Managing Small Business Server (SBS) 2008

In May 2008, Microsoft released public previews (Release Candidate 0, known as RC0) for new two server products:

  • Essential Business Server (EBS) 2008
  • Small Business Server (SBS) 2008

Our blog article earlier in July (!3D3B8489FCAA9B51!576.entry) focused on EBS; this article looks at the management features and scenarios for SBS 2008 (RC0). Many people have been waiting for SBS 2008, as this product will replace the broadly deployed SBS 2003—Microsoft’s customer-premise server solution for the very small organization.

The low price point of the SBS 2003 package made it a good seller, but integration features between the various server products in SBS 2003 was not as illustrious. Few customers used or appreciated the admin wizards, the pre-created SBS security groups, and similar features. In contrast, the integration in SBS 2008 is excellent and eliminates the otherwise complex setup and administration of Windows Server 2008 X64, Exchange 2007, SharePoint 3.0, Fax services, Certificate services, WSUS, and so on. For those Microsoft network owners with less than 2 servers and 75 clients, whether or not they already use SBS 2003, SBS 2008 is a compelling migration option to consider—particularly at the very small customer end, such as those installations that have less than 25 clients. SBS 2008’s capability to accelerate and error-proof the installation and secure operation of these super-complex server technologies takes huge burdens take off the small network owner’s plate.

SBS 2008 Setup

Having just run through the EBS 2008 RC0 setup, we could contrast that 3-server install with lots of previous experience of independent setup of each server component, i.e. Windows Server 2008, Active Directory, Exchange 2007, Forefront, etc., which would be easily a 400% savings in time. Now we compare both those processes to the SBS 2008 RC0 setup, which approaches a ten-fold savings! The error-free setup of SBS 2008 on an HP ProLiant ML350 was just amazing. Immediately after setup, we were receiving Internet email. "Out of the box," every component, AD user account and Exchange mailbox, OWA with CA, secure SMTP Receive connectors, a very effective anti-spam and Exchange anti-virus, and lots more were correctly configured.

These were massive timesavings, and it was a relief to know that the Windows 2008/AD/Exchange/SharePoint lash-ups on that server were setup securely and according to Microsoft best practice. For more current news and tidbits about SBS (and EBS) 2008, a great starting place is the blog of Microsoft’s Nicholas King at

SBS 2008 Native Management

Unlike its big sister EBS, SBS 2008 does not include a copy of the System Center Essentials 2007 management application. Microsoft decided to make SBS extremely simple in setup and operation, and with a very light resource footprint. Essentials 2007 has more features than necessary for the SBS target environment, and higher resource demands than the SBS architects wanted to support. Instead of Essentials, SBS 2008 includes a brand new mini-management environment known as the Windows SBS 2008 Monitoring Data Collection Service. The Data Collection Service does not appear to be a modified OpsMgr 2007 Health Service, but instead is a brand new mini-management stack developed just for SBS 2008. The installation has a local instance (named “SBSMONITORING”) of SQL 2005 Express on the SBS 2008 server that hosts the management database for the service. Outputs of the service include alerts that appear in the SBS Console, optionally emailed to an administrator. Here is a screenshot of the SBS Console, Network-> Computers view:

Our SBS 2008 network includes two client computers running Windows Vista. The clients were connected to the SBS domain by visiting an intranet web site on the SBS server and running an ActiveX control. This joined them to the domain and downloaded additional software such as the SBS Vista Gadget (see the "The SBS 2008 Vista Gadget" section later in this article). Clicking through on the Critical alert for the SBS server, it’s easy to read what the problem is, shown in the screenshot below (If you elect to receive email alert notifications, you’ll get exactly the text you see here.).

Similar to System Center Essentials 2007, SBS 2008 includes a daily report that can be emailed to the SBS administrators email distribution list. (SBS 2008 has an additional weekly report that is more detailed.)

One difference between the Essentials Daily Health Report and the SBS 2008 Summary Network Report is the SBS report does not include a software installed listing, but the SBS report does include server uptime, backup, and email usage and mailbox size sections not included with Essentials. The SBS report is also much more attractive. Here is an actual SBS Summary Network Report, open in Outlook 2007:

Remote Management Options for SBS 2008

Many SBS 2008 owners may want to outsource some aspect of server monitoring or management. A network service provider could leverage the native Windows SBS 2008 Monitoring Data Collection Service, and have the SBS server email the service provider with the alerts for follow-up investigation. That could work for a very low-capacity management service with relaxed timeframes for problem resolution. SBS 2008 includes Remote Web Workplace (RWW), as does EBS, and RWW is a secure way for the service provider to remotely access customer computers for support and service.

The SBS 2008 owner (or IT service provider that supports the SBS owner) may consider employing some additional technology (or partner with a service provider) for deeper monitoring and/or remote management than that provided by the native Windows SBS 2008 Monitoring Data Collection Service. Potential candidates in the Microsoft management portfolio to provide richer monitoring and management of EBS 2008 include:

  • Essentials 2007
  • Operations Manager 2007
  • Remote Operations Manager 2007

Here are all the supportable topologies we can see for this scenario:

  1. Essentials 2007 SP1 installed on a second server in the SBS 2008 domain, monitoring the SBS server with an agent component. Enable Service Provider mode using the wizard in the Start menu.
  2. OpsMgr 2007 SP1 gateway server component installed on the SBS 2008 server or a second server in SBS 2008 domain. Connect to Remote OpsMgr gateway using the gateway and MOMCertImport.exe.
  3. OpsMgr 2007 SP1 agent components installed on the SBS 2008 server and any other computers in SBS 2008 domain. Connect to Remote OpsMgr gateway with agent and MOMCertImport.exe.

Notice our list does not include installing Essentials 2007 on the SBS 2008 server. Although this might be technically possible (we have not tried this), we see too many chances for conflict with the SBS native components, particularly WSUS. The SBS 2008 server needs to be left in its basic configuration as much as possible and administered using the SBS 2008 console to keep everything ‘in synch’ on the SBS network.

We piloted scenario #3, which is to connect the SBS 2008 server to a Remote OpsMgr instance agent-to-gateway over the Internet using certificates. We are happy to report that this works, meaning the OpsMgr 2007 SP1 agent component can run on the SBS 2008 server in harmony with the native Windows SBS 2008 Monitoring Data Collection Service.

Here is a screenshot of the Windows Task Manager Processes tab. This screenshot shows:

  • The native SBS management workload (the blue highlight), which includes the SQL service dedicated to DataCollectorSvc.exe
  • The processes added by the OM 07 Agent (highlighted in red):

Different from EBS 2008 (where attaching to a Remote OpsMgr instance augments the native Essentials 2007 -> Exchange 2007 monitoring), when you attach a SBS 2008 server to Remote OpsMgr, Exchange 2007 monitoring begins for the first time. For example, you must run the PowerShell script new-TestCasConnectivityUser.ps1 on the SBS 2008 server to configure Exchange 2007 client monitoring features.

The SBS 2008 Vista Gadget

When you attach your Vista client computer to the SBS network, SBS installs a Vista Sidebar gadget. This gadget is like a mini-company memo board with both standard and custom links and labels. We changed the “Administrator Link” label to say “Admin-only links” and added a custom shared link “Remote OpsMgr Web Console,” which links to the service provider’s OM 07 instance supporting that customer. Here’s what that gadget looks like with the Admin-only links fly-out open on the left:

The Remote OpsMgr Web Console

We created an AD user and corresponding OpsMgr 2007 User Role in the Remote OpsMgr service provider domain and scoped this to a group containing the Windows Computer object for the SBS 2008 server. Tailored views are assigned to offer an uncluttered space that is focused on key SBS 2008 server technologies. The next screenshot shows a high-level Computers view of the SBS 2008 server in the web console:

This web console view below clearly points out the problem with Exchange 2007 is that a Hub Transport service is stopped on the SBS 2008 server:

Finally, here’s an example where SBS 2008 server’s web sites can be individually stopped and started using the Remote OpsMgr web console (see tasks circled in red):

Closing note: Microsoft has announced that updated release candidates (RC1) for EBS 2008 and SBS 2008 will be released very soon (possibly by the end of July 2008?). We’ll post here on any management-related changes in the new releases.

This entry was posted in System Center. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s