ISA 2006 on Hyper-V
Posted on 2011-02-17
I have a perfectly good guest installation of ISA 2006 Server on my Hyper-V server and would like opinions on the security of this setup please.
Server setup - Windows 2008 Hyper-V Server host system with 4 NIC's:
NIC 1 and NIC 2 are connected to the LAN with internal IP addresses. These are used for a number of guest servers running on the Hyper-V server.
NIC 3 is connected to the DMZ port on the Juniper Firewall (the main hardware firewall) with a DMZ IP address. This NIC is used by the ISA Server guest only.
NIC 4 is connected to the internal LAN with an internal IP address. This NIC is used by the ISA Server only.
Internet --> Juniper Firewall Untrust port (main hardware firewall) --> Juniper Policy directs traffic to the DMZ port on the Juniper Firewall --> DMZ NIC of Hyper-V guest ISA Server --> ISA Server policy --> internal LAN NIC of Hyper-V guest ISA Server --> internal LAN
Basically, I know that this setup is secure if the ISA Server were to be a stand alone server / member server (ie: not hosted on Hyper-V). But I need to know if the other guest servers on the Hyper-V server are secure, because the ISA Server is also a guest on the same Hyper-V host server.
The ISA Server is used mainly for OWA Publishing and VPN Access.