I’m sure that most people here are aware that there are circles in the IT community where SBS is a punchline. One of the most common assertations is that ISA on SBS is a security compromise. So I figured it was time to address this head on.
Is ISA on SBS a security compromise? Completely – because the mere notion of a firewall on Windows is a security compromise at best . . . we should all be running a SonicWall or Cisco Pix if we really want security. Sorry, I couldn’t resist a little jab :^)
Seriously – is ISA on SBS a compromise? Absolutely – because SBS itself is a compromise. Which is why it fits so well in the small business space, because each and every small business is a living, breathing example of compromise on a daily basis. You can’t truly appreciate or understand Small Business Server if you don’t understand small business. And you can’t understand small business if you haven’t experienced it.
I can’t help but wonder if the people who look down on SBS with disdain have truly experienced small business. Have they laid awake at night worrying about making payroll – knowing that their employees have families to feed and mortgages to pay? Do they realize that for many small businesses, money could be spent in several different places – so that server upgrade often relates to not being able offer the raises or bonuses we’d like, or offering additional benefits. We have to take care of our employees and our customers, but we also have to invest in our businesses to insure our long-term ability to take care of our employees and our customers. We can’t afford an imblanace either way – literally. So each day is a compromise.
Would I love to be able to follow ‘best practices’? Absolutely. But look at the average small business with 25 users or less . . . how would I be helping them by deploying a DC, a secondary DC, an ISA server, a front-end Exchange box, a back-end Exchange box, a file & print server, a Sharepoint box and a LOB server? Not only would there be extensive cost at deploying that sort of solution, but extensive cost to maintain and administer that set up.
Let’s face it – SBS customers aren’t shopping for ISA server any more than they’re shopping for Exchange. What they’re looking for is a solution that let’s the work smarter. Does the small business owner care about running ISA on their DC? Nope – not in the least. The fact is that it isn’t realistic to sell that client a separate ISA server – simply put, the costs outweigh the benefits.
Is ISA on SBS a compromise? Sure – it’s a compromise between the benefits of the full product and great pricing of an integrated bundle. I will be the first one to admit that in a perfect world ISA would always run on its own dedicated box. In the small business arena, that just isn’t going to happen in an overwhelming number of cases. So the question facing most small businesses isn’t whether or not they should run a dedicated ISA box in addition to their SBS, but whether they should run ISA on SBS or stick with their $39 Linksys router.
So what’s the bigger security compromise and risk for the small business – running ISA on their SBS or sticking with a low-end nat-ing router? Because down here in the trenches – that’s the reality.