Small Business Server 2011 Standard - Build Document I. Overview of SBS 2011



MEDIA

SBS 2011 Standard ships with two disks.  Disk one is the install disk. It is a self contained installation dvd that is a image base install of the Small Business Server 2011 product.  Disk two is a repair disk that includes software parts that can be used to repair  the install at a later date.

Unlike SBS 2008 that offered a Premium SKU, this has now been changed to a Premium add on that allows you to purchase an additional Windows Server 2008 R2 and SQL 2008 R2 Standard that can be added to both SBS 2011 Standard and SBS 2011 Essentials (Aurora).  Keep in mind that if all you need is an additional copy of Server 2008 R2 for line of business application needs or to virtualize, purchasing a standalone Windows Server 2008 R2 may be cheaper than purchasing the premium add on due to the price increase of SQL 2008 R2.  (Downgrade rights will be covered in a later section).

 

PRODUCT KEYS

Unlike SBS 2008's product keys that were only on the back of the media, SBS 2011’s keys are obtainable from the VLSC web site.  However, the media is not, due to the size and concern that the VLSC Web site might not handle the large size of the download. (And trust me there is nothing so frustrating than to download for umpteen hours only to find out your download doesn’t work.  It is highly recommended that you order the media from your distributor and have it in hand before you begin the installation.  However, just like SBS 2008, if you get stuck you can download media from technet/msdn or other trial media , install without a key and place the key in the server at a later date. The trial period can be extended if you need it.  You can use a VL key on trial media and it will accept the product key and properly activate.  If you install SBS 2011 as a guest in a HyperV server use the key labeled "virtual".  If you install the key on a physical box, use the "physical" key.  You can only install one key. It’s our understanding that the virtual key is more tolerant of hardware changes.    

HARDWARE

    Some say SBS 2011 works the best with a minimum of 16 gigs.  Some argue that 12 gigs is the right fit.  Don't let those statements scare you.  While 8 gigs is the minimum, when installing SBS 2011 in an active small business where people are using email and have large OST files, line of business applications installed on the server and networked printers, at least doubling the minimum requirements ensures a happy server.  The key to a happy SBS 2011 box is to give it lots of RAM. It’s been reported by beta testers that SBS 2011 actually ran better on the same hardware that SBS 2008 ran on.  There are many factors which will affect your choice of RAID subsystem but one thing is sure: you want hardware RAID. The particular form of RAID you choose to implement and whether this is 'best practice' is outside the scope of this document.  Buy your favorite hardware guru a beer and start an argument as to what he believes is the right RAID for the servers he designs and why he chooses that.

Please note: If you are building your sever offline with no connection to the Internet (such as a lab, etc) please connect at least a simple switch to the primary network card of your future SBS server.  The install will fail if you have no network connection.

PLANNING OF THE SETUP

Partitioning a server is a religious argument.  Whatever configuration you decide, ensure that you configure at least 120 gigs for the main C: paritition.  This to ensure you have plenty of room for the SXS folder  When you install SBS 2011 it installs the entire server image on the C: drive and then once the server is completed you have the option to go back and use the console wizards to move Exchange data, SharePoint data and WSUS data.  Remember that like all SBS’s before it, while you can have additional domain controllers, you cannot have two SBS’s in the same network with the exception of the 21 days during the migration period.  SBS 2011 standard supports a maximum of 75 users or devices, must be the PDC, hold the FSMO roles, and cannot support trust domains.    

INTERNET GATEWAY (FIREWALL)

If you are more familiar with SBS 2003, you might be surprised to learn that since SBS 2008 does not have the ability to provide Internet sharing, there is a need to purchase an Internet gateway device beforehand. There are a number of different vendors providing gateways/firewalls that provide anything from basic filtering all the way up to antivirus and e-mail sanitation services at the box.  Also SBS will be a single nic server.  Teaming of nics is not supported.  If you want to team the nics, don’t team them, run the wizards, then re-team them.

Once the gateway appliance has been purchased and is at hand, one needs to do the following:

  1. Configure the LAN IP address and the Internet IP address.
  2. Configure port forwarding to the new SBS 2011 IP.
    1. SMTP Port 25
    2. HTTPS Port 443
    3. Companyweb HTTPS Port 987
    4. Optional: HTTP Port 80
      1. Note: Any request to port 80 gets redirected to the HTTPS port. By opening HTTP port 80 in the first place provides another possible attack vector. So, a suggestion would be to leave 80 closed.
    5. Optional: PPTP VPN Port 1723 + GRE (GRE should automatically get included by the device)
  3. A Handy visual chart for this is available here.
  4. You do not need to open up 4125 anymore.

VIRTUALIZATION

    Installing SBS 2011 as a guest inside a HyperV server parent is fully supported.  Installing the HyperV role ON SBS 2011 is not.  With the premium add on you can take the Windows Server 2008 R2 standard media and install it as a base for the HyperV role.  Then you are licensed to install the SBS 2011 media AND the Windows Server 2008 R2 media as guests inside the Windows 2008 R2 server that you installed the HyperV role.  This is referred to as 1+1 licensing and is a supported deployment of SBS 2011.  Installing SBS 2011 as a guest inside _any of the virtualisation platforms certified for Windows Server 2008 is fully supported. SBS11 on Hyper-V has an advantage in that there is no delineation of 'our problem' vs 'their problem' in regard to host/guest operation.


Installing the HyperV role ON SBS 2011 is possible but borders on insanity, and is also not supported

    A free Webinar on Hyper-V 101 can be found here.  Another great webinar on virtualization can be found here.
    A great list of all the patch/updates you might need are located here.

CLIENTS

Supported clients for SBS 2011 are Windows XP sp2 and above (but please have XP SP3 installed as XP sp2 clients no longer get security updates), Vista SP1 and above, and Windows 7 and above.  Phones that can be connected to the ActiveSync portion of Exchange include any phone that supports activesync, such as Windows Phone, iPhone, Android.  While you can use self signed certs even with Windows Phone (bbbblogs post) , trust me youir life will be easier if you plan on buying a third party cert.  You do not need to purchase a SAN cert for this, a single label SSL cert will do.  While Macintosh can connect to the active directory, and Entourage 2010 will support connecting to the webdav services, you will need to do some tweaking (more on this later) and Remote Web Access won’t fully function with Mac clients.  Outlook 2010 and 2007 work the best with SBS 2011 but are not included software.  If you need to attach Outlook 2003 it can work as well but needs adjustments.

When you connect your computers to the network, you will need to install .NET 4 on the workstations.  This will not be automatically downloaded; it is 'Optional Software' available through Windows Update.  However if that client has existed in a WSUS managed environment then it is possible that it is preinstalled.  A quick check in Programs and Features looking for a listing of "Microsoft .NET Framework 4" can verify if there.

PRINTERS, PLOTTERS, OTHER HARDWARE ALONG WITH LINE OF BUSINESS APPLICATIONS.

You will probably be migrating from a 32 bit operating system to a 64 bit operating system.  Check that your printers, plotters, devices support this as well as line of business applications will support being installed on a 64 bit operating system.  Be prepared to have a “plan b” when deploying printers and be ready to share them from an alternative 32 bit location should the need arise.   You may need to consider a virtual 32 bit server or Windows XP and share the printer from that location instead.

   

To return to the outline of the SBS 2011 build document,
click here.