Security enhancements in Microsoft Essential Business Server 2008

Microsoft Essential Business Server solves major security and network management issues for midmarket companies that are outgrowing Microsoft Small Business Server 2003 and are too small for enterprise solutions.

Last fall Microsoft released Essential Business Server (EBS) 2008, its answer to one of midmarket companies' foundational dilemmas: How to address enterprise-caliber security and network management issues with small IT staffs and tight budgets.

Windows Server
security resources
Steps to secure Windows Server 2003: Volumes, policies and port control: This step-by-step guide explains how to secure Windows Server 2003.
Steps to secure Windows Server 2003: Access controls and maintenance: Maintaining the security of Windows Server 2003 requires strong access control policies and constant patch and update maintenance.
Next version of Microsoft ISA Server brings Web security to midmarket: Microsoft's Forefront Threat Management Gateway (TMG) adds HTTP and HTTPs antimalware inspection, application vulnerability and Web filtering.

Companies with 25 or 50 employees and several servers have been able to turn to Microsoft Small Business Server 2003 for years for consolidating email, email security, SharePoint and updating services on a single box. But if your company has say, a couple of hundred or so employees, an increasingly packed roomful of servers and compliance mandates that require extensive monitoring and reporting, your IT staff is under the gun.

"Midmarket companies are between a rock and a hard place," said Chris Rue, owner of Tuscaloosa, Ala.-based consultancy Black Warrior Technology and a Microsoft MVP. "They are different from small businesses from a management perspective because of the number of machines, but they're not as large as an enterprise and typically don't have the resources to get hands around their environment like they need to from end-to-end."

In this tip, we'll examine five factors to consider in deciding if EBS might be a good fit for your organization.

  1. NETWORK MANAGEMENT AND CONSOLIDATION
    Companies' networks grow as business needs grow. What may have started with a server or two and 20 desktops and laptops is subject to network sprawl over time, as you hire new employees and add applications. There's a growing gap between your IT staff resources and the time and energy spent troubleshooting network problems, provisioning end users and responding to help desk calls.

    http://www.microsoft.com/ebs/en/us/overview.aspx>Essential Business Server consolidates network management onto three boxes: a management server, a messaging server and a security server. The premium edition adds a fourth server with a SQL Server 2008 database for additional applications, including support for virtualization, so you can add several business applications on the server, all under EBS management.

    At the heart of the management server is System Center Essentials (SCE), which gives network admins broad central control and extensive monitoring over the network. The management console monitors network health for everything in the Microsoft environment and a number of third-party hardware (e.g., Dell, HP) and software (e.g., Symantec, CA, Citrix) companies.

    From SCE, you can manage software updates for servers and client machines, including antivirus products -- Microsoft's and third parties. These capabilities come online with the EBS installation in the form of what Microsoft calls management packs. In addition to out-of-the-box support, management of other hardware and software products can be added through an SDK.

    So the number of end users you have to manage is an important consideration in moving to EBS, but the complexity of your network is an even more important factor. So even SBS-sized companies of 25 or 50 people should consider EBS if their network is growing faster than they can manage it properly.

    "Consolidate and simplify management if you have multiple servers," " said Amy Babinchak, owner of Michigan-based Harbor Computer Services Inc., which caters to SMBs and is a partner with Third Tier Technology LLC, which provides consulting to other IT firms. "Even if you are up to five servers, that's about the point where SCE advantages start to kick in for management. It's a good time to move to EBS no matter how many actual users you have."

    "If the argument for EBS is strictly about seat count," said Rue, "It's the wrong conversation to have."

    The ability to manage your network efficiently impacts security. Patch management, for example, is a critical security issue. SCE monitors the environment for configuration issues, patch and software updates. It applies Microsoft best practice guidelines against configurations across the network, alerting admins so they can be proactive about potential issues.

  2. FOREFRONT STEPS UP EBS SECURITY
    EBS brings several tangible security capabilities to the midmarket company. You may, of course, mix and match in other security products, but you can have a pretty solid, integrated network security package for one price.

    Like little sister SBS, EBS includes Exchange 2007 and Forefront Security for Exchange, but there's a difference. SBS, Exchange and Forefront Security's antispam/antivirus package sit on the same server. This may be OK for a lot of small shops, but not so much for midmarket companies with heavier mail volumes and more demanding security requirements. Since EBS security sits on its own server and messaging on another, the tasks are split, so, the security functions filter email before it hits the messaging server, which only has to handle functions such as routing and transport.

    The other major piece of the security server is the Forefront Threat Management Gateway (TMG), Medium Business Edition, the heir to the venerable Internet Security and Acceleration Server (ISA). In addition to building on the secure application publishing capabilities in ISA, TMG is a true security gateway, including a stateful packet inspection firewall with application layer filtering, URL access control and optional subscription-based Web antimalware filtering.

    All this is managed through a security tab in the console. An admin can tell if the firewall is running correctly, if the antimalware engines are running correctly on Exchange, and if all the company's machines have up-to-date software, from a single point.

    "You can quickly identify problems and dive down to the right tool to address a problem," said Nick King, EBS product manager. "It aligns very closely to a day in life of midmarket companies looking to optimize security and management. How do we enable IT pros to get confidence in their environment and prioritize?"

  3. STRONG REPORTING VIA ACTIVE DIRECTORY INTEGRATION
    The ability to monitor, remediate and report on network security is critically important to demonstrating controls to your auditors and help you investigate issues. Because EBS integrates tightly with Active Directory, you can manage access policy and track and report on user activity.

    EBS stores extensive searchable logs in its SQL Server database, and offers some 30 canned reports, covers things such as asset inventory, status of your IT environment, capacity planning, software deployment, and update compliance. You can also create custom reports.

    "There are an absolutely amazing amount of reports" said Rue. "And the custom reporting is well worth the investment in time to really get your head around; you'll draw the benefits for a long, long time."

  4. EBS LICENSING OVERVIEW
    EBS is an investment for a midmarket company -- about five times the cost of SBS -- but not out of line when you consider the cost of assembling comparable components separately and the ongoing management overhead. Microsoft's list price is $5,067 for the standard edition and $6,188 for premium with five client access licenses (CALs), with single, 20- and 50-license packs available.

    The unified licensing for EBS is also a point to consider, against individual licensing for separate components. (Think Windows Server license, SQL Server license, Exchange license, TMG. etc.)

    Small businesses that outgrow SBS, for example, can find it a wrenching experience.

    "There was no comfortable transition," said Babinchak. "It's horrendously expensive to go up to a bigger network. You go from one to a whole bunch of servers, all with their own user CALs. EBS maintains SBS' consolidated licensing."

  5. EBS ENABLES SERVER, APPLICATION GROWTH
    Most small companies expect to grow, and EBS offers an extensible platform for adding applications, servers and employees. Even a very small company may want to choose EBS instead of SBS because it can expand efficiently and cost-effectively. If you can foresee a growth plan over the next few years, EBS should accommodate your company until it moves up to the next level. It will help you make the best use of your IT staff and not add people just to keep your network at maintained.

    "Midmarket people want to deliver enterprise-level service, but don't have the people or resources to throw at it," said Rue. "They want to be really efficient for as long as they can and have an underlying platform that will support pretty much any direction they want to go."

Send comments on this article to editor@searchmidmarketsecurity.com

Join our IT Knowledge Exchange discussion forum; please use the midmarket security tag.

Dig deeper on Microsoft security integration and centralized management

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

ComputerWeekly

Close