It's finally time to retire our old SBS 4.5 box (yes, I know...it's REALLY time), and I have a new and spiffy SBS 2011 box all ready to go. However, I guess I didn't realize that over the years they'd stripped ISA out of the SBS package, and that SBS 2011 no longer supports multiple NICs. So I'm wondering how I can replicate what SBS 4.5 used to do for us, and in particular what the Proxy Server 2.0 component used to do for us.
The most obvious thing would be the Internet Proxy, and I'm guessing this will now mean the purchase of a version of ISA 2006 (latest?) for installation on one of our Windows Server 2003 boxes, using it as the web proxy. I have a box I'm currently using
for RRAS/VPN that would probably be the best candidate. Does ISA 2006 have a modern equivalent of the Proxy Client software that came with SBS 4.5? And can a manual configuration also be entered in browser network settings for non-windows (Mac) clients (assuming
there is no software client for anything other than Windows workstations). Or would you recommend another hardware or software firewall solution entirely?
Speaking of the absence of a second NIC in the SBS 2011 box...how does mail from the outside world now get to the Exchange Server on the LAN? Is it necessary to port forward from the external network address on the server with ISA (or other firewall) to
the internal network address to the SBS 2011 server? It seems to be the only thing that makes sense. BTW, Will I have any issues joining my existing Windows 2003 servers to the domain?
I went with a brand new installation of SBS 2011 rather than try to fight through what I suspect would be a tough upgrade, though I've retained the same domain name. I realize that will mean creating users, groups, and Exchange mailboxes manually, and I'm willing to do that - we only have 35 users and we haven't been using Exchange as anything more than a glorified POP3 server, so all the .pst files are local to the users, not stored on the server.
A concern I do have though is adding the XP workstations to the "new" domain and the potential for loss when it comes to existing workstation profiles. I was intending to use Forensit's User Profile Wizard to move the user profiles, unless a better solution is out there? One thing Forensit suggested was still using SBS Connect Computer to join the XP workstations to the domain. Is that something you can still do if the domain name doesn't change? I though I read somewhere (but can't find it now) that it's a problematic approach. What are the alternatives, if it is? I had sort of assumed I could use the Force Join setting in Forensit's User Profile Wizard, but haven't talked to the folks there any further about it yet.
What other things can you think of that I haven't yet? I want to be as prepared as possible. Thanks in advance.
