Solved

ISA Server Enterprise Array

Posted on 2012-04-09
7
675 Views
Last Modified: 2012-04-10
For the toppology that im including in this question i need to include the following.

Design an ISA Server Enterprise array for Green Globe
Update your network topology maps and show the locations of ISA Server systems and the Configuration Storage server
Be sure to include details about connectivity between array members and the Configuration Storage server
Construct a naming and addressing scheme for the ISA Server array.

I have no idea how to do this or what an ISA server is supposed to do. If some one could help me understand what i am supposed to do here it would be greatly appreciated.
Below is my topology which could also use some revision.
Visio-New-CSI-Topology-Updated.pdf
0
Comment
Question by:kajumblies
  • 4
  • 3
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37826367
Not going to do your homework or assignment for you - that is outside the scope of our work here and not allowed. If you do not know what an ISA Server is I can give you an overview but it assumes you are aware of other fundamental concepts.

In short, ISA is a product from MS that is no longer is mainstream support having been replaced now by Forefront TMG 2010. It's purpose is to provide proxy services, firewall services and application gateway services all of which combine to protect the internal networks and users from potential (and real) threats from untrusted sources such as the Internet.

ISA comes in two flavours whicg are standard and enterprise. The enterprise version of ISA allows the use of NLB or network load balancing to put more than one ISA node into an array for resilience and failover purposes.

The CSS or configuration storage server holds the ISA configuration used on all nodes and is responsible for ensuring that all nodes have an up to date copy.

With ISA 2006 sp2, the need for having separate nics to handle inter-array traffic between the two ISA nodes was removed.
0
 

Author Comment

by:kajumblies
ID: 37830311
So where would an ISA serve be put in relation to other devices on the network. Would it sit in the DMZ or before or after it?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 37830411
If you want full ISA functionality then each node in the array needs to have two nics as a minimum - one external, one internal.
You can deploy ISA as a front end (sits external nics straight onto the internet and internal nics sit on the DMZ/internal network) or as back end (where internal nics sit on the internal network and external nics sit on the DMZ and connect to the internal nics of a different external firewall). The CSS would be internal on the internal network.

If you only need to use ISA for proxy services then you only have one nic in each.

As mentioned, in ISA2006, sp2 the need for inter-array nics was removed. You could still use them if you wanted to but they were no longer an absolute requirement.

ISA 2006 Enterprise includes NLB within the product - don't forget that.

Looking at your diagram - I agree, it needs some work (no offence) - if you were not replacing the Cisco firewalls either at the DMZ entry or exit points then you would only install ISA as proxy only. If you WERE going to be replacing one or other I would replace the Cisco firewall that joins the internal network to the DMZ with the two nodes of the ISA array, load balancing both the internal nics and the external nics, both joined to the domain (isa-node-A, isa-node-b) and use the back end configuration via the configuration wizard that ships with ISA.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37830438
lol - no problem, shame you don't want to give me the points for answering the question but I guess you have your reasons :(
0
 

Author Closing Comment

by:kajumblies
ID: 37830489
sorry i though i selected your comment as an answer...
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37830496
<smiles> thanks, I am now only one question away from breaking the 5 million point barrier here...

Cheers
Keith

http://www.experts-exchange.com/M_3586205.html
0
 

Author Comment

by:kajumblies
ID: 37830504
well im sure ill be asking another question sometime tonight for another 500 point so keep a look out
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now