Small Business Server - adding a seperate domain to the same LAN?

Associate
Joined
20 Oct 2002
Posts
1,127
Location
Redcar
Hi,

We have downsized the company in recent months and have sub let some of our office space. A second company is moving in and are bringing their own server and are going to run it over the same cabling as our machines use.

What problems can anyone foresee us having if they run their domain controller (Server 2008 R2) on our LAN using the same address space. Our Domain is controlled from a single box running Small Business Server 2008.

Example of the setup:
SBSDomain1 - 172.16.3.1 -> 125
NewDoamin2 - 172.16.3.150 -> 200

Will this work?

Also we are going to share our internet connection with them, I assume its as simple as telling their machines that the gateway is on 172.16.3.254?
 
Associate
Joined
4 Sep 2006
Posts
308
Location
Bristol
Hi -
Your best bet would be to put a second switch in and patch in the network points the other company need into that - else your going to have a whole world of pain running any other way!

If you can keep both networks and servers separate!!

Rob
 
Associate
OP
Joined
20 Oct 2002
Posts
1,127
Location
Redcar
do you have a half decent switch that supports vlans?

No we only have a basic 24 port unmanged one, I can ask but I suspect that this new company will have a switch they are using now that we could keep them on.

I guess using the separate switch would not allow the second company to share our internet connection?

What exactly is it about this setup that is going to cause problems? I suspect our MD has promised these new guys use of the internet already and he is bound to ask why even though I'm a programmer not a LAN manager.

I mean if we try it will it break horribly right away or will we get little niggles appearing later on?
 
Associate
Joined
4 Sep 2006
Posts
308
Location
Bristol
Are the other company running anything like Exchange or hosting their own website on their internal network? If so, you wont be able to run both servers off the single External IP address. SBS 2008 does not work in NO NAT, and you cannot forward a single port to multiple IP's
Yes, you can change the port Exchange listens on, but that can also cause issues if not setup and monitored correctly - best bet would be for the other company to have their own internet connection installed and routed into their own switch

Rob
 
Associate
OP
Joined
20 Oct 2002
Posts
1,127
Location
Redcar
Sorry I really am terrible about explaining our setup here, we don't use SBS 2008 in the usual way we really use it as a glorified Server 2008 box with Exchange installed.

The Firewall is a Cisco 5505 ASA, this manages the DHCP setup with the servers IP hard coded.
SBS does nothing more than manage users, groups, exchange, shares and DNS.

The real question is then will SBS 2008 complain or fall over if we add an new domain controller for a totally new domain to the same network, I was under the assumption that SBS didn't play nice with other domains on its same network or am I wrong here (because I hope I am)
 

wij

wij

Associate
Joined
27 Dec 2006
Posts
1,422
Location
-
If you've got an ASA just create a separate VLAN and DCHP pool for the new tennants, and either upgrade your switch to a managed one that will support VLAN's or buy a 2nd dumb switch and only connect the new companies machines to that.

If your ISP is half decent and not going to charge you get them to give you a block of public IP's and assign one to the 2nd companies VLAN.
 
Soldato
Joined
8 Nov 2002
Posts
9,128
Location
NW London
Not got one in front of me but I'm pretty you can set up a separate security zone on the ASA to have the other company completely segregated from your network but give them Internet access.

To answer you question, no it won't "fall over" as such. Main issue would be that DHCP will point DNS to your SBS server so they will have issues connecting to their domain unless you stick a conditional forwarded to their domain into DNS on your SBS server.
 
Associate
Joined
4 Jan 2003
Posts
158
Location
London
Are things like data security, protecting your machines from viruses/torjans etc an issue? if there are machines on your network that you don't have control of then anything can happen.

Unless the two companies need to access each other's servers, I would have thought creating two separate networks would be the best.
 
Associate
OP
Joined
20 Oct 2002
Posts
1,127
Location
Redcar
Just an update on this, thanks to oddjob62 for the confirmation that it wouldn't fall down. Got the new company server powered up and setup the conditional forwarder and it seems to be working fine for now.

Other interesting news is that the new company is the brothers of our MD so I guess its going to have to be cool on the LAN sharing side of things. I've already been told to give them access to the printers etc so I guess we're now a company with a new company inside us.

If I ever get time to finish my programming work I'll suggest the vlan idea to the higher ups. Thanks for the support.
 
Back
Top Bottom