Topic: Suggestion for new installation option: Internet-Server-Only

[arne]

Hello !

Something like 55 % of the SME server installations today is as server only, and approx 5 % of the installations are running as virtual server under Vmware, if I'm not wrong.

I have been looking into the option of how to change the SME server firewalling and also tried out a number of options, that did all work, - but some of then would require rather "big" modifications og the SME server platform as an example the 3 and 4 NIC alternative.

On the other hand it looks like the situation is also that some quite usable modifications can be done allmost without changes at all.

One modifications that should be an easy modification is the installation alternative "the internet server".

The "server-only" can be described as a lan-server option, with a security arrangement typical suitable for an protected lan environment.

The "internet-server" option would be a "hardened server only-option" with the security and firewall arrangement strong and secure enough to be connected to internet directely without using or going trough another external firewall.

This installation variant should be quite easy to obtain by just setting the DB variable to the proper values, looking down unvanted services for such use like Samba and possible Squid, and other lan oriented services, and eventually other hardening of the system and firewall. I guess it could also be done "the correct way" using a script or as an option from server-manager panel.

SSHD access could be set open as default and it could be possible to open for a remote logon to the "server-manager" panel from one IP like it actually is already today.

Some of the server-only installations that is running today might have a potensial need for a higher degree of security than an ordinary lan server installation will give. Possible use of the eventually new "internet server" variant could be in DMZ areas, in a "DMZ alaike environment while doing virtualization" or possible also as remote managed on a server farm, or even remote managed as a virtual server on a "virtual server hotel". (???!!)

I think all those new options should be there from doing only "minor adjustments" on the existing server installation.

Just some ideas ..

[CharlieBrady]

Hello !
...
Just some ideas ..

Arne, you have been told a bazillion times that if you want SME software to change the *only* way it will happen is to open a New Feature Request in the bug tracker. Then you or someone else will have to actually develop the code.

Any suggestion you make here will just generate gossip, and probably waste people's time.

[slords]

Also you have been told over and over to stop talking in generalizations.  Give us some concrete examples of where things are wrong and what you propose to do to fix them.  You keep talking in circles without saying anything.  You keep saying that you have done things to fix/enhance the system but nobody has seen anything.  For someone with over 1000 posts there really isn't much content there.  Please stop the dissertations and start keeping post short and on topic. 

If you have something to contribute then please do so but give detailed (read code) examples of both what is wrong and what you have done to fix it.