Monday 27 April 2009

Some Thoughts on SBS 2008 and Branch Offices

When looking to deploy SBS 2008 into a situation where SBS will reside in the main office and there will be a branch office or offices.

If there are only a few seats at the branch offices, then a simple solution is the have SBS 2008 Premium at the main office with either a Terminal Server serving remote desktops or a Hyper-V box serving desktop OS based virtual machines.

The catch would be the requirements of the Line of Business (LoB) applications that are needed.

Using the Remote Web Workplace in this manner, we can eliminate the need for a server at the branch office.

If the Line of Business applications allow for Terminal Services installation, then another option would be to publish the LoB via Terminal Services RemoteApps. The user can get to the Lob app via RWW or via an icon on their desktop.

In either case, Scorpion Software’s AuthAnvil should be seriously considered to protect those TS Gateway sessions with another layer of security. The expense is relatively minor compared to the peace of mind we would have knowing that our client’s TS Gateway is protected.

For larger installations where there are a number of users at the branch office or offices, then a hardware based VPN setup would be a consideration. Keep in mind that bandwidth considerations and ISP stability are important when looking to a VPN as part of the overall solution.

A Read-Only Domain Controller on Server Core along with the needed Roles could provide local users with authentication, file, print, and centralized backup services. Server Core provides the opportunity to really slim down the needed hardware, or even repurpose existing server hardware for the branch office.

Install the full Server 2008 install, then WSUS can be installed on the branch office server and Group Policy can be customized to facilitate the local clients getting their updates from the local WSUS. This setup can be tweaked for more than one branch office with a server in each too.

Ultimately, our solution direction would depend on the client’s industry their LoB needs, compliance, retention, and remote access needs. It is our preference to have remote users connect via RWW and work with all data stored on the main office’s network.

This preference is due to the reduction in complexity that happens as a result of keeping everything relatively centralized. KISS (Wikipedia) is the operating principle behind our preference.

However, ultimately the solution we tailor will be with the client’s best interests in mind.

We will run through some actual configurations in our upcoming SBS 2008 Advanced Blueprint book too.

Philip Elder
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

No comments: