Re: Advice - solution for a company server

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 09/29/05

  • Next message: Byron Hynes [MS]: "Re: Windows Firewall/Internet Connection Sharing (ICS)"
    Date: Wed, 28 Sep 2005 22:28:04 -0500
    
    

    For an AD domain there is no advantage in cost to use Bind and it would
    actually add the cost of another server to run on. Windows DNS, particularly
    for Windows 2003, has shown to be very robust. Bind can not use Active
    Directory integrated dns zones which use multimaster replication which is a
    huge plus where dynamic dns is used and it also makes sense to run DNS on
    domain controllers for performance reasons. The SANS top 20 vulnerabilities
    does not even mention DNS for Windows while Bind is number one for Unix
    vulnerabilities though recent versions of Bind have proven to be secure so
    far as Windows 2003 DNS has. The latest versions of Bind would be the choice
    for DNS servers on the internet. --- Steve

    "Imhotep" <Imhotep@nospam.net> wrote in message
    news:vKmdnZAUm-xR3abeRVn-og@adelphia.com...
    > Steven L Umbach wrote:
    >
    >> Sure that will work but if you already have a domain controller you
    >> already have bought and installed a copy of Windows 2003 Server so the
    >> costs nothing does not really help. Windows Active Directory integrated
    >> dns zones also replicate while encrypted with AD replication traffic, can
    >> use secure
    >> dynamic dns, and if you want you can further encrypt, authenticate, and
    >> ensure integrity of all traffic between domain controllers with ipsec.
    >> --- Steve
    >
    > And so can Openldap. Furthermore, I cam use certificates on client
    > machines
    > to further secure (and validate) dynamic dns updates...
    >
    > I can also configure LDAP via a secure web site (easier administration),
    > replicate (with encrypted sessions) and oh yea, I do not have to bind to
    > the root for user authentications.
    >
    > and oh yea, is more secure, runs better and still costs nothing.
    >
    >>
    >>
    >> "Imhotep" <Imhotep@nospam.net> wrote in message
    >> news:kK6dnabcTbQ1mqfeRVn-qQ@adelphia.com...
    >>> Steven L Umbach wrote:
    >>>
    >>>> SBS 2003 would be a goof choice and it also comes with a version on
    >>>> Exchange. There are a number of good books out about Windows 2003
    >>>> Server
    >>>> and SBS 2003 and a number of newsgroups with very helpful people. Linux
    >>>> is
    >>>> not
    >>>> the best choice for a managed environment if you have Windows 2000 and
    >>>> particularly Windows XP Pro computers. You can do a lot to have
    >>>> consistent
    >>>> security policy and user environment in an Active Directory domain much
    >>>> you will probably not appreciate at first. While the cost of Linux is
    >>>> attractive you need to think about total cost of ownership and not just
    >>>> the cost of the operating system. If someone wanted to create a DNS
    >>>> server
    >>>> that would not be
    >>>> part of an AD domain I would suggest that they use Linux. It is not
    >>>> that difficult to install and maintain Windows SBS but I would say that
    >>>> to get it set up you may want to invest in the help of a professional
    >>>> or
    >>>> buy a good book on SBS to educate yourself to see if you or someone
    >>>> that
    >>>> works with you feels up to it. You might want to post in one of the SBS
    >>>> newsgroups for more
    >>>> opinions on that. --- Steve
    >
    >
    >>>
    >>> Using OpenLDAP with Bind DNS you have a "AD w/DNS" solution. Oh, yea,
    >>> that is more secure, runs better and costs nothing :-)
    >>>
    >>>
    >>>> "Soft" <happsz(at)o2.pl> wrote in message
    >>>> news:4337fcab@news.home.net.pl...
    >>>>> Hello,
    >>>>> I need to estabiilish a new solution for my company (rather small). We
    >>>>> now need a company server that should handle 10 workstations - to
    >>>>> provide
    >>>>> users with opportuninty of sharing their project files and to set
    >>>>> their
    >>>>> own e-mail accounts on it. We already have a proper machine (as I was
    >>>>> told), but I don't know which software will be good enough for this
    >>>>> task,
    >>>>> and of course it shall be not expensive - we are only interested in
    >>>>> the
    >>>>> genuine software. My colleagues told me about some Linux OS, but we
    >>>>> don't
    >>>>> want to pay for the server administration right now, and no-one in my
    >>>>> team knows this systems. Can you help me to choose a right software?
    >>>>> Shall Windows Small Business Server 2003 be a good solution (can a
    >>>>> common
    >>>>> computer user operate it?), or do we really need an adminitrator to
    >>>>> handle one of the Unix systems?
    >>>>>
    >>>>> Thanks in advance,
    >>>>> Hailie
    >>>>>
    >>>
    >>> Im
    >
    > IM


  • Next message: Byron Hynes [MS]: "Re: Windows Firewall/Internet Connection Sharing (ICS)"