When you first start the wizard, it will advise you to be sure you have all the appropriate information from your ISP and about your network. You will need to know whether you have a static IP address and if so, what it is and the subnet mask. You also need to know the addresses of your local network as well, usually 192.168.16.x with 192.168.16.2 being the default internal (local network) address of the Small Business Server.

The first question you will be asked is what kind of access you have to the Internet, Broadband or dial-up. How you answer this will determine how the wizard proceeds. Let’s hope you have broadband of some kind and select this. The next page asks you how you make your connection to the broadband: directly from your server to the broadband modem, through a router, or through some sort of PPPOE account. Let’s examine each of this in a little more detail.

In my office, I use a direct connection to my DSL modem. The server has two NICs (network interface cards). Two NICs is generally considered the best way to set up SBS. One NIC connects to the Internet and the other connects to the local network. This allows the built-in firewall or, preferably ISA, to protect the server and the network from the Internet. It also allows you to have strong control over how the Internet is used. Selecting ‘A direct broadband connection’ we move to the next screen, which asks which of the two NICs is the external (Internet) connection. Actually it asks for the ‘ISP network connection’. You select it from the drop down box. It will display the IP address configuration. Check that you selected the proper one. Then you can select the ‘Local network connection’ in the same manner. The next screen asks you to verify or configure the gateway to your ISP and the preferred DNS settings. These are taken from the configuration of the NIC or you can modify/enter them here.

Before moving on, let’s explore the other Internet connection options. If you select ‘A connection that requires a user name and password (PPPOE)’ you will next be asked for the PPPOE connection. If you don’t already have one, you can create it by clicking ‘New’. It will then ask for your user name and password. If you have a static IP address, you can enter that information here as well. Hitting ‘Next’ brings you to a screen that only asks what your Local network connection is. Again, select the NIC that connects to your local network.

The final option is ‘A local router device with an IP address.’ This is an option you would use if you had a broadband router or hardware firewall connecting you to the Internet. There are two scenarios here as well: Two NICs (still preferred) and one NIC. Clicking ‘Next’ takes you to the Router Connection screen, which asks for the DNS server addresses supplied by your ISP and the address you use to connect to the router (not the Internet side). If you are only using one NIC, you must check the ‘My server uses a single network connection for both Internet access and the local network’ check box. Let’s not check it for the moment. The next screen asks you to select the network connection that connects to the Internet. If you have a static IP address, you enter it here. If not, you would select ‘Obtain an IP address automatically (DHCP)’. At this point, my system won’t let me progress because I’m not configured with a router. So, let’s move on.

After you have configured the Internet connection, it is time to configure the firewall. If you are using the Standard version of SBS 2003, you will basically be using the Routing and Remote Access Service of Windows Server 2003 as the firewall. It gives you some basic isolation from the Internet, mainly through using NAT (Network Address Translation) and some control over which ports are accessible. If you are security conscious, you would want to go with SBS 2003 Premium which includes Microsoft ISA (Internet Security and Acceleration) Server, Microsoft’s heavy duty firewall. But the wizard pretty much takes you through the same steps regardless of the version. We are first asked whether or not we want to enable the firewall. If you already have another firewall protecting your network, you can select ‘Disable firewall’; otherwise select ‘Enable firewall’. If you have already been through the wizard before, you’ll have the option to skip reconfiguring the firewall. We’ll select ‘Enable firewall’. This takes you to the Services Configuration, which lets you select which of the basic Internet services you want to enable such as E-mail, VPN, FTP, and Terminal Services. You can also add your own if you like. I generally select everything except FTP unless I know there is a need for that service. Next you’re asked to configure the Web Services. I generally want all the goodies so I select ‘Allow access to the entire web site from the Internet’ button. If you don’t intend to use, for now, some of the services, then deselect them.

Next you are asked about Certificate Services. Certificates are used to create secure connections over the Internet. You can either have SBS create the certificate for you or you can buy one from a firm like VeriSign. I generally like free so I click on the ‘Create a new web server certificate’ and enter the name of my SBS server. However, if you are going to be running a public web site and doing financial transactions, your customers may be more comfortable if you use a trusted site like VeriSign.

Finally, we configure E-mail. You can tell the wizard whether you want to enable Internet e-mail or not. I like Internet e-mail so I select ‘Enable’. You then have to select your e-mail delivery method. I generally select ‘Use DNS to route e-mail’. However, you may have reason to want to hand it off to your ISP and let their server deliver it for you. Next you select whether you want to pick up e-mail from your users’ current POP3 accounts. That topic was discussed in an earlier column. If your server is constantly connected to the Internet, you can select the ‘E-mail is delivered directly to my server’ button. However, if you have a dial-up connection, you might want your ISP to hold your e-mail and let your server periodically ask for it. In that case select ‘E-mail is held at my ISP until my server sends a signal’. Be sure to coordinate this with your ISP first. Then you specify your Internet e-mail domain name, like LentzComputer.net. Last you specify whether or not you want dangerous attachments stripped from incoming e-mail. This is a security issue and I generally select to block all such attachments. However your needs may vary. All that is left now is hitting Finish on the final screen, figure 4. Actually, I’d urge you to find and click the small ‘here’ link. This allows you to create a document containing all the settings you’ve just configured. It’s a real handy way to document some very powerful and complicated configurations made easy by the CEICW.