Supported network topologies
Updated: February 23, 2009
Windows EBS supports the network topologies that are most likely to be implemented in a business with up to 300 users or computers. The supported topologies include:
Networks that contain one subnet at a single location (simple networks)
Networks that contain more than one subnet at one or more locations (routed networks)
Networks that span more than one location, with site-to-site virtual private networks (VPN) connecting them, and one or more subnets (VPN networks)
You can deploy Windows EBS in a network that operates one or more existing servers within a single subnet. In this topology, the recommended installation is to replace your existing firewall device with the Windows EBS Security Server. This simplifies your installation by allowing you to maintain all of your servers, client computers, and other network devices on the same subnet. The examples below show how this topology can be implemented.
The following diagram illustrates an existing network before deploying Windows EBS. It uses a dedicated firewall device or a router with firewall capabilities to help protect your network.
Figure 1 Single-subnet network with firewall
Windows EBS replaces the existing firewall or takes over the firewall role from your existing router. The following diagram shows the topology after Windows EBS is deployed.
Figure 2 Single-subnet network with Windows EBS Security Server firewall to help protect the network
You can install Windows EBS in a network that contains more than one subnet and use it to manage each of those subnets. There are many variations for this type of topology, although most environments fit into the first two categories that follow:
The network is situated at one location, but it may have more than one subnet to service different business departments.
The servers are situated primarily at one location, which contains most of the users and the network servers. Additional branch locations with subnets are connected to the primary location through leased or dedicated lines, and the entire network is managed from the primary location.
- The network connects several locations through leased or dedicated lines, and each of these locations can have several subnets. Domain controllers exist at branch locations, and the subnets are managed locally.
Windows EBS can integrate with your existing routers to manage the entire network from your primary location or to permit you to locally manage selected subnets.
The following diagram illustrates a network that uses a router to manage subnets at a single or at multiple locations before deploying Windows EBS. Any of the locations can be the primary location.
Figure 3 Multiple-subnet network
In the following diagram, Windows EBS replaces your existing firewall role with the Windows EBS Security Server. The Windows EBS Management Server and Messaging Server are located at the primary location.
Figure 4 Multiple-subnet network with Windows EBS
Routed networks with virtual private networking
You can install Windows EBS in a network that uses site-to-site virtual private network (VPN) connections between branch locations and the primary location. These networks can be arranged in topologies with varying levels of complexity. In most installations (depending on compatibility), Windows EBS should replace the firewall at the primary location and be used to manage the network at the site-to-site VPN-connected branch location. The following diagram illustrates a typical site-to-site VPN topology before deploying Windows EBS.
Figure 5 Site-to-site VPN network
After deploying Windows EBS, you can manage your branch offices and your primary locations from a central location. The Windows EBS Security Server replaces the firewall at your main location, and you retain the network devices at the branch locations, as shown in the following diagram.
Figure 6 Site-to-site VPN network with Windows EBS