security/monitoring software installed. SBS 2008 is designed to run with 1 NIC scenarios. Integrated installation and SBS wizard may fail when you have 2 NIC enabled on the server.

    Monday, October 18, 2010 3:07 AM
    Moderator
  • Well...what if you have Internet -> SonicWALL -> Gigabit switches -> SBS2008 box and desktops/laptops?

    The port forwarding for Exchange goes to a fixed, static IP on NIC1...why not set up NIC2 for use internally?

    Thursday, September 19, 2013 11:05 PM
  • Not sure why you are jumping a thread 3 years old...

    SBS 2008 does NOT support and will not function properly with 2 NICs...no matter how they are connected.


    Cris Hanna, Microsoft SBS MVP, Owner-CPU Services, Belleville, IL

    Friday, September 20, 2013 1:16 AM
    Moderator