Small Business Server 2008: no ISA Server, no built-in tape backup

I have caught up a little with what is coming in Small Business Server 2008, code-named Cougar. Short version: Microsoft is focusing on ease of use but omitting some of the features that made previous versions attractive. This will be an upgrade headache if you used those features.

The new version is 64-bit only and includes Exchange Server 2007, Sharepoint Services 3.0 and WSUS (Windows Server Update Services) 3.0 as standard. Go Premium to get SQL Server 2008 and a license for a second server (which can be 32-bit).

Program Manager Sean Daniel says in an interview (video) that the install is easier than before, and that wizards are scenario-based rather than task-based. I think this means that more decisions are taken for you. However, two changes have caused some consternation.

The first is that tape backup is no longer built in. The new backup system only supports external USB or FireWire drives. I’m not sure about backup over the network; it would be silly to omit this, but who knows? It is based on differential backup, which means you can backup in 10 minutes and do it every hour if you like.

Microsoft says this is because external drives are cheaper than tapes, and that most SBS users have moved to hard drive backup in any case. This is true unless you have a lot of tapes. However, tape advocates point out that tapes are more robust in transit and safer for archiving. Personally I’ve had problems with the cheapest bus-powered external drives, mainly because of the power being inadequate, but I’d hope that up-to-date hardware fixes this. If you still love tape, the solution is to buy a third-party tape backup system.

The other big omission is ISA Server, Microsoft’s firewall and proxy server. This is a bigger deal. ISA is a complex but sophisticated product that requires two network cards to be installed. If you can work out how to administer it, it provides extra security in conjunction with an external firewall, and numerous features for publishing internal servers and services. Why has it been dropped? Daniel makes a curious comment in this Q&A:

I am as disappointed as you with this. Certain circumstances with the changes in Longhorn server left us without firewall solution in our standard product. We attempted to move ISA into the standard product, but legal issues prevented this. There was nothing we could do.

Legal issues? This is a Microsoft product bundled with a Microsoft product. I wonder if he means internal politics?

In particular, note that there is a new multi-server bundle called Windows Essential Business Server 2008, which does include ISA.

So what do you do if you have a full-works, dual-NIC SBS 2003 box and want to upgrade? There’s no in-place upgrade, because this is 32-bit to 64-bit; and the disappearance of ISA means you have to rethink your network architecture, or upgrade to the aforementioned EBS.

Two things disappoint me here. One is that Microsoft is pushing small businesses towards multiple servers, in SBS Premium or EBS. Although this has administrative advantages, it’s not very green, it’s losing the essence of what SBS was about, and seems out of tune with the more general industry move towards fewer servers and virtualization.

The second disappointment is that Microsoft seems to be pretty much ignoring the cloud. I may be wrong: the blurb says “Integration with Microsoft Office Live Services Small Business”, though I’m not sure what this amounts to. Personally I reckon the cloud is the future for the niche that SBS fills. I’d design SBS Next as a local cache for cloud services.

16 thoughts on “Small Business Server 2008: no ISA Server, no built-in tape backup”

  1. Hi Tim

    As an SBSC i just thought i’d add some comments

    The news about no tape backup or ISA wasn’t a big deal in my eyes

    I stopped using ISA years ago in favour of a seperate hardware firewall (in my case sonicwall)
    Less of load on the SBS (with Exchange and SQL loaded this makes sense?) as you said less complexity, plus extra features such as content filtering, etc made this attractive for our customers

    Tape backup has gone from the native backup but it’s fine if your using a 3rd party solution which i do. I use backup exec so i get the other abilities native SBS doesn’t have(e.g single mailbox recovery) and i’ll still be able to backup to tape

    My initial reaction to the two server premium edition was similar to yours but as someone pointed out to me. Who says you can’t load SQL on the first box and save the second windows license for when the customer grows? or even use it as a virutal server?

  2. Andy

    Thanks for the comment. It would be interesting to know what percentage of SBS setups do use ISA. My guess is small-ish but significant – 15%? Just a guess.

    Tim

  3. I’d say that figure is probably about right…though i think the US use it more than us guys in the UK

    Most of the people i talk to either don’t use ISA or are already putting plans in place for a hardware firewall for when SBS 2008 comes around

  4. We have ISA at the SBS shop I run. I love it, but we’ve never really used its capabilities to any degree.

    Since we’re a non-profit, I am exploring the possibility of getting a separate license for ISA along with the second server license that SBS 2008 Premium would get us, but I’ve made no decision. (We can virtualize, but it’s much more important that we have two physical servers for network redundancy. We only have one physical box now.)

    We use tape backup and NTBackup but I’m not sure what impact a disk-based backup would have, other than killing the $500 investment in the DLT that came with our Dell. I have used the disk-based backup in Windows 2008 in evaluation and liked it a lot.

    The real problem is the yawning wide chasm between “backup” for disaster recovery, and “archives” (where’s the FY05 report?) Neither MS nor any other vendor has really resolved this for us in the SMB space.

  5. With SBS2003, MS had a winner. Finally, someone understood that in the SME market, price is the number 1 priority.

    Small businesses, esp 10-15 employees *or less*, do not have the budget to invest thousands in IT infrastructure. And non-IT types get a shock when they buy PCs with an OS, a server with an OS, a mail program, then find they have to buy client licences too. SBS2003 was a fantastic deal, and in the last 5 years have recommended it to dozens of small ltd companies in the UK.

    Sure, it had some way to go in terms of the target market and installation – whilst easier than the separate products, some of the choices were not explained in layman terms (nor indeed is there much assistance anywhere, esp when dealing with dns!) But in terms of price, it was great.

    Some of those companies plumped for the Premium edition, solely as it included ISA and was reasonably easy to get working “out of the box” and saved the expense of a hardware firewall, or removed headaches with cheap dsl NAT routers and the very limited “firewall” options inherent.

    Someone needs a prod at MS, and remind them of the BUDGET constraints of SMEs; 75-person companies might have revenues >5million, but most SMEs are <20 people… and a revenues/budgets to match.

  6. How has SBS 2008 handled the differences between Exchange 2003 and 2008? I haven’t got a lot of knowledge with that, but from what I’m told, a lot of the 32-bit utilities that are so useful with Exchange 2003 are just not there in 2008. I’ve heard of people running a separate 32-bit station alongside it just so they can keep running all of those cool utilities.

    I suppose Microsoft has to earn a living, is what it comes down to. I mean, has anyone really noticed anything super-duper awesome about Word 2003 as opposed to Word 2000? Of course not. But repackaging and re-organizing things every few years keeps us on the hook for another few hundred bucks. If there is one thing that the changes with SBS 2008 agree with, it’s the reality that even very small businesses DO understand more now that IT has to be a significant part of their budget, and plan accordingly. This is just Microsoft tapping into that ever-emerging market. Nobody ever accused them of not being astute business people, after all.

  7. I love ISA. I have a 98% install ratio of premium vs Standard. I love premium and find the reports I can do with ISA to be a plus.
    I have hundreds of installs out there in Australia and would not consider the option of not having ISA in the SBS current format. I will be mourning the loss of ISA but life must go on.

  8. As someone who has used SBS since the first release and using the early Proxy Server then moving onto ISA, it has been a core component for any SBS Specialist. It is regretful that MS does not see that removing such a core item in my terms leaves you with sourcing another method, when the idea of SBS was for a simple product install with everything. I don’t see myself moving towards SBS2008 upon its release. The idea of having a 2nd server is the right move as this is something I implement at present. Of course having a hardware or software firewall does remove load off the server but this means costing it in when so many of these small business have very tight budget. I wonder how many small business they approached for feedback on those who have SBS2003 installed.

  9. What is confusing me is, how do you get OMA and OWA onto the web without ISA? If you’re looking at port forwarding through your shiny new hardware firewall direct to an unprotected exchange box/domain controller… isn’t this a Bad Thing? At least ISA had a decent application proxy to inspect this sort of connection.

  10. hey tim,
    Am glad i came across a more critical review on SBS because i only see how useful it is supposed to be. You made some interesting points.

    I have used SBS and EBS a bit…and found SBS 2008 to be quite helpful, in terms of the new wizards.
    What I did not understand is why they did away with ISA…EBS Security Server has the Forefront TMG (medium business edition)…why couldn’t SBS have a different edition. (I don’t even want to get on the EBS 3-server config. thing)

    SBS has SharePoint, while EBS does not. I would assume, a medium sized biz would appreciate SP more than a small biz.

    Plus, all the wizards that are present in SBS, are not there in EBS. Admitted, they are meant for higher level admins, but i am sure they would also appreciate a simple GUI-driven wizard.

    And, correct me if I am wrong…there is information available on how to virtualize these offerings. Why would a small business want to do that?

  11. I agree with Alan. SBS 2003 is a great product, and coupled with something like the ML115 (quad core, 4gb RAM, RAID 5) it offers an incredibly low cost and robust solution for small offices.

    2003 is available as a downgrade until December 2009 when you buy 2008.

    The first thing that surprises me is the cost. 2008 is aimed at the same target market, and yet my trade cost has shot up to £800 for the boxed product (£450 for the oem bundle). That’s about £200 more for OEM.

    I disagree with Microsofts comments about most people using USB backups. I still recommend a grandfather, father, son tape backup system, and it has been succesfully used time and time again. A HP DAT160 USB backup drive is cheap, and 160gb tapes are cheaper than the equivilent USB device.

    I’ll reserve any more comments until I’ve had a chance to fully evaluate SBS 2008.

    I also agree with the authors comments about virtualisation. SBS 2008 as an out of the box, hardware independant solution would have been perfect. They missed that boat.

  12. Oh an in response to Miles, so long as you have a good hardware firewall, and strong passwords, just open port 443 to enable OWA.

  13. I totally agree with Alan above. My company bought SBS2003 Premium mostly because we only have a LinkSys WiFi DSL/Cable Router acting as our “firewall”. Please….these things can be hacked and have limited firewall capability. We bought premium because a hardware device eventually becomes “outdated” and then you need to buy a new one. So, ISA was very attractive. However, apparently, ISA is now “outdated” in SBS 2008. Sad. There is TMG, but that costs a lot of money (which is why SBS 2003 Premium was attractive, a LOT OF BANG FOR THE BUCK!! Yes!). What I really wonder is how the Windows 2008 Server Firewall really stacks up against ISA (or TMG). The one thing I really like about ISA is the monitoring facility. I have observed attempts to brute force crack the server password via RDP (which is essential for us). I am aware of this. But without good monitoring, I would otherwise have been unaware. I feel like I was gipped by M$ for removing ISA/TMG from the SBS product lineup. (And, “upgrading” to EBS is very expensive as well for a 10 – 15 employee company who has only one Pentium-D server.)

  14. sir:

    why didnt anyone think of a simple solution dont need much coast such as a linux server with two Ethernet card dont need a high performance computer just install the iso image and burn ,
    like , see clarck connect , ip cop ,

    Regards
    Mohammad Besaiso

  15. Seems as though Microsoft has completely forgotten what SBS actually means. It is SMALL BUSINESS server. I manage quite a few small busninesses and often times the initial outlay for a small server with 1 extra simple 1gb nic, the sbs OS and a few desktops + setup pushes their financial limits. Now they have to either buy ANOTHER machine and os and an ISA liscense or fork out for a hardware firewall seems stupid. I’m assuming that the majority of people who would run sbs and ISA are not going to afford that outlay and will now be running VERY exposed behind simple modem/routers with VERY basic firewalls.

    “to increase security and efficentcy of sbs on the edge we are now forcing you to run unsecured or buy more equipment”

Comments are closed.