PDA

View Full Version : Recommendations for server



FanPilot
9th July 2002, 13:59
Hi,

A client of mine is setting up his own internet server. He is using Windows 2K.

1. To use IIS5, do I have to have a min spec of Win2K Server, or is the full IIS on Win2K Professional?

2. Firewalls, What would people recommend? (for ease of use, reliabilitiy, tech support etc)

3. What is the difference between broadband and ADSL?

Thanks.

Mark Snowdon
9th July 2002, 15:58
I cannot give a comprehensive answer but

1: I thought that microsoft insist on the $$$ internet license $$$$ ? - they used to - I remember someone being bollocked for leaving it out of a server farm budget...

2: Seperate physical device - cisco's bottom end one isnt too badly priced (watch pricing to get the right bits of software), symantec do one with built in av software -never used it though - if you want to do it on the cheap and easy you can do a lot with just a router, cheap and not so easy ;-) a 486 running linux

3: broadband just means broad bandwidth, ie big pipes. lots of technologies can deliver this adsl and cable being the two common ones.

FanPilot
9th July 2002, 17:31
Thank you.

1. I am not sure what you mean... I believe IIS is a free web server. No licencing restriction. The question was, does W2KPro have the full IIS, or do I need W2KServer. If anyone can expand on any licensing issues, please say so.

2. I need something simple. Software firewall prefereably, just to protect the web server. It will be in a DMZ anyway. A router will just add to the confusion (and more for me to explain) to my client. The client will be getting a seperate broadband connection for it anyway.

3. I guessed that much. I wasn't sure though wether broadband covered multiple technologies or not. It was a question that I was asked and wasn't sure what the answer was.

DimPrawn
9th July 2002, 18:32
I believe Win2K is licensed for up to 10 simultaneous connections, otherwise you are breaking the license agreement. Therefore it has to be Win2k Server, which if you buy the OEM version costs about £400.

I would recommend a hardware firewall any day.

Mark Snowdon
9th July 2002, 18:38
If users on the internet acess a windoze server (even with iis) you used to have to buy client access licenses or an 'internet connection' license. this may be out of date - i am sure one of the win experts could answer with the current story.

Do you remember that one of the differences between NT wkstn and server was that you could only have 5 ip connections to a wkstn ?

I had a quick seach on m$ and it seems to say that if your users authenticate or make use of services on the box then you need licences
http://www.microsoft.com/windows2000/server/howtobuy/pricing/icfaq.asp

but I have always found ms licensing over complicated.

as to 2: what you need depends on what you want to protect against - if you are already in the dmz then presumably traffic will only get in on ports that you want it to , so 80 and whatever else you need.

It would depend on the functionality of your site as to what else is needed, if you allow file upload then some av software.

go throuth the services and disable anything you dont use.

depends what you need to protect against - keep up to date with the security patches - that will be a good support deal applying patches every other day ;-)

DimPrawn
9th July 2002, 20:39
MS licensing is TOTALLY incomprehensible. Every time I look into it I get more confused, but

You only need client access licenses if the Internet users authenticate using NT authentication via the browser (i.e. you setup an NT account for each web user).

If they are anonymous, or you use basic authentication, then the only license you need is the OS license.

As I say W2k Pro limits the number of TCP/IP connections on IIS to 10 concurrent users. you can up the number, but it breeaks the licensing agreement.

JohnBoy
10th July 2002, 01:08
As far as I know DP's right, you shouldn't need additional licensing for the server unless you let users 'log on', i.e. accessing it with NT authentication, which should almost never be the case on the internet.

The catch though is that depending on which other MS products you use, you may find they have different license requirements, as Mark suggested.

With regard to the "10 concurrent users" over TCP/IP hmm?...didn't think it would be a problem as I thought the server wouldn't be retaining any details of the connection, and if you're expecting more than 10 requests at a time they should be queued as IIS itself generally only runs on 8 threads anyway...perhaps DimPrawn knows something I don't?

FanPilot
10th July 2002, 08:54
Thank you all.

This is what I thought about W2KPro and W2KServer. I know the workstation version had a 10 user IIS limit, but I wasn't sure if pro was workstation. Sounds like that one is cleared up.

The server will have other ports possibly. A database, and Terminal Services (so I can get in from home or wherever). The DB will be limited mainly to the server (ASP), but there will be need that I go in remotely sometimes. I know the DB port, can anyone tell me the TS port, and what risk that might pose if TS is running? (Is TS secure over the net?)

I won't be supporting the hardware or the OS (though I can do from a technical view) so the patches are not going to earn me any points...

The client will occasionaly be connecting to the server from within the DMZ to upload data to the DB.

DimPrawn
10th July 2002, 10:30
<!--EZCODE QUOTE START--><blockquote>Quote:<hr> With regard to the "10 concurrent users" over TCP/IP hmm?...didn't think it would be a problem as I thought the server wouldn't be retaining any details of the connection, and if you're expecting more than 10 requests at a time they should be queued as IIS itself generally only runs on 8 threads anyway...perhaps DimPrawn knows something I don't?<hr></blockquote><!--EZCODE QUOTE END-->

When the IIS queue on Win 2k Pro (the workstation OS) has more than 10 HTTPrequests in its queue it simply dumps the request with a server busy response. You can up the limit (a metabase or registry setting AFAIK), but the Pro license for IIS states that only ten requests will be queued and changing this means the M$ police can come round and kick your teeth in.

So buy the server version. If you are using MS SQL Server as the DB, you must buy a processor license (one for each CPU in the box) which costs about £5,000 each! For low usage sites (like my own) I use the free version of SQL, known as the desktop or MSDE version. This is full blown SQL Server for free, but the query governor slows down the processing if > 5 queries are being run concurrently. This is unlikely unless your site is very data intensive with lots of visitors, so it a great choice for me!

FanPilot
10th July 2002, 14:54
On top of these questions (one I forgot to ask earlier, sorry) there is another one.

Some of the web site has been developed in Frontpage and requires FP Extensions. Are these on the WIndows CD, or do I just install them from a frontpage CD or what?

I don't know much about frontpage, since I stopped using it when it thought it new more about my design than I did (and it broke my ASP code).

Mark Snowdon
10th July 2002, 15:18
Must be easily available - its installed on my PC and I certainly didnt ask for it !

DimPrawn
10th July 2002, 15:52
Best to get hold of the latest versions.
See

msdn.microsoft.com/library/default.asp?url=/library/en-us/dnservext/html/fpse02win.asp (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnservext/html/fpse02win.asp)

They have been known to be buggy and full of security holes in the past (no, really?).....

StephenRees
10th July 2002, 16:25
Major problem you've all missed guys is that with Win Pro you only get one web site and no DNS server.
You have to put all of your sites under virtual dir's on a single web site .... measn you cant mess about mapping 127.0.0.2 to another web site using your hosts file.

Win2k Advanced Server you can create completely new websites and map to 127.0.0.* using hosts file

(hosts is in C:\ WINNT\system32\drivers\etc\hosts)

I went 2 yrs effing about with win pro trying to get scripts to redirect to websites and so forth - I only bloody well had one didn't I. I knew there was something missing.

As soon as I got Advanced Server it all made sense.

These are the pitfalls of being skint - another nightmare was being stuck with Access - as soon as I saw a stored proc on SQLServer2k it all started making sense.

Bastards should have given me a job, I've been running round with my head up my bot for god knows how long.

(come on then guys let me have it, here we go)

Steve.

DimPrawn
10th July 2002, 17:00
Once small point.

You don't want to pay $3999 US for Advanced Server. You simply want Windows 2000 Server (plain vanilla). About £400 OEM.

StephenRees
10th July 2002, 17:42
I know its expensive whatever you do ... it's simply not worth doing unless you are going to try and rake some back off of a bit of hosting.
(that would be my reasoning - evenb if it's just to mates or maybe put an ad in the paper, a little coop you'll run sort of thing)

At the end of the day how much is a leased line - that's about £7k p/a.

Ok ... broadband ... but if you want your own static IP of them then your own biz broadband and biz rates.

You have gotta ask if it's really worth it when you can get 200mb .NET and 100mb SQLServer2k for $25 p/m
and no hassles.

Steve.