Small Business Server (SBS) 2008, the successor to SBS 2003, is coming soon. SBS 2003 has been a phenomenal success in the small business market. SBS 2008 has been a long time coming, over five years wait when it’s officially released on November the 12th this year. So the main question is, is it a worthy heir?

It turns out to be a solid release, with mostly good news.  

SBS in all its incarnations is the perfect solution for any business that’s ready to leave its peer to peer/workgroup network behind and move to a “real” server network. The benefits are huge: from centralised management, security, and storage to backup and easy remote access. SBS 2003 brought several very popular technologies, such as Remote Web Workplace, the web-based access to mail, collaboration and the office computer desktop.

Getting Married to SBS a fourth time?

Something old, something new
Something borrowed, something blue
And a silver sixpence in her shoe

Something Old

There are no revolutionary changes in this version. At its core, SBS continues the tradition by bundling together Windows Server, Exchange Server, SharePoint and SQL Server, updated to their latest incarnations.

Something old is missing though: Internet Security and Acceleration Server is gone, replaced by…. nothing. SBS 2008 is a one NIC solution, designed to be protected from the internet by a hardware router/firewall or a separate firewall server.

Like its predecessor, SBS 2008 comes in two flavours: Standard and Premium. Standard gives you Windows Server 2008 64 bit, Exchange 2007 SP1 Standard, Windows SharePoint Services 3.0, Windows Server Update Services 3.0 SP1, and 120 day trials of Forefront Security for Exchange and Windows Live OneCare for Server. Premium adds a license for a second server, running either 32 or 64 bit Windows Server 2008 and SQL Server 2008 Standard for Small Business.

Maximum number of concurrent users in a SBS network is 75, just like in SBS 2003. Be aware that if you have say 50 users and above there’s a new kid on the block that might be a better fit, Windows Essentials Business Server, reviewed here.

Something New

SBS 2008 is 64-bit only. This is partly to accommodate Exchange 2007, which is 64-bit only, and also to give ample memory on the server. Recommended systems will run a 2 GHz or faster x64 CPU, 4 GB of RAM (maximum is 32 GB) and a minimum of 60 GB disk space. There are no specific SBS limitations anymore so any limits are based on the underlying technology; the maximum number of CPU sockets in Windows Server 2008 Standard x64 is four for instance, theoretically you could have four quad core CPUs for a total of 16 cores in SBS!

The second server in a Premium setup should also be 2 GHz or faster but can be either 32 or 64-bit, have at least 2 GB of RAM (maximum for a 32 bit CPU is 4 GB and for a 64-bit CPU its 32 GB) and at least 40 GB of disk space.

Client operating systems can be Windows XP SP2+, Windows Vista Business/Enterprise/Ultimate and Windows Mobile 5.0 or later.

Client Access Licenses (CAL) are different in Standard and Premium. Both types of CALs can now be purchased in single packs, as well as in the current five, ten or twenty packs.

Something Borrowed

After playing with it for a couple of weeks, one thing is clear: apart from the new, comprehensive console (see below), the strength of SBS 2008 lies in the advances in the underlying OS and applications.




Windows Server 2008 has many advantages over Windows Server 2003, such as NAP, Terminal Services Remote Applications and Gateway, Server Backup and others. Similarly, Exchange 2007 offers a superior experience when coupled with Windows Mobile 6.0, auto-configuration of clients as well as many other benefits. Windows SharePoint services 3 (WSS) is a lot better than 2.0, especially with the new, multilevel recycle bin, as well as item level security and a permissions-based user interface. I know WSS 3 can be run on SBS 2003, but it’s a clunky add-on after the fact compared to the smooth integration in SBS 2008.

Something Blue

I’ll really miss ISA Server, the specific rule set, tight control over traffic, and the fantastic reports. The main reason ISA server is not running on SBS 2008 is simple – it’s not best practice. You don’t connect your main domain controller and internal mail server directly to the internet, and you don’t run a firewall product on the same box as all those other critical services, at least not anywhere else than in SBS 2003. Microsoft has so far revealed that SBS 2003 Premium customers with Software Assurance (SA) will receive the license to run ISA on a separate server (this could be the second server in SBS 2008 premium). Not many small business clients go for the more expensive SA option, however.

And a silver sixpence in her shoe

In a surprise move, pricing for SBS has increased. Standard will cost US$1,089 (SBS 2003 R2 US$599), Premium will cost US$1,899 (SBS 2003 R2 US$1299). On the other hand a Standard CAL is US$77 compared to US$98 today. A Premium CAL will cost $189; there is no equivalent CAL in SBS 2003.

In a similar fashion to other Microsoft software, you can “downgrade” SBS. That is, you can run SBS 2003 Standard instead of SBS 2008 Standard until you’re ready to upgrade using an SBS 2008 license. The same goes for SBS 2003 Premium and SBS 2008 Premium. An SBS 2008 CAL can be used in an SBS 2003 network.

Also, if you add a vanilla Windows Server 2008 to an SBS 2003 network, the SBS 2003 CAL will cover access to the server, but only until 31 May 2009. After that, you either need to migrate to SBS 2008 or buy Windows Server 2008 CALs.

Squeaky Clean

A fresh installation is a surprisingly simple affair, as well as a lot faster than an SBS 2003 installation. In the first part of the installation process Windows Server 2008 is installed, followed by the SBS specific components. During the second part, only a few questions are asked: company contact information, server name and internal domain name. After creating another domain administrator account, the installation proceeds without any more user involvement. The main difference to an SBS 2003 installation is that you’re not asked on which disk to store individual components or data stores such as user profiles, company shared data and Exchange databases.

The reason for this is that all of these can be changed afterwards using SBS specific wizards (see below) – top marks for this Microsoft! Many a server I’ve seen runs out of disk space; with this new approach it’ll be a lot easier to plan disk space and add more capacity at a later stage.

No Upgrades

It’s impossible to upgrade to SBS 2008 directly from SBS 2003. Since the architecture is different, 32 vs 64-bit, it will always mean a migration. Microsoft only supports a two-box migration. Get a new x64 server; install SBS 2008 in a special migration mode and transfer configuration, data and mailboxes across. Then the old server is retired or reformatted to become the second server in SBS Premium, for instance.

Using the provided tools, the following platforms can be migrated to SBS 2008: Windows Server 2003, SBS 2003 and Windows Server 2008. Post RTM, there will also be guidance for migrating from SBS 2008 to SBS 2008, i.e. in a new server hardware scenario.

Prepare for Migration

You need to prepare the source server as well as do a full virus scan of all drives and a full backup of the entire server (and test the backup) just to be on the safe side. SBS 2003 has to have been updated to Service Pack 1 (check the registry key in HKLM\SOFTWARE\Microsoft\SmallBusinesServer\ServicePackNumber; if its 0x00000001, SP 1 is installed).

Install SBS SP1 if necessary, and then install Service Pack 2 for Windows Server 2003 if it’s not already there, as well as Exchange 2003 Service Pack 2. Finally, service pack 3 for Windows SharePoint Services 2.0 needs to be added if it hasn’t been previously. Be aware that a migration directly from Windows SharePoint Services 3.0 on SBS 2003 to SBS 2008 isn’t supported.

All of this is really just making sure all source software has the latest service packs ready to go and should also catch any major issues or corruptions in configurations.

If the SBS 2003 box is in a two NIC configuration, a router needs to be added so that the SBS is no longer the default gateway (SBS 2008 is a one-NIC solution only). This will also require re-running the Configure E-Mail and Internet Connection Wizard (CEICW). A Universal Plug and Play (UPnP) router is recommended, as SBS 2008 will automatically configure port forwarding and correctly link it to the SBS Console.
 

Migration Time

Once all this preparation is complete, it’s time to update the AD level in the source domain to 2003. Be aware that if you have additional domain controllers in your SBS domain running Windows 2000, you need to either update these to 2003/2008 or perform some extra clean up steps after the migration.

Although not required, it’s recommended to run the SBS Best Practises Analyzer (BPA) to verify that your source server is happy. Also a good idea is to clean out Exchange a bit by asking users to empty their deleted items and archive older emails. On top of this, you might want to run the Exchange Best Practises Analyzer.




The Migration Preparation Tool (MPT, my acronym) is a tool that runs AdPrep.exe to extend the AD schema and extends the time limit that two SBS domain controllers can coexist to 21 days. You will still get an error message daily in the event log, letting you know that multiple SBS domain controllers aren’t supported. After 21 days, the Source Server will automatically shut down.
This shows how important it is to have a good backup of your source server as the migration makes permanent changes to it; if something should go awry, you need to be able to go back to square one.

MPT also converts Exchange from mixed to native mode (required by Exchange 2007). 

Answer Me This

MPT guides you into using a migration answer file that is then used during the installation of SBS 2008 in Migration Mode.




The SBSAfg.exe is the actual application that you run to create the answer file. This can be performed at the consultant’s office and doesn’t need to be done at the client’s site.  A similar answer file can also be used for an unattended clean installation, something that will prove very popular with IT consultants. It allows granular control over all settings, making it possible to script installations for repeatable, identical configurations.

When creating the answer file, be aware that the source and destination server names can’t be identical. You then save the file on a USB key which is inserted during the SBS 2008 installation; the setup program finds this automatically and switches to Migration Mode.

For a truly unattended installation of both Windows 2008 and SBS 2008, you must also create an autounattend.xml answer file.
Internal domain name and server name can’t be changed after installation (as many of the components of SBS, like Exchange and SharePoint, don’t support changing these), so make sure you type in the right names with no typos.

Overall, in my limited trial the migration tools worked surprisingly well. I’ll be back with a comprehensive Masterclass on migration, as well as alternatives such as a swing migration so that the existing server can be reused for SBS 2008.

Consoles

Server manager in SBS 2003 is now gone (lending its name to the main console in Windows Server 2008 instead). What SBS 2008 has is the integrated Windows SBS Console with tab based access to all important tasks.

There’s one tab for initial configuration, one for Users and Groups (below), and




one for Network settings (below).



There’s also a tab to control Shared Folders and Web sites, one for Backup and Server Storage, a Report tab and finally a Security tab (below).




For someone coming from SBS 2003 it takes some getting used to, but after a short while I found myself going to the right places straight away (below).




Setting up users and assigning them to client computers is streamlined (below).




What’s missing (and slows down the all-in-one console in SBS 2003) is all the advanced tools. They’re now collected in a separate MMC based console called Advanced Management Console (below).



This is where you’ll find consoles for AD, Exchange, WSUS and IIS and all the others.

If you really need it, Windows 2008 Server Manager is also available, but I would estimate that 80-90% of server management tasks can be performed in the SBS Console.

Configuration

Because the built-in anti spam running in Exchange 2007 would normally run on the Exchange Edge server role (a separate server that sits at the edge of the network and cleans your incoming email of spam and malware), there’s no attachment scanning in Exchange 2007/SBS 2008. Forefront for Exchange does this, but it’s only a 120 day trial.

Speaking of mail, the POP3 connector has been totally rewritten for SBS 2008; minimum time for checking for new mail has been changed from 15 to 5 minutes.

In SBS 2003 you could link an OU to a user template so that users created based on this template ended up in a specific OU. This is no longer possible in SBS 2008; all users will end up in the "SBS Users" OU.

Another nifty little detail is the new Fix my Network wizard which will (among many other things) recreate the Foreign Connector in Exchange 2007 that links Exchange email with SharePoint. This configuration isn’t in the GUI of Exchange 2007; you’d have to go to the PowerShell command line to accomplish the same task.

SBS 2008 has added the ability to create mail-enabled security groups that can archive the emails they receive in SharePoint’s CompanyWeb, a simple solution to a sometimes tricky issue in SBS 2003.

Internet Everywhere

The Configure E-mail and Internet Connection Wizard (CEICW) in SBS 2003 has been split into three different wizards in SBS 2008: the Connect to the Internet Wizard (CTIW), the Internet Address Management Wizard (IAMW), and the Trusted Certificate Installation Wizard.




Setting up the internet connection is easy; the wizard automatically finds the router and, if it supports Universal Plug and Play, also configures the right ports for full functionality.



The IAMW is for configuring incoming requests from the internet. It configures remote.domain.com.au and can even configure your DNS records at your registrar (provided they support remote configuration). These include SRV records for Outlook (and Windows Mobile) auto discovery and TXT record for Sender ID verification. This usage of external DNS servers means that a client computer using Outlook 2007 can find your SBS 2008 server simply by being connected to the internet.

The Trusted Certificate Installation Wizard also helps you purchase a digital certificate through a “real” CA, which solves a lot of the issues around self signed certificates in SBS 2003. You can select a self signed certificate if you really want to.

In another effort to extend SBS from just an in-house isolated server to an internet connected service platform, SBS 2008 offers integration with Office Live. In practice this means that your public web site and any WSS external collaboration sites will be hosted on Office Live servers. DNS pointers to the right domains need a bit more work this way, but the wizard configures all this for you. Unfortunately, this service is not available in Australia at the time of writing, only in the US, UK, Japan, Germany and France. Just because we’re “down under”, we don’t get the whole enchilada; zero points for this one Microsoft.

In the fight against spam, many mail servers now block spam coming from dynamic IP addresses (common in small businesses). To work around this, there’s a new wizard to configure your Exchange server to send all outgoing mail through your ISP’s mail server, more commonly known as a smart host.

WSS 3.0 is a much better SharePoint than 2.0, offering two way calendar synchronisation with Outlook 2007 and the ability to take document lists offline, with changed documents synched back to the server automatically.

Backup

Although there was an SBS specific backup wizard in SBS 2003, all it did was use NTBackup in the background and limit the flexibility of backups to only support full backups every night, rather than the more common scenario of full backups once a week, and incremental or differential backups in between.




The new backup in SBS builds on Windows Server 2008 VSS based backup, and this brings another surprise: tape is no longer supported backup media.

Instead, the backup in SBS 2008 is geared towards removable hard drives (Firewire, USB or Esata); minimum size is 50 GB. Once a drive has been plugged in and assigned to backup (each drive is given its own GUID), it’s reformatted, and the drive letter is removed. The SBS team wants to make sure no one accidentally thinks the backup drives are a good place to store other data. After the first full backup, only changes are saved to the drive, but these are still full backups of specific points in time; by default, the backup wizard suggests twice a day.




Another difference is that SBS Backup is volume based; you cannot exclude or include folders on a particular drive.

Unlike plain Windows Server 2008, there’s a module added to SBS 2008 to make sure it’s backups are aware of Exchange 2007 and can back it up.

Removable hard drives is definitely the way forward for server based backup; most of my clients have been using them for years. My main gripe with the system as it’s presented in Release Candidate 0 is that the disks have to be “safely removed” before unplugging them. The only way to do that currently is to log on to the server, something you really don’t want ordinary users doing (the secretary or receptionist often end up with the job of swapping backups). There needs to be a script built into SBS to automatically disconnect a drive after a completed backup so that all the user has to do is unplug one and plug the other one in.

The other issue is in an SBS Premium setup with two servers, the backup isn’t centralised; each server will need its own removable disks.

Redirection of My Documents can now be done for select users using the built-in wizard; in SBS 2003 it was the same for everyone.

Client Computers

Setting up client computers is now easier than ever before. No longer do you need to remember the server name of each client so that you can type in http://servername/connectomputer; now it’s always http://connect.




You also don’t need to create a computer account on the server beforehand; it’s all done by the connection wizard. The connection wizard has been streamlined, making it possible for an end user to run it by themselves.




It’s also easier to select which level of access local users should have on their own computer, tying in nicely with UAC in Vista.




Finally, transferring existing settings and data for local users to their new domain account is a smooth process.

Once a Vista client has been joined to the domain, you can add an SBS specific Sidebar gadget (below). This gadget has links to OWA, Companyweb, RWW and organisation specific links that the administrator can configure.




Also new in 2008 is the Windows Small Business Server 2008 Client Agent, a Group Policy client-side extension that makes sure client computers are configured with the right settings. It also handles user access; if you change user access in the SBS console for computers, the agent will update it on the local machine.

Working Remotely

Remote Web Workplace (RWW) has had a very nice face lift in SBS 2008 (below).




Along with it came the ability to add custom internet links; these are shared between CompanyWeb and RWW.

Another big improvement is single sign on for RWW, so when you go to OWA from within RWW you’re not asked for credentials a second time.



RWW gives you a list of computers in the internal network to connect to. In SBS 2003 all computers are shown; in SBS 2008 only the user’s own computer is shown.

Healthy as an Ox

The health checks of client computers, and the SBS server introduced in SBS 2003 R2, have been vastly improved in SBS 2008. It now checks essentially everything that the XP or Vista security center monitors on each client and reports that back to the server. WSUS 3.0 SP1 is built into SBS 2008 and is, by default, set to automatically download and install (at 3am) patches for clients, but only downloads patches for the server rather than automatically installing them.



You can also easily see which users are assigned to a workstation from the server console.

 
SBS 2008 - the Next Big Thing?

I have been involved with SBS ever since the very first version, 4.0. It took until SBS 2003 for Microsoft to get it right, and the market share reflects the great success that SBS 2003 has been.

SBS 2008 is more of an evolution than a revolution, but with so many strong points I have no doubt that it will find a home in many small businesses, both existing SBS customers as well as new installations.

Time will tell, but there’s definitely a buzz in the small business community around SBS 2008, especially as many are looking forward to offering the great new features in Windows Server 2008 and Exchange 2007.

Links

• SBS Down Under

• SBS 2008 official Home page

• SBS 2008 Technical Library on Technet

Paul Schnackenburg is a small business IT consultant and teacher.