Managing Windows Small Business Server 2011 : Using Windows Server 2008 R2 Tools (part 2)

Windows SBS 2011 installs the Domain Name System (DNS) service on your primary server, as is required for AD DS, and automatically creates resource records for the computers on your network. To modify existing resource records or create new ones, you use the DNS Manager Console, as shown in Figure 7.

Figure 7. The DNS Manager Console.

A DNS server is essentially a database of resource records, most of which contain computer names and their equivalent IP addresses. In Windows SBS 2011, the DNS server stores the records as part of the AD DS database. Creating a new resource record is a matter of choosing a record type and supplying the information required for that type, using a dialog box like the one shown in Figure 8. For example, if you want to create a new website on your server, you can assign it a unique name by creating a new Host (A) resource record pointing to the server’s IP address and then using the name from the resource record as the host header value when you create the site in Internet Information Services (IIS).

Figure 8. The New Host dialog box in the DNS Manager Console.

During the operating system installation, the Windows SBS 2011 setup program configures Windows Firewall to open the ports that the system’s various applications and services require. However, if you install or enable additional software on the server, you might have to open additional ports.

You can use two tools to configure Windows Firewall. The first is the Windows Firewall Control panel, which enables you to open the Allowed Programs Control panel, as shown in Figure 9. By selecting programs in this dialog box, you can open ports that enable specific types of traffic to pass through the firewall.

Figure 9. The Allowed Programs Control panel.

For more detailed control over the firewall, you can use the Windows Firewall With Advanced Security Console, as shown in Figure 10. This console presents firewall settings as rules, which you can apply to inbound or outbound traffic. The allowed programs in the Windows Firewall Control panel are actually collections of rules.

Figure 10. The Windows Firewall With Advanced Security Console.

Using the Windows Firewall With Advanced Security Console, you can enable or disable the individual rules that comprise the allowed program, rather than configure the program exception as a whole. You can also create your own rules that filter traffic based on programs, services, IP addresses, and/or port numbers.

The Routing and Remote Access Service (RRAS) in Windows Server 2008 R2 enables you to configure a server’s routing capabilities. You can conceivably use a server to connect two local area networks (LANs) together, but Windows SBS 2011 allows its primary server to have only one network interface adapter. The server accesses the Internet through a standalone router on the network.

However, you can use the RRAS to configure a server on your network to function as a virtual private network (VPN) server. A VPN is a secure remote connection to your network that uses the Internet as a network medium. For example, a user at home or on the road can connect to a local Internet service provider (ISP) and establish a VPN connection to your server. To secure the connection, the computers use a technique called tunneling, which encapsulates their traffic in specially encrypted packets.

To configure RRAS on your primary server, you use the Routing And Remote Access Console, shown in Figure 11. To enable VPN access to your network, you must configure your router to allow the traffic in from the Internet, and configure your server to respond to connection requests from remote clients by running the Routing And Remote Access Server Setup Wizard. Once a VPN client is connected to the server, the user can access network resources just as though he or she were sitting at a workstation on the network.

Figure 11. The Routing And Remote Access Console.