1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Small Business Server - adding a seperate domain to the same LAN?

Discussion in 'Servers and Enterprise Solutions' started by Five_Star, 5 Mar 2010.

  1. Five_Star

    Wise Guy

    Joined: 20 Oct 2002

    Posts: 1,127

    Location: Redcar

    Hi,

    We have downsized the company in recent months and have sub let some of our office space. A second company is moving in and are bringing their own server and are going to run it over the same cabling as our machines use.

    What problems can anyone foresee us having if they run their domain controller (Server 2008 R2) on our LAN using the same address space. Our Domain is controlled from a single box running Small Business Server 2008.

    Example of the setup:
    SBSDomain1 - 172.16.3.1 -> 125
    NewDoamin2 - 172.16.3.150 -> 200

    Will this work?

    Also we are going to share our internet connection with them, I assume its as simple as telling their machines that the gateway is on 172.16.3.254?
     
  2. Rob7865

    Gangster

    Joined: 4 Sep 2006

    Posts: 308

    Location: Bristol

    Hi -
    Your best bet would be to put a second switch in and patch in the network points the other company need into that - else your going to have a whole world of pain running any other way!

    If you can keep both networks and servers separate!!

    Rob
     
  3. atomiser

    Wise Guy

    Joined: 28 May 2003

    Posts: 1,845

    do you have a half decent switch that supports vlans?
     
  4. Five_Star

    Wise Guy

    Joined: 20 Oct 2002

    Posts: 1,127

    Location: Redcar

    No we only have a basic 24 port unmanged one, I can ask but I suspect that this new company will have a switch they are using now that we could keep them on.

    I guess using the separate switch would not allow the second company to share our internet connection?

    What exactly is it about this setup that is going to cause problems? I suspect our MD has promised these new guys use of the internet already and he is bound to ask why even though I'm a programmer not a LAN manager.

    I mean if we try it will it break horribly right away or will we get little niggles appearing later on?
     
  5. oddjob62

    Sgarrista

    Joined: 8 Nov 2002

    Posts: 9,128

    Location: NW London

    What firewall are you running. Even some SOHO ones these days allow for 2 internal seperate networks.
     
  6. Rob7865

    Gangster

    Joined: 4 Sep 2006

    Posts: 308

    Location: Bristol

    Are the other company running anything like Exchange or hosting their own website on their internal network? If so, you wont be able to run both servers off the single External IP address. SBS 2008 does not work in NO NAT, and you cannot forward a single port to multiple IP's
    Yes, you can change the port Exchange listens on, but that can also cause issues if not setup and monitored correctly - best bet would be for the other company to have their own internet connection installed and routed into their own switch

    Rob
     
  7. Five_Star

    Wise Guy

    Joined: 20 Oct 2002

    Posts: 1,127

    Location: Redcar

    Sorry I really am terrible about explaining our setup here, we don't use SBS 2008 in the usual way we really use it as a glorified Server 2008 box with Exchange installed.

    The Firewall is a Cisco 5505 ASA, this manages the DHCP setup with the servers IP hard coded.
    SBS does nothing more than manage users, groups, exchange, shares and DNS.

    The real question is then will SBS 2008 complain or fall over if we add an new domain controller for a totally new domain to the same network, I was under the assumption that SBS didn't play nice with other domains on its same network or am I wrong here (because I hope I am)
     
  8. wij

    Wise Guy

    Joined: 27 Dec 2006

    Posts: 1,422

    Location: -

    If you've got an ASA just create a separate VLAN and DCHP pool for the new tennants, and either upgrade your switch to a managed one that will support VLAN's or buy a 2nd dumb switch and only connect the new companies machines to that.

    If your ISP is half decent and not going to charge you get them to give you a block of public IP's and assign one to the 2nd companies VLAN.
     
  9. oddjob62

    Sgarrista

    Joined: 8 Nov 2002

    Posts: 9,128

    Location: NW London

    Not got one in front of me but I'm pretty you can set up a separate security zone on the ASA to have the other company completely segregated from your network but give them Internet access.

    To answer you question, no it won't "fall over" as such. Main issue would be that DHCP will point DNS to your SBS server so they will have issues connecting to their domain unless you stick a conditional forwarded to their domain into DNS on your SBS server.
     
  10. BlueMhz

    Gangster

    Joined: 4 Jan 2003

    Posts: 158

    Location: London

    Are things like data security, protecting your machines from viruses/torjans etc an issue? if there are machines on your network that you don't have control of then anything can happen.

    Unless the two companies need to access each other's servers, I would have thought creating two separate networks would be the best.
     
  11. Five_Star

    Wise Guy

    Joined: 20 Oct 2002

    Posts: 1,127

    Location: Redcar

    Just an update on this, thanks to oddjob62 for the confirmation that it wouldn't fall down. Got the new company server powered up and setup the conditional forwarder and it seems to be working fine for now.

    Other interesting news is that the new company is the brothers of our MD so I guess its going to have to be cool on the LAN sharing side of things. I've already been told to give them access to the printers etc so I guess we're now a company with a new company inside us.

    If I ever get time to finish my programming work I'll suggest the vlan idea to the higher ups. Thanks for the support.
     
  12. oddjob62

    Sgarrista

    Joined: 8 Nov 2002

    Posts: 9,128

    Location: NW London

    Ahh... that makes the "politics" side of thing a lot easier. Good to hear it all went smoothly.