0

Are there any resources offering advice on how to setup a microsoft based web-hosting service? I currently offer LAMP hosting with cPanel, but there is some demand for IIS & SQL Server.

As far as I can tell MS Windows Web Server 2008 R2 edition allows unlimited IIS connections. And a per-processor license for MS SQL Server Web Edition 2008 also permits unlimited connections.

Where I am falling down is that I can't figure out how to get "unlimited" Active Directory users. I can't use 2008R2 Web Server edition for AD, so I will need the 2008R2 standard edition, I think. Does Microsoft have a provision for using AD in an ISP scenario?

I am looking at using the cPanel Enkompas system to manage the Windows software, and Enkompas requires AD for user authentication.

Any advice would be greatly appreciated!

ChrisNZ
  • 606
  • 2
  • 9
  • 25

3 Answers3

1

What do you need AD for? If your just hosting web applications, there is no real reason to need AD. If you do need to use AD you will likely need an authentication processor licence, which is much more expensive plus a full copy of Windows Server, not the Web edition.

If you do need access to the facilities AD provides, or access to things like Exchange or Sharepoint, then you've need to use AD. Just use SQL or local user accounts and save the cost.

Sam Cogan
  • 38,736
  • 6
  • 78
  • 114
  • AD does not need a processor license if it is used for technical purposes (i.e. isolate websites, customers). Authenticated is only neeeded if the "end points" use ad (website users etc.). If you get more than a system or two, there are great reasons to use AD - management wise. – TomTom Mar 31 '10 at 04:08
  • @TomTom, true, I had assumed the user wanted it for user authentication – Sam Cogan Apr 01 '10 at 08:34
  • This is not feasible in a hosting scenario - you use AD to isolate customers or services (websites), but within a website - like all do - you use a SQL database or other means. – TomTom Apr 01 '10 at 08:41
1

As I understand it, you'll need a MS Service Provider License Agreement to offer hosting for sale. It's not hard to get, but a hoop to jump through none the less.

I'd keep AD off the table. It's a bear to support when users really don't understand it. It also adds quite a bit of attack surface, and almost all MS Admins agree it doesn't go on server that face the Internet.

Chris S
  • 77,945
  • 11
  • 124
  • 216
  • Good point. I will contact cPanel to find out if AD is an absolute requirement for Enkompass. If it is, then I envisage that I would have the AD server on a private internal LAN segment, with the IIS and SQL servers able to access it to provide authentication when required. Also thanks for the SPLA link, I am reading through all of that right now! – ChrisNZ Mar 31 '10 at 02:16
0

Where I am falling down is that I can't figure out how to get "unlimited" Active Directory users. I can't use 2008R2 Web Server edition for AD, so I will need the 2008R2 standard edition, I think. Does Microsoft have a provision for using AD in an ISP scenario?

That makes no sense. Ok, AD as requirement sucks, but it makes sense to have all servers in a domain for technical purposes - but this means you do not need unlimited AD users as AD is not used for end users. It also means you can use web edition for the web servers.

How is your setup? What I do is I have: * One machine that is non-trivial running Hyper-V * Being licensed with a one processor Datacenter Edition * Use virtual machines for the actual load.

This way I can have as many images as I want (separate email server etc.). They are all in a domain (Domain Controlle running on the VM, too), but I do not use active directory users except for technical reasons (isolate websites etc.) - as such the licensing restrictions do not apply.

Websites are served from web edition instances.

You need to get your hands on the SPLA and the SPUR. The last is the "Service Provider Usage Rights" - a large document, around 200+ pages, that basically is a very detailed EULA for every product. No worry about the size - you dont need to read it all. It basically has a section for EVERY ITEM YOU CAN LICENSE UNDER SPLA - including office, vsual studio etc. If you go down to the Windows section it is just a dozen pages and that already covers all versions (so it is a lot smaller for just one version). It is legalese (not english ;)), but not too hard to read.

TomTom
  • 51,649
  • 7
  • 54
  • 136
  • Ah.. I was not aware of the distinction of AD for technical purposes vs. AD for end users. Thank you for that valuable advice. – ChrisNZ Mar 31 '10 at 05:44
  • 1
    It only makes sense. YOu have to pay for an AD account per user - a LOT of services are better isolated (technical user) and do not represent a real user. Depending on what software you install that is even mandatory (OCS uses I Think three domain accounts for it's services). "User" as in "licenses" always means "client". "Technical User" thus does not require a CAL, as they are not clients. – TomTom Apr 01 '10 at 05:17