September 11, 2008
In a world of mergers and acquisitions, will SBS be a liability to your business?
OK, so today Dave Williams wrote an interesting (and significantly wrong) article on how Linux is keeping Microsoft honest, and how SBS sucks.
It always amazes me when people criticize things like operating systems without actually taking time to experience the product, and understand the intricities. This is one such case, where he is TOTALLY off base. First off, you CAN have more than one domain controller in an SBS environment. SBS only requires that it is the primary DC with the FSMO roles. (I wonder if he even knows what FSMO roles are, but thats a debate for another day). This means you CAN have secondary DCs in the environment.
Which gets me to my next point. Dave went off on a weird tangent about how SBS sucks for mergers because there is no support for domain trusts. It's actually a good point, but shows a complete lack of understanding of Windows Security, Active Directory, and how you would handle situations like this.
In the case of a merger where an SBS domain will need to be integrated to another domain, he's right you can't just join it up. But NOTHING prevents you from using Active Directory Federation Services (AD FS) to accomplish this. Now on SBS 2003, this isn't built in as it is based on SP1. Further to this, AD FS and Sharepoint don't play well together, which makes it difficult to do even if you could do it. You will see AD FS as a role in the new SBS 2008, but I am told that it still won't play nice with Sharepoint 2007. But thats ok.
Because SBS DOES support secondary DCs, you can easily install a Windows Server 2008 secondary DC and apply the AD FS role to it. Now you will be able to provide the identity and access management in Active Directory by sharing identity and entitlement rights across the two networks. Actually, you can do this now by installing Windows Server 2003 SP2 in the same manner.
It may not seem like a perfect solution, but is a very valid stop-gap until you can integrate the domains by importing the users into the new organization from the SBS DC. So if you do have SBS in a merger, you will be fine if you know what you're doing.
As a final note, I want to comment on Dave's lack of understanding of what SBS contains. It INCLUDES the same enterprise software solutions in Exchange, Sharepoint, WSUS, SQL, ISA etc. It's only real limitations is that it can only have a total of 75 user and/or device CALs, and must be the primary DC. That seems to be a pretty good trade off when you consider most small businesses will never reach that limit, or care about those limitations. And if they do, you can easily adjust the organization as needed. And with the introduction of EBS, small businesses that do indeed grow out of SBS can migrate cleanly to the new EBS platform without fretting about huge infrastructure changes.
Microsoft did this right. If they did anything, they have kept Linux honest. No longer can Tux brag about being a great server when it simply doesn't have the enterprise software set that most businesses need today. Small or large. As a business owner that has to account for every dollar spent in software licensing AND IT management, SBS is a much more sound investment. Its not just the initial purchasing dollars... its the ongoing maintenance combined with being able to actually have my staff get their jobs done in an efficient manner using industry standard tools.
Everyone has a right to their opinion. However, let's make it an informed one... shall we?