How To Configure VPN on Small Business Server 2008

VPN (Virtual Private Networks) is an essential line of communication for mobile workers and home or remote office employees to use in order to gain access to resources that are located back on their company’s internal network. Small Business Server includes all of the components that are necessary to support the server side of VPN access equation.

In Small Business Server 2008, the process is simple and can be completed in less that 5 to 10minutes using the built-in Remote Access wizards. Here’s how:

In the Windows SBS Console that automatically launches on each session, do the following:

  • Select the Network tab.
  • Jump to the Connectivity tab in the back.
  • In the main section, observe the list of connections (their Names, Descriptions and their status) to make sure you’re familiar with them.
  • In the right hand pane, under Tasks, please select the option “Configure a Virtual Private Network” (this will launch the Setup Virtual Private Networking wizard).
  • Select “Allow users to connect to the server by using a VPN”, then click Next.
  • The Wizard will then continue automatically with the process of configuring Virtual Private Networking on the server. 

 

Additionally, the Wizard will also attempt to configure your Internet Router automatically, but this is dependent on your Firewall and/or Internet Router having the “Plug ’n’ Play” (PNP) option available and enabled in order for SBS to perform the auto-reconfiguration.  

In most cases, you may need/want to manually configure the router/firewall by opening a “pinhole” for TCP port 1723 for Virtual Private Networking.
 
If the Wizard completes “successfully”, a confirmation is displayed.   Likewise, if there are any problems or failures in configuring the VPN or the Firewall/Internet Router, then the Details on the failure(s) will be displayed on the closing page.

The Virtual Private Networking Wizard makes all this entire process fairly easy, but there is a lot more going on under the hood.  For those who wish a additional insight as to how this process works in detail, let’s look a little deeper at what VPN Setup wizard is accomplishing:

  • Enable virtual private networking (VPN).
  • Create packet filters for Point-to-Point Tunneling Protocol (PPTP).
  • Enable Point-to-Point Tunneling Protocol (PPTP) to pass through the Windows Firewall.
  • Use DHCP to assign IP addresses to remote client computers.
  • Configure the Remote Access Policy to allow members of the Windows SBS Virtual Private Networking Users security group to have remote access.
  • Mobile client computers, such as laptops, that are currently connected to the local network can now be configured with the connection settings (by launching the Network Connection Wizard on each client computer).
  • Remote client computers not currently connected to the local network should be “Joined” to the Domain and then later, configured with the connection settings to the VPN.
  • Small Business Server 2008 Virtual Private Networking wizard finishes successfully.

 

At this point, you are done with the actual VPN activation on the Server.

However, there are two more steps to observe at this point: adjusting your Users profiles to allow them to access SBS 2008 remotely, and adding the “connectoid” to their computer to allow them to “dial” into the VPN server.  I’ll cover those options in another post to come.

Getting a new HP ProLiant DL380 G4 Server

I am making arrangements to obtain an HP ProLiant DL380 G4 64-bit Rack Server.   This is a professional-grade server, but it’s about two generations old, so it can be had at a totally reasonable price.   Here are some of the specs:

Processors:

  • (2) 64-bit Intel® Xeonâ„¢ processors at 3.4 GHz.
  • 800MHz Front Side Bus and 2MB of L2 cache.
  • Intel E7520 Chipset.

Memory:

  • (6) 2 GB PC2-3200R 400MHz DDR2 Ready Slots with online spare capabilities.
  • 6x 2048MB (12288MB total) HP PC2-3200 DDR2 RAM.
  • Support for dual-rank 400MHz DDR2 memory.

Storage Controller:

  • SCSI model includes the integrated Smart Array 6i Ultra320 Array Controller with optional 128MB of Battery Backed Write Cache (BBWC standard).

Internal Drive Support:

  • HP Smart Array 6i Ultra320 SCSI Controller with Internal hot plug capacity 1.8TB standard (6 x 300GB HDD).
  • (6) hot-plug U320 SCSI drive bays, of which (1) 1.6″ bay that supports a hot-plug DAT tape backup drive.
  • (6) 72.4GB HP 10K Wide Ultra320 SCSI Hard Drives.
  • (1) 1x IDE CD-ROM.
  • Optional PCI-X Hot-plug cage or Optional PCI Express Non-hot plug Cage.
  • Optional dual channel drive backplane (2/4 split) for U320 SCSI models.

Network Controller:

  • Embedded NC7782 PCI-X Gigabit Server Adapter.
  • Embedded “Integrated Lights Out” (iLO) port for Remote Admin.

Expansion Slots:

  • 3 Total Available Slots : (2) non-hot plug 64-bit/100MHz PCI-X slots and (1) non-hot plug 64-bit/133MHz PCI-X slot.

USB 2.0 Ports:

  • 3 Total: (1) front, (2) rear accessible ports.

Redundancy:

  • (8) Hot Plug Fans with optional full redundancy.
  • (2) Hot Plug Power Supply with optional redundancy.

Management:

  • HP Power Regulator for ProLiant, delivering server level, policy based power management with industry leading energy efficiency and savings on system power and cooling costs.
  • Integrated Lights-Out industry leading remote management with new support for two-factor authentication, schema-free Microsoft Active Directory integration, Power Regulator p-state reporting, USB key virtual media and VLAN on the shared network port.
  • Integrated Lights-Out (iLO) Standard Management on system board.
  • Support for new iLO Shared Network Port enables access to the iLO management processor through one of the embedded system NICs.
  • Automatic Server Recovery (ASR), ROM Based Setup Utility (RBSU), HP System Insight Manager, Status LEDs including system health and UID and SmartStart.

Form Factor:

  • Rack (2U), (3.5-inch).

 

Pretty sweet, huh?

I”m going to be installing Microsoft’s Small Business Server OS on top of it, and see how well that works out.   I’m hoping that this new (to me) server will take good care of me and my business for years to come!